Piotr Kliczewski has posted comments on this change.
Change subject: vdscli: host verification fails on client side
......................................................................
Patch Set 1:
(1 comment)
I understand that this solution looks not great but this code is used when we attempt to
run functional tests (no host address provided).
When we run socket#connect and we provide addr. It is used during handshake to verify
hostname from the certificate. In M2Crypto we call clientPostConnectionCheck to perform
the check where we do not attempt to check both ip and hostname. In this code we use host
param as provided when calling connect.
Initially when I talked with Yeela I wanted to reimplement clientPostConnectionCheck in
order to fix the issue but it seems to be dev/test specific and it should work for
production systems once we start to use it.
Please know it is client side failure.
https://gerrit.ovirt.org/#/c/45449/1//COMMIT_MSG
Commit Message:
Line 8:
Line 9: When we provide hostname or run functional tests and attempt to connect
Line 10: to the server using jsonrpcvdscli we fail ssl handshake due to how
Line 11: m2cytpro host verification is written. In order to establish a
Line 12: connection we need to provide ip address instead.
back in
http://gerrit.ovirt.org/28674 I was certain that the server
no long
It is not about the server. From vdsm perspective it works. In this specific
situation it is the client who fails the handshake. I will add the stacktarce to the
message with next patch set but for reference you can find it here:
http://fpaste.org/258503/20445144/
Line 13:
Line 14:
Line 15: Change-Id: Iae0b8e71f4e3e03432db6c8f9dcf0a69c4612fc2
--
To view, visit
https://gerrit.ovirt.org/45449
To unsubscribe, visit
https://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Iae0b8e71f4e3e03432db6c8f9dcf0a69c4612fc2
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <danken(a)redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski(a)gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybronhei(a)redhat.com>
Gerrit-Reviewer: Yeela Kaplan <ykaplan(a)redhat.com>
Gerrit-Reviewer: automation(a)ovirt.org
Gerrit-HasComments: Yes