Feature #3180

Improve SSL CLI support

Added by Tino Vázquez almost 7 years ago. Updated over 6 years ago.

Status:ClosedStart date:09/09/2014
Priority:NormalDue date:
Assignee:Javi Fontan% Done:

0%

Category:CLI
Target version:Release 4.10
Resolution:fixed Pull request:

Description

Two suggestions to improve it:

1. Allow the client to disable SSL peer certificate verification
2. Allow client to provide a certification location through config or environment variable

Associated revisions

Revision 6c9771c9
Added by Javi Fontan over 6 years ago

feature #3180: options for SSL certs in OCA

ONE_CERT_DIR: adds an extra directory with trusted CA certificates
ONE_DISABLE_SSL_VERIFY: disable certificate verification

Both of these options make the calls change from asynchronous (one http
connection per call) to synchronous (same http connection for all calls).
XMLRPC library creates a new HTTP object per asynchronous connection and
there is no way of passing configuration options to it.

Revision 3d3a8d24
Added by Javi Fontan over 6 years ago

feature #3180: add option to make xmlrpc calls synchronous

Using SSL options in Ruby OCA no longer disable async calls automatically. The sync call
must be specified when creating a client:

client = OpenNebula::Client.new(secret, proxy, :sync => true)

Revision 7520c115
Added by Javi Fontan over 6 years ago

feature #3180: make CLI use sync calls to honor SSL parameters

Revision f970ed01
Added by Ruben S. Montero over 6 years ago

feature #3180: Raise an exception for not compatible client options

History

#1 Updated by Tino Vázquez almost 7 years ago

  • Target version set to Release 4.10

#2 Updated by Tino Vázquez almost 7 years ago

  • Status changed from Pending to New

#3 Updated by Ruben S. Montero almost 7 years ago

  • Assignee set to Javi Fontan

#4 Updated by Ruben S. Montero over 6 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

Also available in: Atom PDF