Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate verification, part 2 #780

Merged
merged 1 commit into from
Jun 8, 2021
Merged

Certificate verification, part 2 #780

merged 1 commit into from
Jun 8, 2021

Conversation

andy-maier
Copy link
Member

@andy-maier andy-maier commented May 19, 2021
edited
Loading

Note: This PR changes the default for the recently added verify_cert parameter of zhmcclient.Session to True, which is an incompatible change.

The new default value of True will cause the HMC server certificate to be validated against the CA certificates in the 'certifi' package. If you run the HMC with self-signed certificates, or if its certificate has a certificate chain not covered by the 'certifi' package, communication with the HMC will fail.

This PR should not be merged until we have extended all zhmcclient packages to support HMC certificate validation:

For details, see the commit message.

@andy-maier andy-maier force-pushed the andy/verify-part2 branch from fc9322a to d0ba550 Compare May 19, 2021 21:29
@andy-maier andy-maier requested a review from vkathir82 May 19, 2021 21:29
@andy-maier andy-maier self-assigned this May 19, 2021
@andy-maier andy-maier added this to the 0.31.0 milestone May 19, 2021
@andy-maier andy-maier force-pushed the andy/verify-part2 branch from d0ba550 to 2bd8aee Compare May 19, 2021 21:35
@andy-maier andy-maier mentioned this pull request May 19, 2021
Closed
@andy-maier andy-maier linked an issue May 19, 2021 that may be closed by this pull request
Add support for validating HMC server certificates #779
Closed
@andy-maier
Certificate verification, part 2
9a30f28 
Details:

* Changed default to verify the HMC certificate.

* Documented how the REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE env vars are
  used.

* Other documentation improvements in the HMC certificate section.

Signed-off-by: Andreas Maier <[email protected]>
@andy-maier andy-maier force-pushed the andy/verify-part2 branch from 2bd8aee to 9a30f28 Compare May 19, 2021 21:41
@coveralls
Copy link
Collaborator

Coverage Status

Coverage remained the same at 77.021% when pulling 9a30f28 on andy/verify-part2 into 5cc3f18 on master.

@andy-maier andy-maier mentioned this pull request May 19, 2021
Merged
@andy-maier
Copy link
Member Author

Merging, since all packages now have PRs with certificate support.

@andy-maier andy-maier merged commit fb7dd95 into master Jun 8, 2021
@andy-maier andy-maier deleted the andy/verify-part2 branch June 8, 2021 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vkathir82 vkathir82 vkathir82 approved these changes

Assignees

@andy-maier andy-maier

Labels
None yet
Projects
None yet
Milestone
0.31.0
Development

Successfully merging this pull request may close these issues.

Add support for validating HMC server certificates
3 participants
@andy-maier @coveralls @vkathir82