[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] VMware support and libcurl on rhel-u1



On Tue, Jul 28, 2009 at 02:22:25AM -0700, Shahar Klein wrote:
> doesn't work for me(with curl 7.15 and ESX4i)
> 
> [root rain8 libvirt]# virsh -c esx://172.30.8.63?no_verify=1
> Enter username for 172.30.8.63 [root]:
> Enter root password for 172.30.8.63:
> error: internal error curl_easy_perform() returned an error: SSL peer certificate was not ok (51)
> error: failed to connect to the hypervisor
> 
> I had to set(unset) CURLOPT_SSL_VERIFYHOST in order to connect:
> --- a/src/esx/esx_vi.c
> +++ b/src/esx/esx_vi.c
> @@ -239,6 +239,7 @@ esxVI_Context_Connect(virConnectPtr conn, esxVI_Context *ctx, const char *url,
>      curl_easy_setopt(ctx->curl_handle, CURLOPT_HEADER, 0);
>      curl_easy_setopt(ctx->curl_handle, CURLOPT_FOLLOWLOCATION, 1);
>      curl_easy_setopt(ctx->curl_handle, CURLOPT_SSL_VERIFYPEER, noVerify ? 0 : 1);
> +    curl_easy_setopt(ctx->curl_handle, CURLOPT_SSL_VERIFYHOST, noVerify ? 0 : 1);
>      curl_easy_setopt(ctx->curl_handle, CURLOPT_COOKIEFILE, "");
>      curl_easy_setopt(ctx->curl_handle, CURLOPT_HTTPHEADER, ctx->curl_headers);
>      curl_easy_setopt(ctx->curl_handle, CURLOPT_WRITEFUNCTION,
> ----

ACK, this makes sense.  VERIFYHOST tells curl to verify that the
passed in hostname matches the cname in the certifcate. VERIFYPEER
tells curl to verify the certificate validaty itself. So we want
to be disabling both when no_verify=1


Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]