Description of problem: mandate site trustworthiness for https connections by default Version-Release number of selected component (if applicable): ovirt-engine-cli-3.1.0.7-1 How reproducible: always Steps to Reproduce: 1. run ovirt-shell 2. in ovirt-shell, type: connect https://server_with_invalid_certificate.example.org/api user password 3. Actual results: ovirt-shell happily connects Expected results: ovirt-shell should refused to connect if not given root CA certificate unless instructed otherwise by an optional argument Additional info: implementation of this bug would make ovirt-shell behaviour on par with the rest of the world
discussion under bug 848049 revealed that httplib used by ovirt-engine-sdk does not support server certificate verification at all - see the b!6 phat warning here: [1] so the o-e-sdk will either need to modify it (similary to [2]) or use different approach. In addition, -C and -P options should require each other because specifying just one doesn't make sense and -C option needs better description (in Python documentation as well...). [1] http://docs.python.org/library/httplib.html#httplib.HTTPSConnection [2] http://code.activestate.com/recipes/577548-https-httplib-client-connection-with-certificate-v/
fixed in 3.1.0.6