Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allowing xe VM import URL via HTTPS #5549

Open
olivierlambert opened this issue Apr 8, 2024 · 0 comments
Open

Allowing xe VM import URL via HTTPS #5549

olivierlambert opened this issue Apr 8, 2024 · 0 comments

Comments

@olivierlambert
Copy link

Hi there!

FYI, @psafont give me the hint on where to look and what's missing, so it should be accurate.

Currently, it's not possible to import a VM with xe and URL if we use HTTPS:

xe vm-import url=https://xoa.io/xva
The server failed to handle your request, due to an internal error. The given message may give details useful for debugging the problem.
message: Unix.Unix_error(Unix.ECONNRESET, "read", "")

It seems to try connecting on the URI via ocaml/xapi/xapi_vm.ml around line 1515. The issue is that by default the certificates trusted by default are the pool (internal) ones. Currently only two bundles can be used to trust that URI:

let appliance =
  {
    sni= None
  ; verify= CheckHost
  ; cert_bundle_path= "/etc/stunnel/xapi-stunnel-ca-bundle.pem"
  }

let pool =
  {
    sni= Some "pool"
  ; verify= VerifyPeer
  ; cert_bundle_path= "/etc/stunnel/xapi-pool-ca-bundle.pem"
  }

Maybe we can add the same trust as a browser, so we could download securely from an HTTPS URL. The question is to know if plumbing work would be the correct approach for this, or any other alternative. Hints appreciated so we could potentially contribute in the right direction. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant