You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FYI, @psafont give me the hint on where to look and what's missing, so it should be accurate.
Currently, it's not possible to import a VM with xe and URL if we use HTTPS:
xe vm-import url=https://xoa.io/xva
The server failed to handle your request, due to an internal error. The given message may give details useful for debugging the problem.
message: Unix.Unix_error(Unix.ECONNRESET, "read", "")
It seems to try connecting on the URI via ocaml/xapi/xapi_vm.ml around line 1515. The issue is that by default the certificates trusted by default are the pool (internal) ones. Currently only two bundles can be used to trust that URI:
let appliance =
{
sni= None
; verify= CheckHost
; cert_bundle_path= "/etc/stunnel/xapi-stunnel-ca-bundle.pem"
}
let pool =
{
sni= Some "pool"
; verify= VerifyPeer
; cert_bundle_path= "/etc/stunnel/xapi-pool-ca-bundle.pem"
}
Maybe we can add the same trust as a browser, so we could download securely from an HTTPS URL. The question is to know if plumbing work would be the correct approach for this, or any other alternative. Hints appreciated so we could potentially contribute in the right direction. Thanks!
The text was updated successfully, but these errors were encountered:
Hi there!
FYI, @psafont give me the hint on where to look and what's missing, so it should be accurate.
Currently, it's not possible to import a VM with
xe
and URL if we use HTTPS:It seems to try connecting on the URI via
ocaml/xapi/xapi_vm.ml
around line 1515. The issue is that by default the certificates trusted by default are the pool (internal) ones. Currently only two bundles can be used to trust that URI:Maybe we can add the same trust as a browser, so we could download securely from an HTTPS URL. The question is to know if plumbing work would be the correct approach for this, or any other alternative. Hints appreciated so we could potentially contribute in the right direction. Thanks!
The text was updated successfully, but these errors were encountered: