feature #3180: options for SSL certs in OCA

ONE_CERT_DIR: adds an extra directory with trusted CA certificates ONE_DISABLE_SSL_VERIFY: disable certificate verification Both of these options make the calls change from asynchronous (one http connection per call) to synchronous (same http connection for all calls). XMLRPC library creates a new HTTP object per asynchronous connection and there is no way of passing configuration options to it.
2025-03-22 18:50:08 +03:00 · 2014-10-17 12:31:00 +02:00 · 2014-10-17 12:31:00 +02:00 · 6c9771c94e
commit 6c9771c94e
parent 6c4375d942
1 changed files with 27 additions and 1 deletions
--- a/src/oca/ruby/opennebula/client.rb
+++ b/src/oca/ruby/opennebula/client.rb
@ -17,6 +17,7 @@
 require 'xmlrpc/client'
 require 'bigdecimal'
 require 'stringio'
+require 'openssl'


 module OpenNebula
@ -135,6 +136,8 @@ module OpenNebula
                @one_endpoint = "http://localhost:2633/RPC2"
            end

+            @async = true
+
            timeout=nil
            timeout=options[:timeout] if options[:timeout]

@ -144,6 +147,25 @@ module OpenNebula
            @server = XMLRPC::Client.new2(@one_endpoint, http_proxy, timeout)
            @server.http_header_extra = {'accept-encoding' => 'identity'}

+            http = @server.instance_variable_get("@http")
+
+            if options['cert_dir'] || ENV['ONE_CERT_DIR']
+                @async = false
+                cert_dir = options['cert_dir'] || ENV['ONE_CERT_DIR']
+                cert_files = Dir["#{cert_dir}/*"]
+
+                cert_store = OpenSSL::X509::Store.new
+                cert_store.set_default_paths
+                cert_files.each {|cert| cert_store.add_file(cert) }
+
+                http.cert_store = cert_store
+            end
+
+            if options['disable_ssl_verify'] || ENV['ONE_DISABLE_SSL_VERIFY']
+                @async = false
+                http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+            end
+
            if defined?(OxStreamParser)
                @server.set_parser(OxStreamParser.new)
            elsif OpenNebula::NOKOGIRI
@ -155,7 +177,11 @@ module OpenNebula

        def call(action, *args)
            begin
-                response = @server.call_async("one."+action, @one_auth, *args)
+                if @async
+                    response = @server.call_async("one."+action, @one_auth, *args)
+                else
+                    response = @server.call("one."+action, @one_auth, *args)
+                end

                if response[0] == false
                    Error.new(response[1], response[2])