Use server hostname when creating secure websocket

VNC console tests may fail if SSL is terminated on a front-end load balancer that relies on SNI. With this change, when SSL wrapping the socket for a wss connection, the optional server_hostname parameter is included, in order to allow the server (or SSL terminating entity) to respond with correct certificate. The create_websocket function is used by the vnc console tests here: - tempest/api/compute/admin/test_live_migration.py - tempest/api/compute/servers/test_novnc.py Change-Id: I8025742607e591821a5e90b5c193ba6cbbc3a241
2022-03-24 10:09:49 -07:00 · 2022-03-24 10:09:49 -07:00 · 8e08a77eab
parent dc9a93b6ad
commit 8e08a77eab
1 changed files with 2 additions and 1 deletions
--- a/tempest/common/compute.py
+++ b/tempest/common/compute.py
@ -395,7 +395,8 @@ def create_websocket(url):
        af, socktype, proto, _, sa = res
        client_socket = socket.socket(af, socktype, proto)
        if url.scheme == 'https':
-            client_socket = sslc().wrap_socket(client_socket)
+            client_socket = sslc().wrap_socket(client_socket,
+                                               server_hostname=url.hostname)
        client_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
        try:
            client_socket.connect(sa)