Use server hostname when creating secure websocket
VNC console tests may fail if SSL is terminated on a front-end load balancer that relies on SNI. With this change, when SSL wrapping the socket for a wss connection, the optional server_hostname parameter is included, in order to allow the server (or SSL terminating entity) to respond with correct certificate. The create_websocket function is used by the vnc console tests here: - tempest/api/compute/admin/test_live_migration.py - tempest/api/compute/servers/test_novnc.py Change-Id: I8025742607e591821a5e90b5c193ba6cbbc3a241
This commit is contained in:
parent
dc9a93b6ad
commit
8e08a77eab
|
@ -395,7 +395,8 @@ def create_websocket(url):
|
|||
af, socktype, proto, _, sa = res
|
||||
client_socket = socket.socket(af, socktype, proto)
|
||||
if url.scheme == 'https':
|
||||
client_socket = sslc().wrap_socket(client_socket)
|
||||
client_socket = sslc().wrap_socket(client_socket,
|
||||
server_hostname=url.hostname)
|
||||
client_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
try:
|
||||
client_socket.connect(sa)
|
||||
|
|
Loading…
Reference in New Issue