CA-208537: vdi-copy between local SRs proposes unwanted ciphers #2666
Conversation
|
DONT merge, just for review currently. /cc @thomassa |
|
Basically verified, @thomassa , are you happy to start review it now 😃 |
|
Review from @thomassa specifically requested. He's off sick today so assigning to him and adding the blocked label so he can pick them up on his return. |
|
The travis job is failing because the latest changes to the deps haven't been uploaded to EC2 yet... @jonludlam. The xen-git job is passing so I assert (from a CI point of view only) that this PR is OK. |
|
@thomassa has returned so I'll remove the blocked label. |
ocaml/xapi/sparse_dd_wrapper.ml
Outdated
| "-size"; Int64.to_string size | ||
| ] @ (if prezeroed then [ "-prezeroed" ] else [] | ||
| "-size"; Int64.to_string size; | ||
| "-good-ciphersuites"; (match !Xapi_globs.ciphersuites_good_outbound with None -> "!EXPORT:RSA+AES128-SHA256" | Some s -> s) ; |
There was a problem hiding this comment.
We must not have any hardcoded default values here.
This should be handled as in ocaml/xapi/xapi_sync.ml, with
(match !Xapi_globs.ciphersuites_good_outbound with
| Some s -> s
| None -> raise (Api_errors.Server_error (Api_errors.internal_error,["Vdi_copy found no good ciphersuites in Xapi_globs."]))
);
|
The commit-message needs a brief description of the new behaviour. |
|
FYI, we can expect CI to pass on any future commits (not withstanding issues within the commits themselves) as the CI yum-repos have been brought up to date. In fact, I'll restart the Travis job which should now pass. EDIT: indeed, we can see that even the above commit has now passed all the CI jobs ✅ |
Enable TLSv1.2 capability for sparse_dd. Signed-off-by: Phus Lu <phus.lu@citrix.com>
|
Thanks for @thomassa comments. I reworked the commit. |
|
Looks good now. |
ghost
deleted the
2 participants
Enable TLSv1.2 capability for sparse_dd.
Signed-off-by: Phus Lu phus.lu@citrix.com