Currently osc can't access API URLs which share the same IP address
with other SSL-enabled sites, complaining about certificate
not matching hostname.
This change solves this problem by instructing M2Crypto.SSL.Connection
to send the desired hostname to https server using TLS SNI extension,
thus allowing the server to present the right certificate and choose
the right virtual site.
This is useful for those who can't afford to have a separate IP address
for OBS API.
For TLS SNI to work correctly, M2Crypto should be patched:
https://bugzilla.osafoundation.org/show_bug.cgi?id=13073
Some distributions (like Fedora) already include this patch.
For unpatched M2Crypto osc degrades to operation without TLS SNI.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Updating a whole project against an old API server (experienced with
2.3.5) leads to:
Server returned an error: HTTP Error 400: Bad Request
unknown parameter 'nofilename'
So just retry without nofilename if an 400 is thrown.
This is using the request collection api call now instead of xpath query.
More searches should be adapted similar most likely.
"osc my sr" is not a good name for this since it is not limited to
submit actions. But "osc my rq" is used for incoming requests.
Now, the fullfilename is calculated using the canonname of a
bdep instead of using the bdep's binary attribute (the canonname
and binary attribute can differ (e.g. ConsoleKit-64bit-0.4.6-3.2.ppc.rpm
vs. ::import::ppc64::ConsoleKit-64bit-0.4.6-3.2.ppc.rpm))
Currently osc supports API URLs without path only,
like https://api.example.com (if there is pathname, it's just ignored).
With this change API URLS with path, like https://example.com/api
are supported correctly.
This is useful for those who can't have OBS api, webui and main site
on different domains and buy separate X.509 certificates for them,
or just can't afford to have separate IP addresses for them
(please note that currently osc doesn't support TLS SNI).
Signed-off-by: Oleg Girko <ol@infoserver.lv>
