Closed dougm closed 3 months ago
Existing test coverage here: https://github.com/vmware/govmomi/blob/1fb3f623bc8498d098bc92e01ab4f881afd77c3c/govc/test/cli.bats#L75
Manual version of that test:
% govc about.cert | grep Thumbprint
Thumbprints:
SHA-256 Thumbprint: D2:87:1C:36:1A:1C:88:AA:8E:14:14:4D:1E:6A:96:94:B3:D5:86:DF:5D:D3:AE:D3:BA:CC:D3:BA:8C:36:B4:35
SHA-1 Thumbprint: 3D:20:E1:A4:24:69:61:06:FF:A4:F1:8A:85:38:3B:E4:5D:66:2D:5E
% govc about.cert -k=true -thumbprint | tee .govc_known_hosts
10.x.x.x D2:87:1C:36:1A:1C:88:AA:8E:14:14:4D:1E:6A:96:94:B3:D5:86:DF:5D:D3:AE:D3:BA:CC:D3:BA:8C:36:B4:35
% govc about -k=false
govc: Post "https://10.x.x.x.x/sdk#vcva70U3e": tls: failed to verify certificate: x509: “10.x.x.x.x” certificate is not trusted
% govc about -k=false -tls-known-hosts .govc_known_hosts
FullName: VMware vCenter Server 7.0.3 build-21958406
...
Looks good to me! Thanks @dougm for the quick turnaround.
/lgtm
vSphere in general is moving from SHA1 to SHA256 based TLS certificate thumbprints. This change allows use of SHA256 thumbprint when connecting to vCenter.
govc: the about.cert command '-thumbprint' flag now outputs SHA256 instead of SHA1