The IOS-XE connector always connects to an IP address (connection.ip):
|
ip = self.connection_info.ip.exploded |
|
port = self.connection_info.get('port', port) |
|
|
|
if 'protocol' in self.connection_info: |
|
protocol = self.connection_info['protocol'] |
|
|
|
self.base_url = '{protocol}://{ip}:{port}'.format(protocol=protocol, |
|
ip=ip, |
|
port=port) |
As TLS certificate do not contain IP addresses (IP SAN) in most cases, certificate validation is not possible for these devices.
Proposed change: If there is a host key in the connection, prefer the host value (FQDN).
If not present, fallback to ip.
This behavior is already implemented in the DNAC connector:
|
try: |
|
host = self.connection_info['host'] |
|
except KeyError: |
|
host = self.connection_info['ip'].exploded |
|
|
The IOS-XE connector always connects to an IP address (
connection.ip):rest/src/rest/connector/libs/iosxe/implementation.py
Lines 117 to 125 in aea6406
As TLS certificate do not contain IP addresses (IP SAN) in most cases, certificate validation is not possible for these devices.
Proposed change: If there is a
hostkey in the connection, prefer thehostvalue (FQDN).If not present, fallback to
ip.This behavior is already implemented in the DNAC connector:
rest/src/rest/connector/libs/dnac/implementation.py
Lines 78 to 82 in aea6406