Respect SSL verification settings

[c-kr]

VSAN SSL Verification

Summary

This patch makes vsan respect -nossl / --disable-ssl-verification.

The initial vCenter connection already respects -nossl. This fix applies to the
secondary vSAN API context created for vsu.GetVsanVcMos().

Before this fix, that secondary vSAN API context disabled certificate verification
unconditionally. After the fix:

• default behavior uses normal certificate verification
• only -nossl disables hostname and certificate checks

Files

• checkvsphere/vcmd/vsan.py

Quick Verification

export PYTHONPATH="$PWD"
export VC_HOST='vcenter.example.com'
export VC_USER='[email protected]'
export VC_PASS='secret'

Use an environment where the initial vCenter connection succeeds without
-nossl, so the command reaches the secondary vSAN API context.

python -m checkvsphere.cli vsan -s "$VC_HOST" -u "$VC_USER" -p "$VC_PASS" --mode healthtest
echo $?

Expected before fix:

• the secondary vSAN API context disables certificate verification internally

Expected after fix:

• the secondary vSAN API context keeps certificate verification enabled unless -nossl is added

Then verify the opt-out path explicitly:

python -m checkvsphere.cli vsan -s "$VC_HOST" -u "$VC_USER" -p "$VC_PASS" -nossl --mode healthtest
echo $?

Expected after fix:

• connection proceeds with certificate verification disabled only because -nossl was supplied