[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[virt-tools-list] [virt-viewer 3/4] ovirt: Don't automatically download CA certificate



The CA certificate to use to authenticate the various hosts in
an oVirt instance can be fetched from https://ovirt.example.com/ca.crt.
However, the gio API we are using does not seem to be checking the
server-side certificate of ovirt.example.com before connecting to it,
which could lead to man-in-the-middle attacks. Now that the CA
certificate to use can be specified from the command line using
--ovirt-ca-file, we can remove this automatic fetching of the CA
certificate.
---
 src/remote-viewer.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/remote-viewer.c b/src/remote-viewer.c
index caed39f..c2d77d2 100644
--- a/src/remote-viewer.c
+++ b/src/remote-viewer.c
@@ -748,12 +748,6 @@ create_ovirt_session(VirtViewerApp *app, const char *uri)
     g_signal_connect(G_OBJECT(proxy), "authenticate",
                      G_CALLBACK(authenticate_cb), app);
 
-    ovirt_proxy_fetch_ca_certificate(proxy, &error);
-    if (error != NULL) {
-        g_debug("failed to get CA certificate: %s", error->message);
-        goto error;
-    }
-
     api = ovirt_proxy_fetch_api(proxy, &error);
     if (error != NULL) {
         g_debug("failed to get oVirt 'api' collection: %s", error->message);
-- 
1.8.3.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]