[Ovirt-devel] [PATCH viewer] cleaned up ssl bits, --check-certificate command line flag works again

Mohammed Morsi mmorsi at redhat.com
Tue Apr 28 15:39:04 UTC 2009 

ssl disabled by default as curl requires a CA for certificates, and
peer / host verification must be disabled for self-signing certificates

http://curl.netmirror.org/docs/sslcerts.html
---
 main.c       |    6 ++++--
 wui_thread.c |    4 ----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/main.c b/main.c
index 390046a..0a9209e 100644
--- a/main.c
+++ b/main.c
@@ -58,7 +58,9 @@ gboolean debug = 0;
  * configure or on the command line.
  */
 const char *cainfo = CAINFO;
-gboolean check_cert = TRUE;
+gboolean check_cert = FALSE; // do we want this enabled by default ?
+                      // would require a CA by default (self-signed wont work)
+                      // (don't set to true, change var/flag to no_check_cert)
 
 /* Private functions. */
 static void start_ui (void);
@@ -148,7 +150,7 @@ static const GOptionEntry options[] = {
   { "cainfo", 0, 0, G_OPTION_ARG_STRING, &cainfo,
     "set the path of the CA certificate bundle", NULL },
   { "check-certificate", 0, 0, G_OPTION_ARG_NONE, &check_cert,
-    "if --no-check-certificate is passed we don't check the SSL certificate of the server", NULL },
+    "check the SSL certificate of the server", NULL },
   { "debug", 'd', 0, G_OPTION_ARG_NONE, &debug,
     "turn on debugging messages", NULL },
   { "version", 'V', 0, G_OPTION_ARG_NONE, &print_version,
diff --git a/wui_thread.c b/wui_thread.c
index c51c43f..9dab95c 100644
--- a/wui_thread.c
+++ b/wui_thread.c
@@ -669,10 +669,6 @@ do_login (void)
   CURL_CHECK_ERROR (curl_easy_setopt, (curl, CURLOPT_FOLLOWLOCATION, (long) 1));
   CURL_CHECK_ERROR (curl_easy_setopt, (curl, CURLOPT_MAXREDIRS, (long) 10));
 
-  // FIXME when ssl is introduced into ovirt-viewer, remove there two lines
-  CURL_CHECK_ERROR(curl_easy_setopt, (curl, CURLOPT_SSL_VERIFYHOST, 0));
-  CURL_CHECK_ERROR(curl_easy_setopt, (curl, CURLOPT_SSL_VERIFYPEER, 0));
-
   /* Try to fetch the URI. */
   r = CURL_CHECK_ERROR (curl_easy_perform, (curl));
   if (r != CURLE_OK) {
-- 
1.6.0.6

More information about the ovirt-devel mailing list