[virt-tools-list] [virt-viewer 3/4] ovirt: Don't automatically download CA certificate
Christophe Fergeau
cfergeau at redhat.com
Tue Oct 29 17:53:34 UTC 2013
The CA certificate to use to authenticate the various hosts in
an oVirt instance can be fetched from https://ovirt.example.com/ca.crt.
However, the gio API we are using does not seem to be checking the
server-side certificate of ovirt.example.com before connecting to it,
which could lead to man-in-the-middle attacks. Now that the CA
certificate to use can be specified from the command line using
--ovirt-ca-file, we can remove this automatic fetching of the CA
certificate.
---
src/remote-viewer.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/src/remote-viewer.c b/src/remote-viewer.c
index caed39f..c2d77d2 100644
--- a/src/remote-viewer.c
+++ b/src/remote-viewer.c
@@ -748,12 +748,6 @@ create_ovirt_session(VirtViewerApp *app, const char *uri)
g_signal_connect(G_OBJECT(proxy), "authenticate",
G_CALLBACK(authenticate_cb), app);
- ovirt_proxy_fetch_ca_certificate(proxy, &error);
- if (error != NULL) {
- g_debug("failed to get CA certificate: %s", error->message);
- goto error;
- }
-
api = ovirt_proxy_fetch_api(proxy, &error);
if (error != NULL) {
g_debug("failed to get oVirt 'api' collection: %s", error->message);
--
1.8.3.1
More information about the virt-tools-list
mailing list