[virt-tools-list] [PATCH virt-viewer] remote-viewer: Prefer ca-cert from display instead of proxy

Victor Toso victortoso at redhat.com
Mon Oct 7 09:16:37 UTC 2019 

Hi,

On Thu, Oct 03, 2019 at 03:40:29PM -0300, Eduardo Lima (Etrunko) wrote:
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1402909
> 
> Signed-off-by: Eduardo Lima (Etrunko) <etrunko at redhat.com>

Could you please clarify a bit why display's ca-cert is preferred
over the one in the proxy object?

Based on comment #5 of above bug, you mention changes in
libgovirt might be needed as well. Does this work only with git
master of libgovirt or since a specific release, etc.

> ---
>  src/remote-viewer.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/src/remote-viewer.c b/src/remote-viewer.c
> index 5c7a379..71f9a23 100644
> --- a/src/remote-viewer.c
> +++ b/src/remote-viewer.c
> @@ -542,7 +542,7 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
>  #ifdef HAVE_SPICE_GTK
>      if (type == OVIRT_VM_DISPLAY_SPICE) {
>          SpiceSession *session;
> -        GByteArray *ca_cert;
> +        GByteArray *ca_cert = NULL;
>  
>          session = remote_viewer_get_spice_session(REMOTE_VIEWER(app));
>          g_object_set(G_OBJECT(session),
> @@ -550,7 +550,12 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
>                       "cert-subject", host_subject,
>                       "proxy", proxy_url,
>                       NULL);
> -        g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL);
> +
> +        g_object_get(G_OBJECT(display), "ca-cert", &ca_cert, NULL);
> +        if (ca_cert == NULL) {
> +            g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL);
> +        }

Is it easy to find out which ca-cert we are using? Otherwise a
debug could save some time here.

Cheers,
Victor

> +
>          if (ca_cert != NULL) {
>              g_object_set(G_OBJECT(session),
>                      "ca", ca_cert,
> -- 
> 2.21.0
> 
> _______________________________________________
> virt-tools-list mailing list
> virt-tools-list at redhat.com
> https://www.redhat.com/mailman/listinfo/virt-tools-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20191007/5c9ccaa5/attachment.sig>

More information about the virt-tools-list mailing list