[virt-tools-list] [PATCH virt-viewer v2] remote-viewer: Prefer ca-cert from display instead of proxy

Eduardo Lima (Etrunko) etrunko at redhat.com
Fri Oct 11 19:03:01 UTC 2019 

On 10/11/19 12:35 PM, Victor Toso wrote:
> Hi,
> 
> On Fri, Oct 11, 2019 at 11:07:25AM -0300, Eduardo Lima (Etrunko) wrote:
>> Since oVirt engine version 4.3.2.1, the API returns certificate data for
>> display connection in the VM XML, so users do not need to specify it
>> from the command line anymore. The certificate obtained from the XML
>> gets precedence over the one from the command line, which is still kept
>> to keep compatibility of older versions of oVirt.
>>
>> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1402909
>>
>> Signed-off-by: Eduardo Lima (Etrunko) <etrunko at redhat.com>
> 
> Much nicer! Many thanks for that,
> 
>      Acked-by: Victor Toso <victortoso at redhat.com>

Pushed now, thanks.

> 
>> ---
>>   src/remote-viewer.c | 12 ++++++++++--
>>   1 file changed, 10 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/remote-viewer.c b/src/remote-viewer.c
>> index 8eaa72e..2450096 100644
>> --- a/src/remote-viewer.c
>> +++ b/src/remote-viewer.c
>> @@ -540,7 +540,8 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
>>   #ifdef HAVE_SPICE_GTK
>>       if (type == OVIRT_VM_DISPLAY_SPICE) {
>>           SpiceSession *session;
>> -        GByteArray *ca_cert;
>> +        GByteArray *ca_cert = NULL;
>> +        const char *from = "display";
>>   
>>           session = remote_viewer_get_spice_session(REMOTE_VIEWER(app));
>>           g_object_set(G_OBJECT(session),
>> @@ -548,12 +549,19 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
>>                        "cert-subject", host_subject,
>>                        "proxy", proxy_url,
>>                        NULL);
>> -        g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL);
>> +
>> +        g_object_get(G_OBJECT(display), "ca-cert", &ca_cert, NULL);
>> +        if (ca_cert == NULL) {
>> +            g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL);
>> +            from = "proxy";
>> +        }
>> +
>>           if (ca_cert != NULL) {
>>               g_object_set(G_OBJECT(session),
>>                       "ca", ca_cert,
>>                       NULL);
>>               g_byte_array_unref(ca_cert);
>> +            g_debug("Using ca-cert from %s", from);
>>           }
>>       }
>>   #endif
>> -- 
>> 2.21.0
>>
>> _______________________________________________
>> virt-tools-list mailing list
>> virt-tools-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/virt-tools-list


-- 
Eduardo de Barros Lima (Etrunko)
Software Engineer - Red Hat
etrunko at redhat.com

More information about the virt-tools-list mailing list