From 6cd3ffba6fbb53102bbaf69bcdba29e5a1db458d Mon Sep 17 00:00:00 2001
From: Yonit Halperin <yhalperi@redhat.com>
Date: Sun, 18 Sep 2011 21:21:00 +0300
Subject: client: handle SpiceMsgMainMigrationBegin (semi-seamless migration)

RHBZ 725009, 738270
(cherry picked from commit 31ed2519a752b7332ed40d0d7ab02e938c0e65cb branch 0.8)

Conflicts:

	client/red_client.cpp
---
 client/red_client.cpp | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'client')

diff --git a/client/red_client.cpp b/client/red_client.cpp
index efd9febd..afde7d27 100644
--- a/client/red_client.cpp
+++ b/client/red_client.cpp
@@ -260,9 +260,15 @@ void* Migrate::worker_main(void *data)
 
 void Migrate::start(const SpiceMsgMainMigrationBegin* migrate)
 {
+    std::string cert_subject;
+    uint32_t peer_major;
+    uint32_t peer_minor;
+
     DBG(0, "");
     abort();
-    if ((_client.get_peer_major() == 1) && (_client.get_peer_minor() < 1)) {
+    peer_major = _client.get_peer_major();
+    peer_minor = _client.get_peer_minor();
+    if ((peer_major == 1) && (peer_minor < 1)) {
         LOG_INFO("server minor version incompatible for destination authentication"
                  "(missing dest pubkey in SpiceMsgMainMigrationBegin)");
         OldRedMigrationBegin* old_migrate = (OldRedMigrationBegin*)migrate;
@@ -274,8 +280,19 @@ void Migrate::start(const SpiceMsgMainMigrationBegin* migrate)
         _host.assign((char *)migrate->host_data);
         _port = migrate->port ? migrate->port : -1;
         _sport = migrate->sport ? migrate->sport : -1;
-        _auth_options.type_flags = SPICE_SSL_VERIFY_OP_PUBKEY;
-        _auth_options.host_pubkey.assign(migrate->pub_key_data, migrate->pub_key_data + migrate->pub_key_size);
+        if ((peer_major == 1) || (peer_major == 2 && peer_minor < 1)) {
+            _auth_options.type_flags = SPICE_SSL_VERIFY_OP_PUBKEY;
+            _auth_options.host_pubkey.assign(migrate->pub_key_data, migrate->pub_key_data +
+                                             migrate->pub_key_size);
+        } else {
+            _auth_options.type_flags = SPICE_SSL_VERIFY_OP_SUBJECT;
+            _auth_options.CA_file =  _client.get_host_auth_options().CA_file;
+            if (migrate->cert_subject_size != 0) {
+                _auth_options.host_subject.assign(migrate->cert_subject_data,
+                                                  migrate->cert_subject_data +
+                                                  migrate->cert_subject_size);
+            }
+        }
     }
 
     _con_ciphers = _client.get_connection_ciphers();
-- 
cgit