diff options
author | Christophe Fergeau <cfergeau@redhat.com> | 2013-09-17 14:30:32 +0200 |
---|---|---|
committer | Christophe Fergeau <cfergeau@redhat.com> | 2013-10-30 10:52:53 +0100 |
commit | daa499f27e372a22642f9d27113edd59f301d418 (patch) | |
tree | dff593834d894eeef4a8a340acc0c28ae59c2d24 /src/remote-viewer.c | |
parent | 9eb3747f1f0b27d5aa4c7fc9e1fccb8b21520b23 (diff) | |
download | virt-viewer-daa499f27e372a22642f9d27113edd59f301d418.tar.gz virt-viewer-daa499f27e372a22642f9d27113edd59f301d418.tar.xz virt-viewer-daa499f27e372a22642f9d27113edd59f301d418.zip |
ovirt: Don't automatically download CA certificate
The CA certificate to use to authenticate the various hosts in
an oVirt instance can be fetched from https://ovirt.example.com/ca.crt.
However, the gio API we are using does not seem to be checking the
server-side certificate of ovirt.example.com before connecting to it,
which could lead to man-in-the-middle attacks. Now that the CA
certificate to use can be specified from the command line using
--ovirt-ca-file, we can remove this automatic fetching of the CA
certificate.
Diffstat (limited to 'src/remote-viewer.c')
-rw-r--r-- | src/remote-viewer.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/src/remote-viewer.c b/src/remote-viewer.c index a4ed877..ceaddec 100644 --- a/src/remote-viewer.c +++ b/src/remote-viewer.c @@ -743,12 +743,6 @@ create_ovirt_session(VirtViewerApp *app, const char *uri) g_signal_connect(G_OBJECT(proxy), "authenticate", G_CALLBACK(authenticate_cb), app); - ovirt_proxy_fetch_ca_certificate(proxy, &error); - if (error != NULL) { - g_debug("failed to get CA certificate: %s", error->message); - goto error; - } - api = ovirt_proxy_fetch_api(proxy, &error); if (error != NULL) { g_debug("failed to get oVirt 'api' collection: %s", error->message); |