diff options
author | Ales Kozumplik <akozumpl@redhat.com> | 2011-07-27 17:38:39 +0200 |
---|---|---|
committer | Ales Kozumplik <akozumpl@redhat.com> | 2011-08-05 17:31:51 +0200 |
commit | bbac07a11b4604e7a3d056ebc33b36e2b69381e8 (patch) | |
tree | e507db4bbbbde67abe83c178fb1249f311b600ea /loader | |
parent | 12f5c4a9b234605b920145f4f3f90287b185c98c (diff) | |
download | anaconda-bbac07a11b4604e7a3d056ebc33b36e2b69381e8.tar.gz anaconda-bbac07a11b4604e7a3d056ebc33b36e2b69381e8.tar.xz anaconda-bbac07a11b4604e7a3d056ebc33b36e2b69381e8.zip |
ssl: 'noverifyssl' kernel boot argument.
Prevents Anaconda from verifying the ssl certificate for all https
connections with an exception of the additional repos (where --noverifyssl
can be set per repo).
For instance, this allows downloading kickstart specified as
ks=https://... where the server is using a self-signed certificate.
Resolves: rhbz#696696
Related: rhbz#728562
Diffstat (limited to 'loader')
-rw-r--r-- | loader/loader.c | 4 | ||||
-rw-r--r-- | loader/loader.h | 2 | ||||
-rw-r--r-- | loader/urls.c | 4 |
3 files changed, 7 insertions, 3 deletions
diff --git a/loader/loader.c b/loader/loader.c index b072745c4..e15667f38 100644 --- a/loader/loader.c +++ b/loader/loader.c @@ -934,6 +934,8 @@ static void parseCmdLineFlags(struct loaderData_s * loaderData) { } else if (!strcasecmp(k, "sshd")) { logMessage(INFO, "early networking required for sshd"); flags |= LOADER_FLAGS_EARLY_NETWORKING; + } else if (!strcasecmp(k, "noverifyssl")) { + flags |= LOADER_FLAGS_NOVERIFYSSL; } else if (v != NULL) { /* boot arguments that are of the form name=value */ /* all arguments in this block require the value */ @@ -2377,7 +2379,7 @@ int main(int argc, char ** argv) { } } - if (loaderData.instRepo_noverifyssl) { + if (loaderData.instRepo_noverifyssl || FL_NOVERIFYSSL(flags)) { *argptr++ = "--noverifyssl"; } diff --git a/loader/loader.h b/loader/loader.h index 68b03f6ca..46031586e 100644 --- a/loader/loader.h +++ b/loader/loader.h @@ -72,6 +72,7 @@ #define LOADER_FLAGS_KICKSTART_SEND_SERIAL (((uint64_t) 1) << 39) #define LOADER_FLAGS_AUTOMODDISK (((uint64_t) 1) << 40) #define LOADER_FLAGS_NOEJECT (((uint64_t) 1) << 41) +#define LOADER_FLAGS_NOVERIFYSSL (((uint64_t) 1) << 42) #define FL_TEXT(a) ((a) & LOADER_FLAGS_TEXT) #define FL_RESCUE(a) ((a) & LOADER_FLAGS_RESCUE) @@ -107,6 +108,7 @@ #define FL_KICKSTART_SEND_SERIAL(a) ((a) & LOADER_FLAGS_KICKSTART_SEND_SERIAL) #define FL_AUTOMODDISK(a) ((a) & LOADER_FLAGS_AUTOMODDISK) #define FL_NOEJECT(a) ((a) & LOADER_FLAGS_NOEJECT) +#define FL_NOVERIFYSSL(a) ((a) & LOADER_FLAGS_NOVERIFYSSL) void doExit(int) __attribute__ ((noreturn)); void startNewt(void); diff --git a/loader/urls.c b/loader/urls.c index b5f0a0a7c..f96e1e3c6 100644 --- a/loader/urls.c +++ b/loader/urls.c @@ -163,8 +163,8 @@ int urlinstTransfer(struct loaderData_s *loaderData, const char *src, curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); } - - if (loaderData->instRepo_noverifyssl) { + + if (loaderData->instRepo_noverifyssl || FL_NOVERIFYSSL(flags)) { curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); } |