diff options
author | Christophe Fergeau <cfergeau@redhat.com> | 2016-04-08 16:48:22 +0200 |
---|---|---|
committer | Christophe Fergeau <cfergeau@redhat.com> | 2016-04-08 16:48:22 +0200 |
commit | b6e1178687b70f833e2dc1a700cfea2a052570e3 (patch) | |
tree | ea4b694ad8bc245a25419a307144bc0e10321629 | |
parent | 6ed718ec0103b302ff6c38f22ee4256d2a656c9f (diff) |
Revert "proxy: Improve NULL CA handling in set_tmp_ca_file"
This reverts commit 5c8f3c33e6ceb46d14a501dae9f03c40eb81ef49.
Being able to set a NULL CA certificate after setting a non-NULL one
would require some changes in libsoup. Since we are using a deprecated
libsoup property (ssl-ca-file), this is unlikely to go upstream at this
point, see https://bugzilla.gnome.org/show_bug.cgi?id=754825
As this also causes breakage with upstream libsoup (certificate check
failures when trying to connect to an oVirt instance), it's better to
revert this patch for now.
-rw-r--r-- | govirt/ovirt-proxy.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/govirt/ovirt-proxy.c b/govirt/ovirt-proxy.c index 887d15b..a79a6ac 100644 --- a/govirt/ovirt-proxy.c +++ b/govirt/ovirt-proxy.c @@ -444,14 +444,16 @@ static void ovirt_proxy_set_tmp_ca_file(OvirtProxy *proxy, const char *ca_file) { ovirt_proxy_free_tmp_ca_file(proxy); proxy->priv->tmp_ca_file = g_strdup(ca_file); - /* We block invokations of ssl_ca_file_changed() using the 'setting_ca_file' boolean - * g_signal_handler_{un,}block is not working well enough as - * ovirt_proxy_set_tmp_ca_file() can be called as part of a g_object_set call, - * and unblocking "notify::ssl-ca-file" right after setting its value - * is not enough to prevent ssl_ca_file_changed() from running. - */ - proxy->priv->setting_ca_file = TRUE; - g_object_set(G_OBJECT(proxy), "ssl-ca-file", ca_file, NULL); + if (ca_file != NULL) { + /* We block invokations of ssl_ca_file_changed() using the 'setting_ca_file' boolean + * g_signal_handler_{un,}block is not working well enough as + * ovirt_proxy_set_tmp_ca_file() can be called as part of a g_object_set call, + * and unblocking "notify::ssl-ca-file" right after setting its value + * is not enough to prevent ssl_ca_file_changed() from running. + */ + proxy->priv->setting_ca_file = TRUE; + g_object_set(G_OBJECT(proxy), "ssl-ca-file", ca_file, NULL); + } } |