[virt-tools-list] [PATCH virt-viewer v2] remote-viewer: Prefer ca-cert from display instead of proxy

Victor Toso victortoso at redhat.com
Fri Oct 11 15:35:45 UTC 2019 

Hi,

On Fri, Oct 11, 2019 at 11:07:25AM -0300, Eduardo Lima (Etrunko) wrote:
> Since oVirt engine version 4.3.2.1, the API returns certificate data for
> display connection in the VM XML, so users do not need to specify it
> from the command line anymore. The certificate obtained from the XML
> gets precedence over the one from the command line, which is still kept
> to keep compatibility of older versions of oVirt.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1402909
> 
> Signed-off-by: Eduardo Lima (Etrunko) <etrunko at redhat.com>

Much nicer! Many thanks for that,

    Acked-by: Victor Toso <victortoso at redhat.com>

> ---
>  src/remote-viewer.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/src/remote-viewer.c b/src/remote-viewer.c
> index 8eaa72e..2450096 100644
> --- a/src/remote-viewer.c
> +++ b/src/remote-viewer.c
> @@ -540,7 +540,8 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
>  #ifdef HAVE_SPICE_GTK
>      if (type == OVIRT_VM_DISPLAY_SPICE) {
>          SpiceSession *session;
> -        GByteArray *ca_cert;
> +        GByteArray *ca_cert = NULL;
> +        const char *from = "display";
>  
>          session = remote_viewer_get_spice_session(REMOTE_VIEWER(app));
>          g_object_set(G_OBJECT(session),
> @@ -548,12 +549,19 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
>                       "cert-subject", host_subject,
>                       "proxy", proxy_url,
>                       NULL);
> -        g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL);
> +
> +        g_object_get(G_OBJECT(display), "ca-cert", &ca_cert, NULL);
> +        if (ca_cert == NULL) {
> +            g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL);
> +            from = "proxy";
> +        }
> +
>          if (ca_cert != NULL) {
>              g_object_set(G_OBJECT(session),
>                      "ca", ca_cert,
>                      NULL);
>              g_byte_array_unref(ca_cert);
> +            g_debug("Using ca-cert from %s", from);
>          }
>      }
>  #endif
> -- 
> 2.21.0
> 
> _______________________________________________
> virt-tools-list mailing list
> virt-tools-list at redhat.com
> https://www.redhat.com/mailman/listinfo/virt-tools-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20191011/1ab10699/attachment.sig>

More information about the virt-tools-list mailing list