[gnome-boxes] ovirt: Add a way to set the SPICE host subject

From: Christophe Fergeau <teuf src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-boxes] ovirt: Add a way to set the SPICE host subject
Date: Fri, 15 Feb 2013 17:14:12 +0000 (UTC)

commit 78661025ff7a8ebfef3b3d665c84375319578f7a
Author: Christophe Fergeau <cfergeau redhat com>
Date:   Thu Jun 21 13:58:04 2012 +0200

    ovirt: Add a way to set the SPICE host subject
    
    In some circumstances, the certificate the SPICE host we are
    connecting to will not be valid for the IP we are connecting to.
    When this happens, a 'host subject' has to be provided to spice-gtk
    so that it can authenticate the host it's connecting to.
    This has been implemented very recently in oVirt 3.1 REST API, see
    https://bugzilla.redhat.com/show_bug.cgi?id=807384 but requires
    some non-trivial work in libgovirt. In the mean time, add a
    BOXES_SPICE_HOST_SUBJECT environment variable for the cases when
    it's required, but it's really a hack and should be solved by using
    this new REST API.
    
    The host subject looks like O=organization,CN=hostname, where organization
    is an arbitrary organization name, and hostname is the hostname/IP
    the certificate was generated for. If the host address hasn't changed,
    its IP should work. It can happen that the host address isn't the SPICE address
    we are connecting to since oVirt can have different management/display addresses.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=681747

 src/spice-display.vala |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/src/spice-display.vala b/src/spice-display.vala
index 048f246..458b1dd 100644
--- a/src/spice-display.vala
+++ b/src/spice-display.vala
@@ -91,6 +91,11 @@ private class Boxes.SpiceDisplay: Boxes.Display {
 
         if (tls_port != 0)
             session.tls_port = tls_port.to_string ();
+
+        // FIXME: remove this once libgovirt has proper support for
+        // getting the SPICE host subject, it's useful for testing purpose
+        // in the mean time
+        session.cert_subject = GLib.Environment.get_variable ("BOXES_SPICE_HOST_SUBJECT");
     }
 
     public SpiceDisplay.with_uri (BoxConfig config, string uri) {

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]