[ostree] pull: Add "tls-permissive" config option to disable SSL/TLS certificate checks
- From: Colin Walters <walters src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [ostree] pull: Add "tls-permissive" config option to disable SSL/TLS certificate checks
- Date: Tue, 9 Jul 2013 19:42:48 +0000 (UTC)
commit a181310a49ced1724a9fee03d7efab3f56b85dcd
Author: Colin Walters <walters verbum org>
Date: Tue Jul 9 15:40:20 2013 -0400
pull: Add "tls-permissive" config option to disable SSL/TLS certificate checks
Like GIT_SSL_NO_VERIFY=true, available for the same reasons.
src/ostree/ostree-fetcher.c | 5 ++++-
src/ostree/ostree-fetcher.h | 8 +++++++-
src/ostree/ostree-pull.c | 12 +++++++++++-
3 files changed, 22 insertions(+), 3 deletions(-)
---
diff --git a/src/ostree/ostree-fetcher.c b/src/ostree/ostree-fetcher.c
index f55b318..2262467 100644
--- a/src/ostree/ostree-fetcher.c
+++ b/src/ostree/ostree-fetcher.c
@@ -153,11 +153,14 @@ ostree_fetcher_init (OstreeFetcher *self)
}
OstreeFetcher *
-ostree_fetcher_new (GFile *tmpdir)
+ostree_fetcher_new (GFile *tmpdir,
+ OstreeFetcherConfigFlags flags)
{
OstreeFetcher *self = (OstreeFetcher*)g_object_new (OSTREE_TYPE_FETCHER, NULL);
self->tmpdir = g_object_ref (tmpdir);
+ if ((flags & OSTREE_FETCHER_FLAGS_TLS_PERMISSIVE) > 0)
+ g_object_set ((GObject*)self->session, "ssl-strict", FALSE, NULL);
return self;
}
diff --git a/src/ostree/ostree-fetcher.h b/src/ostree/ostree-fetcher.h
index 4f6897e..4692f6a 100644
--- a/src/ostree/ostree-fetcher.h
+++ b/src/ostree/ostree-fetcher.h
@@ -43,9 +43,15 @@ struct OstreeFetcherClass
GObjectClass parent_class;
};
+typedef enum {
+ OSTREE_FETCHER_FLAGS_NONE = 0,
+ OSTREE_FETCHER_FLAGS_TLS_PERMISSIVE = (1 << 0)
+} OstreeFetcherConfigFlags;
+
GType ostree_fetcher_get_type (void) G_GNUC_CONST;
-OstreeFetcher *ostree_fetcher_new (GFile *tmpdir);
+OstreeFetcher *ostree_fetcher_new (GFile *tmpdir,
+ OstreeFetcherConfigFlags flags);
char * ostree_fetcher_query_state_text (OstreeFetcher *self);
diff --git a/src/ostree/ostree-pull.c b/src/ostree/ostree-pull.c
index 9314406..5692cc8 100644
--- a/src/ostree/ostree-pull.c
+++ b/src/ostree/ostree-pull.c
@@ -1196,6 +1196,8 @@ ostree_builtin_pull (int argc, char **argv, GFile *repo_path, GError **error)
gpointer key, value;
int i;
GCancellable *cancellable = NULL;
+ gboolean tls_permissive = FALSE;
+ OstreeFetcherConfigFlags fetcher_flags = 0;
gs_free char *remote_key = NULL;
gs_unref_object OstreeRepo *repo = NULL;
gs_free char *remote_config_content = NULL;
@@ -1250,7 +1252,6 @@ ostree_builtin_pull (int argc, char **argv, GFile *repo_path, GError **error)
start_time = g_get_monotonic_time ();
pull_data->remote_name = g_strdup (argv[1]);
- pull_data->fetcher = ostree_fetcher_new (ostree_repo_get_tmpdir (pull_data->repo));
config = ostree_repo_get_config (repo);
remote_key = g_strdup_printf ("remote \"%s\"", pull_data->remote_name);
@@ -1258,6 +1259,15 @@ ostree_builtin_pull (int argc, char **argv, GFile *repo_path, GError **error)
goto out;
pull_data->base_uri = soup_uri_new (baseurl);
+ if (!ot_keyfile_get_boolean_with_default (config, remote_key, "tls-permissive",
+ FALSE, &tls_permissive, error))
+ goto out;
+ if (tls_permissive)
+ fetcher_flags |= OSTREE_FETCHER_FLAGS_TLS_PERMISSIVE;
+
+ pull_data->fetcher = ostree_fetcher_new (ostree_repo_get_tmpdir (pull_data->repo),
+ fetcher_flags);
+
if (!pull_data->base_uri)
{
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]