[libgovirt] Don't force ssl-strict to FALSE on RestProxy instances



commit fa41bdd292e29314477920d0e79a4c4161e4e3dc
Author: Christophe Fergeau <cfergeau redhat com>
Date:   Mon Sep 16 11:46:15 2013 +0200

    Don't force ssl-strict to FALSE on RestProxy instances
    
    Setting this to FALSE causes most checks on the remote host SSL
    certificates to be disabled (in particular whether it should be checked
    against trusted root certificates or not). Since this is not wanted
    in most cases, and this can open the door to man-in-the-middle attacks,
    it's better to not set it to FALSE, especially now that we can pass
    the CA certs to use down to librest/libsoup.
    OvirtProxy derives from RestProxy, so client applications can disable
    this themselves if they wish to.

 govirt/ovirt-proxy.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)
---
diff --git a/govirt/ovirt-proxy.c b/govirt/ovirt-proxy.c
index 57eab35..2e2ade8 100644
--- a/govirt/ovirt-proxy.c
+++ b/govirt/ovirt-proxy.c
@@ -618,7 +618,6 @@ OvirtProxy *ovirt_proxy_new(const char *uri)
 {
     return g_object_new(OVIRT_TYPE_PROXY,
                         "url-format", uri,
-                        "ssl-strict", FALSE,
                         NULL);
 }
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]