[libgovirt] Don't force ssl-strict to FALSE on RestProxy instances
- From: Christophe Fergeau <teuf src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libgovirt] Don't force ssl-strict to FALSE on RestProxy instances
- Date: Tue, 8 Oct 2013 17:06:22 +0000 (UTC)
commit fa41bdd292e29314477920d0e79a4c4161e4e3dc
Author: Christophe Fergeau <cfergeau redhat com>
Date: Mon Sep 16 11:46:15 2013 +0200
Don't force ssl-strict to FALSE on RestProxy instances
Setting this to FALSE causes most checks on the remote host SSL
certificates to be disabled (in particular whether it should be checked
against trusted root certificates or not). Since this is not wanted
in most cases, and this can open the door to man-in-the-middle attacks,
it's better to not set it to FALSE, especially now that we can pass
the CA certs to use down to librest/libsoup.
OvirtProxy derives from RestProxy, so client applications can disable
this themselves if they wish to.
govirt/ovirt-proxy.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
---
diff --git a/govirt/ovirt-proxy.c b/govirt/ovirt-proxy.c
index 57eab35..2e2ade8 100644
--- a/govirt/ovirt-proxy.c
+++ b/govirt/ovirt-proxy.c
@@ -618,7 +618,6 @@ OvirtProxy *ovirt_proxy_new(const char *uri)
{
return g_object_new(OVIRT_TYPE_PROXY,
"url-format", uri,
- "ssl-strict", FALSE,
NULL);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]