[ostree] Revert "pull: Add tls-client-cert-{path,key}"



commit 64b4ec6ef09fe367e1356861a2174802229b404c
Author: Colin Walters <walters verbum org>
Date:   Thu May 1 10:23:11 2014 -0400

    Revert "pull: Add tls-client-cert-{path,key}"
    
    This reverts commit 94f9ee7bcedaf29ed3d84aacaada50aac7644415.
    Doesn't actually work, see
    https://bugzilla.gnome.org/show_bug.cgi?id=334021

 doc/ostree.repo-config.xml       |   20 +-------------------
 src/libostree/ostree-fetcher.c   |   21 ---------------------
 src/libostree/ostree-fetcher.h   |    3 ---
 src/libostree/ostree-repo-pull.c |   35 -----------------------------------
 4 files changed, 1 insertions(+), 78 deletions(-)
---
diff --git a/doc/ostree.repo-config.xml b/doc/ostree.repo-config.xml
index 4240814..07244d0 100644
--- a/doc/ostree.repo-config.xml
+++ b/doc/ostree.repo-config.xml
@@ -104,30 +104,12 @@ Boston, MA 02111-1307, USA.
 
       <varlistentry>
         <term><varname>gpg-verify</varname></term>
-        <listitem><para>A boolean value, defaults to true.
+        <listitem><para>A boolean value, defaults to <tt>true</tt>.
         Controls whether or not OSTree will require commits to be
         signed by a known GPG key.  For more information, see the
         <citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry>
         manual under GPG.</para></listitem>
       </varlistentry>
-
-      <varlistentry>
-        <term><varname>tls-permissive</varname></term>
-        <listitem><para>A boolean value, defaults to false.  By
-        default, server TLS certificates will be checked against the
-        system certificate store.  If this variable is set, any
-        certificate will be accepted.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><varname>tls-client-cert-path</varname></term>
-        <listitem><para>Path to file for client-side certificate, to present when making requests to this 
repository.</para></listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><varname>tls-client-key-path</varname></term>
-        <listitem><para>Path to file containing client-side certificate key, to present when making requests 
to this repository.</para></listitem>
-      </varlistentry>
     </variablelist>
 
   </refsect1>
diff --git a/src/libostree/ostree-fetcher.c b/src/libostree/ostree-fetcher.c
index 696112e..c8db3a0 100644
--- a/src/libostree/ostree-fetcher.c
+++ b/src/libostree/ostree-fetcher.c
@@ -79,8 +79,6 @@ struct OstreeFetcher
 
   GFile *tmpdir;
 
-  GTlsCertificate *client_cert;
-
   SoupSession *session;
   SoupRequester *requester;
 
@@ -109,7 +107,6 @@ ostree_fetcher_finalize (GObject *object)
 
   g_clear_object (&self->session);
   g_clear_object (&self->tmpdir);
-  g_clear_object (&self->client_cert);
 
   g_hash_table_destroy (self->sending_messages);
   g_hash_table_destroy (self->message_to_request);
@@ -178,9 +175,6 @@ ostree_fetcher_init (OstreeFetcher *self)
         }
     }
 
-  if (g_getenv ("OSTREE_DEBUG_HTTP"))
-    soup_session_add_feature (self->session, (SoupSessionFeature*)soup_logger_new (SOUP_LOGGER_LOG_BODY, 
500));
-
   self->requester = (SoupRequester *)soup_session_get_feature (self->session, SOUP_TYPE_REQUESTER);
   g_object_get (self->session, "max-conns-per-host", &max_conns, NULL);
   self->max_outstanding = 3 * max_conns;
@@ -210,14 +204,6 @@ ostree_fetcher_new (GFile                    *tmpdir,
   return self;
 }
 
-void
-ostree_fetcher_set_client_cert (OstreeFetcher *fetcher,
-                                GTlsCertificate *cert)
-{
-  g_clear_object (&fetcher->client_cert);
-  fetcher->client_cert = g_object_ref (cert);
-}
-
 static void
 on_request_sent (GObject        *object, GAsyncResult   *result, gpointer        user_data);
 
@@ -229,13 +215,6 @@ ostree_fetcher_process_pending_queue (OstreeFetcher *self)
          self->outstanding < self->max_outstanding)
     {
       OstreeFetcherPendingURI *next = g_queue_pop_head (&self->pending_queue);
-
-      if (self->client_cert)
-        {
-          gs_unref_object SoupMessage *message = soup_request_http_get_message 
((SoupRequestHTTP*)next->request);
-          g_object_set (message, "tls-certificate", self->client_cert, NULL);
-        }
-
       self->outstanding++;
       soup_request_send_async (next->request, next->cancellable,
                                on_request_sent, next);
diff --git a/src/libostree/ostree-fetcher.h b/src/libostree/ostree-fetcher.h
index 928d2a3..220bd93 100644
--- a/src/libostree/ostree-fetcher.h
+++ b/src/libostree/ostree-fetcher.h
@@ -54,9 +54,6 @@ GType   ostree_fetcher_get_type (void) G_GNUC_CONST;
 OstreeFetcher *ostree_fetcher_new (GFile                     *tmpdir,
                                    OstreeFetcherConfigFlags   flags);
 
-void ostree_fetcher_set_client_cert (OstreeFetcher *fetcher,
-                                     GTlsCertificate *cert);
-
 char * ostree_fetcher_query_state_text (OstreeFetcher              *self);
 
 guint64 ostree_fetcher_bytes_transferred (OstreeFetcher       *self);
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index e3e5a77..427bd92 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -1086,41 +1086,6 @@ ostree_repo_pull (OstreeRepo               *self,
   pull_data->fetcher = ostree_fetcher_new (pull_data->repo->tmp_dir,
                                            fetcher_flags);
 
-  {
-    gs_free char *tls_client_cert_path = NULL;
-    gs_free char *tls_client_key_path = NULL;
-
-    if (!ot_keyfile_get_value_with_default (config, remote_key,
-                                            "tls-client-cert-path",
-                                            NULL, &tls_client_cert_path, error))
-      goto out;
-    if (!ot_keyfile_get_value_with_default (config, remote_key,
-                                            "tls-client-key-path",
-                                            NULL, &tls_client_key_path, error))
-      goto out;
-
-    if ((tls_client_cert_path != NULL) != (tls_client_key_path != NULL))
-      {
-        g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                     "\"%s\" must specify both \"tls-client-cert-path\" and \"tls-client-key-path\"", 
remote_key);
-        goto out;
-      }
-    else if (tls_client_cert_path)
-      {
-        gs_unref_object GTlsCertificate *client_cert = NULL;
-
-        g_assert (tls_client_key_path);
-
-        client_cert = g_tls_certificate_new_from_files (tls_client_cert_path,
-                                                        tls_client_key_path,
-                                                        error);
-        if (!client_cert)
-          goto out;
-
-        ostree_fetcher_set_client_cert (pull_data->fetcher, client_cert);
-      }
-  }
-
   if (!pull_data->base_uri)
     {
       g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]