[libgovirt] proxy: Improve NULL CA handling in set_tmp_ca_file

From: Christophe Fergeau <teuf src gnome org>
To: commits-list gnome org
Cc:
Subject: [libgovirt] proxy: Improve NULL CA handling in set_tmp_ca_file
Date: Thu, 6 Aug 2015 16:31:30 +0000 (UTC)

commit 5c8f3c33e6ceb46d14a501dae9f03c40eb81ef49
Author: Christophe Fergeau <cfergeau redhat com>
Date:   Tue Jul 28 10:55:00 2015 +0200

    proxy: Improve NULL CA handling in set_tmp_ca_file
    
    We make sure not to set RestProxy::ssl-ca-file when the 'ca_file'
    argument to ovirt_proxy_set_tmp_ca_file() is NULL. This was added in
    order to prevent an infinite notification loop involving
    ssl_ca_file_changed(). However, since the previous commit, this infinite
    loop no longer happens, and not clearing RestProxy::ssl-ca-file when we
    have removed the corresponding temporary file results in an inconsistent
    situation.

 govirt/ovirt-proxy.c |   18 ++++++++----------
 1 files changed, 8 insertions(+), 10 deletions(-)
---
diff --git a/govirt/ovirt-proxy.c b/govirt/ovirt-proxy.c
index aa55c85..146143c 100644
--- a/govirt/ovirt-proxy.c
+++ b/govirt/ovirt-proxy.c
@@ -444,16 +444,14 @@ static void ovirt_proxy_set_tmp_ca_file(OvirtProxy *proxy, const char *ca_file)
 {
     ovirt_proxy_free_tmp_ca_file(proxy);
     proxy->priv->tmp_ca_file = g_strdup(ca_file);
-    if (ca_file != NULL) {
-        /* We block invokations of ssl_ca_file_changed() using the 'setting_ca_file' boolean
-         * g_signal_handler_{un,}block is not working well enough as
-         * ovirt_proxy_set_tmp_ca_file() can be called as part of a g_object_set call,
-         * and unblocking "notify::ssl-ca-file" right after setting its value
-         * is not enough to prevent ssl_ca_file_changed() from running.
-         */
-        proxy->priv->setting_ca_file = TRUE;
-        g_object_set(G_OBJECT(proxy), "ssl-ca-file", ca_file, NULL);
-    }
+    /* We block invokations of ssl_ca_file_changed() using the 'setting_ca_file' boolean
+     * g_signal_handler_{un,}block is not working well enough as
+     * ovirt_proxy_set_tmp_ca_file() can be called as part of a g_object_set call,
+     * and unblocking "notify::ssl-ca-file" right after setting its value
+     * is not enough to prevent ssl_ca_file_changed() from running.
+     */
+    proxy->priv->setting_ca_file = TRUE;
+    g_object_set(G_OBJECT(proxy), "ssl-ca-file", ca_file, NULL);
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]