[libgovirt] Revert "proxy: Improve NULL CA handling in set_tmp_ca_file"

From: Christophe Fergeau <teuf src gnome org>
To: commits-list gnome org
Cc:
Subject: [libgovirt] Revert "proxy: Improve NULL CA handling in set_tmp_ca_file"
Date: Fri, 8 Apr 2016 14:50:42 +0000 (UTC)

commit b6e1178687b70f833e2dc1a700cfea2a052570e3
Author: Christophe Fergeau <cfergeau redhat com>
Date:   Fri Apr 8 16:48:22 2016 +0200

    Revert "proxy: Improve NULL CA handling in set_tmp_ca_file"
    
    This reverts commit 5c8f3c33e6ceb46d14a501dae9f03c40eb81ef49.
    
    Being able to set a NULL CA certificate after setting a non-NULL one
    would require some changes in libsoup. Since we are using a deprecated
    libsoup property (ssl-ca-file), this is unlikely to go upstream at this
    point, see https://bugzilla.gnome.org/show_bug.cgi?id=754825
    As this also causes breakage with upstream libsoup (certificate check
    failures when trying to connect to an oVirt instance), it's better to
    revert this patch for now.

 govirt/ovirt-proxy.c |   18 ++++++++++--------
 1 files changed, 10 insertions(+), 8 deletions(-)
---
diff --git a/govirt/ovirt-proxy.c b/govirt/ovirt-proxy.c
index 887d15b..a79a6ac 100644
--- a/govirt/ovirt-proxy.c
+++ b/govirt/ovirt-proxy.c
@@ -444,14 +444,16 @@ static void ovirt_proxy_set_tmp_ca_file(OvirtProxy *proxy, const char *ca_file)
 {
     ovirt_proxy_free_tmp_ca_file(proxy);
     proxy->priv->tmp_ca_file = g_strdup(ca_file);
-    /* We block invokations of ssl_ca_file_changed() using the 'setting_ca_file' boolean
-     * g_signal_handler_{un,}block is not working well enough as
-     * ovirt_proxy_set_tmp_ca_file() can be called as part of a g_object_set call,
-     * and unblocking "notify::ssl-ca-file" right after setting its value
-     * is not enough to prevent ssl_ca_file_changed() from running.
-     */
-    proxy->priv->setting_ca_file = TRUE;
-    g_object_set(G_OBJECT(proxy), "ssl-ca-file", ca_file, NULL);
+    if (ca_file != NULL) {
+        /* We block invokations of ssl_ca_file_changed() using the 'setting_ca_file' boolean
+         * g_signal_handler_{un,}block is not working well enough as
+         * ovirt_proxy_set_tmp_ca_file() can be called as part of a g_object_set call,
+         * and unblocking "notify::ssl-ca-file" right after setting its value
+         * is not enough to prevent ssl_ca_file_changed() from running.
+         */
+        proxy->priv->setting_ca_file = TRUE;
+        g_object_set(G_OBJECT(proxy), "ssl-ca-file", ca_file, NULL);
+    }
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]