On 09/25/2013 09:56 AM, Christophe Fergeau wrote:
On Tue, Sep 24, 2013 at 08:47:37PM +0300, Uri Lublin wrote:
It seems better to me that spice-common would check whatever it is
asked, via v->verifyop,
and not return after the first successful test.
If hostname is known to be wrong, it should not be checked (its flag
should be off).
The problem is that we are not doing this at the moment,
spice_set_session_option() will set v->verifyop to
SPICE_SSL_VERIFY_OP_HOSTNAME | SPICE_SSL_VERIFY_OP_SUBJECT if a
host subject was specified. VirtViewerSessionSpice::fill_session()
will do the same, and I suspect it's the same for the controller code.
The only reason to specify a host subject is when we know the hostname will
not be correct to verify the host TLS certificate.
If we want to use your patch, we need to change v->verifyop prior to the SSL
verification to remove SPICE_SSL_VERIFY_HOSTNAME when both
SPICE_SSL_VERIFY_OP_HOSTNAME and SPICE_SSL_VERIFY_OP_SUBJECT are set.
Right, but that change follows the "host-subject overrides hostname" rule,
mentioned in a previous email.
Anyway, I don't feel strongly about that, and the patch itself is doing
what it claims to be doing and it solves the bug.
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel