The CA certificate to use to authenticate the various hosts in an oVirt instance can be fetched from https://ovirt.example.com/ca.crt. However, the gio API we are using does not seem to be checking the server-side certificate of ovirt.example.com before connecting to it, which could lead to man-in-the-middle attacks. Now that the CA certificate to use can be specified from the command line using --ovirt-ca-file, we can remove this automatic fetching of the CA certificate. --- src/remote-viewer.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/remote-viewer.c b/src/remote-viewer.c index caed39f..c2d77d2 100644 --- a/src/remote-viewer.c +++ b/src/remote-viewer.c @@ -748,12 +748,6 @@ create_ovirt_session(VirtViewerApp *app, const char *uri) g_signal_connect(G_OBJECT(proxy), "authenticate", G_CALLBACK(authenticate_cb), app); - ovirt_proxy_fetch_ca_certificate(proxy, &error); - if (error != NULL) { - g_debug("failed to get CA certificate: %s", error->message); - goto error; - } - api = ovirt_proxy_fetch_api(proxy, &error); if (error != NULL) { g_debug("failed to get oVirt 'api' collection: %s", error->message); -- 1.8.3.1 _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
