Since oVirt engine version 4.3.2.1, the API returns certificate data for display connection in the VM XML, so users do not need to specify it from the command line anymore. The certificate obtained from the XML gets precedence over the one from the command line, which is still kept to keep compatibility of older versions of oVirt. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1402909 Signed-off-by: Eduardo Lima (Etrunko) <etrunko@xxxxxxxxxx> --- src/remote-viewer.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/remote-viewer.c b/src/remote-viewer.c index 8eaa72e..2450096 100644 --- a/src/remote-viewer.c +++ b/src/remote-viewer.c @@ -540,7 +540,8 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err) #ifdef HAVE_SPICE_GTK if (type == OVIRT_VM_DISPLAY_SPICE) { SpiceSession *session; - GByteArray *ca_cert; + GByteArray *ca_cert = NULL; + const char *from = "display"; session = remote_viewer_get_spice_session(REMOTE_VIEWER(app)); g_object_set(G_OBJECT(session), @@ -548,12 +549,19 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err) "cert-subject", host_subject, "proxy", proxy_url, NULL); - g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL); + + g_object_get(G_OBJECT(display), "ca-cert", &ca_cert, NULL); + if (ca_cert == NULL) { + g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL); + from = "proxy"; + } + if (ca_cert != NULL) { g_object_set(G_OBJECT(session), "ca", ca_cert, NULL); g_byte_array_unref(ca_cert); + g_debug("Using ca-cert from %s", from); } } #endif -- 2.21.0 _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
