From a1aebc1321f69e419bacb3acab8155ea0ac53fe2 Mon Sep 17 00:00:00 2001 From: Mohammed Morsi Date: Tue, 28 Apr 2009 11:33:42 -0400 Subject: [PATCH] cleaned up ssl bits, --check-certificate command line flag works again ssl disabled by default as curl requires a CA for certificates, and peer / host verification must be disabled for self-signing certificates http://curl.netmirror.org/docs/sslcerts.html --- main.c | 6 ++++-- wui_thread.c | 4 ---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/main.c b/main.c index 390046a..0a9209e 100644 --- a/main.c +++ b/main.c @@ -58,7 +58,9 @@ gboolean debug = 0; * configure or on the command line. */ const char *cainfo = CAINFO; -gboolean check_cert = TRUE; +gboolean check_cert = FALSE; // do we want this enabled by default ? + // would require a CA by default (self-signed wont work) + // (don't set to true, change var/flag to no_check_cert) /* Private functions. */ static void start_ui (void); @@ -148,7 +150,7 @@ static const GOptionEntry options[] = { { "cainfo", 0, 0, G_OPTION_ARG_STRING, &cainfo, "set the path of the CA certificate bundle", NULL }, { "check-certificate", 0, 0, G_OPTION_ARG_NONE, &check_cert, - "if --no-check-certificate is passed we don't check the SSL certificate of the server", NULL }, + "check the SSL certificate of the server", NULL }, { "debug", 'd', 0, G_OPTION_ARG_NONE, &debug, "turn on debugging messages", NULL }, { "version", 'V', 0, G_OPTION_ARG_NONE, &print_version, diff --git a/wui_thread.c b/wui_thread.c index c51c43f..9dab95c 100644 --- a/wui_thread.c +++ b/wui_thread.c @@ -669,10 +669,6 @@ do_login (void) CURL_CHECK_ERROR (curl_easy_setopt, (curl, CURLOPT_FOLLOWLOCATION, (long) 1)); CURL_CHECK_ERROR (curl_easy_setopt, (curl, CURLOPT_MAXREDIRS, (long) 10)); - // FIXME when ssl is introduced into ovirt-viewer, remove there two lines - CURL_CHECK_ERROR(curl_easy_setopt, (curl, CURLOPT_SSL_VERIFYHOST, 0)); - CURL_CHECK_ERROR(curl_easy_setopt, (curl, CURLOPT_SSL_VERIFYPEER, 0)); - /* Try to fetch the URI. */ r = CURL_CHECK_ERROR (curl_easy_perform, (curl)); if (r != CURLE_OK) { -- 1.8.3.1