[Spice-devel] [PATCH spice-gtk] Empty host subject from qemu should only validate hostname
Marc-André Lureau
marcandre.lureau at gmail.com
Thu Oct 18 10:41:35 PDT 2012
Validate empty host subject from qemu exactly like when no explicit
host subject is specified.
https://bugzilla.redhat.com/show_bug.cgi?id=858228
---
gtk/channel-main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/gtk/channel-main.c b/gtk/channel-main.c
index 21428cf..6b9ba8d 100644
--- a/gtk/channel-main.c
+++ b/gtk/channel-main.c
@@ -1729,6 +1729,10 @@ static gboolean migrate_connect(gpointer data)
"verify", SPICE_SESSION_VERIFY_PUBKEY,
NULL);
g_byte_array_unref(pubkey);
+ } else if (info->cert_subject_size == 0 ||
+ strlen((const char*)info->cert_subject_data) == 0) {
+ /* only verify hostname if no cert subject */
+ g_object_set(mig->session, "verify", SPICE_SESSION_VERIFY_HOSTNAME, NULL);
} else {
gchar *subject = g_alloca(info->cert_subject_size + 1);
strncpy(subject, (const char*)info->cert_subject_data, info->cert_subject_size);
--
1.7.11.7
More information about the Spice-devel
mailing list