From b63e90f1f9a647aa40bb9abd0129cefd849a2f21 Mon Sep 17 00:00:00 2001 From: "Eduardo Lima (Etrunko)" Date: Thu, 3 Oct 2019 15:38:43 -0300 Subject: [PATCH] remote-viewer: Prefer ca-cert from display instead of proxy Since oVirt engine version 4.3.2.1, the API returns certificate data for display connection in the VM XML, so users do not need to specify it from the command line anymore. The certificate obtained from the XML gets precedence over the one from the command line, which is still kept to keep compatibility of older versions of oVirt. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1402909 Signed-off-by: Eduardo Lima (Etrunko) --- src/remote-viewer.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/remote-viewer.c b/src/remote-viewer.c index 8eaa72e..2450096 100644 --- a/src/remote-viewer.c +++ b/src/remote-viewer.c @@ -540,7 +540,8 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err) #ifdef HAVE_SPICE_GTK if (type == OVIRT_VM_DISPLAY_SPICE) { SpiceSession *session; - GByteArray *ca_cert; + GByteArray *ca_cert = NULL; + const char *from = "display"; session = remote_viewer_get_spice_session(REMOTE_VIEWER(app)); g_object_set(G_OBJECT(session), @@ -548,12 +549,19 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err) "cert-subject", host_subject, "proxy", proxy_url, NULL); - g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL); + + g_object_get(G_OBJECT(display), "ca-cert", &ca_cert, NULL); + if (ca_cert == NULL) { + g_object_get(G_OBJECT(proxy), "ca-cert", &ca_cert, NULL); + from = "proxy"; + } + if (ca_cert != NULL) { g_object_set(G_OBJECT(session), "ca", ca_cert, NULL); g_byte_array_unref(ca_cert); + g_debug("Using ca-cert from %s", from); } } #endif