diff options
author | Colin Walters <walters@verbum.org> | 2014-07-01 08:50:05 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2014-07-01 08:53:39 -0400 |
commit | 772409e945aa1f5d8e6c20c233fa36dda80950d8 (patch) | |
tree | 8d1a39bf35ca46c2837760651d0b7df741f1a444 | |
parent | f60bac45fdf9e9b1b8f663f859ffdee190f2fd0c (diff) | |
download | ostree-772409e945aa1f5d8e6c20c233fa36dda80950d8.tar.gz |
pull: Only set ca path if we actually have a setting for it
Otherwise, GTlsFileDatabase ends up accepting NULL for anchors, and
then we don't trust any CAs at all.
https://bugzilla.gnome.org/show_bug.cgi?id=726256
-rw-r--r-- | src/libostree/ostree-repo-pull.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c index 7d3ad262..2cdc6c15 100644 --- a/src/libostree/ostree-repo-pull.c +++ b/src/libostree/ostree-repo-pull.c @@ -1138,11 +1138,14 @@ ostree_repo_pull (OstreeRepo *self, NULL, &tls_ca_path, error)) goto out; - db = g_tls_file_database_new (tls_ca_path, error); - if (!db) - goto out; - - _ostree_fetcher_set_tls_database (pull_data->fetcher, db); + if (tls_ca_path) + { + db = g_tls_file_database_new (tls_ca_path, error); + if (!db) + goto out; + + _ostree_fetcher_set_tls_database (pull_data->fetcher, db); + } } if (!pull_data->base_uri) |