diff options
| author | Colin Walters <walters@verbum.org> | 2014-05-01 10:23:11 -0400 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2014-05-01 10:23:11 -0400 |
| commit | 64b4ec6ef09fe367e1356861a2174802229b404c (patch) | |
| tree | 05f4e8d5fcba379f043dff060c137023be3d9a68 | |
| parent | 94f9ee7bcedaf29ed3d84aacaada50aac7644415 (diff) | |
| download | ostree-64b4ec6ef09fe367e1356861a2174802229b404c.tar.gz | |
Revert "pull: Add tls-client-cert-{path,key}"
This reverts commit 94f9ee7bcedaf29ed3d84aacaada50aac7644415.
Doesn't actually work, see
https://bugzilla.gnome.org/show_bug.cgi?id=334021
| -rw-r--r-- | doc/ostree.repo-config.xml | 20 | ||||
| -rw-r--r-- | src/libostree/ostree-fetcher.c | 21 | ||||
| -rw-r--r-- | src/libostree/ostree-fetcher.h | 3 | ||||
| -rw-r--r-- | src/libostree/ostree-repo-pull.c | 35 |
4 files changed, 1 insertions, 78 deletions
diff --git a/doc/ostree.repo-config.xml b/doc/ostree.repo-config.xml index 42408143..07244d03 100644 --- a/doc/ostree.repo-config.xml +++ b/doc/ostree.repo-config.xml @@ -104,30 +104,12 @@ Boston, MA 02111-1307, USA. <varlistentry> <term><varname>gpg-verify</varname></term> - <listitem><para>A boolean value, defaults to true. + <listitem><para>A boolean value, defaults to <tt>true</tt>. Controls whether or not OSTree will require commits to be signed by a known GPG key. For more information, see the <citerefentry><refentrytitle>ostree</refentrytitle><manvolnum>1</manvolnum></citerefentry> manual under GPG.</para></listitem> </varlistentry> - - <varlistentry> - <term><varname>tls-permissive</varname></term> - <listitem><para>A boolean value, defaults to false. By - default, server TLS certificates will be checked against the - system certificate store. If this variable is set, any - certificate will be accepted.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>tls-client-cert-path</varname></term> - <listitem><para>Path to file for client-side certificate, to present when making requests to this repository.</para></listitem> - </varlistentry> - - <varlistentry> - <term><varname>tls-client-key-path</varname></term> - <listitem><para>Path to file containing client-side certificate key, to present when making requests to this repository.</para></listitem> - </varlistentry> </variablelist> </refsect1> diff --git a/src/libostree/ostree-fetcher.c b/src/libostree/ostree-fetcher.c index 696112ee..c8db3a08 100644 --- a/src/libostree/ostree-fetcher.c +++ b/src/libostree/ostree-fetcher.c @@ -79,8 +79,6 @@ struct OstreeFetcher GFile *tmpdir; - GTlsCertificate *client_cert; - SoupSession *session; SoupRequester *requester; @@ -109,7 +107,6 @@ ostree_fetcher_finalize (GObject *object) g_clear_object (&self->session); g_clear_object (&self->tmpdir); - g_clear_object (&self->client_cert); g_hash_table_destroy (self->sending_messages); g_hash_table_destroy (self->message_to_request); @@ -178,9 +175,6 @@ ostree_fetcher_init (OstreeFetcher *self) } } - if (g_getenv ("OSTREE_DEBUG_HTTP")) - soup_session_add_feature (self->session, (SoupSessionFeature*)soup_logger_new (SOUP_LOGGER_LOG_BODY, 500)); - self->requester = (SoupRequester *)soup_session_get_feature (self->session, SOUP_TYPE_REQUESTER); g_object_get (self->session, "max-conns-per-host", &max_conns, NULL); self->max_outstanding = 3 * max_conns; @@ -210,14 +204,6 @@ ostree_fetcher_new (GFile *tmpdir, return self; } -void -ostree_fetcher_set_client_cert (OstreeFetcher *fetcher, - GTlsCertificate *cert) -{ - g_clear_object (&fetcher->client_cert); - fetcher->client_cert = g_object_ref (cert); -} - static void on_request_sent (GObject *object, GAsyncResult *result, gpointer user_data); @@ -229,13 +215,6 @@ ostree_fetcher_process_pending_queue (OstreeFetcher *self) self->outstanding < self->max_outstanding) { OstreeFetcherPendingURI *next = g_queue_pop_head (&self->pending_queue); - - if (self->client_cert) - { - gs_unref_object SoupMessage *message = soup_request_http_get_message ((SoupRequestHTTP*)next->request); - g_object_set (message, "tls-certificate", self->client_cert, NULL); - } - self->outstanding++; soup_request_send_async (next->request, next->cancellable, on_request_sent, next); diff --git a/src/libostree/ostree-fetcher.h b/src/libostree/ostree-fetcher.h index 928d2a35..220bd931 100644 --- a/src/libostree/ostree-fetcher.h +++ b/src/libostree/ostree-fetcher.h @@ -54,9 +54,6 @@ GType ostree_fetcher_get_type (void) G_GNUC_CONST; OstreeFetcher *ostree_fetcher_new (GFile *tmpdir, OstreeFetcherConfigFlags flags); -void ostree_fetcher_set_client_cert (OstreeFetcher *fetcher, - GTlsCertificate *cert); - char * ostree_fetcher_query_state_text (OstreeFetcher *self); guint64 ostree_fetcher_bytes_transferred (OstreeFetcher *self); diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c index e3e5a775..427bd924 100644 --- a/src/libostree/ostree-repo-pull.c +++ b/src/libostree/ostree-repo-pull.c @@ -1086,41 +1086,6 @@ ostree_repo_pull (OstreeRepo *self, pull_data->fetcher = ostree_fetcher_new (pull_data->repo->tmp_dir, fetcher_flags); - { - gs_free char *tls_client_cert_path = NULL; - gs_free char *tls_client_key_path = NULL; - - if (!ot_keyfile_get_value_with_default (config, remote_key, - "tls-client-cert-path", - NULL, &tls_client_cert_path, error)) - goto out; - if (!ot_keyfile_get_value_with_default (config, remote_key, - "tls-client-key-path", - NULL, &tls_client_key_path, error)) - goto out; - - if ((tls_client_cert_path != NULL) != (tls_client_key_path != NULL)) - { - g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, - "\"%s\" must specify both \"tls-client-cert-path\" and \"tls-client-key-path\"", remote_key); - goto out; - } - else if (tls_client_cert_path) - { - gs_unref_object GTlsCertificate *client_cert = NULL; - - g_assert (tls_client_key_path); - - client_cert = g_tls_certificate_new_from_files (tls_client_cert_path, - tls_client_key_path, - error); - if (!client_cert) - goto out; - - ostree_fetcher_set_client_cert (pull_data->fetcher, client_cert); - } - } - if (!pull_data->base_uri) { g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED, |