FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 07-27-2011, 03:44 PM
Ales Kozumplik
 
Default ssl: 'noverifyssl' kernel boot argument.

Prevents Anaconda from verifying the ssl certificate for all https
connections with an exception of the additional repos (where --noverifyssl
can be set per repo).

For instance, this allows downloading kickstart specified as
ks=https://... where the server is using a self-signed certificate.

Resolves: rhbz#696696
---
loader/loader.c | 4 +++-
loader/loader.h | 2 ++
loader/urls.c | 4 ++--
3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/loader/loader.c b/loader/loader.c
index 48359cc..aa26605 100644
--- a/loader/loader.c
+++ b/loader/loader.c
@@ -1108,6 +1108,8 @@ static void parseCmdLineFlags(struct loaderData_s * loaderData,
else if (!strncasecmp(argv[i], "proxy=", 6))
splitProxyParam(argv[i]+6, &loaderData->proxyUser,
&loaderData->proxyPassword, &loaderData->proxy);
+ else if (!strncasecmp(argv[i], "noverifyssl", 11))
+ flags |= LOADER_FLAGS_NOVERIFYSSL;
else if (numExtraArgs < (MAX_EXTRA_ARGS - 1)) {
/* go through and append args we just want to pass on to */
/* the anaconda script, but don't want to represent as a */
@@ -2454,7 +2456,7 @@ int main(int argc, char ** argv) {
}
}

- if (loaderData.instRepo_noverifyssl) {
+ if (loaderData.instRepo_noverifyssl || FL_NOVERIFYSSL(flags)) {
*argptr++ = "--noverifyssl";
}

diff --git a/loader/loader.h b/loader/loader.h
index 9e0accd..44eca6e 100644
--- a/loader/loader.h
+++ b/loader/loader.h
@@ -72,6 +72,7 @@
#define LOADER_FLAGS_KICKSTART_SEND_SERIAL (((uint64_t) 1) << 39)
#define LOADER_FLAGS_AUTOMODDISK (((uint64_t) 1) << 40)
#define LOADER_FLAGS_NOEJECT (((uint64_t) 1) << 41)
+#define LOADER_FLAGS_NOVERIFYSSL (((uint64_t) 1) << 42)

#define FL_TEXT(a) ((a) & LOADER_FLAGS_TEXT)
#define FL_RESCUE(a) ((a) & LOADER_FLAGS_RESCUE)
@@ -110,6 +111,7 @@
#define FL_KICKSTART_SEND_SERIAL(a) ((a) & LOADER_FLAGS_KICKSTART_SEND_SERIAL)
#define FL_AUTOMODDISK(a) ((a) & LOADER_FLAGS_AUTOMODDISK)
#define FL_NOEJECT(a) ((a) & LOADER_FLAGS_NOEJECT)
+#define FL_NOVERIFYSSL(a) ((a) & LOADER_FLAGS_NOVERIFYSSL)

void startNewt(void);
void stopNewt(void);
diff --git a/loader/urls.c b/loader/urls.c
index 611984b..3532c5c 100644
--- a/loader/urls.c
+++ b/loader/urls.c
@@ -167,8 +167,8 @@ int urlinstTransfer(struct loaderData_s *loaderData, struct iurlinfo *ui,

curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
}
-
- if (ui->noverifyssl) {
+
+ if (ui->noverifyssl || FL_NOVERIFYSSL(flags)) {
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
}

--
1.7.6

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 07-27-2011, 03:57 PM
Chris Lumens
 
Default ssl: 'noverifyssl' kernel boot argument.

> Prevents Anaconda from verifying the ssl certificate for all https
> connections with an exception of the additional repos (where --noverifyssl
> can be set per repo).
>
> For instance, this allows downloading kickstart specified as
> ks=https://... where the server is using a self-signed certificate.

Looks good to me.

- Chris

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 

Thread Tools




All times are GMT. The time now is 12:58 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org