various CVE fixes
[pve-qemu-kvm.git] / debian / patches / pve / 0010-ui-spice-default-to-pve-certs-unless-otherwise-speci.patch
blob7bf6a2adcf58d7565a32520af977126fec0f7f75
1 From 46cd19688c9134e5fa0eef9d31d005430bdae29a Mon Sep 17 00:00:00 2001
2 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
3 Date: Wed, 9 Dec 2015 14:33:34 +0100
4 Subject: [PATCH 10/55] ui/spice: default to pve certs unless otherwise
5 specified
7 ---
8 ui/spice-core.c | 15 +++++++++------
9 1 file changed, 9 insertions(+), 6 deletions(-)
11 diff --git a/ui/spice-core.c b/ui/spice-core.c
12 index acf5a73..4f1cf45 100644
13 --- a/ui/spice-core.c
14 +++ b/ui/spice-core.c
15 @@ -676,32 +676,35 @@ void qemu_spice_init(void)
17 if (tls_port) {
18 x509_dir = qemu_opt_get(opts, "x509-dir");
19 - if (!x509_dir) {
20 - x509_dir = ".";
21 - }
23 str = qemu_opt_get(opts, "x509-key-file");
24 if (str) {
25 x509_key_file = g_strdup(str);
26 - } else {
27 + } else if (x509_dir) {
28 x509_key_file = g_strdup_printf("%s/%s", x509_dir,
29 X509_SERVER_KEY_FILE);
30 + } else {
31 + x509_key_file = g_strdup("/etc/pve/local/pve-ssl.key");
34 str = qemu_opt_get(opts, "x509-cert-file");
35 if (str) {
36 x509_cert_file = g_strdup(str);
37 - } else {
38 + } else if (x509_dir) {
39 x509_cert_file = g_strdup_printf("%s/%s", x509_dir,
40 X509_SERVER_CERT_FILE);
41 + } else {
42 + x509_cert_file = g_strdup("/etc/pve/local/pve-ssl.pem");
45 str = qemu_opt_get(opts, "x509-cacert-file");
46 if (str) {
47 x509_cacert_file = g_strdup(str);
48 - } else {
49 + } else if (x509_dir) {
50 x509_cacert_file = g_strdup_printf("%s/%s", x509_dir,
51 X509_CA_CERT_FILE);
52 + } else {
53 + x509_cacert_file = g_strdup("/etc/pve/pve-root-ca.pem");
56 x509_key_password = qemu_opt_get(opts, "x509-key-password");
57 --
58 2.1.4