projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e8f508a) | patch
core: add "tls-ca-path" option
authorColin Walters <walters@verbum.org>
Thu, 26 Jun 2014 23:39:26 +0000 (19:39 -0400)
committerColin Walters <walters@verbum.org>
Fri, 27 Jun 2014 17:16:47 +0000 (13:16 -0400)
commitf60bac45fdf9e9b1b8f663f859ffdee190f2fd0c
treedf499738793f519cf7570154ad0020873f9d11e3tree | snapshot
parente8f508ac6b9c055b58bb1cae412061d224ee0addcommit | diff
core: add "tls-ca-path" option

Some organizations will want to use private Certificate Authorities to
serve content to their clients.  While it's possible to add the CA
to the system-wide CA store, that has two drawbacks:

1) Compromise of that cert means it can be used for other web traffic
2) All of ca-certificates is trusted

This patch allows a much stronger scenario where *only* the CAs in
tls-ca-path are used for verification from the given repository.

https://bugzilla.gnome.org/show_bug.cgi?id=726256
doc/ostree.repo-config.xml diff | blob | history
src/libostree/ostree-fetcher.c diff | blob | history
src/libostree/ostree-fetcher.h diff | blob | history
src/libostree/ostree-repo-pull.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.