[libvirt] [PATCH] libvirtd: improve the error message displayed on tls client auth failure
Justin Clift
jclift at redhat.com
Wed Sep 15 15:54:26 UTC 2010
This address BZ # 556599:
https://bugzilla.redhat.com/show_bug.cgi?id=556599
---
daemon/libvirtd.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 711360b..46e22bd 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1226,7 +1226,7 @@ remoteCheckCertificate (gnutls_session_t session)
if (i == 0) {
if (!remoteCheckDN (cert)) {
/* This is the most common error: make it informative. */
- VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
+ VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'certtool -i --infile clientcert.pem' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
gnutls_x509_crt_deinit (cert);
return -1;
}
--
1.7.2.2
More information about the libvir-list
mailing list