[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 1/2] Allow certificate sanity checking to be disabled

On 07/22/2011 05:06 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange"<berrange redhat com>

When libvirtd starts it it will sanity check its own certs,
and before libvirt clients connect to a remote server they
will sanity check their own certs. This patch allows such
sanity checking to be skipped. There is no strong reason to
need to do this, other than to bypass possible libvirt bugs
in sanity checking, or for testing purposes.

libvirt.conf gains tls_no_sanity_certificate parameter to
go along with tls_no_verify_certificate. The remote driver
client URIs gain a no_sanity URI parameter

* daemon/test_libvirtd.aug, daemon/libvirtd.conf,
   daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
   allow cert sanity checks to be skipped
* src/remote/remote_driver.c: Add no_sanity parameter to
   skip cert checks
* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
   Add new parameter for skipping sanity checks independantly
   of skipping session cert validation checks
  daemon/libvirtd.aug        |    1 +
  daemon/libvirtd.c          |    4 ++++
  daemon/libvirtd.conf       |    9 +++++++++
  daemon/test_libvirtd.aug   |    2 ++
  src/remote/remote_driver.c |   15 +++++++++------
  src/rpc/virnettlscontext.c |   36 +++++++++++++++++++++++-------------
  src/rpc/virnettlscontext.h |    4 ++++
  7 files changed, 52 insertions(+), 19 deletions(-)

ACK with nit fixed:

+# Flag to disable verification of our own server certificates
+# When libvirtd starts it performs some sanity checks against
+# its own certificates.
+# Default is to always sanity. Uncommenting this will disable

s/to always sanity/to always run sanity checks/

Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]