[libvirt] [PATCH 1/2] virsh: flexibility in CA cert and user cert/key

Daniel P. Berrange berrange at redhat.com
Tue May 10 09:44:05 UTC 2011 

On Fri, May 06, 2011 at 10:00:53AM -0500, Doug Goldstein wrote:
> Allow the CA certificate to come from the user's home directory or from
> the global location independently of the client certificate/key pair.
> 
> Mostly for the case when each user on a system has their own cert/key
> pair but the system as a whole shares the same CA.
> 
> Signed-off-by: Doug Goldstein <cardoe at gentoo.org>
> ---
>  src/remote/remote_driver.c |   19 ++++++++++++-------
>  1 files changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 4c3bdf3..9965d38 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -1222,21 +1222,26 @@ initialize_gnutls(char *pkipath, int flags)
>                          "clientcert.pem")) < 0)
>              goto out_of_memory;
> 
> -        /* Use default location as long as one of CA certificate,
> +        /* Use the default location of the CA certificate if it
> +         * cannot be found in $HOME/.pki/libvirt
> +         */
> +        if (!virFileExists(libvirt_cacert)) {
> +            VIR_FREE(libvirt_cacert);
> +
> +            libvirt_cacert = strdup(LIBVIRT_CACERT);
> +            if (!libvirt_cacert) goto out_of_memory;
> +        }
> +
> +        /* Use default location as long as one of
>           * client key, and client certificate cannot be found in
>           * $HOME/.pki/libvirt, we don't want to make user confused
>           * with one file is here, the other is there.
>           */
> -        if (!virFileExists(libvirt_cacert) ||
> -            !virFileExists(libvirt_clientkey) ||
> +        if (!virFileExists(libvirt_clientkey) ||
>              !virFileExists(libvirt_clientcert)) {
> -            VIR_FREE(libvirt_cacert);
>              VIR_FREE(libvirt_clientkey);
>              VIR_FREE(libvirt_clientcert);
> 
> -            libvirt_cacert = strdup(LIBVIRT_CACERT);
> -            if (!libvirt_cacert) goto out_of_memory;
> -
>              libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY);
>              if (!libvirt_clientkey) goto out_of_memory;

ACK


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list