Re: PATCH: More useful error messages with missing certs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 11, 2007 at 08:51:26PM +0100, Daniel P. Berrange wrote:
> On the server end if you try to start the server with TLS enabled and you
> don't have the certs setup, you get a cryptic:
> 
> gnutls_certificate_set_x509_trust_file: Error while reading file.
> 
> Rather useless the gnutls error message not telling you what file was
> missing.
> 
> Similarly with virsh:
> 
>  # ~/usr/bin/virsh  --connect  qemu://localhost/system list
>  libvir: Remote error : Error while reading file.
> 
> Since GNU TLS doesn't even tell you the actual problem - was it wrong
> permissions, or missing file altogether, I decided its better to do an
> explicit 'stat' check ahead of time.
> 
> So now it gives:
> 
> $ ~/usr/bin/virsh  --connect  qemu://celery.virt.boston.redhat.com/system start demo
> libvir: Remote error : Cannot access CA certificate 
>  '/home/berrange/usr/etc/pki/CA/cacert.pem': No such file or directory (2)
> 
> Or
> 
> $ ~/usr/bin/virsh  --connect  qemu://celery.virt.boston.redhat.com/system start demo
> libvir: Remote error : Cannot access CA certificate 
>  '/home/berrange/usr/etc/pki/CA/cacert.pem': Permission denied (13)
> 
> Or in the daemon
> 
> # /usr/sbin/libvirtd --listen
> Cannot access CA certificate '/home/berrange/usr/etc/pki/CA/cacert.pem': No such file or directory (2)
> 

 All sounds good,

> +#define CHECK_CERT(type, file) \
> +    do { if (stat(file, &sb) < 0) {                                      \
> +            qemudLog (QEMUD_ERR, "Cannot access " type " '%s': %s (%d)", \
> +                         file, strerror(errno), errno); \
> +            return -1;                                  \
> +        } } while (0)
> +

 Why not make a function instead of this convoluted construct ?
And same in src/remote_internal.c too.
 

I started writing a shell script which would allow checking the certificates,
and could be extended to generate some of them if needed. But good run-time
error sounds even better !

Daniel


-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@xxxxxxxxxx  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]