All,
While doing testing on the migration stuff, I noticed that a connection
string using tls (in my case, qemu+tls://host/system) was hanging up trying to
connect. I traced this down to a bug in the newer qemud negotiation
implementation. What is happening is that we are forgetting to clear
client->handshake to 0 after successfully doing a remoteAccessCheck(); this
means we were never putting the '\1' byte on the transmit queue to be sent to
the client, so the client was essentially waiting forever for the server to
respond. Fix this by clearing the handshake once we've successfully done the
handshake.
Signed-off-by: Chris Lalancette <clalance@xxxxxxxxxx>
diff --git a/qemud/qemud.c b/qemud/qemud.c
index e852841..fd315fc 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -1339,6 +1339,8 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
/* Begin the TLS handshake. */
ret = gnutls_handshake (client->tlssession);
if (ret == 0) {
+ client->handshake = 0;
+
/* Unlikely, but ... Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
goto cleanup;
@@ -1930,6 +1932,8 @@ qemudDispatchClientHandshake(struct qemud_server *server,
/* Continue the handshake. */
ret = gnutls_handshake (client->tlssession);
if (ret == 0) {
+ client->handshake = 0;
+
/* Finished. Next step is to check the certificate. */
if (remoteCheckAccess (client) == -1)
qemudDispatchClientFailure(client);
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list