On 07/21/2017 11:47 PM, John Ferlan wrote: > If an environment specific _tls_x509_cert_dir is provided, then > do not VIR_STRDUP the defaultTLSx509secretUUID as that would be > for the "default" environment and not the vnc, spice, chardev, or > migrate environments. If the environment needs a secret to decode > it's certificate, then it must provide the secret. If the secrets > happen to be the same, then configuration would use the same UUID > as the default (but we cannot assume that nor can we assume that > the secret would be necessary). > > Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> > --- > > While responding to a different patch today regarding Veritas and > usage of a default environment w/ or w/o secrets I realized that > the existing logic has a flaw in "assuming" that someone would want > to use the default secret. What if they defined their own environment > without a secret? Then the code would create a secret object to pass > to QEMU which would think it needs to use it to decode the server > certificate (but it doesn't), so it would seemingly fail the start. > I assume based on the lack of complaints about this that everyone just > uses the default environment! > > src/qemu/qemu_conf.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) ACK Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
