[PATCH] deamon: TLS: use default value if ca_file, cert_file or key_file not set

Chen Hanxiao <chen_han_xiao@xxxxxxx> · Mon, 18 Dec 2017 15:27:16 +0800

From: Chen Hanxiao <chenhanxiao@xxxxxxxxx>

As the description of daemon/libvirtd.conf, setting
key_file, cert_file or key_file will override the default value.
But if we set any one of them, we need to set all the rest of them.

This patch set default value to them as daemon/libvirtd.conf
described.

Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxx>
---
 daemon/libvirtd.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 6d3b83355..93983f63b 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -493,19 +493,28 @@ daemonSetupNetworking(virNetServerPtr srv,
                 config->cert_file ||
                 config->key_file) {
                 if (!config->ca_file) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                   _("No CA certificate path set to match server key/cert"));
-                    goto cleanup;
+                    VIR_WARN("Using default path for ca_file");
+                    if (VIR_STRDUP(config->ca_file, LIBVIRT_CACERT) < 0) {
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("No CA certificate path set to match server key/cert"));
+                        goto cleanup;
+                    }
                 }
                 if (!config->cert_file) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                   _("No server certificate path set to match server key"));
-                    goto cleanup;
+                    VIR_WARN("Using default path for cert_file");
+                    if (VIR_STRDUP(config->cert_file, LIBVIRT_SERVERCERT) < 0) {
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("No server certificate path set to match server key"));
+                        goto cleanup;
+                    }
                 }
                 if (!config->key_file) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                   _("No server key path set to match server cert"));
-                    goto cleanup;
+                    VIR_WARN("Using default path for key_file");
+                    if (VIR_STRDUP(config->key_file, LIBVIRT_SERVERKEY) < 0) {
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("No server key path set to match server cert"));
+                        goto cleanup;
+                    }
                 }
                 VIR_DEBUG("Using CA='%s' cert='%s' key='%s'",
                           config->ca_file, config->cert_file, config->key_file);
-- 
2.14.3

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






