The code for connecting to a server tries each socket in turn
until it finds one that connects. Unfortunately for TLS sockets
if it connected, but failed TLS handshake it would treat that
as a failure to connect, and try the next socket. This is bad,
it should have reported the TLS failure immediately.
$ virsh -c qemu://somehost.com/system
error: unable to connect to libvirtd at 'somehost.com': Invalid argument
error: failed to connect to the hypervisor
$ ./tools/virsh -c qemu://somehost.com/system
error: server certificate failed validation: The certificate hasn't got a known issuer.
error: failed to connect to the hypervisor
* src/remote/remote_driver.c: Stop trying to connect if the
TLS handshake fails
---
src/remote/remote_driver.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 77962fe..584de36 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -632,7 +632,7 @@ doRemoteOpen (virConnectPtr conn,
if (!priv->session) {
close (priv->sock);
priv->sock = -1;
- continue;
+ goto failed;
}
}
goto tcp_connected;
--
1.6.5.2
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list