2009/12/17 Daniel P. Berrange <berrange@xxxxxxxxxx>:
> The code for connecting to a server tries each socket in turn
> until it finds one that connects. Unfortunately for TLS sockets
> if it connected, but failed TLS handshake it would treat that
> as a failure to connect, and try the next socket. This is bad,
> it should have reported the TLS failure immediately.
>
> $ virsh -c qemu://somehost.com/system
> error: unable to connect to libvirtd at 'somehost.com': Invalid argument
> error: failed to connect to the hypervisor
>
> $ ./tools/virsh -c qemu://somehost.com/system
> error: server certificate failed validation: The certificate hasn't got a known issuer.
> error: failed to connect to the hypervisor
>
> * src/remote/remote_driver.c: Stop trying to connect if the
> TLS handshake fails
> ---
> src/remote/remote_driver.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 77962fe..584de36 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -632,7 +632,7 @@ doRemoteOpen (virConnectPtr conn,
> if (!priv->session) {
> close (priv->sock);
> priv->sock = -1;
> - continue;
> + goto failed;
> }
> }
> goto tcp_connected;
> --
> 1.6.5.2
>
ACK.
Matthias
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list