[PATCH 17/24] qemu: Store TLS config options for chardevs in qemuDomainChrSourcePrivate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When setting up TLS options from config in qemuDomainPrepareChardevSourceOne
we can also extract the x509 certificate path and default tlsVerify
setting so that 'qemuBuildChardevCommand' doesn't need to access the
config object any more.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/qemu/qemu_command.c | 6 +++---
 src/qemu/qemu_domain.c  | 7 +++++++
 src/qemu/qemu_domain.h  | 3 +++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 910508e725..583e311008 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1476,7 +1476,7 @@ qemuBuildChardevStr(const virDomainChrSourceDef *dev,

 static int
 qemuBuildChardevCommand(virCommand *cmd,
-                        virQEMUDriverConfig *cfg,
+                        virQEMUDriverConfig *cfg G_GNUC_UNUSED,
                         const virDomainChrSourceDef *dev,
                         const char *charAlias,
                         virQEMUCaps *qemuCaps)
@@ -1506,9 +1506,9 @@ qemuBuildChardevCommand(virCommand *cmd,
             if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias)))
                 return -1;

-            if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir,
+            if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath,
                                             dev->data.tcp.listen,
-                                            cfg->chardevTLSx509verify,
+                                            chrSourcePriv->tlsVerify,
                                             tlsCertEncSecAlias,
                                             objalias, qemuCaps) < 0) {
                 return -1;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a2ee160128..d7751f731d 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -867,6 +867,8 @@ qemuDomainChrSourcePrivateDispose(void *obj)
     VIR_FORCE_CLOSE(priv->fd);
     VIR_FORCE_CLOSE(priv->logfd);

+    g_free(priv->tlsCertPath);
+
     g_free(priv->fdset);
     g_free(priv->logFdset);
     g_free(priv->tlsCredsAlias);
@@ -9754,6 +9756,11 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev,
                 charsrc->data.tcp.haveTLS = virTristateBoolFromBool(data->cfg->chardevTLS);
                 charsrc->data.tcp.tlsFromConfig = true;
             }
+
+            if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) {
+                charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir);
+                charpriv->tlsVerify = data->cfg->chardevTLSx509verify;
+            }
         }
         break;

diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index d07def3d85..5474d1dccc 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -346,6 +346,9 @@ struct _qemuDomainChrSourcePrivate {
     int logfd; /* file descriptor of the logging source */
     bool wait; /* wait for incomming connections on chardev */

+    char *tlsCertPath; /* path to certificates if TLS is requested */
+    bool tlsVerify; /* whether server should verify client certificates */
+
     char *fdset; /* fdset path corresponding to the passed filedescriptor */
     char *logFdset; /* fdset path corresponding to the passed filedescriptor for logfile */
     int passedFD; /* filedescriptor number when fdset passing it directly */
-- 
2.31.1




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux