When setting up TLS options from config in qemuDomainPrepareChardevSourceOne we can also extract the x509 certificate path and default tlsVerify setting so that 'qemuBuildChardevCommand' doesn't need to access the config object any more. Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/qemu/qemu_command.c | 6 +++--- src/qemu/qemu_domain.c | 7 +++++++ src/qemu/qemu_domain.h | 3 +++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 910508e725..583e311008 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1476,7 +1476,7 @@ qemuBuildChardevStr(const virDomainChrSourceDef *dev, static int qemuBuildChardevCommand(virCommand *cmd, - virQEMUDriverConfig *cfg, + virQEMUDriverConfig *cfg G_GNUC_UNUSED, const virDomainChrSourceDef *dev, const char *charAlias, virQEMUCaps *qemuCaps) @@ -1506,9 +1506,9 @@ qemuBuildChardevCommand(virCommand *cmd, if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias))) return -1; - if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir, + if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath, dev->data.tcp.listen, - cfg->chardevTLSx509verify, + chrSourcePriv->tlsVerify, tlsCertEncSecAlias, objalias, qemuCaps) < 0) { return -1; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a2ee160128..d7751f731d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -867,6 +867,8 @@ qemuDomainChrSourcePrivateDispose(void *obj) VIR_FORCE_CLOSE(priv->fd); VIR_FORCE_CLOSE(priv->logfd); + g_free(priv->tlsCertPath); + g_free(priv->fdset); g_free(priv->logFdset); g_free(priv->tlsCredsAlias); @@ -9754,6 +9756,11 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev, charsrc->data.tcp.haveTLS = virTristateBoolFromBool(data->cfg->chardevTLS); charsrc->data.tcp.tlsFromConfig = true; } + + if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) { + charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir); + charpriv->tlsVerify = data->cfg->chardevTLSx509verify; + } } break; diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index d07def3d85..5474d1dccc 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -346,6 +346,9 @@ struct _qemuDomainChrSourcePrivate { int logfd; /* file descriptor of the logging source */ bool wait; /* wait for incomming connections on chardev */ + char *tlsCertPath; /* path to certificates if TLS is requested */ + bool tlsVerify; /* whether server should verify client certificates */ + char *fdset; /* fdset path corresponding to the passed filedescriptor */ char *logFdset; /* fdset path corresponding to the passed filedescriptor for logfile */ int passedFD; /* filedescriptor number when fdset passing it directly */ -- 2.31.1