This was driven by the complaint that libvirt pulls in gnutls-utils https://src.fedoraproject.org/rpms/virt-viewer/pull-request/4 but also it lets us remove more usage of Shell code from libvirt, as well as improving the consistency of certificate checks vs the runtime checks we do. Daniel P. Berrangé (9): rpc: split out helpers for TLS cert path location rpc: refactor method for checking session certificates rpc: split TLS cert validation into separate file docs: fix author credit for virt-pki-validate tool tools: split off common helpers for host validate tool tools: drop unused --version argument tools: stop checking init scripts & iptables config tools: reimplement virt-pki-validate in C tools: support validating user/custom PKI certs docs/manpages/virt-pki-validate.rst | 9 +- libvirt.spec.in | 2 - po/POTFILES | 3 + src/rpc/meson.build | 7 +- src/rpc/virnettlscert.c | 553 ++++++++++++++++++++++++++ src/rpc/virnettlscert.h | 42 ++ src/rpc/virnettlsconfig.c | 202 ++++++++++ src/rpc/virnettlsconfig.h | 68 ++++ src/rpc/virnettlscontext.c | 586 +--------------------------- tools/meson.build | 31 +- tools/virt-host-validate-ch.c | 12 +- tools/virt-host-validate-common.c | 308 ++++++--------- tools/virt-host-validate-common.h | 48 +-- tools/virt-host-validate-lxc.c | 18 +- tools/virt-host-validate-qemu.c | 30 +- tools/virt-host-validate.c | 2 +- tools/virt-login-shell-helper.c | 2 +- tools/virt-pki-query-dn.c | 2 +- tools/virt-pki-validate.c | 424 ++++++++++++++++++++ tools/virt-pki-validate.in | 323 --------------- tools/virt-validate-common.c | 110 ++++++ tools/virt-validate-common.h | 57 +++ 22 files changed, 1670 insertions(+), 1169 deletions(-) create mode 100644 src/rpc/virnettlscert.c create mode 100644 src/rpc/virnettlscert.h create mode 100644 src/rpc/virnettlsconfig.c create mode 100644 src/rpc/virnettlsconfig.h create mode 100644 tools/virt-pki-validate.c delete mode 100644 tools/virt-pki-validate.in create mode 100644 tools/virt-validate-common.c create mode 100644 tools/virt-validate-common.h -- 2.43.0
