On Mon, Jan 24, 2011 at 10:20:03PM +0800, Osier Yang wrote: > This new parameter allows user specifies where the client > cerficate, client key, CA certificate of x509 is, instead of > hardcoding it. If 'pkipath' is not specified, and the user > is not root, try to find files in $HOME/.pki, as long as one > of client cerficate, client key, CA certificate can not be > found, use default global location (LIBVIRT_CACERT, LIBVIRT_CLIENTCERT, > LIBVIRT_CLIENTKEY, see src/remote/remote_driver.h) > > e.g. > > [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client > error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file or directory > error: failed to connect to the hypervisor > [root@Osier client]# ls -l > total 24 > -rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out > -rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem > -rw-r--r--. 1 root root 132 Jan 23 19:04 client.info > -rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem > > [root@Osier client]# cp /tmp/cacert.pem . > [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client > Welcome to virsh, the virtualization interactive terminal. > > Type: 'help' for help with commands > 'quit' to quit > > virsh # > > * src/remote/remote_driver.c > --- > src/remote/remote_driver.c | 130 ++++++++++++++++++++++++++++++++++++++------ > 1 files changed, 112 insertions(+), 18 deletions(-) ACK, looks good now. Daniel -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list