Re: [v2] remote: Add extra parameter pkipath for URI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jan 24, 2011 at 10:20:03PM +0800, Osier Yang wrote:
> This new parameter allows user specifies where the client
> cerficate, client key, CA certificate of x509 is, instead of
> hardcoding it. If 'pkipath' is not specified, and the user
> is not root, try to find files in $HOME/.pki, as long as one
> of client cerficate, client key, CA certificate can not be
> found, use default global location (LIBVIRT_CACERT, LIBVIRT_CLIENTCERT,
> LIBVIRT_CLIENTKEY, see src/remote/remote_driver.h)
> 
> e.g.
> 
> [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
> error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file or directory
> error: failed to connect to the hypervisor
> [root@Osier client]# ls -l
> total 24
> -rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
> -rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
> -rw-r--r--. 1 root root  132 Jan 23 19:04 client.info
> -rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem
> 
> [root@Osier client]# cp /tmp/cacert.pem .
> [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
> Welcome to virsh, the virtualization interactive terminal.
> 
> Type:  'help' for help with commands
>        'quit' to quit
> 
> virsh #
> 
> * src/remote/remote_driver.c
> ---
>  src/remote/remote_driver.c |  130 ++++++++++++++++++++++++++++++++++++++------
>  1 files changed, 112 insertions(+), 18 deletions(-)

ACK, looks good now.

Daniel

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]