On Tue, Mar 15, 2011 at 04:34:33PM -0600, Eric Blake wrote: > On 03/15/2011 11:51 AM, Daniel P. Berrange wrote: > > This provides two modules for handling TLS > > > > * virNetTLSContext provides the process-wide state, in particular > > all the x509 credentials, DH params and x509 whitelists > > * virNetTLSSession provides the per-connection state, ie the > > TLS session itself. > > > > The virNetTLSContext provides APIs for validating a TLS session's > > x509 credentials. The virNetTLSSession includes APIs for performing > > the initial TLS handshake and sending/recving encrypted data > > > > * src/Makefile.am: Add to libvirt-net-rpc.la > > * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic > > TLS handling code > > --- > > configure.ac | 2 +- > > po/POTFILES.in | 1 + > > src/Makefile.am | 5 +- > > src/rpc/virnettlscontext.c | 892 ++++++++++++++++++++++++++++++++++++++++++++ > > src/rpc/virnettlscontext.h | 100 +++++ > > 5 files changed, 998 insertions(+), 2 deletions(-) > > create mode 100644 src/rpc/virnettlscontext.c > > create mode 100644 src/rpc/virnettlscontext.h > > No src/libvirt_private.syms entries? > > > > > diff --git a/configure.ac b/configure.ac > > index 49403dd..81bad91 100644 > > --- a/configure.ac > > +++ b/configure.ac > > @@ -134,7 +134,7 @@ LIBS=$old_libs > > dnl Availability of various common headers (non-fatal if missing). > > AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/un.h \ > > sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \ > > - sys/un.h sys/syscall.h netinet/tcp.h]) > > + sys/un.h sys/syscall.h netinet/tcp.h fnmatch.h]) > > Gnulib provides fnmatch. We shouldn't be adding this check, but modify > bootstrap.conf instead. Ah, I didn't know this. We already use fnmatch in libvirtd, but hadn't added gnulib module for it. > > + > > +#if 0 > > + PROBE(CLIENT_TLS_ALLOW, "fd=%d, name=%s", > > + virNetServerClientGetFD(client), name); > > +#endif > > + return 0; > > Are these PROBE() statements worth keeping? Are they for debug, for > systemtap probe points, or something else? They're an item I need to fix before I finally convert libvirtd. I will address that as a followup patch though once the generic code is committed. > > +#ifndef __VIR_NET_TLS_CONTEXT_H__ > > +# define __VIR_NET_TLS_CONTEXT_H__ > > + > > +# include <stdbool.h> > > Is this redundant, now that "internal.h" guarantees this and all .c > files should be including "internal.h"? I don't see any other headers > that include <stdbool.h> since commit 3541672. Yes, I forgot to remove this one Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list