Allow the CA certificate to come from the user's home directory or from
the global location independently of the client certificate/key pair.
Mostly for the case when each user on a system has their own cert/key
pair but the system as a whole shares the same CA.
Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx>
---
src/remote/remote_driver.c | 19 ++++++++++++-------
1 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 4c3bdf3..9965d38 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1222,21 +1222,26 @@ initialize_gnutls(char *pkipath, int flags)
"clientcert.pem")) < 0)
goto out_of_memory;
- /* Use default location as long as one of CA certificate,
+ /* Use the default location of the CA certificate if it
+ * cannot be found in $HOME/.pki/libvirt
+ */
+ if (!virFileExists(libvirt_cacert)) {
+ VIR_FREE(libvirt_cacert);
+
+ libvirt_cacert = strdup(LIBVIRT_CACERT);
+ if (!libvirt_cacert) goto out_of_memory;
+ }
+
+ /* Use default location as long as one of
* client key, and client certificate cannot be found in
* $HOME/.pki/libvirt, we don't want to make user confused
* with one file is here, the other is there.
*/
- if (!virFileExists(libvirt_cacert) ||
- !virFileExists(libvirt_clientkey) ||
+ if (!virFileExists(libvirt_clientkey) ||
!virFileExists(libvirt_clientcert)) {
- VIR_FREE(libvirt_cacert);
VIR_FREE(libvirt_clientkey);
VIR_FREE(libvirt_clientcert);
- libvirt_cacert = strdup(LIBVIRT_CACERT);
- if (!libvirt_cacert) goto out_of_memory;
-
libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY);
if (!libvirt_clientkey) goto out_of_memory;
--
1.7.5.rc3
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list