Re: [PATCH 1/2] virsh: flexibility in CA cert and user cert/key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, May 6, 2011 at 10:00 AM, Doug Goldstein <cardoe@xxxxxxxxxx> wrote:
> Allow the CA certificate to come from the user's home directory or from
> the global location independently of the client certificate/key pair.
>
> Mostly for the case when each user on a system has their own cert/key
> pair but the system as a whole shares the same CA.
>
> Signed-off-by: Doug Goldstein <cardoe@xxxxxxxxxx>
> ---
> Âsrc/remote/remote_driver.c | Â 19 ++++++++++++-------
> Â1 files changed, 12 insertions(+), 7 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 4c3bdf3..9965d38 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -1222,21 +1222,26 @@ initialize_gnutls(char *pkipath, int flags)
> Â Â Â Â Â Â Â Â Â Â Â Â "clientcert.pem")) < 0)
> Â Â Â Â Â Â goto out_of_memory;
>
> - Â Â Â Â/* Use default location as long as one of CA certificate,
> + Â Â Â Â/* Use the default location of the CA certificate if it
> + Â Â Â Â * cannot be found in $HOME/.pki/libvirt
> + Â Â Â Â */
> + Â Â Â Âif (!virFileExists(libvirt_cacert)) {
> + Â Â Â Â Â ÂVIR_FREE(libvirt_cacert);
> +
> + Â Â Â Â Â Âlibvirt_cacert = strdup(LIBVIRT_CACERT);
> + Â Â Â Â Â Âif (!libvirt_cacert) goto out_of_memory;
> + Â Â Â Â}
> +
> + Â Â Â Â/* Use default location as long as one of
> Â Â Â Â Â* client key, and client certificate cannot be found in
> Â Â Â Â Â* $HOME/.pki/libvirt, we don't want to make user confused
> Â Â Â Â Â* with one file is here, the other is there.
> Â Â Â Â Â*/
> - Â Â Â Âif (!virFileExists(libvirt_cacert) ||
> - Â Â Â Â Â Â!virFileExists(libvirt_clientkey) ||
> + Â Â Â Âif (!virFileExists(libvirt_clientkey) ||
> Â Â Â Â Â Â !virFileExists(libvirt_clientcert)) {
> - Â Â Â Â Â ÂVIR_FREE(libvirt_cacert);
> Â Â Â Â Â Â VIR_FREE(libvirt_clientkey);
> Â Â Â Â Â Â VIR_FREE(libvirt_clientcert);
>
> - Â Â Â Â Â Âlibvirt_cacert = strdup(LIBVIRT_CACERT);
> - Â Â Â Â Â Âif (!libvirt_cacert) goto out_of_memory;
> -
> Â Â Â Â Â Â libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY);
> Â Â Â Â Â Â if (!libvirt_clientkey) goto out_of_memory;
>
> --
> 1.7.5.rc3
>

Bump.

-- 
Doug Goldstein

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]