From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
The virNetTLSContextNew was being passed key/cert parameters in
the wrong order. This wasn't immediately visible because if
virNetTLSContextNewPath was used, a second bug reversed the order
of those parameters again.
Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
did the bug appear
* src/rpc/virnettlscontext.c: Fix order of params passed to
virNetTLSContextNew
---
src/rpc/virnettlscontext.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index ad8e2dc..1120e1e 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -396,10 +396,10 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath,
virNetTLSContextPtr ctxt = NULL;
if (virNetTLSContextLocateCredentials(pkipath, tryUserPkiPath, isServer,
- &cacert, &cacrl, &key, &cert) < 0)
+ &cacert, &cacrl, &cert, &key) < 0)
return NULL;
- ctxt = virNetTLSContextNew(cacert, cacrl, key, cert,
+ ctxt = virNetTLSContextNew(cacert, cacrl, cert, key,
x509dnWhitelist, requireValidCert, isServer);
VIR_FREE(cacert);
@@ -435,7 +435,7 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
const char *const*x509dnWhitelist,
bool requireValidCert)
{
- return virNetTLSContextNew(cacert, cacrl, key, cert,
+ return virNetTLSContextNew(cacert, cacrl, cert, key,
x509dnWhitelist, requireValidCert, true);
}
--
1.7.6
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list