On 07/22/2011 05:06 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange"<berrange@xxxxxxxxxx> When libvirtd starts it it will sanity check its own certs, and before libvirt clients connect to a remote server they will sanity check their own certs. This patch allows such sanity checking to be skipped. There is no strong reason to need to do this, other than to bypass possible libvirt bugs in sanity checking, or for testing purposes. libvirt.conf gains tls_no_sanity_certificate parameter to go along with tls_no_verify_certificate. The remote driver client URIs gain a no_sanity URI parameter * daemon/test_libvirtd.aug, daemon/libvirtd.conf, daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to allow cert sanity checks to be skipped * src/remote/remote_driver.c: Add no_sanity parameter to skip cert checks * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Add new parameter for skipping sanity checks independantly of skipping session cert validation checks --- daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 4 ++++ daemon/libvirtd.conf | 9 +++++++++ daemon/test_libvirtd.aug | 2 ++ src/remote/remote_driver.c | 15 +++++++++------ src/rpc/virnettlscontext.c | 36 +++++++++++++++++++++++------------- src/rpc/virnettlscontext.h | 4 ++++ 7 files changed, 52 insertions(+), 19 deletions(-)
ACK with nit fixed:
+# Flag to disable verification of our own server certificates +# +# When libvirtd starts it performs some sanity checks against +# its own certificates. +# +# Default is to always sanity. Uncommenting this will disable
s/to always sanity/to always run sanity checks/ -- Eric Blake eblake@xxxxxxxxxx +1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list