To make it easier for users to figure out how the DN should be formatted.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Note also that GnuTLS returns DNs without spaces
after commas between the fields (and this is what we check against),
but the <code>openssl x509</code> tool shows spaces.
+ </p>
+ To make it easy to see the order of the fields in the DN a helper executable
+ <code>virt-pki-query-dn</code> is provided for this particular use case.
+ <p>
</p>
</td>
</tr>
#
# Any * matches any number of consecutive spaces, like a simplified glob(7).
#
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+# virt-pki-query-dn clientcert.pem
+#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
#
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
_("Client's Distinguished Name is not on the list "
"of allowed clients (tls_allowed_dn_list). Use "
- "'certtool -i --infile clientcert.pem' to view the "
+ "'virt-pki-query-dn clientcert.pem' to view the "
"Distinguished Name field in the client certificate, "
"or run this daemon with --verbose option."));
return 0;
#
# Any * matches any number of consecutive spaces, like a simplified glob(7).
#
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+# virt-pki-query-dn clientcert.pem
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
#
# Any * matches any number of consecutive spaces, like a simplified glob(7).
#
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+# virt-pki-query-dn clientcert.pem
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
projects / thirdparty / libvirt.git / commitdiff
