+Thu Jul 12 10:57:17 CEST 2007 Daniel Veillard <veillard@redhat.com>
+
+ * qemud/qemud.c: Add explicit checks for existance of x509
+ certificate & key files to get better error reporting than
+ GNU TLS offers when it can't load a file
+
Thu Jul 12 10:57:17 CEST 2007 Daniel Veillard <veillard@redhat.com>
* src/xen_internal.c: applied patch from Christian Ehrhardt to
struct qemud_client *client,
int remove);
+static int
+remoteCheckCertFile(const char *type, const char *file)
+{
+ struct stat sb;
+ if (stat(file, &sb) < 0) {
+ qemudLog (QEMUD_ERR, "Cannot access %s '%s': %s (%d)",
+ type, file, strerror(errno), errno);
+ return -1;
+ }
+ return 0;
+}
+
static int
remoteInitializeGnuTLS (void)
{
}
if (ca_file && ca_file[0] != '\0') {
+ if (remoteCheckCertFile("CA certificate", ca_file) < 0)
+ return -1;
+
qemudDebug ("loading CA cert from %s", ca_file);
err = gnutls_certificate_set_x509_trust_file (x509_cred, ca_file,
GNUTLS_X509_FMT_PEM);
}
if (crl_file && crl_file[0] != '\0') {
+ if (remoteCheckCertFile("CA revocation list", ca_file) < 0)
+ return -1;
+
qemudDebug ("loading CRL from %s", crl_file);
err = gnutls_certificate_set_x509_crl_file (x509_cred, crl_file,
GNUTLS_X509_FMT_PEM);
}
if (cert_file && cert_file[0] != '\0' && key_file && key_file[0] != '\0') {
+ if (remoteCheckCertFile("server certificate", cert_file) < 0)
+ return -1;
+ if (remoteCheckCertFile("server key", key_file) < 0)
+ return -1;
qemudDebug ("loading cert and key from %s and %s",
cert_file, key_file);
err =
projects / thirdparty / libvirt.git / commitdiff
