Check client cert/key ahead of time & report errors

diff --git a/ChangeLog b/ChangeLog
index 373df459541a9d4520de378f16fd9e4cf4a32006..1806893e3975a403815ebf95b30daf35387fbd19 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Thu Jul 12 11:15:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
+
+       * src/remote_internal.c: Explicitly check certificate/key files
+       before trying to load them so we can get improved error reports
+       back.
+
 Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
        * src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c: Pass

diff --git a/src/remote_internal.c b/src/remote_internal.c
index a0663969e0432b246101a2cf7dc892c437f76c02..85e12a020e02283e57aaad158d5efbf9519606b9 100644 (file)
--- a/src/remote_internal.c
+++ b/src/remote_internal.c
@@ -890,6 +890,22 @@ query_free (struct query_fields *fields)
 /* GnuTLS functions used by remoteOpen. */
 static gnutls_certificate_credentials_t x509_cred;
 
+
+static int
+check_cert_file (const char *type, const char *file)
+{
+    struct stat sb;
+    if (stat(file, &sb) < 0) {
+        __virRaiseError (NULL, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC,
+                         VIR_ERR_ERROR, LIBVIRT_CACERT, NULL, NULL, 0, 0,
+                         "Cannot access %s '%s': %s (%d)",
+                         type, file, strerror(errno), errno);
+        return -1;
+    }
+    return 0;
+}
+
+
 static int
 initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
 {
@@ -907,6 +923,14 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
         return -1;
     }
 
+
+    if (check_cert_file("CA certificate", LIBVIRT_CACERT) < 0)
+        return -1;
+    if (check_cert_file("client key", LIBVIRT_CLIENTKEY) < 0)
+        return -1;
+    if (check_cert_file("client certificate", LIBVIRT_CLIENTCERT) < 0)
+        return -1;
+
     /* Set the trusted CA cert. */
 #if DEBUG
     fprintf (stderr, "loading CA file %s\n", LIBVIRT_CACERT);