From: Doug Goldstein Date: Fri, 6 May 2011 15:00:53 +0000 (-0500) Subject: virsh: flexibility in CA cert and user cert/key X-Git-Tag: CVE-2011-2178~268 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=343c69dbadb61b30e6d9eb167dd7a076fa151c73;p=thirdparty%2Flibvirt.git virsh: flexibility in CA cert and user cert/key Allow the CA certificate to come from the user's home directory or from the global location independently of the client certificate/key pair. Mostly for the case when each user on a system has their own cert/key pair but the system as a whole shares the same CA. Signed-off-by: Doug Goldstein --- diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 09736d9fb3..37940f3708 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1221,21 +1221,26 @@ initialize_gnutls(char *pkipath, int flags) "clientcert.pem")) < 0) goto out_of_memory; - /* Use default location as long as one of CA certificate, + /* Use the default location of the CA certificate if it + * cannot be found in $HOME/.pki/libvirt + */ + if (!virFileExists(libvirt_cacert)) { + VIR_FREE(libvirt_cacert); + + libvirt_cacert = strdup(LIBVIRT_CACERT); + if (!libvirt_cacert) goto out_of_memory; + } + + /* Use default location as long as one of * client key, and client certificate cannot be found in * $HOME/.pki/libvirt, we don't want to make user confused * with one file is here, the other is there. */ - if (!virFileExists(libvirt_cacert) || - !virFileExists(libvirt_clientkey) || + if (!virFileExists(libvirt_clientkey) || !virFileExists(libvirt_clientcert)) { - VIR_FREE(libvirt_cacert); VIR_FREE(libvirt_clientkey); VIR_FREE(libvirt_clientcert); - libvirt_cacert = strdup(LIBVIRT_CACERT); - if (!libvirt_cacert) goto out_of_memory; - libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY); if (!libvirt_clientkey) goto out_of_memory;