virsh: flexibility in CA cert and user cert/key

Allow the CA certificate to come from the user's home directory or from the global location independently of the client certificate/key pair. Mostly for the case when each user on a system has their own cert/key pair but the system as a whole shares the same CA. Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
2024-07-30 05:27:15 +00:00 · 2011-05-06 10:00:53 -05:00 · 2011-05-06 10:00:53 -05:00 · 343c69dbad
commit 343c69dbad
parent 8c6df9139b
1 changed files with 12 additions and 7 deletions
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@ -1221,21 +1221,26 @@ initialize_gnutls(char *pkipath, int flags)
                        "clientcert.pem")) < 0)
            goto out_of_memory;

-        /* Use default location as long as one of CA certificate,
+        /* Use the default location of the CA certificate if it
+         * cannot be found in $HOME/.pki/libvirt
+         */
+        if (!virFileExists(libvirt_cacert)) {
+            VIR_FREE(libvirt_cacert);
+
+            libvirt_cacert = strdup(LIBVIRT_CACERT);
+            if (!libvirt_cacert) goto out_of_memory;
+        }
+
+        /* Use default location as long as one of
         * client key, and client certificate cannot be found in
         * $HOME/.pki/libvirt, we don't want to make user confused
         * with one file is here, the other is there.
         */
-        if (!virFileExists(libvirt_cacert) ||
-            !virFileExists(libvirt_clientkey) ||
+        if (!virFileExists(libvirt_clientkey) ||
            !virFileExists(libvirt_clientcert)) {
-            VIR_FREE(libvirt_cacert);
            VIR_FREE(libvirt_clientkey);
            VIR_FREE(libvirt_clientcert);

-            libvirt_cacert = strdup(LIBVIRT_CACERT);
-            if (!libvirt_cacert) goto out_of_memory;
-
            libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY);
            if (!libvirt_clientkey) goto out_of_memory;