mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 06:05:27 +00:00
virsh: flexibility in CA cert and user cert/key
Allow the CA certificate to come from the user's home directory or from the global location independently of the client certificate/key pair. Mostly for the case when each user on a system has their own cert/key pair but the system as a whole shares the same CA. Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
This commit is contained in:
parent
8c6df9139b
commit
343c69dbad
@ -1221,21 +1221,26 @@ initialize_gnutls(char *pkipath, int flags)
|
||||
"clientcert.pem")) < 0)
|
||||
goto out_of_memory;
|
||||
|
||||
/* Use default location as long as one of CA certificate,
|
||||
/* Use the default location of the CA certificate if it
|
||||
* cannot be found in $HOME/.pki/libvirt
|
||||
*/
|
||||
if (!virFileExists(libvirt_cacert)) {
|
||||
VIR_FREE(libvirt_cacert);
|
||||
|
||||
libvirt_cacert = strdup(LIBVIRT_CACERT);
|
||||
if (!libvirt_cacert) goto out_of_memory;
|
||||
}
|
||||
|
||||
/* Use default location as long as one of
|
||||
* client key, and client certificate cannot be found in
|
||||
* $HOME/.pki/libvirt, we don't want to make user confused
|
||||
* with one file is here, the other is there.
|
||||
*/
|
||||
if (!virFileExists(libvirt_cacert) ||
|
||||
!virFileExists(libvirt_clientkey) ||
|
||||
if (!virFileExists(libvirt_clientkey) ||
|
||||
!virFileExists(libvirt_clientcert)) {
|
||||
VIR_FREE(libvirt_cacert);
|
||||
VIR_FREE(libvirt_clientkey);
|
||||
VIR_FREE(libvirt_clientcert);
|
||||
|
||||
libvirt_cacert = strdup(LIBVIRT_CACERT);
|
||||
if (!libvirt_cacert) goto out_of_memory;
|
||||
|
||||
libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY);
|
||||
if (!libvirt_clientkey) goto out_of_memory;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user