From 343c69dbadb61b30e6d9eb167dd7a076fa151c73 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Fri, 6 May 2011 10:00:53 -0500 Subject: [PATCH] virsh: flexibility in CA cert and user cert/key Allow the CA certificate to come from the user's home directory or from the global location independently of the client certificate/key pair. Mostly for the case when each user on a system has their own cert/key pair but the system as a whole shares the same CA. Signed-off-by: Doug Goldstein --- src/remote/remote_driver.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 09736d9fb3..37940f3708 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -1221,21 +1221,26 @@ initialize_gnutls(char *pkipath, int flags) "clientcert.pem")) < 0) goto out_of_memory; - /* Use default location as long as one of CA certificate, + /* Use the default location of the CA certificate if it + * cannot be found in $HOME/.pki/libvirt + */ + if (!virFileExists(libvirt_cacert)) { + VIR_FREE(libvirt_cacert); + + libvirt_cacert = strdup(LIBVIRT_CACERT); + if (!libvirt_cacert) goto out_of_memory; + } + + /* Use default location as long as one of * client key, and client certificate cannot be found in * $HOME/.pki/libvirt, we don't want to make user confused * with one file is here, the other is there. */ - if (!virFileExists(libvirt_cacert) || - !virFileExists(libvirt_clientkey) || + if (!virFileExists(libvirt_clientkey) || !virFileExists(libvirt_clientcert)) { - VIR_FREE(libvirt_cacert); VIR_FREE(libvirt_clientkey); VIR_FREE(libvirt_clientcert); - libvirt_cacert = strdup(LIBVIRT_CACERT); - if (!libvirt_cacert) goto out_of_memory; - libvirt_clientkey = strdup(LIBVIRT_CLIENTKEY); if (!libvirt_clientkey) goto out_of_memory;