External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-08 22:15:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

daemon: initialize GnuTLS

Browse Source 
When spice_tls is set but listen_tls is not, we don't initialize
GnuTLS library. So any later gnutls call (e.g. during migration,
where we initialize a certificate) will access uninitialized GnuTLS
internal structs and throws an error.

Although, we might now initialize GnuTLS twice, it is safe according
to the documentation:

    This function can be called many times,
    but will only do something the first time.

This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
with respect to written above.
This commit is contained in:
Michal Privoznik 2011-08-18 10:44:08 +02:00
parent 4dec4d414f
commit 74c7567133
3 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
daemon/libvirtd.c
View File

@ -1516,6 +1516,7 @@ int main(int argc, char **argv) {
virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_START, virHookCall(VIR_HOOK_DRIVER_DAEMON, "-", VIR_HOOK_DAEMON_OP_START,
0, "start", NULL); 0, "start", NULL);
virNetTLSInit();
if (daemonSetupNetworking(srv, config, if (daemonSetupNetworking(srv, config,
sock_file, sock_file_ro, sock_file, sock_file_ro,
ipsock, privileged) < 0) { ipsock, privileged) < 0) {
@ -1554,6 +1555,7 @@ cleanup:
virNetServerProgramFree(qemuProgram); virNetServerProgramFree(qemuProgram);
virNetServerClose(srv); virNetServerClose(srv);
virNetServerFree(srv); virNetServerFree(srv);
virNetTLSDeinit();
if (statuswrite != -1) { if (statuswrite != -1) {
if (ret != 0) { if (ret != 0) {
/* Tell parent of daemon what failed */ /* Tell parent of daemon what failed */

25
src/rpc/virnettlscontext.c
View File

@ -679,9 +679,6 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert,
ctxt->refs = 1; ctxt->refs = 1;
/* Initialise GnuTLS. */
gnutls_global_init();
if ((gnutlsdebug = getenv("LIBVIRT_GNUTLS_DEBUG")) != NULL) { if ((gnutlsdebug = getenv("LIBVIRT_GNUTLS_DEBUG")) != NULL) {
int val; int val;
if (virStrToLong_i(gnutlsdebug, NULL, 10, &val) < 0) if (virStrToLong_i(gnutlsdebug, NULL, 10, &val) < 0)
@ -1399,3 +1396,25 @@ void virNetTLSSessionFree(virNetTLSSessionPtr sess)
virMutexDestroy(&sess->lock); virMutexDestroy(&sess->lock);
VIR_FREE(sess); VIR_FREE(sess);
} }
/*
* This function MUST be called before any
* virNetTLS* because it initializes
* underlying GnuTLS library. According to
* it's documentation, it's safe to be called
* many times, but is not thread safe. Each
* call SHOULD be later followed by
* virNetTLSContextDeinit.
*/
void virNetTLSInit(void)
{
gnutls_global_init();
}
/*
* See virNetTLSInit
*/
void virNetTLSDeinit(void)
{
gnutls_global_deinit();
}

3
src/rpc/virnettlscontext.h
View File

@ -30,6 +30,9 @@ typedef struct _virNetTLSSession virNetTLSSession;
typedef virNetTLSSession *virNetTLSSessionPtr; typedef virNetTLSSession *virNetTLSSessionPtr;
void virNetTLSInit(void);
void virNetTLSDeinit(void);
virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath, virNetTLSContextPtr virNetTLSContextNewServerPath(const char *pkipath,
bool tryUserPkiPath, bool tryUserPkiPath,
const char *const*x509dnWhitelist, const char *const*x509dnWhitelist,