mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-05 04:25:19 +00:00
Sanity check explicit TLS file paths
When providing explicit x509 cert/key paths in libvirtd.conf, the user must provide all three. If one or more is missed, this leads to obscure errors at runtime when negotiating the TLS session Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
27cd763500
commit
887450cbdf
@ -544,6 +544,23 @@ daemonSetupNetworking(virNetServerPtr srv,
|
|||||||
if (config->ca_file ||
|
if (config->ca_file ||
|
||||||
config->cert_file ||
|
config->cert_file ||
|
||||||
config->key_file) {
|
config->key_file) {
|
||||||
|
if (!config->ca_file) {
|
||||||
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
_("No CA certificate path set to match server key/cert"));
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
if (!config->cert_file) {
|
||||||
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
_("No server certificate path set to match server key"));
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
if (!config->key_file) {
|
||||||
|
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||||
|
_("No server key path set to match server cert"));
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
VIR_DEBUG("Using CA='%s' cert='%s' key='%s'",
|
||||||
|
config->ca_file, config->cert_file, config->key_file);
|
||||||
if (!(ctxt = virNetTLSContextNewServer(config->ca_file,
|
if (!(ctxt = virNetTLSContextNewServer(config->ca_file,
|
||||||
config->crl_file,
|
config->crl_file,
|
||||||
config->cert_file,
|
config->cert_file,
|
||||||
|
Loading…
Reference in New Issue
Block a user