External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 03:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanity check explicit TLS file paths

Browse Source 
When providing explicit x509 cert/key paths in libvirtd.conf,
the user must provide all three. If one or more is missed,
this leads to obscure errors at runtime when negotiating
the TLS session

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2017-03-15 18:02:40 +00:00
parent 27cd763500
commit 887450cbdf
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
daemon/libvirtd.c
View File

@ -544,6 +544,23 @@ daemonSetupNetworking(virNetServerPtr srv,
if (config->ca_file ||
config->cert_file ||
config->key_file) {
if (!config->ca_file) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("No CA certificate path set to match server key/cert"));
goto cleanup;
}
if (!config->cert_file) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("No server certificate path set to match server key"));
goto cleanup;
}
if (!config->key_file) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("No server key path set to match server cert"));
goto cleanup;
}
VIR_DEBUG("Using CA='%s' cert='%s' key='%s'",
config->ca_file, config->cert_file, config->key_file);
if (!(ctxt = virNetTLSContextNewServer(config->ca_file,
config->crl_file,
config->cert_file,