From f36c70775a71e68b295dc3985701b2b6f2c52f2e Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Thu, 12 Jul 2007 15:17:08 +0000 Subject: [PATCH] Check client cert/key ahead of time & report errors --- ChangeLog | 6 ++++++ src/remote_internal.c | 24 ++++++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/ChangeLog b/ChangeLog index 373df45954..1806893e39 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Thu Jul 12 11:15:17 EST 2007 Daniel P. Berrange + + * src/remote_internal.c: Explicitly check certificate/key files + before trying to load them so we can get improved error reports + back. + Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange * src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c: Pass diff --git a/src/remote_internal.c b/src/remote_internal.c index a0663969e0..85e12a020e 100644 --- a/src/remote_internal.c +++ b/src/remote_internal.c @@ -890,6 +890,22 @@ query_free (struct query_fields *fields) /* GnuTLS functions used by remoteOpen. */ static gnutls_certificate_credentials_t x509_cred; + +static int +check_cert_file (const char *type, const char *file) +{ + struct stat sb; + if (stat(file, &sb) < 0) { + __virRaiseError (NULL, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC, + VIR_ERR_ERROR, LIBVIRT_CACERT, NULL, NULL, 0, 0, + "Cannot access %s '%s': %s (%d)", + type, file, strerror(errno), errno); + return -1; + } + return 0; +} + + static int initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED) { @@ -907,6 +923,14 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED) return -1; } + + if (check_cert_file("CA certificate", LIBVIRT_CACERT) < 0) + return -1; + if (check_cert_file("client key", LIBVIRT_CLIENTKEY) < 0) + return -1; + if (check_cert_file("client certificate", LIBVIRT_CLIENTCERT) < 0) + return -1; + /* Set the trusted CA cert. */ #if DEBUG fprintf (stderr, "loading CA file %s\n", LIBVIRT_CACERT);