External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-01 06:27:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Fix bug assuming usage of default UUID for certificate passphrase

Browse Source 
If an environment specific _tls_x509_cert_dir is provided, then
do not VIR_STRDUP the defaultTLSx509secretUUID as that would be
for the "default" environment and not the vnc, spice, chardev, or
migrate environments. If the environment needs a secret to decode
it's certificate, then it must provide the secret. If the secrets
happen to be the same, then configuration would use the same UUID
as the default (but we cannot assume that nor can we assume that
the secret would be necessary).
This commit is contained in:
John Ferlan 2017-07-21 17:25:57 -04:00
parent d3e17259e1
commit fdab78b574
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/qemu/qemu_conf.c
View File

@ -564,14 +564,18 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
goto cleanup; \
if (rv == 0) \
cfg->val## TLSx509verify = cfg->defaultTLSx509verify; \
if (virConfGetValueString(conf, #val "_tls_x509_cert_dir", \
&cfg->val## TLSx509certdir) < 0) \
if ((rv = virConfGetValueString(conf, #val "_tls_x509_cert_dir", \
&cfg->val## TLSx509certdir)) < 0) \
goto cleanup; \
if (virConfGetValueString(conf, \
#val "_tls_x509_secret_uuid", \
&cfg->val## TLSx509secretUUID) < 0) \
goto cleanup; \
if (!cfg->val## TLSx509secretUUID && \
/* Only if a *tls_x509_cert_dir wasn't found (e.g. rv == 0), should \
* we copy the defaultTLSx509secretUUID. If this environment needs \
* a passphrase to decode the certificate, then it should provide \
* it's own secretUUID for that. */ \
if (rv == 0 && !cfg->val## TLSx509secretUUID && \
cfg->defaultTLSx509secretUUID) { \
if (VIR_STRDUP(cfg->val## TLSx509secretUUID, \
cfg->defaultTLSx509secretUUID) < 0) \