deamon: TLS: use default value if ca_file, cert_file or key_file not set

[libvirt] [PATCH] deamon: TLS: use default value if ca_file, cert_file or key_file not set

Chen Hanxiao posted 1 patch 6 years, 4 months ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20171218072716.4719-1-chen_han_xiao@126.com

daemon/libvirtd.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)

Expand all Fold all

[libvirt] [PATCH] deamon: TLS: use default value if ca_file, cert_file or key_file not set

Posted by Chen Hanxiao 6 years, 4 months ago

From: Chen Hanxiao <chenhanxiao@gmail.com>

As the description of daemon/libvirtd.conf, setting
key_file, cert_file or key_file will override the default value.
But if we set any one of them, we need to set all the rest of them.

This patch set default value to them as daemon/libvirtd.conf
described.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
---
 daemon/libvirtd.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 6d3b83355..93983f63b 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -493,19 +493,28 @@ daemonSetupNetworking(virNetServerPtr srv,
                 config->cert_file ||
                 config->key_file) {
                 if (!config->ca_file) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                   _("No CA certificate path set to match server key/cert"));
-                    goto cleanup;
+                    VIR_WARN("Using default path for ca_file");
+                    if (VIR_STRDUP(config->ca_file, LIBVIRT_CACERT) < 0) {
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("No CA certificate path set to match server key/cert"));
+                        goto cleanup;
+                    }
                 }
                 if (!config->cert_file) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                   _("No server certificate path set to match server key"));
-                    goto cleanup;
+                    VIR_WARN("Using default path for cert_file");
+                    if (VIR_STRDUP(config->cert_file, LIBVIRT_SERVERCERT) < 0) {
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("No server certificate path set to match server key"));
+                        goto cleanup;
+                    }
                 }
                 if (!config->key_file) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                                   _("No server key path set to match server cert"));
-                    goto cleanup;
+                    VIR_WARN("Using default path for key_file");
+                    if (VIR_STRDUP(config->key_file, LIBVIRT_SERVERKEY) < 0) {
+                        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                       _("No server key path set to match server cert"));
+                        goto cleanup;
+                    }
                 }
                 VIR_DEBUG("Using CA='%s' cert='%s' key='%s'",
                           config->ca_file, config->cert_file, config->key_file);
-- 
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list