From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643231; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Jx3SzrqY3QAcIuEOVgfUZs92iI3cxUqwRO4Tm3aDYJ0sCuNZtk6EFn7eGTg1vxdfuRODzzqtAoE6xobR9dIhP4JokFwoVsM0+sFso1ZbbbqjZgE0Z+00Xpzxjp45HDJKHRXtih+OKi416+gV1qzBW3IClqhQ8VNECvkhh1H/mJc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1636643231;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=;
	b=QFzQ+kOcZp5uOLvC/vKXhUzK/sWysDibDgL3VqDsYHzulzTfHBBNW5MmYCLOERg55j0LsHVTVvKVhxgTZ9ZIfz/A2Pl0Ovw8nM8rCvCtu7F0QdCPUQH2CbXcwcf5Q/vPj1eEIB9VJ868lv9k860aLL0gVZDjn+hZkXn9oeg9lkI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mkletzan@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 1636643231001736.2910238562691;
 Thu, 11 Nov 2021 07:07:11 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-441-qc6qYkb0MKSWQnPnUscZhg-1; Thu, 11 Nov 2021 10:07:06 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5E183871803;
	Thu, 11 Nov 2021 15:07:01 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0D0435DA60;
	Thu, 11 Nov 2021 15:07:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id AC7CE1800FDD;
	Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
	[10.11.54.2])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1ABF6wN0004508 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 11 Nov 2021 10:06:58 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 8ECA5400E113; Thu, 11 Nov 2021 15:06:58 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 89234400E112
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:06:58 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6EC49181E076
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:06:58 +0000 (UTC)
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
	[209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-481-_H1gY2JPMrypJKdOs7nQAA-1; Thu, 11 Nov 2021 10:06:57 -0500
Received: by mail-wr1-f69.google.com with SMTP id
	f3-20020a5d50c3000000b00183ce1379feso1049135wrt.5
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 07:06:56 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
	[213.175.37.10])
	by smtp.gmail.com with ESMTPSA id h1sm3128703wmb.7.2021.11.11.07.06.55
	for <libvir-list@redhat.com>
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
	by wheatley.localdomain (Postfix) with ESMTP id B5E4C1BBF2C1
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1636643230;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=;
	b=Zi7pH911SDBpx46Z88O8U+oYbtz6jk5+X5uRwzTuntLaQ22Q0yqZ213CP3Nygn8TYPCqTY
	ik2yjiSUEPLMVwcxh+P8RbXZEtYZXsnRU+d/zKTJxagPHZt+dCFg6XFBbmW+xYhlJHc2/R
	Rbvk40GJQ5nE9KmkrleQOWA6jCzZJ8s=
X-MC-Unique: qc6qYkb0MKSWQnPnUscZhg-1
X-MC-Unique: _H1gY2JPMrypJKdOs7nQAA-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=;
	b=CTB51dKTy0NMgs00r8unNWtUCYlqDADSgzHBOaAOccHgM9j4bjoveScBkVwnssnru+
	nSfaWIvh2WRMDplAENqroWgpCbfpcbM0WoxrPsr2eovrkl8vCuYwWxITODubn0Bb8VmY
	5K6veFIWKNqx8qaBrE31c95rVQGMsQu0zAaK3He/HmPOa0O4N1wWw1Hmc1oxwaya3euq
	SEdu53MW5iLDON1uMH+u1IAQLgn+7nYqXZBBfwGyJTbvJeZVith1vuJDZdsIgkX8Eckg
	vE+cys8g3a63ZAWaMrf30U065VLV1pQx6L9Fug+XYC+S7xmdNWKKzELV4hSOMW4I2sbS
	9cuQ==
X-Gm-Message-State: AOAM532Njt1uBpf/ShVq73BLVJaseyOcIAxEBJIQsxQhlHxADrndvVWE
	yREQQ5CAKuJ2iJCHgsDPHvKifm0YeQAgFgjnNsz6d9E4nc1lqQWBeZRKv5Pi6Yv6728457NDbsS
	6lTt9wa+VlcvcGwqPdz8wREpMcQ8qDbZD+aYxQXZZJA3xdGu0+ClExLLq/5u1MkrQZJEYVUs=
X-Received: by 2002:a7b:c38b:: with SMTP id s11mr27160691wmj.29.1636643216028;
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJxlcUKm3OZMXfza4SOiz60VcHpaXlOtebIN0EmDr0hOY2wgjtHzhNA5PX0xL1lybfq9UAdr4A==
X-Received: by 2002:a7b:c38b:: with SMTP id s11mr27160655wmj.29.1636643215779;
	Thu, 11 Nov 2021 07:06:55 -0800 (PST)
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 1/6] rpc: Resize dname for longer DN from TLS certs
Date: Thu, 11 Nov 2021 16:06:41 +0100
Message-Id: 
 <278b8093d6df975dc0b2729a0165426e720220c6.1636643087.git.mkletzan@redhat.com>
In-Reply-To: <cover.1636643087.git.mkletzan@redhat.com>
References: <cover.1636643087.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643259638100001
Content-Type: text/plain; charset="utf-8"

And to make that easier, allocate it on the heap.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 src/rpc/virnettlscontext.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 1340faa22485..3babf3ee4dc3 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -980,11 +980,9 @@ static int virNetTLSContextValidCertificate(virNetTLSC=
ontext *ctxt,
     const gnutls_datum_t *certs;
     unsigned int nCerts;
     size_t i;
-    char dname[256];
+    size_t dnamesize =3D 256;
+    g_autofree char *dname =3D g_new0(char, dnamesize);
     char *dnameptr =3D dname;
-    size_t dnamesize =3D sizeof(dname);
-
-    memset(dname, 0, dnamesize);
=20
     if ((ret =3D gnutls_certificate_verify_peers2(sess->session, &status))=
 < 0) {
         virReportError(VIR_ERR_SYSTEM_ERROR,
@@ -1050,17 +1048,23 @@ static int virNetTLSContextValidCertificate(virNetT=
LSContext *ctxt,
=20
         if (i =3D=3D 0) {
             ret =3D gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
+            if (ret =3D=3D GNUTLS_E_SHORT_MEMORY_BUFFER) {
+                VIR_DEBUG("Reallocating dname to fit %zu bytes", dnamesize=
);
+                dname =3D g_realloc(dname, dnamesize);
+                dnameptr =3D dname;
+                ret =3D gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
+            }
             if (ret !=3D 0) {
                 virReportError(VIR_ERR_SYSTEM_ERROR,
                                _("Failed to get certificate %s distinguish=
ed name: %s"),
                                "[session]", gnutls_strerror(ret));
                 goto authfail;
             }
-            sess->x509dname =3D g_strdup(dname);
-            VIR_DEBUG("Peer DN is %s", dname);
+            sess->x509dname =3D g_steal_pointer(&dname);
+            VIR_DEBUG("Peer DN is %s", dnameptr);
=20
-            if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostn=
ame, dname,
-                                            ctxt->x509dnACL) < 0) {
+            if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostn=
ame,
+                                            dnameptr, ctxt->x509dnACL) < 0=
) {
                 gnutls_x509_crt_deinit(cert);
                 goto authdeny;
             }
--=20
2.33.1

From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643240; cv=none;
	d=zohomail.com; s=zohoarc;
	b=MfGtHjmrGlQxpP01kS5HUOcYxjB9Ci4wEHrUetrUi2XH7NlrFeCDJkBhAnxoXezcws/zSUswYBWgPwqpfjd1j8xj0JnjtRiuQ0u/kRNhhTeaqxEt7i0IRfLlr59gOgdeQNRHzPuXLVogDqys+8xj2eEzgdwecrsX8uBMPFDByRg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1636643240;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=39M5WxkQbOto0EwItvdGcMm4BmJc2fbZ6Y7KV2p5iEw=;
	b=i0H5vnJlB1lpHUZqabXYK6DIS1OK9d/ADKvbSkD8oKKfneYu4sg4RTCyd60wN4EVxQT4lFaeVbVWn7BMIRNBJ/P/pGDzdEJ/SetDYelTI4PhBPZLmL/FM3Mxs7GHmvm193XuMXWKIRZul7Y/7s696/VCgXIrkdoHynMq9p/GOn8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mkletzan@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1636643240539222.86327309221986;
 Thu, 11 Nov 2021 07:07:20 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-188-gfhfjqSAOSadFeikjjLk5w-1; Thu, 11 Nov 2021 10:07:17 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7DDF71018724;
	Thu, 11 Nov 2021 15:07:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5FACD60C05;
	Thu, 11 Nov 2021 15:07:12 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 351DF181A1D1;
	Thu, 11 Nov 2021 15:07:12 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
	[10.11.54.1])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1ABF705I004527 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 11 Nov 2021 10:07:00 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 4B62740CFD04; Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 45DD840CFD0F
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2AF21181E064
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
	[209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-222-PSnfyeV4PvmGhaBosDB8mg-1; Thu, 11 Nov 2021 10:06:58 -0500
Received: by mail-wm1-f70.google.com with SMTP id
	b133-20020a1c808b000000b0032cdd691994so4932235wmd.1
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 07:06:57 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
	[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
	a22sm2969346wme.19.2021.11.11.07.06.55 for <libvir-list@redhat.com>
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
	by wheatley.localdomain (Postfix) with ESMTP id B6A891BBF2C2
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1636643239;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=39M5WxkQbOto0EwItvdGcMm4BmJc2fbZ6Y7KV2p5iEw=;
	b=DwEVmR7H3F2uuMelonv48umbK6n/7cyP9vxdmShuUXrum9FRcODnKzYmaZAVjzMgqRWhUH
	AyKXPCAAPwwd0i8K4BJFtY2QVGhvxjp0uxpjX6dYVdFyF4refg8QGLhOd207EeZwQ9mPPu
	5KoS/DBOb+clICwjLYskeu2Upub8cyE=
X-MC-Unique: gfhfjqSAOSadFeikjjLk5w-1
X-MC-Unique: PSnfyeV4PvmGhaBosDB8mg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=39M5WxkQbOto0EwItvdGcMm4BmJc2fbZ6Y7KV2p5iEw=;
	b=k8VYzCpxFJP5oQDIWUqATfKE0DI6ERUBzK2UN7DBWvAdQ3HOAB016dQlgC7o3rD32M
	VAvLlpf18+9ia5LP6nTYN51maoHb5oxZ7NV62Is7uKGcypj00IqFUfY+bH8NIWC3uvHL
	uAiTWRaUh3rAdUrVGoDPkkmyuWj7CMoQb7O4KofXYtU2tU4zcoCvtKbVW19FS64az4wN
	pS/mvqUQkfHqZ5wHax+G7TP8dkMUK27tva3TphQbBdS9FuAWHmtROqEx5J91zHn7Gx3R
	kzr+/mhGY2of0wJ5QqNg8WsQPKg5eKL6i1GD0gW/u4LcD4rivmYyvs6LTRkJRnhuR/0A
	Az3A==
X-Gm-Message-State: AOAM532jE0lqmJixZHFBNXXFfeUZZxQJqTuZHYA0QLJm0Pl8z2vaeMI0
	6KUdGChaMWxa4bFiwFz4Vpd+YyCMR0BRGCdIhAMVde8SZPQUMMdqz8NtmOk4vxEQhy7VZoqppPl
	ZxGBxGG+G1xxSSIZUJ0JRzHoLxWSkXEc4pkDhdzqmvMwDqrkmph97Wq6NGg8crQ9LwIu40lI=
X-Received: by 2002:a5d:6707:: with SMTP id o7mr9472143wru.172.1636643216868;
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJwBHQydQx4f9Htksrsbb3f9BR6Sz4PdWkf4gCFdTXU6PnvNo7Fu9ZFLSSFjgUGy4CJG6zYrzQ==
X-Received: by 2002:a5d:6707:: with SMTP id o7mr9472099wru.172.1636643216608;
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 2/6] tools: Add virt-pki-query-dn binary
Date: Thu, 11 Nov 2021 16:06:42 +0100
Message-Id: 
 <aeb19e7bfa936d741aa3542bf28b47a263ed4c6e.1636643087.git.mkletzan@redhat.com>
In-Reply-To: <cover.1636643087.git.mkletzan@redhat.com>
References: <cover.1636643087.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643270937100001
Content-Type: text/plain; charset="utf-8"

With this program we do not have to depend on the output of `certtool -i`, =
which
changed the order of the fields at some point and the newest version is
incompatible with what libvirt expects in tls_allowed_dn_list configuration
option.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 libvirt.spec.in           |   1 +
 po/POTFILES.in            |   1 +
 tools/meson.build         |  26 ++++++++
 tools/virt-pki-query-dn.c | 137 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 165 insertions(+)
 create mode 100644 tools/virt-pki-query-dn.c

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 4ecb28114ce8..5f1773ef93f2 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1983,6 +1983,7 @@ exit 0
 %{_mandir}/man1/virt-pki-validate.1*
 %{_bindir}/virsh
 %{_bindir}/virt-xml-validate
+%{_bindir}/virt-pki-query-dn
 %{_bindir}/virt-pki-validate
=20
 %{_datadir}/bash-completion/completions/virsh
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 8a726f624e38..bf0a3b352979 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -376,6 +376,7 @@
 @SRCDIR@tools/virt-host-validate-qemu.c
 @SRCDIR@tools/virt-host-validate.c
 @SRCDIR@tools/virt-login-shell-helper.c
+@SRCDIR@tools/virt-pki-query-dn.c
 @SRCDIR@tools/vsh-table.c
 @SRCDIR@tools/vsh.c
 @SRCDIR@tools/vsh.h
diff --git a/tools/meson.build b/tools/meson.build
index bf0eab8b6bf2..9fc07ef32bb3 100644
--- a/tools/meson.build
+++ b/tools/meson.build
@@ -257,6 +257,32 @@ configure_file(
   install_mode: 'rwxrwxr-x',
 )
=20
+executable(
+  'virt-pki-query-dn',
+  [
+    'virt-pki-query-dn.c',
+  ],
+  dependencies: [
+    glib_dep,
+    gnutls_dep,
+  ],
+  include_directories: [
+    src_inc_dir,
+    top_inc_dir,
+    util_inc_dir,
+  ],
+  link_args: (
+    libvirt_relro
+    + libvirt_no_indirect
+    + libvirt_no_undefined
+  ),
+  link_with: [
+    libvirt_lib
+  ],
+  install: true,
+  install_dir: bindir,
+)
+
 if conf.has('WITH_SANLOCK')
   configure_file(
     input: 'virt-sanlock-cleanup.in',
diff --git a/tools/virt-pki-query-dn.c b/tools/virt-pki-query-dn.c
new file mode 100644
index 000000000000..0706256d0016
--- /dev/null
+++ b/tools/virt-pki-query-dn.c
@@ -0,0 +1,137 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <config.h>
+#include "internal.h"
+
+#include <err.h>
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include "virgettext.h"
+
+
+static void
+glib_auto_cleanup_gnutls_x509_crt_t(gnutls_x509_crt_t *pointer)
+{
+    gnutls_x509_crt_deinit(*pointer);
+}
+
+
+static void
+print_usage(const char *progname,
+            FILE *out)
+{
+  fprintf(out,
+          _("Usage:\n"
+            "  %s FILE\n"
+            "  %s { -v | -h }\n"
+            "\n"
+            "Extract Distinguished Name from a PEM certificate.\n"
+            "The output is meant to be used in the tls_allowed_dn_list\n"
+            "configuration option in the libvirtd.conf file.\n"
+            "\n"
+            "  FILE            certificate file to extract the DN from\n"
+            "\n"
+            "options:\n"
+            "  -h | --help     display this help and exit\n"
+            "  -v | --version  output version information and exit\n"),
+          progname, progname);
+}
+
+
+int
+main(int argc,
+     char **argv)
+{
+    const char *progname =3D NULL;
+    const char *filename =3D NULL;
+    size_t dnamesize =3D 256;
+    size_t bufsize =3D 0;
+    g_autofree char *dname =3D g_new0(char, dnamesize);
+    g_autofree char *buf =3D NULL;
+    g_auto(gnutls_x509_crt_t) crt =3D {0};
+    gnutls_datum_t crt_data =3D {0};
+    g_autoptr(GError) error =3D NULL;
+    int arg =3D 0;
+    int rv =3D 0;
+
+    struct option opt[] =3D {
+        {"help", no_argument, NULL, 'h'},
+        {"version", optional_argument, NULL, 'v'},
+        {NULL, 0, NULL, 0}
+    };
+
+    if (virGettextInitialize() < 0)
+        return EXIT_FAILURE;
+
+    if (!(progname =3D strrchr(argv[0], '/')))
+        progname =3D argv[0];
+    else
+        progname++;
+
+    while ((arg =3D getopt_long(argc, argv, "hv", opt, NULL)) !=3D -1) {
+        switch (arg) {
+        case 'v':
+            printf("%s\n", PACKAGE_VERSION);
+            return EXIT_SUCCESS;
+        case 'h':
+            print_usage(progname, stdout);
+            return EXIT_SUCCESS;
+        default:
+            print_usage(progname, stderr);
+            return EXIT_FAILURE;
+        }
+    }
+
+    if (optind !=3D argc - 1) {
+        print_usage(progname, stderr);
+        return EXIT_FAILURE;
+    }
+
+    filename =3D argv[optind];
+
+    g_file_get_contents(filename, &buf, &bufsize, &error);
+    if (error)
+        errx(EXIT_FAILURE, "%s", error->message);
+
+    if (bufsize > UINT_MAX)
+        errx(EXIT_FAILURE, _("File '%s' is too large"), filename);
+
+    crt_data.data =3D (unsigned char *)buf;
+    crt_data.size =3D bufsize;
+
+    rv =3D gnutls_x509_crt_init(&crt);
+    if (rv < 0) {
+        err(EXIT_FAILURE,
+            _("Unable to initialize certificate: %s"),
+            gnutls_strerror(rv));
+    }
+
+    rv =3D gnutls_x509_crt_import(crt, &crt_data, GNUTLS_X509_FMT_PEM);
+    if (rv < 0) {
+        err(EXIT_FAILURE,
+            _("Unable to load certificate, make sure it is in PEM format: =
%s"),
+            gnutls_strerror(rv));
+    }
+
+    rv =3D gnutls_x509_crt_get_dn(crt, dname, &dnamesize);
+    if (rv =3D=3D GNUTLS_E_SHORT_MEMORY_BUFFER) {
+        dname =3D g_realloc(dname, dnamesize);
+        rv =3D gnutls_x509_crt_get_dn(crt, dname, &dnamesize);
+    }
+    if (rv !=3D 0) {
+        err(EXIT_FAILURE,
+            _("Failed to get distinguished name: %s"),
+            gnutls_strerror(rv));
+    }
+
+    printf("%s\n", dname);
+
+    return EXIT_SUCCESS;
+}
--=20
2.33.1

From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643237; cv=none;
	d=zohomail.com; s=zohoarc;
	b=n0/zo4TWUOe88OAtmkOyK+vkDq7bb5zvXNw3WXi/gWEwAWQ8pihW29bcQ/D8uYllIroAmF8sr02bf3UzdBFdCWaXDQBd5gI+Y6TbibUpVVj3qijyUKZm26vt54dNmjZD7F22PZK3ljggck+OTLGcO701ia3f6u2agBLouUAIgdM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1636643237;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=ZAtgbNQOHxv6WKmWH3am9VRs7Kltr4+ndQGACo94iP4=;
	b=UOKhpShqAjTUboGXgPfFRq3FmO+3eiNVHN+L6s/1gC9XSooP3KJq8Z403vyScEv5lC6rADNpKOX+PsRgkVqJchMTr3qpTVX3bU0a7gWDJOsCOeaAzNwND9jgSbFRigZpwP/N8PzU1A0gibhxtGFfqYhR+5QanacaXv47Tnobkwk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mkletzan@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 163664323750890.77364489511547;
 Thu, 11 Nov 2021 07:07:17 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-376-3jyhulRIP-yyI_P0AuXFLw-1; Thu, 11 Nov 2021 10:07:14 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B8B6E824F89;
	Thu, 11 Nov 2021 15:07:08 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9008D19C59;
	Thu, 11 Nov 2021 15:07:08 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5C90F4EA2A;
	Thu, 11 Nov 2021 15:07:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
	[10.11.54.2])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1ABF6x92004517 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 11 Nov 2021 10:06:59 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 8F9AB400E113; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C051400E112
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5D02B85A5BD
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
	[209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-213-ejZpVTAkN4eZOauoh7JEmg-1; Thu, 11 Nov 2021 10:06:57 -0500
Received: by mail-wm1-f69.google.com with SMTP id
	a67-20020a1c7f46000000b00333629ed22dso1361292wmd.6
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 07:06:57 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
	[213.175.37.10])
	by smtp.gmail.com with ESMTPSA id o63sm3363119wme.2.2021.11.11.07.06.55
	for <libvir-list@redhat.com>
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
	by wheatley.localdomain (Postfix) with ESMTP id B83081BBF2C3
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1636643236;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=ZAtgbNQOHxv6WKmWH3am9VRs7Kltr4+ndQGACo94iP4=;
	b=B+rkeUyF4wUtKEksuVrPExjdrTTK8bIABMPSMQi5UVQoB3VJ4SkLix2ZDBJRch6tAjUxfw
	er9Y9utSuEC7UPHTAByFo+I/0nB5dTEEOO0/luCd9/yCKCJgZsY6AvXVxNA1K+QZvLKyI1
	xyf7JUz3cC68Zw57peaxtBnY/a2EoJI=
X-MC-Unique: 3jyhulRIP-yyI_P0AuXFLw-1
X-MC-Unique: ejZpVTAkN4eZOauoh7JEmg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=ZAtgbNQOHxv6WKmWH3am9VRs7Kltr4+ndQGACo94iP4=;
	b=K04wBLk2MPACPIchtOkF3Yt2lNd2acO9uvua23Rcwrdeg+CWrTzZdP/cU8+w4qCeNy
	MC3d5mOn52w+BybBCLTg/XItSe5hQ1mQgqigIjKQZmlB+DSHtV60JbvjeZ5qzoCoKXRI
	7zbPjNAf3futZoElK9eK63Av3gJx7Ee6fWHBjcjqx9k5KdHXoTID8J8rrTDbB/TuDIKr
	4rJOf3dAXEjW9zI/vArhH1cRbLOP7J4wi9pPBPS0M17ahfiRkBwiN5OS3LVNBH+it9bi
	jS9eyqcTTw9NWuPmtLnO2q579KeJWIkD8WnQ9DGA8GiZCn3t/jpSrEJKmxjXOF0l4wG2
	Lsuw==
X-Gm-Message-State: AOAM530yz/WjgPIyhEucxeSPPdewWhAcI1tlQP9LVAqJxjjA+w1G2WOw
	qbryp4Nri+QkVNiH/SXB6OICGMNI5FyMyR/usG9KpKbVmLXQK/pNBJEo7uDLxrmoWD92CdNRUhu
	n/sO8releuwcS4S4HOw6IZh7pIj2vAm5h4OsQHqOS5oQM+JABY8OPMOl4ylO+tZDpUrgafcs=
X-Received: by 2002:a1c:1b15:: with SMTP id b21mr8744747wmb.174.1636643216652;
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJyhIQfGlRE+pZxsmp3/xKBV4qjQ2HMorAQQXQX6xKXwfOJyNKl02EAzp1cCIyZFfSzdUe8Rtg==
X-Received: by 2002:a1c:1b15:: with SMTP id b21mr8744702wmb.174.1636643216340;
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 3/6] docs: Simplify explanation of tls_allowed_dn_list
	wildcards
Date: Thu, 11 Nov 2021 16:06:43 +0100
Message-Id: 
 <52cd4109c62e3e86ce4af79efca36f792e55c668.1636643087.git.mkletzan@redhat.com>
In-Reply-To: <cover.1636643087.git.mkletzan@redhat.com>
References: <cover.1636643087.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643267408100001
Content-Type: text/plain; charset="utf-8"

This removes a dead link, the need for users to understand a glib function =
and a
improper reference to fnmatch (as we only expand asterisks to any string).

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/remote.html.in             | 4 ++--
 src/remote/libvirtd.conf.in     | 4 +---
 tests/virconfdata/libvirtd.conf | 3 +--
 tests/virconfdata/libvirtd.out  | 3 +--
 4 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/docs/remote.html.in b/docs/remote.html.in
index cc8db80c959c..66f56a3a64fc 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -249,8 +249,8 @@ Blank lines and comments beginning with <code>#</code> =
are ignored.
   </p>
           <p>
   This list may contain wildcards such as <code>"C=3DGB,ST=3DLondon,L=3DLo=
ndon,O=3DLibvirt Project,CN=3D*"</code>
-  See the POSIX <code>fnmatch</code> function for the format
-  of the wildcards.
+  Any * matches in the string matches any number of consecutive characters,
+  like a simplified <code>glob(7)</code>.
   </p>
           <p>
   Note that if this is an empty list, <i>no client can connect</i>.
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index 8e709856aacb..b18c5885a1a7 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -290,9 +290,7 @@
 #
 #    "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
 #
-# See the g_pattern_match function for the format of the wildcards:
-#
-# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching=
.html
+# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.c=
onf
index 6d1fd33dcdd3..e850e1b87344 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -183,9 +183,8 @@ tls_no_verify_certificate =3D 1
 #
 #    "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
 #
-# See the g_pattern_match function for the format of the wildcards.
+# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
 #
-# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching=
.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index ce50480b8c69..0755c5dc0a22 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -147,9 +147,8 @@ tls_no_verify_certificate =3D 1
 #
 #    "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
 #
-# See the g_pattern_match function for the format of the wildcards.
+# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
 #
-# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching=
.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
--=20
2.33.1

From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643244; cv=none;
	d=zohomail.com; s=zohoarc;
	b=GTVQveHKJs42aHMKUSj3kRYAT8sXqLjp2tyQQXZuwk1TKhSK9KvuyqbG+ZTZ47LQLLft6ucLLa1VLUTcjTrDDPGu4DeZNZuLVGxUs5h3IVSAKKMeTVJIoN/7mkyrh1WzXfk3Uud45AgJPzER2/vCsBO9ITcR0ZhbhAyEdnWJJJI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1636643244;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=owg/DrKHUJO68L6K7CvDRzxtLw2Ud1P6bvjOhVTz0aI=;
	b=jBVyOEUyTyg/FiekBrVev2UHziwmGJ6AUINDy549RbTQQ7lqoX3mf6zon+weC5mqndSYrQ3thEU/K4C6Sas2+bQOK5ystoZBPNXKsMuikE79EqbfJhRy2WPEiQyik51S0QePoZotFdd6giEv+Z3s+VJquXFRLOPT7O1Qmn3w/Qo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mkletzan@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1636643244793282.5609666243138;
 Thu, 11 Nov 2021 07:07:24 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-480-HZUq1rKzNHO2QMUBXiSW_g-1; Thu, 11 Nov 2021 10:07:21 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8D112CC622;
	Thu, 11 Nov 2021 15:07:16 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 6EC6B60C5F;
	Thu, 11 Nov 2021 15:07:16 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3D1C54EA2F;
	Thu, 11 Nov 2021 15:07:16 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
	[10.11.54.1])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1ABF7Eoq004580 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 11 Nov 2021 10:07:14 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 9E3D04010FE9; Thu, 11 Nov 2021 15:07:14 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9999C40CFD04
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:07:14 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8261285A5BD
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:07:14 +0000 (UTC)
Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com
	[209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-370-CE9Bn7vrNL2K5KcvUv1BOQ-1; Thu, 11 Nov 2021 10:07:13 -0500
Received: by mail-wr1-f72.google.com with SMTP id
	y10-20020adffa4a000000b0017eea6cb05dso1051137wrr.6
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 07:07:12 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
	[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
	c185sm1691568wma.13.2021.11.11.07.06.55 for <libvir-list@redhat.com>
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
	by wheatley.localdomain (Postfix) with ESMTP id C2E8F1BBF2C4
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1636643243;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=owg/DrKHUJO68L6K7CvDRzxtLw2Ud1P6bvjOhVTz0aI=;
	b=iJ6rL8UPTKRIskiiVV+JcPZP0RHOzUmDgrnOOwPsYIb1jyjz86htWihN3ugCus7BQJlreF
	6kF5F99WcUleg9KWkDNEf45W0aKljgHBILubEwugc8yvPGLcL5fPWyhV1cLIW5brGLMeJX
	26K+nY4oaSFbNr0jm99HiyJH2Wv7rlA=
X-MC-Unique: HZUq1rKzNHO2QMUBXiSW_g-1
X-MC-Unique: CE9Bn7vrNL2K5KcvUv1BOQ-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=owg/DrKHUJO68L6K7CvDRzxtLw2Ud1P6bvjOhVTz0aI=;
	b=UAs6IcQla92WnAAjtkVikB91WWvDKx07MQPleL6AMTtPRO6wsJ/mC8Bp1mDCgV1aSs
	IroZBfKj+o0A2YOXMyS0wLqwEMT2LhiuZAjhJ65nH6WtgHVbWD5cY6Gvv0lZU3EO4OEQ
	AeHBWXJu8ev/AMY4FWXK4SXUF+QU1zIK8XG21fAOenZL6E2SI4LWnmUWmkipjc8PD4qE
	em2xwIGioUxfwC+ho8PsKvtxCexmJY0ahiLw+xnecg9aXlyB2e4VRxM3/ymSP1RtA1tm
	9swqmQgRvcrD/cuc9zWjXGruH3BRIidm/FrQiHpp4cVexyCdl4N1xmWIDsDs3Od8CFbS
	HZyg==
X-Gm-Message-State: AOAM533lAuBt2lyTId/SBX1ZjhA8M3by54X6Msq/APwjTunwiLuCESSi
	i+99Uqyvinjs+rryxUZ3CQvMAqNgoQLDixrOyEbw5+xn04P6cGSUIcQMsrwxyo5iGcYB5iX2i7p
	M1WhrKwAzBEztquPRNHg3EiVcPf1kejeBoQKXxZNstXvK+ZGKLt3D3kxA/aZ02aNJf6Rmzlw=
X-Received: by 2002:a05:600c:b46:: with SMTP id
	k6mr8900226wmr.45.1636643229076;
	Thu, 11 Nov 2021 07:07:09 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJxwoMaN+2GjvXIBTCYjKHFMyDb+A0iWJsHPfXmMAr9Mfkq+9aTp7Mbspk0viOTwdbQqDeY46Q==
X-Received: by 2002:a05:600c:b46:: with SMTP id
	k6mr8898815wmr.45.1636643216064;
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 4/6] Remove needless space
Date: Thu, 11 Nov 2021 16:06:44 +0100
Message-Id: 
 <208463e8dc6b0491754c685d5ca3e26a61115915.1636643087.git.mkletzan@redhat.com>
In-Reply-To: <cover.1636643087.git.mkletzan@redhat.com>
References: <cover.1636643087.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643274581100001
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 tests/virconfdata/libvirtd.conf | 2 +-
 tests/virconfdata/libvirtd.out  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.c=
onf
index e850e1b87344..f4c35e9e430f 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -178,7 +178,7 @@ crl_file =3D "/etc/pki/CA/crl.pem"
 tls_no_verify_certificate =3D 1
=20
=20
-# An access control list of allowed x509  Distinguished Names
+# An access control list of allowed x509 Distinguished Names
 # This list may contain wildcards such as
 #
 #    "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index 0755c5dc0a22..a407c5f189e9 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -142,7 +142,7 @@ crl_file =3D "/etc/pki/CA/crl.pem"
 # Default is to always verify. Uncommenting this will disable
 # verification.
 tls_no_verify_certificate =3D 1
-# An access control list of allowed x509  Distinguished Names
+# An access control list of allowed x509 Distinguished Names
 # This list may contain wildcards such as
 #
 #    "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
--=20
2.33.1

From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643250; cv=none;
	d=zohomail.com; s=zohoarc;
	b=RyVc1VrEL89qaNX46O7RmQRLd0cxFY2PdZBqFNQCaUViYqqyKKPQBSSzX5Be1T2Uj9WUGjA0eI/VyRSqXlzGDi8DHrLj+LhfHn4eI/zr+f9zUjprEq6qZa12pVeCZ60Q20H2vqv01bDKWpFRf8F6Yae+NrAyE/t+FEzcPs48vFI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1636643250;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=F+cI+883uZOB6WI8S6uGBVR0zCgmUhrTRL8FuhZZxao=;
	b=lGoDGSGynQnP0g0IdOxf7OTmcSAE/7jBG/ZjA28AUfe+/JEQPlwIGIeXDAAokhGR4H/850kO/k76sPSz5jKtI1y83Cx9kMeBT8AoT9zRU9IM4/W3OOb+oFsL/JJQ1ws8rAk7+YZguGaOGAg4CYukh+a+Zj1MsK6+P5C/ZtuvsSY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mkletzan@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1636643250735209.794083636526;
 Thu, 11 Nov 2021 07:07:30 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-454-sLZGKNNkPUOt9PnNxcetog-1; Thu, 11 Nov 2021 10:07:26 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1BA148799EC;
	Thu, 11 Nov 2021 15:07:21 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EA0F056A88;
	Thu, 11 Nov 2021 15:07:20 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id BA4BB4EA31;
	Thu, 11 Nov 2021 15:07:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
	[10.11.54.5])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1ABF7IAR004632 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 11 Nov 2021 10:07:18 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id AED2851E5; Thu, 11 Nov 2021 15:07:18 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A958D51E4
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:07:13 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 85AFA800055
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:07:13 +0000 (UTC)
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
	[209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-163-mbjFRfAkPDK9MPG1NFVpXg-1; Thu, 11 Nov 2021 10:06:59 -0500
Received: by mail-wm1-f69.google.com with SMTP id
	o18-20020a05600c511200b00332fa17a02eso2830243wms.5
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 07:06:59 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
	[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
	z18sm3066563wrq.11.2021.11.11.07.06.56 for <libvir-list@redhat.com>
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
	by wheatley.localdomain (Postfix) with ESMTP id C3D781BBF2C5
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1636643249;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=F+cI+883uZOB6WI8S6uGBVR0zCgmUhrTRL8FuhZZxao=;
	b=THHwsKBm9BldlHO7KWPX8Uw9UEh/O/mT7L6R8Zld4LqCJsa93umyfwHcw7GyMSGPDjogpx
	dbVYH35C4y7z6k05yE7ZUfvLpNgwUl23sQNPmk1wCqEDULEfceUS/6m1KCFCXK2eCkIvxM
	pHr+fr7lsBZXOJ/SSjvCF6v21S33GIU=
X-MC-Unique: sLZGKNNkPUOt9PnNxcetog-1
X-MC-Unique: mbjFRfAkPDK9MPG1NFVpXg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=F+cI+883uZOB6WI8S6uGBVR0zCgmUhrTRL8FuhZZxao=;
	b=AAa89nbvOkejzcc5obkT1yvspvtlLp1lRLzWCsH15Yq7Tq+s+d1ZN9iogiMPELtsd6
	Tmjg5sdL3RTZkSpFiZwAChSsb+MkiHZC9/vmieYbz8Na+WrS1L/NYbz/VcWtJMXpJw7F
	se7LXJTRdN3I1Y4/gxIEdYciDq2u9VTRo87qM3W8nYoXlDt9ufgpWtFOjavpKQ5A/7P5
	KXVhmKn6cWL7V92mvcB/x31dXQUK4rPx4OaHuFmr3GsMXxAhkucaZUbwn/j1sBYJtaXE
	lGgYgFDp5opEM5FfNyNSa/88KKwnAvfzeeO24wMyY98t56jkpLzTX7wuUGcELHpYb4/e
	5I+w==
X-Gm-Message-State: AOAM5320g6seotpYo/i+4yZiPfgWaP88NCwu17Ek5Q2qgCeDBLz9KdW4
	xdTJmP4UKJOD+VTicDSujM74D+TkqtllR994RnlVwB5zJut7btUn91czq437pxSXwM+NBjM4Bz8
	TkBEcUZQjAkympxcqdn1JgztldTG5EsgJJhuvqWvTO3RLikEV3z0thvb0+M7yMn4jCaxy974=
X-Received: by 2002:a7b:c744:: with SMTP id w4mr9199842wmk.50.1636643218298;
	Thu, 11 Nov 2021 07:06:58 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJyuJyPe0SOhaHf7rELk7EGS24pdo5aMBrwLwNgseHXuaiZ92xoS11UdH23WXE9XaeJfJOKtkg==
X-Received: by 2002:a7b:c744:: with SMTP id w4mr9199791wmk.50.1636643217953;
	Thu, 11 Nov 2021 07:06:57 -0800 (PST)
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 5/6] Add suggestions for virt-pki-query-dn usage
Date: Thu, 11 Nov 2021 16:06:45 +0100
Message-Id: 
 <74f9ad691c3d343ccfb4073ff700147d23834351.1636643087.git.mkletzan@redhat.com>
In-Reply-To: <cover.1636643087.git.mkletzan@redhat.com>
References: <cover.1636643087.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643279607100001
Content-Type: text/plain; charset="utf-8"

To make it easier for users to figure out how the DN should be formatted.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 docs/remote.html.in             | 4 ++++
 src/remote/libvirtd.conf.in     | 5 +++++
 src/rpc/virnettlscontext.c      | 2 +-
 tests/virconfdata/libvirtd.conf | 4 ++++
 tests/virconfdata/libvirtd.out  | 4 ++++
 5 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/docs/remote.html.in b/docs/remote.html.in
index 66f56a3a64fc..efdb2b32535d 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -259,6 +259,10 @@ Blank lines and comments beginning with <code>#</code>=
 are ignored.
   Note also that GnuTLS returns DNs without spaces
   after commas between the fields (and this is what we check against),
   but the <code>openssl x509</code> tool shows spaces.
+  </p>
+  To make it easy to see the order of the fields in the DN a helper execut=
able
+  <code>virt-pki-query-dn</code> is provided for this particular use case.
+          <p>
 </p>
         </td>
       </tr>
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index b18c5885a1a7..2cd20aaa7f52 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -292,6 +292,11 @@
 #
 # Any * matches any number of consecutive spaces, like a simplified glob(7=
).
 #
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+#    virt-pki-query-dn clientcert.pem
+#
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
 #
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 3babf3ee4dc3..1a3dd92676f7 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -371,7 +371,7 @@ virNetTLSContextCheckCertDNACL(const char *dname,
     virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
                    _("Client's Distinguished Name is not on the list "
                      "of allowed clients (tls_allowed_dn_list).  Use "
-                     "'certtool -i --infile clientcert.pem' to view the "
+                     "'virt-pki-query-dn clientcert.pem' to view the "
                      "Distinguished Name field in the client certificate, "
                      "or run this daemon with --verbose option."));
     return 0;
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.c=
onf
index f4c35e9e430f..c5a225e42f6f 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -185,6 +185,10 @@ tls_no_verify_certificate =3D 1
 #
 # Any * matches any number of consecutive spaces, like a simplified glob(7=
).
 #
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+#    virt-pki-query-dn clientcert.pem
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index a407c5f189e9..754bf56ee4dd 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -149,6 +149,10 @@ tls_no_verify_certificate =3D 1
 #
 # Any * matches any number of consecutive spaces, like a simplified glob(7=
).
 #
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+#    virt-pki-query-dn clientcert.pem
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
--=20
2.33.1

From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643231; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ON1ypGdIW58PPGTdO0W8Ur5/zCQi3E+Vpk35LndNfmog6Hu3/lhNxvunyOIQTJiqV3w4Vap64j2v38MeQts/OAzbq45mqAk4XGrWUem2/Qki/AV51orPLm8YjgHV1/gAnLU9PD7SX/3E/IOrQOmSDWCyGmPpeST4pMNtoqtHG0A=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1636643231;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=YMCBm/ZVvj9wWdOFAIH2issVr1vvH+ndoQfX+EncNeQ=;
	b=hHQAy/AlXtBB50rOX8dmzcB5vIV6/VHEJBRRzJemBXGTpUXrfaMiY+iicMwoeb1ZiAy6ky0iH57usG3ZO55xZrQm37XU79WSZ5eMxp4GDM7ZvRrN0i4DEoGFZHogkFHnalGuthJxqegJLwMzrETX+FLjgnEefSnTGyJhrkM8nbM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mkletzan@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1636643231116796.0539080235792;
 Thu, 11 Nov 2021 07:07:11 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-136-xb9fixcUP4-SBR6ib7LnMQ-1; Thu, 11 Nov 2021 10:07:08 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 282FBCC626;
	Thu, 11 Nov 2021 15:07:03 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0895F57CAD;
	Thu, 11 Nov 2021 15:07:03 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id CDDF54E58E;
	Thu, 11 Nov 2021 15:07:02 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
	[10.11.54.2])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 1ABF6xYo004518 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 11 Nov 2021 10:06:59 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id B8D79400E114; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B5448400E112
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9BEE9811E7F
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com
	[209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-599-43Q_2imvOqqjMHSSwH66QQ-1; Thu, 11 Nov 2021 10:06:58 -0500
Received: by mail-wr1-f70.google.com with SMTP id
	b1-20020a5d6341000000b001901ddd352eso253965wrw.7
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 07:06:58 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
	[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
	k27sm9872314wms.41.2021.11.11.07.06.56 for <libvir-list@redhat.com>
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Thu, 11 Nov 2021 07:06:56 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
	by wheatley.localdomain (Postfix) with ESMTP id C4BB61BBF2C6
	for <libvir-list@redhat.com>; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1636643230;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=YMCBm/ZVvj9wWdOFAIH2issVr1vvH+ndoQfX+EncNeQ=;
	b=jFDi76lipM3u0GtbttnNCqquqM6gEmJZ57t8eEhgnZNCn45EJIXMFk9SkYbQlMgFheCxCZ
	AH22sHtS8QEwvwA8PTyDNMN7MTmC+OThIW1kaX+jcLThHR3V2Ab2N0hE3abH5AbAnz7WrJ
	YO0WqV6pUetPH0esFiSLn1xcVGLog5g=
X-MC-Unique: xb9fixcUP4-SBR6ib7LnMQ-1
X-MC-Unique: 43Q_2imvOqqjMHSSwH66QQ-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=YMCBm/ZVvj9wWdOFAIH2issVr1vvH+ndoQfX+EncNeQ=;
	b=N4hjNajFqx7qRJPAIJ+ZOzrTiOluHoFMMzWuFPFHGIOOCBgkjzsuQSYNeLcxyvdhoy
	ulkTUYvVSfMjSlY4W9vUT7+aYOo+jazg/gfnxJPI8TFKUTTfy8AdFYpAAOGTZUzDIt0E
	8XdvpsGxlQtbwIF49n5JMjJI8ao+A0IoIAxzMDkaLv9S5mUAq232JjnNAz71CMBC0qkD
	IygOFqOo08rYC1asZzfUwLJsEG+Q5fUZpDyQteIb8QrjFEmnVfgudsLXhWNwt+i5x6l7
	w9cGPA7B7zAIVwwE1i5SnugCUV2r7tNGj2dEfM5y1EOQ9ClsREzTOV4d5TX2pkKFJ4tw
	uayw==
X-Gm-Message-State: AOAM531bsDzbpWLPSgIZ6k5F8d1FjwD3iXrEnErBT7abKjkpWHVbR2Rx
	3ZUeHwr0m7oTfWAUGyR6jkSY8mW6o4wln8Sspfon5CMdanz6xbxv+e1qMfrHAZv43H6sHv8jq1X
	+122Q++8eqj0t6ucYiYUNbHBIegrSUBJOKMKuqBCJSB6o5fvf+YtbqYOvneMk5OJA9fMr2Pc=
X-Received: by 2002:a1c:6a0e:: with SMTP id f14mr25667355wmc.58.1636643217259;
	Thu, 11 Nov 2021 07:06:57 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJzWAgE4Q/bWlcAZuJZ7vYcnHpZyzx9A6DnwWZ07nb4ghyKUXp5h0qsZSz4JHfxx0GzuTMhNzA==
X-Received: by 2002:a1c:6a0e:: with SMTP id f14mr25667328wmc.58.1636643217028;
	Thu, 11 Nov 2021 07:06:57 -0800 (PST)
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 6/6] news: Mention the addition of virt-pki-query-dn binary
Date: Thu, 11 Nov 2021 16:06:46 +0100
Message-Id: 
 <1e9ee102e5018b5352c5bdbb6cec177d0f209573.1636643087.git.mkletzan@redhat.com>
In-Reply-To: <cover.1636643087.git.mkletzan@redhat.com>
References: <cover.1636643087.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643259763100002
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 NEWS.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS.rst b/NEWS.rst
index 983153a63123..a71b84c36390 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -17,6 +17,12 @@ v7.10.0 (unreleased)
=20
 * **New features**
=20
+  * Added virt-pki-query-dn binary
+
+    This binary helps users figure out the format of Distinguished Name
+    from a certificate file the way that libvirt expects it in
+    tls_allowed_dn_list option of libvirtd.conf configuration file
+
 * **Improvements**
=20
   * qemu: Report guest interface information in ``virDomainGetGuestInfo``
--=20
2.33.1