From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
216.205.24.124 as permitted sender) client-ip=216.205.24.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643231; cv=none;
d=zohomail.com; s=zohoarc;
b=Jx3SzrqY3QAcIuEOVgfUZs92iI3cxUqwRO4Tm3aDYJ0sCuNZtk6EFn7eGTg1vxdfuRODzzqtAoE6xobR9dIhP4JokFwoVsM0+sFso1ZbbbqjZgE0Z+00Xpzxjp45HDJKHRXtih+OKi416+gV1qzBW3IClqhQ8VNECvkhh1H/mJc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1636643231;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=;
b=QFzQ+kOcZp5uOLvC/vKXhUzK/sWysDibDgL3VqDsYHzulzTfHBBNW5MmYCLOERg55j0LsHVTVvKVhxgTZ9ZIfz/A2Pl0Ovw8nM8rCvCtu7F0QdCPUQH2CbXcwcf5Q/vPj1eEIB9VJ868lv9k860aLL0gVZDjn+hZkXn9oeg9lkI=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
with SMTPS id 1636643231001736.2910238562691;
Thu, 11 Nov 2021 07:07:11 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-441-qc6qYkb0MKSWQnPnUscZhg-1; Thu, 11 Nov 2021 10:07:06 -0500
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
[10.5.11.14])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5E183871803;
Thu, 11 Nov 2021 15:07:01 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 0D0435DA60;
Thu, 11 Nov 2021 15:07:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id AC7CE1800FDD;
Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
[10.11.54.2])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 1ABF6wN0004508 for ;
Thu, 11 Nov 2021 10:06:58 -0500
Received: by smtp.corp.redhat.com (Postfix)
id 8ECA5400E113; Thu, 11 Nov 2021 15:06:58 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 89234400E112
for ; Thu, 11 Nov 2021 15:06:58 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6EC49181E076
for ; Thu, 11 Nov 2021 15:06:58 +0000 (UTC)
Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com
[209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-481-_H1gY2JPMrypJKdOs7nQAA-1; Thu, 11 Nov 2021 10:06:57 -0500
Received: by mail-wr1-f69.google.com with SMTP id
f3-20020a5d50c3000000b00183ce1379feso1049135wrt.5
for ; Thu, 11 Nov 2021 07:06:56 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
[213.175.37.10])
by smtp.gmail.com with ESMTPSA id h1sm3128703wmb.7.2021.11.11.07.06.55
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
by wheatley.localdomain (Postfix) with ESMTP id B5E4C1BBF2C1
for ; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1636643230;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=;
b=Zi7pH911SDBpx46Z88O8U+oYbtz6jk5+X5uRwzTuntLaQ22Q0yqZ213CP3Nygn8TYPCqTY
ik2yjiSUEPLMVwcxh+P8RbXZEtYZXsnRU+d/zKTJxagPHZt+dCFg6XFBbmW+xYhlJHc2/R
Rbvk40GJQ5nE9KmkrleQOWA6jCzZJ8s=
X-MC-Unique: qc6qYkb0MKSWQnPnUscZhg-1
X-MC-Unique: _H1gY2JPMrypJKdOs7nQAA-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=;
b=CTB51dKTy0NMgs00r8unNWtUCYlqDADSgzHBOaAOccHgM9j4bjoveScBkVwnssnru+
nSfaWIvh2WRMDplAENqroWgpCbfpcbM0WoxrPsr2eovrkl8vCuYwWxITODubn0Bb8VmY
5K6veFIWKNqx8qaBrE31c95rVQGMsQu0zAaK3He/HmPOa0O4N1wWw1Hmc1oxwaya3euq
SEdu53MW5iLDON1uMH+u1IAQLgn+7nYqXZBBfwGyJTbvJeZVith1vuJDZdsIgkX8Eckg
vE+cys8g3a63ZAWaMrf30U065VLV1pQx6L9Fug+XYC+S7xmdNWKKzELV4hSOMW4I2sbS
9cuQ==
X-Gm-Message-State: AOAM532Njt1uBpf/ShVq73BLVJaseyOcIAxEBJIQsxQhlHxADrndvVWE
yREQQ5CAKuJ2iJCHgsDPHvKifm0YeQAgFgjnNsz6d9E4nc1lqQWBeZRKv5Pi6Yv6728457NDbsS
6lTt9wa+VlcvcGwqPdz8wREpMcQ8qDbZD+aYxQXZZJA3xdGu0+ClExLLq/5u1MkrQZJEYVUs=
X-Received: by 2002:a7b:c38b:: with SMTP id s11mr27160691wmj.29.1636643216028;
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
X-Google-Smtp-Source:
ABdhPJxlcUKm3OZMXfza4SOiz60VcHpaXlOtebIN0EmDr0hOY2wgjtHzhNA5PX0xL1lybfq9UAdr4A==
X-Received: by 2002:a7b:c38b:: with SMTP id s11mr27160655wmj.29.1636643215779;
Thu, 11 Nov 2021 07:06:55 -0800 (PST)
From: Martin Kletzander
To: libvir-list@redhat.com
Subject: [PATCH 1/6] rpc: Resize dname for longer DN from TLS certs
Date: Thu, 11 Nov 2021 16:06:41 +0100
Message-Id:
<278b8093d6df975dc0b2729a0165426e720220c6.1636643087.git.mkletzan@redhat.com>
In-Reply-To:
References:
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643259638100001
Content-Type: text/plain; charset="utf-8"
And to make that easier, allocate it on the heap.
Signed-off-by: Martin Kletzander
Reviewed-by: Daniel P. Berrang=C3=A9
---
src/rpc/virnettlscontext.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 1340faa22485..3babf3ee4dc3 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -980,11 +980,9 @@ static int virNetTLSContextValidCertificate(virNetTLSC=
ontext *ctxt,
const gnutls_datum_t *certs;
unsigned int nCerts;
size_t i;
- char dname[256];
+ size_t dnamesize =3D 256;
+ g_autofree char *dname =3D g_new0(char, dnamesize);
char *dnameptr =3D dname;
- size_t dnamesize =3D sizeof(dname);
-
- memset(dname, 0, dnamesize);
=20
if ((ret =3D gnutls_certificate_verify_peers2(sess->session, &status))=
< 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
@@ -1050,17 +1048,23 @@ static int virNetTLSContextValidCertificate(virNetT=
LSContext *ctxt,
=20
if (i =3D=3D 0) {
ret =3D gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
+ if (ret =3D=3D GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ VIR_DEBUG("Reallocating dname to fit %zu bytes", dnamesize=
);
+ dname =3D g_realloc(dname, dnamesize);
+ dnameptr =3D dname;
+ ret =3D gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
+ }
if (ret !=3D 0) {
virReportError(VIR_ERR_SYSTEM_ERROR,
_("Failed to get certificate %s distinguish=
ed name: %s"),
"[session]", gnutls_strerror(ret));
goto authfail;
}
- sess->x509dname =3D g_strdup(dname);
- VIR_DEBUG("Peer DN is %s", dname);
+ sess->x509dname =3D g_steal_pointer(&dname);
+ VIR_DEBUG("Peer DN is %s", dnameptr);
=20
- if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostn=
ame, dname,
- ctxt->x509dnACL) < 0) {
+ if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostn=
ame,
+ dnameptr, ctxt->x509dnACL) < 0=
) {
gnutls_x509_crt_deinit(cert);
goto authdeny;
}
--=20
2.33.1
From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643240; cv=none;
d=zohomail.com; s=zohoarc;
b=MfGtHjmrGlQxpP01kS5HUOcYxjB9Ci4wEHrUetrUi2XH7NlrFeCDJkBhAnxoXezcws/zSUswYBWgPwqpfjd1j8xj0JnjtRiuQ0u/kRNhhTeaqxEt7i0IRfLlr59gOgdeQNRHzPuXLVogDqys+8xj2eEzgdwecrsX8uBMPFDByRg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1636643240;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=39M5WxkQbOto0EwItvdGcMm4BmJc2fbZ6Y7KV2p5iEw=;
b=i0H5vnJlB1lpHUZqabXYK6DIS1OK9d/ADKvbSkD8oKKfneYu4sg4RTCyd60wN4EVxQT4lFaeVbVWn7BMIRNBJ/P/pGDzdEJ/SetDYelTI4PhBPZLmL/FM3Mxs7GHmvm193XuMXWKIRZul7Y/7s696/VCgXIrkdoHynMq9p/GOn8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1636643240539222.86327309221986;
Thu, 11 Nov 2021 07:07:20 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-188-gfhfjqSAOSadFeikjjLk5w-1; Thu, 11 Nov 2021 10:07:17 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
[10.5.11.12])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7DDF71018724;
Thu, 11 Nov 2021 15:07:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 5FACD60C05;
Thu, 11 Nov 2021 15:07:12 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 351DF181A1D1;
Thu, 11 Nov 2021 15:07:12 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
[10.11.54.1])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 1ABF705I004527 for ;
Thu, 11 Nov 2021 10:07:00 -0500
Received: by smtp.corp.redhat.com (Postfix)
id 4B62740CFD04; Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 45DD840CFD0F
for ; Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
[205.139.110.120])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2AF21181E064
for ; Thu, 11 Nov 2021 15:07:00 +0000 (UTC)
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
[209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-222-PSnfyeV4PvmGhaBosDB8mg-1; Thu, 11 Nov 2021 10:06:58 -0500
Received: by mail-wm1-f70.google.com with SMTP id
b133-20020a1c808b000000b0032cdd691994so4932235wmd.1
for ; Thu, 11 Nov 2021 07:06:57 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
a22sm2969346wme.19.2021.11.11.07.06.55 for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
by wheatley.localdomain (Postfix) with ESMTP id B6A891BBF2C2
for ; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1636643239;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=39M5WxkQbOto0EwItvdGcMm4BmJc2fbZ6Y7KV2p5iEw=;
b=DwEVmR7H3F2uuMelonv48umbK6n/7cyP9vxdmShuUXrum9FRcODnKzYmaZAVjzMgqRWhUH
AyKXPCAAPwwd0i8K4BJFtY2QVGhvxjp0uxpjX6dYVdFyF4refg8QGLhOd207EeZwQ9mPPu
5KoS/DBOb+clICwjLYskeu2Upub8cyE=
X-MC-Unique: gfhfjqSAOSadFeikjjLk5w-1
X-MC-Unique: PSnfyeV4PvmGhaBosDB8mg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=39M5WxkQbOto0EwItvdGcMm4BmJc2fbZ6Y7KV2p5iEw=;
b=k8VYzCpxFJP5oQDIWUqATfKE0DI6ERUBzK2UN7DBWvAdQ3HOAB016dQlgC7o3rD32M
VAvLlpf18+9ia5LP6nTYN51maoHb5oxZ7NV62Is7uKGcypj00IqFUfY+bH8NIWC3uvHL
uAiTWRaUh3rAdUrVGoDPkkmyuWj7CMoQb7O4KofXYtU2tU4zcoCvtKbVW19FS64az4wN
pS/mvqUQkfHqZ5wHax+G7TP8dkMUK27tva3TphQbBdS9FuAWHmtROqEx5J91zHn7Gx3R
kzr+/mhGY2of0wJ5QqNg8WsQPKg5eKL6i1GD0gW/u4LcD4rivmYyvs6LTRkJRnhuR/0A
Az3A==
X-Gm-Message-State: AOAM532jE0lqmJixZHFBNXXFfeUZZxQJqTuZHYA0QLJm0Pl8z2vaeMI0
6KUdGChaMWxa4bFiwFz4Vpd+YyCMR0BRGCdIhAMVde8SZPQUMMdqz8NtmOk4vxEQhy7VZoqppPl
ZxGBxGG+G1xxSSIZUJ0JRzHoLxWSkXEc4pkDhdzqmvMwDqrkmph97Wq6NGg8crQ9LwIu40lI=
X-Received: by 2002:a5d:6707:: with SMTP id o7mr9472143wru.172.1636643216868;
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
X-Google-Smtp-Source:
ABdhPJwBHQydQx4f9Htksrsbb3f9BR6Sz4PdWkf4gCFdTXU6PnvNo7Fu9ZFLSSFjgUGy4CJG6zYrzQ==
X-Received: by 2002:a5d:6707:: with SMTP id o7mr9472099wru.172.1636643216608;
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
From: Martin Kletzander
To: libvir-list@redhat.com
Subject: [PATCH 2/6] tools: Add virt-pki-query-dn binary
Date: Thu, 11 Nov 2021 16:06:42 +0100
Message-Id:
In-Reply-To:
References:
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643270937100001
Content-Type: text/plain; charset="utf-8"
With this program we do not have to depend on the output of `certtool -i`, =
which
changed the order of the fields at some point and the newest version is
incompatible with what libvirt expects in tls_allowed_dn_list configuration
option.
Signed-off-by: Martin Kletzander
Reviewed-by: Daniel P. Berrang=C3=A9
---
libvirt.spec.in | 1 +
po/POTFILES.in | 1 +
tools/meson.build | 26 ++++++++
tools/virt-pki-query-dn.c | 137 ++++++++++++++++++++++++++++++++++++++
4 files changed, 165 insertions(+)
create mode 100644 tools/virt-pki-query-dn.c
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 4ecb28114ce8..5f1773ef93f2 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1983,6 +1983,7 @@ exit 0
%{_mandir}/man1/virt-pki-validate.1*
%{_bindir}/virsh
%{_bindir}/virt-xml-validate
+%{_bindir}/virt-pki-query-dn
%{_bindir}/virt-pki-validate
=20
%{_datadir}/bash-completion/completions/virsh
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 8a726f624e38..bf0a3b352979 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -376,6 +376,7 @@
@SRCDIR@tools/virt-host-validate-qemu.c
@SRCDIR@tools/virt-host-validate.c
@SRCDIR@tools/virt-login-shell-helper.c
+@SRCDIR@tools/virt-pki-query-dn.c
@SRCDIR@tools/vsh-table.c
@SRCDIR@tools/vsh.c
@SRCDIR@tools/vsh.h
diff --git a/tools/meson.build b/tools/meson.build
index bf0eab8b6bf2..9fc07ef32bb3 100644
--- a/tools/meson.build
+++ b/tools/meson.build
@@ -257,6 +257,32 @@ configure_file(
install_mode: 'rwxrwxr-x',
)
=20
+executable(
+ 'virt-pki-query-dn',
+ [
+ 'virt-pki-query-dn.c',
+ ],
+ dependencies: [
+ glib_dep,
+ gnutls_dep,
+ ],
+ include_directories: [
+ src_inc_dir,
+ top_inc_dir,
+ util_inc_dir,
+ ],
+ link_args: (
+ libvirt_relro
+ + libvirt_no_indirect
+ + libvirt_no_undefined
+ ),
+ link_with: [
+ libvirt_lib
+ ],
+ install: true,
+ install_dir: bindir,
+)
+
if conf.has('WITH_SANLOCK')
configure_file(
input: 'virt-sanlock-cleanup.in',
diff --git a/tools/virt-pki-query-dn.c b/tools/virt-pki-query-dn.c
new file mode 100644
index 000000000000..0706256d0016
--- /dev/null
+++ b/tools/virt-pki-query-dn.c
@@ -0,0 +1,137 @@
+/*
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include
+#include "internal.h"
+
+#include
+#include
+#include
+#include
+
+#include
+#include
+
+#include "virgettext.h"
+
+
+static void
+glib_auto_cleanup_gnutls_x509_crt_t(gnutls_x509_crt_t *pointer)
+{
+ gnutls_x509_crt_deinit(*pointer);
+}
+
+
+static void
+print_usage(const char *progname,
+ FILE *out)
+{
+ fprintf(out,
+ _("Usage:\n"
+ " %s FILE\n"
+ " %s { -v | -h }\n"
+ "\n"
+ "Extract Distinguished Name from a PEM certificate.\n"
+ "The output is meant to be used in the tls_allowed_dn_list\n"
+ "configuration option in the libvirtd.conf file.\n"
+ "\n"
+ " FILE certificate file to extract the DN from\n"
+ "\n"
+ "options:\n"
+ " -h | --help display this help and exit\n"
+ " -v | --version output version information and exit\n"),
+ progname, progname);
+}
+
+
+int
+main(int argc,
+ char **argv)
+{
+ const char *progname =3D NULL;
+ const char *filename =3D NULL;
+ size_t dnamesize =3D 256;
+ size_t bufsize =3D 0;
+ g_autofree char *dname =3D g_new0(char, dnamesize);
+ g_autofree char *buf =3D NULL;
+ g_auto(gnutls_x509_crt_t) crt =3D {0};
+ gnutls_datum_t crt_data =3D {0};
+ g_autoptr(GError) error =3D NULL;
+ int arg =3D 0;
+ int rv =3D 0;
+
+ struct option opt[] =3D {
+ {"help", no_argument, NULL, 'h'},
+ {"version", optional_argument, NULL, 'v'},
+ {NULL, 0, NULL, 0}
+ };
+
+ if (virGettextInitialize() < 0)
+ return EXIT_FAILURE;
+
+ if (!(progname =3D strrchr(argv[0], '/')))
+ progname =3D argv[0];
+ else
+ progname++;
+
+ while ((arg =3D getopt_long(argc, argv, "hv", opt, NULL)) !=3D -1) {
+ switch (arg) {
+ case 'v':
+ printf("%s\n", PACKAGE_VERSION);
+ return EXIT_SUCCESS;
+ case 'h':
+ print_usage(progname, stdout);
+ return EXIT_SUCCESS;
+ default:
+ print_usage(progname, stderr);
+ return EXIT_FAILURE;
+ }
+ }
+
+ if (optind !=3D argc - 1) {
+ print_usage(progname, stderr);
+ return EXIT_FAILURE;
+ }
+
+ filename =3D argv[optind];
+
+ g_file_get_contents(filename, &buf, &bufsize, &error);
+ if (error)
+ errx(EXIT_FAILURE, "%s", error->message);
+
+ if (bufsize > UINT_MAX)
+ errx(EXIT_FAILURE, _("File '%s' is too large"), filename);
+
+ crt_data.data =3D (unsigned char *)buf;
+ crt_data.size =3D bufsize;
+
+ rv =3D gnutls_x509_crt_init(&crt);
+ if (rv < 0) {
+ err(EXIT_FAILURE,
+ _("Unable to initialize certificate: %s"),
+ gnutls_strerror(rv));
+ }
+
+ rv =3D gnutls_x509_crt_import(crt, &crt_data, GNUTLS_X509_FMT_PEM);
+ if (rv < 0) {
+ err(EXIT_FAILURE,
+ _("Unable to load certificate, make sure it is in PEM format: =
%s"),
+ gnutls_strerror(rv));
+ }
+
+ rv =3D gnutls_x509_crt_get_dn(crt, dname, &dnamesize);
+ if (rv =3D=3D GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ dname =3D g_realloc(dname, dnamesize);
+ rv =3D gnutls_x509_crt_get_dn(crt, dname, &dnamesize);
+ }
+ if (rv !=3D 0) {
+ err(EXIT_FAILURE,
+ _("Failed to get distinguished name: %s"),
+ gnutls_strerror(rv));
+ }
+
+ printf("%s\n", dname);
+
+ return EXIT_SUCCESS;
+}
--=20
2.33.1
From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643237; cv=none;
d=zohomail.com; s=zohoarc;
b=n0/zo4TWUOe88OAtmkOyK+vkDq7bb5zvXNw3WXi/gWEwAWQ8pihW29bcQ/D8uYllIroAmF8sr02bf3UzdBFdCWaXDQBd5gI+Y6TbibUpVVj3qijyUKZm26vt54dNmjZD7F22PZK3ljggck+OTLGcO701ia3f6u2agBLouUAIgdM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1636643237;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=ZAtgbNQOHxv6WKmWH3am9VRs7Kltr4+ndQGACo94iP4=;
b=UOKhpShqAjTUboGXgPfFRq3FmO+3eiNVHN+L6s/1gC9XSooP3KJq8Z403vyScEv5lC6rADNpKOX+PsRgkVqJchMTr3qpTVX3bU0a7gWDJOsCOeaAzNwND9jgSbFRigZpwP/N8PzU1A0gibhxtGFfqYhR+5QanacaXv47Tnobkwk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 163664323750890.77364489511547;
Thu, 11 Nov 2021 07:07:17 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-376-3jyhulRIP-yyI_P0AuXFLw-1; Thu, 11 Nov 2021 10:07:14 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
[10.5.11.23])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B8B6E824F89;
Thu, 11 Nov 2021 15:07:08 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 9008D19C59;
Thu, 11 Nov 2021 15:07:08 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5C90F4EA2A;
Thu, 11 Nov 2021 15:07:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
[10.11.54.2])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 1ABF6x92004517 for ;
Thu, 11 Nov 2021 10:06:59 -0500
Received: by smtp.corp.redhat.com (Postfix)
id 8F9AB400E113; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 8C051400E112
for ; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5D02B85A5BD
for ; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
[209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-213-ejZpVTAkN4eZOauoh7JEmg-1; Thu, 11 Nov 2021 10:06:57 -0500
Received: by mail-wm1-f69.google.com with SMTP id
a67-20020a1c7f46000000b00333629ed22dso1361292wmd.6
for ; Thu, 11 Nov 2021 07:06:57 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
[213.175.37.10])
by smtp.gmail.com with ESMTPSA id o63sm3363119wme.2.2021.11.11.07.06.55
for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
by wheatley.localdomain (Postfix) with ESMTP id B83081BBF2C3
for ; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1636643236;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=ZAtgbNQOHxv6WKmWH3am9VRs7Kltr4+ndQGACo94iP4=;
b=B+rkeUyF4wUtKEksuVrPExjdrTTK8bIABMPSMQi5UVQoB3VJ4SkLix2ZDBJRch6tAjUxfw
er9Y9utSuEC7UPHTAByFo+I/0nB5dTEEOO0/luCd9/yCKCJgZsY6AvXVxNA1K+QZvLKyI1
xyf7JUz3cC68Zw57peaxtBnY/a2EoJI=
X-MC-Unique: 3jyhulRIP-yyI_P0AuXFLw-1
X-MC-Unique: ejZpVTAkN4eZOauoh7JEmg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=ZAtgbNQOHxv6WKmWH3am9VRs7Kltr4+ndQGACo94iP4=;
b=K04wBLk2MPACPIchtOkF3Yt2lNd2acO9uvua23Rcwrdeg+CWrTzZdP/cU8+w4qCeNy
MC3d5mOn52w+BybBCLTg/XItSe5hQ1mQgqigIjKQZmlB+DSHtV60JbvjeZ5qzoCoKXRI
7zbPjNAf3futZoElK9eK63Av3gJx7Ee6fWHBjcjqx9k5KdHXoTID8J8rrTDbB/TuDIKr
4rJOf3dAXEjW9zI/vArhH1cRbLOP7J4wi9pPBPS0M17ahfiRkBwiN5OS3LVNBH+it9bi
jS9eyqcTTw9NWuPmtLnO2q579KeJWIkD8WnQ9DGA8GiZCn3t/jpSrEJKmxjXOF0l4wG2
Lsuw==
X-Gm-Message-State: AOAM530yz/WjgPIyhEucxeSPPdewWhAcI1tlQP9LVAqJxjjA+w1G2WOw
qbryp4Nri+QkVNiH/SXB6OICGMNI5FyMyR/usG9KpKbVmLXQK/pNBJEo7uDLxrmoWD92CdNRUhu
n/sO8releuwcS4S4HOw6IZh7pIj2vAm5h4OsQHqOS5oQM+JABY8OPMOl4ylO+tZDpUrgafcs=
X-Received: by 2002:a1c:1b15:: with SMTP id b21mr8744747wmb.174.1636643216652;
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
X-Google-Smtp-Source:
ABdhPJyhIQfGlRE+pZxsmp3/xKBV4qjQ2HMorAQQXQX6xKXwfOJyNKl02EAzp1cCIyZFfSzdUe8Rtg==
X-Received: by 2002:a1c:1b15:: with SMTP id b21mr8744702wmb.174.1636643216340;
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
From: Martin Kletzander
To: libvir-list@redhat.com
Subject: [PATCH 3/6] docs: Simplify explanation of tls_allowed_dn_list
wildcards
Date: Thu, 11 Nov 2021 16:06:43 +0100
Message-Id:
<52cd4109c62e3e86ce4af79efca36f792e55c668.1636643087.git.mkletzan@redhat.com>
In-Reply-To:
References:
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643267408100001
Content-Type: text/plain; charset="utf-8"
This removes a dead link, the need for users to understand a glib function =
and a
improper reference to fnmatch (as we only expand asterisks to any string).
Signed-off-by: Martin Kletzander
Reviewed-by: Daniel P. Berrang=C3=A9
---
docs/remote.html.in | 4 ++--
src/remote/libvirtd.conf.in | 4 +---
tests/virconfdata/libvirtd.conf | 3 +--
tests/virconfdata/libvirtd.out | 3 +--
4 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/docs/remote.html.in b/docs/remote.html.in
index cc8db80c959c..66f56a3a64fc 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -249,8 +249,8 @@ Blank lines and comments beginning with #
=
are ignored.
This list may contain wildcards such as "C=3DGB,ST=3DLondon,L=3DLo=
ndon,O=3DLibvirt Project,CN=3D*"
- See the POSIX fnmatch
function for the format
- of the wildcards.
+ Any * matches in the string matches any number of consecutive characters,
+ like a simplified glob(7)
.
Note that if this is an empty list, no client can connect.
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index 8e709856aacb..b18c5885a1a7 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -290,9 +290,7 @@
#
# "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
#
-# See the g_pattern_match function for the format of the wildcards:
-#
-# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching=
.html
+# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.c=
onf
index 6d1fd33dcdd3..e850e1b87344 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -183,9 +183,8 @@ tls_no_verify_certificate =3D 1
#
# "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
#
-# See the g_pattern_match function for the format of the wildcards.
+# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
#
-# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching=
.html
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index ce50480b8c69..0755c5dc0a22 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -147,9 +147,8 @@ tls_no_verify_certificate =3D 1
#
# "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
#
-# See the g_pattern_match function for the format of the wildcards.
+# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
#
-# https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching=
.html
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
--=20
2.33.1
From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643244; cv=none;
d=zohomail.com; s=zohoarc;
b=GTVQveHKJs42aHMKUSj3kRYAT8sXqLjp2tyQQXZuwk1TKhSK9KvuyqbG+ZTZ47LQLLft6ucLLa1VLUTcjTrDDPGu4DeZNZuLVGxUs5h3IVSAKKMeTVJIoN/7mkyrh1WzXfk3Uud45AgJPzER2/vCsBO9ITcR0ZhbhAyEdnWJJJI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1636643244;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=owg/DrKHUJO68L6K7CvDRzxtLw2Ud1P6bvjOhVTz0aI=;
b=jBVyOEUyTyg/FiekBrVev2UHziwmGJ6AUINDy549RbTQQ7lqoX3mf6zon+weC5mqndSYrQ3thEU/K4C6Sas2+bQOK5ystoZBPNXKsMuikE79EqbfJhRy2WPEiQyik51S0QePoZotFdd6giEv+Z3s+VJquXFRLOPT7O1Qmn3w/Qo=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1636643244793282.5609666243138;
Thu, 11 Nov 2021 07:07:24 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-480-HZUq1rKzNHO2QMUBXiSW_g-1; Thu, 11 Nov 2021 10:07:21 -0500
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
[10.5.11.12])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8D112CC622;
Thu, 11 Nov 2021 15:07:16 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 6EC6B60C5F;
Thu, 11 Nov 2021 15:07:16 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3D1C54EA2F;
Thu, 11 Nov 2021 15:07:16 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
[10.11.54.1])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 1ABF7Eoq004580 for ;
Thu, 11 Nov 2021 10:07:14 -0500
Received: by smtp.corp.redhat.com (Postfix)
id 9E3D04010FE9; Thu, 11 Nov 2021 15:07:14 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 9999C40CFD04
for ; Thu, 11 Nov 2021 15:07:14 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
[205.139.110.120])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8261285A5BD
for ; Thu, 11 Nov 2021 15:07:14 +0000 (UTC)
Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com
[209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-370-CE9Bn7vrNL2K5KcvUv1BOQ-1; Thu, 11 Nov 2021 10:07:13 -0500
Received: by mail-wr1-f72.google.com with SMTP id
y10-20020adffa4a000000b0017eea6cb05dso1051137wrr.6
for ; Thu, 11 Nov 2021 07:07:12 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
c185sm1691568wma.13.2021.11.11.07.06.55 for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 11 Nov 2021 07:06:55 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
by wheatley.localdomain (Postfix) with ESMTP id C2E8F1BBF2C4
for ; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1636643243;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=owg/DrKHUJO68L6K7CvDRzxtLw2Ud1P6bvjOhVTz0aI=;
b=iJ6rL8UPTKRIskiiVV+JcPZP0RHOzUmDgrnOOwPsYIb1jyjz86htWihN3ugCus7BQJlreF
6kF5F99WcUleg9KWkDNEf45W0aKljgHBILubEwugc8yvPGLcL5fPWyhV1cLIW5brGLMeJX
26K+nY4oaSFbNr0jm99HiyJH2Wv7rlA=
X-MC-Unique: HZUq1rKzNHO2QMUBXiSW_g-1
X-MC-Unique: CE9Bn7vrNL2K5KcvUv1BOQ-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=owg/DrKHUJO68L6K7CvDRzxtLw2Ud1P6bvjOhVTz0aI=;
b=UAs6IcQla92WnAAjtkVikB91WWvDKx07MQPleL6AMTtPRO6wsJ/mC8Bp1mDCgV1aSs
IroZBfKj+o0A2YOXMyS0wLqwEMT2LhiuZAjhJ65nH6WtgHVbWD5cY6Gvv0lZU3EO4OEQ
AeHBWXJu8ev/AMY4FWXK4SXUF+QU1zIK8XG21fAOenZL6E2SI4LWnmUWmkipjc8PD4qE
em2xwIGioUxfwC+ho8PsKvtxCexmJY0ahiLw+xnecg9aXlyB2e4VRxM3/ymSP1RtA1tm
9swqmQgRvcrD/cuc9zWjXGruH3BRIidm/FrQiHpp4cVexyCdl4N1xmWIDsDs3Od8CFbS
HZyg==
X-Gm-Message-State: AOAM533lAuBt2lyTId/SBX1ZjhA8M3by54X6Msq/APwjTunwiLuCESSi
i+99Uqyvinjs+rryxUZ3CQvMAqNgoQLDixrOyEbw5+xn04P6cGSUIcQMsrwxyo5iGcYB5iX2i7p
M1WhrKwAzBEztquPRNHg3EiVcPf1kejeBoQKXxZNstXvK+ZGKLt3D3kxA/aZ02aNJf6Rmzlw=
X-Received: by 2002:a05:600c:b46:: with SMTP id
k6mr8900226wmr.45.1636643229076;
Thu, 11 Nov 2021 07:07:09 -0800 (PST)
X-Google-Smtp-Source:
ABdhPJxwoMaN+2GjvXIBTCYjKHFMyDb+A0iWJsHPfXmMAr9Mfkq+9aTp7Mbspk0viOTwdbQqDeY46Q==
X-Received: by 2002:a05:600c:b46:: with SMTP id
k6mr8898815wmr.45.1636643216064;
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
From: Martin Kletzander
To: libvir-list@redhat.com
Subject: [PATCH 4/6] Remove needless space
Date: Thu, 11 Nov 2021 16:06:44 +0100
Message-Id:
<208463e8dc6b0491754c685d5ca3e26a61115915.1636643087.git.mkletzan@redhat.com>
In-Reply-To:
References:
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.1
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643274581100001
Content-Type: text/plain; charset="utf-8"
Signed-off-by: Martin Kletzander
Reviewed-by: Daniel P. Berrang=C3=A9
---
tests/virconfdata/libvirtd.conf | 2 +-
tests/virconfdata/libvirtd.out | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.c=
onf
index e850e1b87344..f4c35e9e430f 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -178,7 +178,7 @@ crl_file =3D "/etc/pki/CA/crl.pem"
tls_no_verify_certificate =3D 1
=20
=20
-# An access control list of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index 0755c5dc0a22..a407c5f189e9 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -142,7 +142,7 @@ crl_file =3D "/etc/pki/CA/crl.pem"
# Default is to always verify. Uncommenting this will disable
# verification.
tls_no_verify_certificate =3D 1
-# An access control list of allowed x509 Distinguished Names
+# An access control list of allowed x509 Distinguished Names
# This list may contain wildcards such as
#
# "C=3DGB,ST=3DLondon,L=3DLondon,O=3DRed Hat,CN=3D*"
--=20
2.33.1
From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643250; cv=none;
d=zohomail.com; s=zohoarc;
b=RyVc1VrEL89qaNX46O7RmQRLd0cxFY2PdZBqFNQCaUViYqqyKKPQBSSzX5Be1T2Uj9WUGjA0eI/VyRSqXlzGDi8DHrLj+LhfHn4eI/zr+f9zUjprEq6qZa12pVeCZ60Q20H2vqv01bDKWpFRf8F6Yae+NrAyE/t+FEzcPs48vFI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1636643250;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=F+cI+883uZOB6WI8S6uGBVR0zCgmUhrTRL8FuhZZxao=;
b=lGoDGSGynQnP0g0IdOxf7OTmcSAE/7jBG/ZjA28AUfe+/JEQPlwIGIeXDAAokhGR4H/850kO/k76sPSz5jKtI1y83Cx9kMeBT8AoT9zRU9IM4/W3OOb+oFsL/JJQ1ws8rAk7+YZguGaOGAg4CYukh+a+Zj1MsK6+P5C/ZtuvsSY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1636643250735209.794083636526;
Thu, 11 Nov 2021 07:07:30 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-454-sLZGKNNkPUOt9PnNxcetog-1; Thu, 11 Nov 2021 10:07:26 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
[10.5.11.15])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1BA148799EC;
Thu, 11 Nov 2021 15:07:21 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id EA0F056A88;
Thu, 11 Nov 2021 15:07:20 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id BA4BB4EA31;
Thu, 11 Nov 2021 15:07:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
[10.11.54.5])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 1ABF7IAR004632 for ;
Thu, 11 Nov 2021 10:07:18 -0500
Received: by smtp.corp.redhat.com (Postfix)
id AED2851E5; Thu, 11 Nov 2021 15:07:18 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id A958D51E4
for ; Thu, 11 Nov 2021 15:07:13 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
[207.211.31.120])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 85AFA800055
for ; Thu, 11 Nov 2021 15:07:13 +0000 (UTC)
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
[209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-163-mbjFRfAkPDK9MPG1NFVpXg-1; Thu, 11 Nov 2021 10:06:59 -0500
Received: by mail-wm1-f69.google.com with SMTP id
o18-20020a05600c511200b00332fa17a02eso2830243wms.5
for ; Thu, 11 Nov 2021 07:06:59 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
z18sm3066563wrq.11.2021.11.11.07.06.56 for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
by wheatley.localdomain (Postfix) with ESMTP id C3D781BBF2C5
for ; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1636643249;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=F+cI+883uZOB6WI8S6uGBVR0zCgmUhrTRL8FuhZZxao=;
b=THHwsKBm9BldlHO7KWPX8Uw9UEh/O/mT7L6R8Zld4LqCJsa93umyfwHcw7GyMSGPDjogpx
dbVYH35C4y7z6k05yE7ZUfvLpNgwUl23sQNPmk1wCqEDULEfceUS/6m1KCFCXK2eCkIvxM
pHr+fr7lsBZXOJ/SSjvCF6v21S33GIU=
X-MC-Unique: sLZGKNNkPUOt9PnNxcetog-1
X-MC-Unique: mbjFRfAkPDK9MPG1NFVpXg-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=F+cI+883uZOB6WI8S6uGBVR0zCgmUhrTRL8FuhZZxao=;
b=AAa89nbvOkejzcc5obkT1yvspvtlLp1lRLzWCsH15Yq7Tq+s+d1ZN9iogiMPELtsd6
Tmjg5sdL3RTZkSpFiZwAChSsb+MkiHZC9/vmieYbz8Na+WrS1L/NYbz/VcWtJMXpJw7F
se7LXJTRdN3I1Y4/gxIEdYciDq2u9VTRo87qM3W8nYoXlDt9ufgpWtFOjavpKQ5A/7P5
KXVhmKn6cWL7V92mvcB/x31dXQUK4rPx4OaHuFmr3GsMXxAhkucaZUbwn/j1sBYJtaXE
lGgYgFDp5opEM5FfNyNSa/88KKwnAvfzeeO24wMyY98t56jkpLzTX7wuUGcELHpYb4/e
5I+w==
X-Gm-Message-State: AOAM5320g6seotpYo/i+4yZiPfgWaP88NCwu17Ek5Q2qgCeDBLz9KdW4
xdTJmP4UKJOD+VTicDSujM74D+TkqtllR994RnlVwB5zJut7btUn91czq437pxSXwM+NBjM4Bz8
TkBEcUZQjAkympxcqdn1JgztldTG5EsgJJhuvqWvTO3RLikEV3z0thvb0+M7yMn4jCaxy974=
X-Received: by 2002:a7b:c744:: with SMTP id w4mr9199842wmk.50.1636643218298;
Thu, 11 Nov 2021 07:06:58 -0800 (PST)
X-Google-Smtp-Source:
ABdhPJyuJyPe0SOhaHf7rELk7EGS24pdo5aMBrwLwNgseHXuaiZ92xoS11UdH23WXE9XaeJfJOKtkg==
X-Received: by 2002:a7b:c744:: with SMTP id w4mr9199791wmk.50.1636643217953;
Thu, 11 Nov 2021 07:06:57 -0800 (PST)
From: Martin Kletzander
To: libvir-list@redhat.com
Subject: [PATCH 5/6] Add suggestions for virt-pki-query-dn usage
Date: Thu, 11 Nov 2021 16:06:45 +0100
Message-Id:
<74f9ad691c3d343ccfb4073ff700147d23834351.1636643087.git.mkletzan@redhat.com>
In-Reply-To:
References:
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643279607100001
Content-Type: text/plain; charset="utf-8"
To make it easier for users to figure out how the DN should be formatted.
Signed-off-by: Martin Kletzander
Reviewed-by: Daniel P. Berrang=C3=A9
---
docs/remote.html.in | 4 ++++
src/remote/libvirtd.conf.in | 5 +++++
src/rpc/virnettlscontext.c | 2 +-
tests/virconfdata/libvirtd.conf | 4 ++++
tests/virconfdata/libvirtd.out | 4 ++++
5 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/docs/remote.html.in b/docs/remote.html.in
index 66f56a3a64fc..efdb2b32535d 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -259,6 +259,10 @@ Blank lines and comments beginning with #
=
are ignored.
Note also that GnuTLS returns DNs without spaces
after commas between the fields (and this is what we check against),
but the openssl x509
tool shows spaces.
+
+ To make it easy to see the order of the fields in the DN a helper execut=
able
+ virt-pki-query-dn
is provided for this particular use case.
+
diff --git a/src/remote/libvirtd.conf.in b/src/remote/libvirtd.conf.in
index b18c5885a1a7..2cd20aaa7f52 100644
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@@ -292,6 +292,11 @@
#
# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
#
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+# virt-pki-query-dn clientcert.pem
+#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
#
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 3babf3ee4dc3..1a3dd92676f7 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -371,7 +371,7 @@ virNetTLSContextCheckCertDNACL(const char *dname,
virReportError(VIR_ERR_SYSTEM_ERROR, "%s",
_("Client's Distinguished Name is not on the list "
"of allowed clients (tls_allowed_dn_list). Use "
- "'certtool -i --infile clientcert.pem' to view the "
+ "'virt-pki-query-dn clientcert.pem' to view the "
"Distinguished Name field in the client certificate, "
"or run this daemon with --verbose option."));
return 0;
diff --git a/tests/virconfdata/libvirtd.conf b/tests/virconfdata/libvirtd.c=
onf
index f4c35e9e430f..c5a225e42f6f 100644
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@@ -185,6 +185,10 @@ tls_no_verify_certificate =3D 1
#
# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
#
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+# virt-pki-query-dn clientcert.pem
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
diff --git a/tests/virconfdata/libvirtd.out b/tests/virconfdata/libvirtd.out
index a407c5f189e9..754bf56ee4dd 100644
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@@ -149,6 +149,10 @@ tls_no_verify_certificate =3D 1
#
# Any * matches any number of consecutive spaces, like a simplified glob(7=
).
#
+# The format of the DN for a particular certificate can be queried
+# using:
+#
+# virt-pki-query-dn clientcert.pem
#
# NB If this is an empty list, no client can connect, so comment out
# entirely rather than using empty list to disable these checks
--=20
2.33.1
From nobody Mon Apr 29 04:38:24 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
170.10.133.124 as permitted sender) client-ip=170.10.133.124;
envelope-from=libvir-list-bounces@redhat.com;
helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass(p=none dis=none) header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1636643231; cv=none;
d=zohomail.com; s=zohoarc;
b=ON1ypGdIW58PPGTdO0W8Ur5/zCQi3E+Vpk35LndNfmog6Hu3/lhNxvunyOIQTJiqV3w4Vap64j2v38MeQts/OAzbq45mqAk4XGrWUem2/Qki/AV51orPLm8YjgHV1/gAnLU9PD7SX/3E/IOrQOmSDWCyGmPpeST4pMNtoqtHG0A=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc;
t=1636643231;
h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
bh=YMCBm/ZVvj9wWdOFAIH2issVr1vvH+ndoQfX+EncNeQ=;
b=hHQAy/AlXtBB50rOX8dmzcB5vIV6/VHEJBRRzJemBXGTpUXrfaMiY+iicMwoeb1ZiAy6ky0iH57usG3ZO55xZrQm37XU79WSZ5eMxp4GDM7ZvRrN0i4DEoGFZHogkFHnalGuthJxqegJLwMzrETX+FLjgnEefSnTGyJhrkM8nbM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass;
spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
dmarc=pass header.from= (p=none dis=none)
Return-Path:
Received: from us-smtp-delivery-124.mimecast.com
(us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
with SMTPS id 1636643231116796.0539080235792;
Thu, 11 Nov 2021 07:07:11 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
[209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-136-xb9fixcUP4-SBR6ib7LnMQ-1; Thu, 11 Nov 2021 10:07:08 -0500
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 282FBCC626;
Thu, 11 Nov 2021 15:07:03 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 0895F57CAD;
Thu, 11 Nov 2021 15:07:03 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id CDDF54E58E;
Thu, 11 Nov 2021 15:07:02 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
[10.11.54.2])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id 1ABF6xYo004518 for ;
Thu, 11 Nov 2021 10:06:59 -0500
Received: by smtp.corp.redhat.com (Postfix)
id B8D79400E114; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
(mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19])
by smtp.corp.redhat.com (Postfix) with ESMTPS id B5448400E112
for ; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
bits)) (No client certificate requested)
by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9BEE9811E7F
for ; Thu, 11 Nov 2021 15:06:59 +0000 (UTC)
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com
[209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id
us-mta-599-43Q_2imvOqqjMHSSwH66QQ-1; Thu, 11 Nov 2021 10:06:58 -0500
Received: by mail-wr1-f70.google.com with SMTP id
b1-20020a5d6341000000b001901ddd352eso253965wrw.7
for ; Thu, 11 Nov 2021 07:06:58 -0800 (PST)
Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com.
[213.175.37.10]) by smtp.gmail.com with ESMTPSA id
k27sm9872314wms.41.2021.11.11.07.06.56 for
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 11 Nov 2021 07:06:56 -0800 (PST)
Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1])
by wheatley.localdomain (Postfix) with ESMTP id C4BB61BBF2C6
for ; Thu, 11 Nov 2021 16:06:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
s=mimecast20190719; t=1636643230;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references:list-id:list-help:
list-unsubscribe:list-subscribe:list-post;
bh=YMCBm/ZVvj9wWdOFAIH2issVr1vvH+ndoQfX+EncNeQ=;
b=jFDi76lipM3u0GtbttnNCqquqM6gEmJZ57t8eEhgnZNCn45EJIXMFk9SkYbQlMgFheCxCZ
AH22sHtS8QEwvwA8PTyDNMN7MTmC+OThIW1kaX+jcLThHR3V2Ab2N0hE3abH5AbAnz7WrJ
YO0WqV6pUetPH0esFiSLn1xcVGLog5g=
X-MC-Unique: xb9fixcUP4-SBR6ib7LnMQ-1
X-MC-Unique: 43Q_2imvOqqjMHSSwH66QQ-1
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
:references:mime-version:content-transfer-encoding;
bh=YMCBm/ZVvj9wWdOFAIH2issVr1vvH+ndoQfX+EncNeQ=;
b=N4hjNajFqx7qRJPAIJ+ZOzrTiOluHoFMMzWuFPFHGIOOCBgkjzsuQSYNeLcxyvdhoy
ulkTUYvVSfMjSlY4W9vUT7+aYOo+jazg/gfnxJPI8TFKUTTfy8AdFYpAAOGTZUzDIt0E
8XdvpsGxlQtbwIF49n5JMjJI8ao+A0IoIAxzMDkaLv9S5mUAq232JjnNAz71CMBC0qkD
IygOFqOo08rYC1asZzfUwLJsEG+Q5fUZpDyQteIb8QrjFEmnVfgudsLXhWNwt+i5x6l7
w9cGPA7B7zAIVwwE1i5SnugCUV2r7tNGj2dEfM5y1EOQ9ClsREzTOV4d5TX2pkKFJ4tw
uayw==
X-Gm-Message-State: AOAM531bsDzbpWLPSgIZ6k5F8d1FjwD3iXrEnErBT7abKjkpWHVbR2Rx
3ZUeHwr0m7oTfWAUGyR6jkSY8mW6o4wln8Sspfon5CMdanz6xbxv+e1qMfrHAZv43H6sHv8jq1X
+122Q++8eqj0t6ucYiYUNbHBIegrSUBJOKMKuqBCJSB6o5fvf+YtbqYOvneMk5OJA9fMr2Pc=
X-Received: by 2002:a1c:6a0e:: with SMTP id f14mr25667355wmc.58.1636643217259;
Thu, 11 Nov 2021 07:06:57 -0800 (PST)
X-Google-Smtp-Source:
ABdhPJzWAgE4Q/bWlcAZuJZ7vYcnHpZyzx9A6DnwWZ07nb4ghyKUXp5h0qsZSz4JHfxx0GzuTMhNzA==
X-Received: by 2002:a1c:6a0e:: with SMTP id f14mr25667328wmc.58.1636643217028;
Thu, 11 Nov 2021 07:06:57 -0800 (PST)
From: Martin Kletzander
To: libvir-list@redhat.com
Subject: [PATCH 6/6] news: Mention the addition of virt-pki-query-dn binary
Date: Thu, 11 Nov 2021 16:06:46 +0100
Message-Id:
<1e9ee102e5018b5352c5bdbb6cec177d0f209573.1636643087.git.mkletzan@redhat.com>
In-Reply-To:
References:
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1636643259763100002
Content-Type: text/plain; charset="utf-8"
Signed-off-by: Martin Kletzander
Reviewed-by: Daniel P. Berrang=C3=A9
---
NEWS.rst | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 983153a63123..a71b84c36390 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -17,6 +17,12 @@ v7.10.0 (unreleased)
=20
* **New features**
=20
+ * Added virt-pki-query-dn binary
+
+ This binary helps users figure out the format of Distinguished Name
+ from a certificate file the way that libvirt expects it in
+ tls_allowed_dn_list option of libvirtd.conf configuration file
+
* **Improvements**
=20
* qemu: Report guest interface information in ``virDomainGetGuestInfo``
--=20
2.33.1