提交 f36c7077 编写于 作者: D Daniel P. Berrange

Check client cert/key ahead of time & report errors

上级 e958eff7
Thu Jul 12 11:15:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
* src/remote_internal.c: Explicitly check certificate/key files
before trying to load them so we can get improved error reports
back.
Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange <berrange@redhat.com> Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
* src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c: Pass * src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c: Pass
......
...@@ -890,6 +890,22 @@ query_free (struct query_fields *fields) ...@@ -890,6 +890,22 @@ query_free (struct query_fields *fields)
/* GnuTLS functions used by remoteOpen. */ /* GnuTLS functions used by remoteOpen. */
static gnutls_certificate_credentials_t x509_cred; static gnutls_certificate_credentials_t x509_cred;
static int
check_cert_file (const char *type, const char *file)
{
struct stat sb;
if (stat(file, &sb) < 0) {
__virRaiseError (NULL, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC,
VIR_ERR_ERROR, LIBVIRT_CACERT, NULL, NULL, 0, 0,
"Cannot access %s '%s': %s (%d)",
type, file, strerror(errno), errno);
return -1;
}
return 0;
}
static int static int
initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED) initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
{ {
...@@ -907,6 +923,14 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED) ...@@ -907,6 +923,14 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
return -1; return -1;
} }
if (check_cert_file("CA certificate", LIBVIRT_CACERT) < 0)
return -1;
if (check_cert_file("client key", LIBVIRT_CLIENTKEY) < 0)
return -1;
if (check_cert_file("client certificate", LIBVIRT_CLIENTCERT) < 0)
return -1;
/* Set the trusted CA cert. */ /* Set the trusted CA cert. */
#if DEBUG #if DEBUG
fprintf (stderr, "loading CA file %s\n", LIBVIRT_CACERT); fprintf (stderr, "loading CA file %s\n", LIBVIRT_CACERT);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册