Check client cert/key ahead of time & report errors

ChangeLog

+Thu Jul 12 11:15:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
+
+	* src/remote_internal.c: Explicitly check certificate/key files
+	before trying to load them so we can get improved error reports
+	back.
+
 Thu Jul 12 11:02:17 EST 2007 Daniel P. Berrange <berrange@redhat.com>
 
 	* src/qemu_conf.c, src/qemu_conf.h, src/qemu_driver.c: Pass

src/remote_internal.c

@@ -890,6 +890,22 @@ query_free (struct query_fields *fields)
 /* GnuTLS functions used by remoteOpen. */
 static gnutls_certificate_credentials_t x509_cred;
 
+
+static int
+check_cert_file (const char *type, const char *file)
+{
+    struct stat sb;
+    if (stat(file, &sb) < 0) {
+        __virRaiseError (NULL, NULL, NULL, VIR_FROM_REMOTE, VIR_ERR_RPC,
+                         VIR_ERR_ERROR, LIBVIRT_CACERT, NULL, NULL, 0, 0,
+                         "Cannot access %s '%s': %s (%d)",
+                         type, file, strerror(errno), errno);
+        return -1;
+    }
+    return 0;
+}
+
+
 static int
 initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
 {
@@ -907,6 +923,14 @@ initialise_gnutls (virConnectPtr conn ATTRIBUTE_UNUSED)
         return -1;
     }
 
+
+    if (check_cert_file("CA certificate", LIBVIRT_CACERT) < 0)
+        return -1;
+    if (check_cert_file("client key", LIBVIRT_CLIENTKEY) < 0)
+        return -1;
+    if (check_cert_file("client certificate", LIBVIRT_CLIENTCERT) < 0)
+        return -1;
+
     /* Set the trusted CA cert. */
 #if DEBUG
     fprintf (stderr, "loading CA file %s\n", LIBVIRT_CACERT);