1. 19 8月, 2011 1 次提交
    • M
      daemon: initialize GnuTLS · 74c75671
      Michal Privoznik 提交于
      When spice_tls is set but listen_tls is not, we don't initialize
      GnuTLS library. So any later gnutls call (e.g. during migration,
      where we initialize a certificate) will access uninitialized GnuTLS
      internal structs and throws an error.
      
      Although, we might now initialize GnuTLS twice, it is safe according
      to the documentation:
      
          This function can be called many times,
          but will only do something the first time.
      
      This patch creates 2 functions: virNetTLSInit and virNetTLSDeinit
      with respect to written above.
      74c75671
  2. 22 7月, 2011 1 次提交
    • D
      Allow certificate sanity checking to be disabled · 07f9b6f0
      Daniel P. Berrange 提交于
      When libvirtd starts it it will sanity check its own certs,
      and before libvirt clients connect to a remote server they
      will sanity check their own certs. This patch allows such
      sanity checking to be skipped. There is no strong reason to
      need to do this, other than to bypass possible libvirt bugs
      in sanity checking, or for testing purposes.
      
      libvirt.conf gains tls_no_sanity_certificate parameter to
      go along with tls_no_verify_certificate. The remote driver
      client URIs gain a no_sanity URI parameter
      
      * daemon/test_libvirtd.aug, daemon/libvirtd.conf,
        daemon/libvirtd.c, daemon/libvirtd.aug: Add parameter to
        allow cert sanity checks to be skipped
      * src/remote/remote_driver.c: Add no_sanity parameter to
        skip cert checks
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h:
        Add new parameter for skipping sanity checks independantly
        of skipping session cert validation checks
      07f9b6f0
  3. 24 6月, 2011 1 次提交
    • D
      Generic module for handling TLS encryption and x509 certs · 30fd0bbb
      Daniel P. Berrange 提交于
      This provides two modules for handling TLS
      
       * virNetTLSContext provides the process-wide state, in particular
         all the x509 credentials, DH params and x509 whitelists
       * virNetTLSSession provides the per-connection state, ie the
         TLS session itself.
      
      The virNetTLSContext provides APIs for validating a TLS session's
      x509 credentials. The virNetTLSSession includes APIs for performing
      the initial TLS handshake and sending/recving encrypted data
      
      * src/Makefile.am: Add to libvirt-net-rpc.la
      * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
        TLS handling code
      30fd0bbb