openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improved error checking for cert/key files

This commit is contained in:
Daniel P. Berrange 2007-07-12 14:54:45 +00:00
parent bb6476e771
commit a219c3aba8
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
Thu Jul 12 10:57:17 CEST 2007 Daniel Veillard <veillard@redhat.com>
* qemud/qemud.c: Add explicit checks for existance of x509
certificate & key files to get better error reporting than
GNU TLS offers when it can't load a file
Thu Jul 12 10:57:17 CEST 2007 Daniel Veillard <veillard@redhat.com> Thu Jul 12 10:57:17 CEST 2007 Daniel Veillard <veillard@redhat.com>
* src/xen_internal.c: applied patch from Christian Ehrhardt to * src/xen_internal.c: applied patch from Christian Ehrhardt to

22
qemud/qemud.c
View File

@ -112,6 +112,18 @@ static int qemudRegisterClientEvent(struct qemud_server *server,
struct qemud_client *client, struct qemud_client *client,
int remove); int remove);
static int
remoteCheckCertFile(const char *type, const char *file)
{
struct stat sb;
if (stat(file, &sb) < 0) {
qemudLog (QEMUD_ERR, "Cannot access %s '%s': %s (%d)",
type, file, strerror(errno), errno);
return -1;
}
return 0;
}
static int static int
remoteInitializeGnuTLS (void) remoteInitializeGnuTLS (void)
{ {
@ -128,6 +140,9 @@ remoteInitializeGnuTLS (void)
} }
if (ca_file && ca_file[0] != '\0') { if (ca_file && ca_file[0] != '\0') {
if (remoteCheckCertFile("CA certificate", ca_file) < 0)
return -1;
qemudDebug ("loading CA cert from %s", ca_file); qemudDebug ("loading CA cert from %s", ca_file);
err = gnutls_certificate_set_x509_trust_file (x509_cred, ca_file, err = gnutls_certificate_set_x509_trust_file (x509_cred, ca_file,
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
@ -139,6 +154,9 @@ remoteInitializeGnuTLS (void)
} }
if (crl_file && crl_file[0] != '\0') { if (crl_file && crl_file[0] != '\0') {
if (remoteCheckCertFile("CA revocation list", ca_file) < 0)
return -1;
qemudDebug ("loading CRL from %s", crl_file); qemudDebug ("loading CRL from %s", crl_file);
err = gnutls_certificate_set_x509_crl_file (x509_cred, crl_file, err = gnutls_certificate_set_x509_crl_file (x509_cred, crl_file,
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
@ -150,6 +168,10 @@ remoteInitializeGnuTLS (void)
} }
if (cert_file && cert_file[0] != '\0' && key_file && key_file[0] != '\0') { if (cert_file && cert_file[0] != '\0' && key_file && key_file[0] != '\0') {
if (remoteCheckCertFile("server certificate", cert_file) < 0)
return -1;
if (remoteCheckCertFile("server key", key_file) < 0)
return -1;
qemudDebug ("loading cert and key from %s and %s", qemudDebug ("loading cert and key from %s and %s",
cert_file, key_file); cert_file, key_file);
err = err =