[Libvir] PATCH: More useful error messages with missing certs

Daniel P. Berrange berrange at redhat.com
Thu Jul 12 14:59:57 UTC 2007


On Wed, Jul 11, 2007 at 04:10:10PM -0400, Daniel Veillard wrote:
> On Wed, Jul 11, 2007 at 08:51:26PM +0100, Daniel P. Berrange wrote:
> > On the server end if you try to start the server with TLS enabled and you
> > don't have the certs setup, you get a cryptic:
> > 
> > gnutls_certificate_set_x509_trust_file: Error while reading file.
> > 
> > Rather useless the gnutls error message not telling you what file was
> > missing.
> > 
> > Similarly with virsh:
> > 
> >  # ~/usr/bin/virsh  --connect  qemu://localhost/system list
> >  libvir: Remote error : Error while reading file.
> > 
> > Since GNU TLS doesn't even tell you the actual problem - was it wrong
> > permissions, or missing file altogether, I decided its better to do an
> > explicit 'stat' check ahead of time.
> > 
> > So now it gives:
> > 
> > $ ~/usr/bin/virsh  --connect  qemu://celery.virt.boston.redhat.com/system start demo
> > libvir: Remote error : Cannot access CA certificate 
> >  '/home/berrange/usr/etc/pki/CA/cacert.pem': No such file or directory (2)
> > 
> > Or
> > 
> > $ ~/usr/bin/virsh  --connect  qemu://celery.virt.boston.redhat.com/system start demo
> > libvir: Remote error : Cannot access CA certificate 
> >  '/home/berrange/usr/etc/pki/CA/cacert.pem': Permission denied (13)
> > 
> > Or in the daemon
> > 
> > # /usr/sbin/libvirtd --listen
> > Cannot access CA certificate '/home/berrange/usr/etc/pki/CA/cacert.pem': No such file or directory (2)
> > 
> 
>  All sounds good,
> 
> > +#define CHECK_CERT(type, file) \
> > +    do { if (stat(file, &sb) < 0) {                                      \
> > +            qemudLog (QEMUD_ERR, "Cannot access " type " '%s': %s (%d)", \
> > +                         file, strerror(errno), errno); \
> > +            return -1;                                  \
> > +        } } while (0)
> > +
> 
>  Why not make a function instead of this convoluted construct ?
> And same in src/remote_internal.c too.

I committed with that suggested change - the compiler will probably
inline the function anyway.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 




More information about the libvir-list mailing list