[libvirt] [PATCH] Fix reporting of TLS connection errors
Matthias Bolte
matthias.bolte at googlemail.com
Thu Dec 17 23:54:28 UTC 2009
2009/12/17 Daniel P. Berrange <berrange at redhat.com>:
> The code for connecting to a server tries each socket in turn
> until it finds one that connects. Unfortunately for TLS sockets
> if it connected, but failed TLS handshake it would treat that
> as a failure to connect, and try the next socket. This is bad,
> it should have reported the TLS failure immediately.
>
> $ virsh -c qemu://somehost.com/system
> error: unable to connect to libvirtd at 'somehost.com': Invalid argument
> error: failed to connect to the hypervisor
>
> $ ./tools/virsh -c qemu://somehost.com/system
> error: server certificate failed validation: The certificate hasn't got a known issuer.
> error: failed to connect to the hypervisor
>
> * src/remote/remote_driver.c: Stop trying to connect if the
> TLS handshake fails
> ---
> src/remote/remote_driver.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
> index 77962fe..584de36 100644
> --- a/src/remote/remote_driver.c
> +++ b/src/remote/remote_driver.c
> @@ -632,7 +632,7 @@ doRemoteOpen (virConnectPtr conn,
> if (!priv->session) {
> close (priv->sock);
> priv->sock = -1;
> - continue;
> + goto failed;
> }
> }
> goto tcp_connected;
> --
> 1.6.5.2
>
ACK.
Matthias
More information about the libvir-list
mailing list