[libvirt] [PATCH] libvirtd: improve the error message displayed on tls client auth failure
Eric Blake
eblake at redhat.com
Wed Sep 15 16:04:31 UTC 2010
On 09/15/2010 09:54 AM, Justin Clift wrote:
> This address BZ # 556599:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=556599
> ---
> daemon/libvirtd.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
> index 711360b..46e22bd 100644
> --- a/daemon/libvirtd.c
> +++ b/daemon/libvirtd.c
> @@ -1226,7 +1226,7 @@ remoteCheckCertificate (gnutls_session_t session)
> if (i == 0) {
> if (!remoteCheckDN (cert)) {
> /* This is the most common error: make it informative. */
> - VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
> + VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'certtool -i --infile clientcert.pem' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
ACK. What fun - a bug that is fixed purely by changing the documentation.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list