[libvirt] [PATCH] Fix mistaken order of server cert/key parameters in constructor

Daniel P. Berrange berrange at redhat.com
Fri Jul 8 10:16:03 UTC 2011

From: "Daniel P. Berrange" <berrange at redhat.com>

The virNetTLSContextNew was being passed key/cert parameters in
the wrong order. This wasn't immediately visible because if
virNetTLSContextNewPath was used, a second bug reversed the order
of those parameters again.

Only if the paths were manually specified in /etc/libvirt/libvirtd.conf
did the bug appear

* src/rpc/virnettlscontext.c: Fix order of params passed to
 src/rpc/virnettlscontext.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index ad8e2dc..1120e1e 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -396,10 +396,10 @@ static virNetTLSContextPtr virNetTLSContextNewPath(const char *pkipath,
     virNetTLSContextPtr ctxt = NULL;
     if (virNetTLSContextLocateCredentials(pkipath, tryUserPkiPath, isServer,
-                                          &cacert, &cacrl, &key, &cert) < 0)
+                                          &cacert, &cacrl, &cert, &key) < 0)
         return NULL;
-    ctxt = virNetTLSContextNew(cacert, cacrl, key, cert,
+    ctxt = virNetTLSContextNew(cacert, cacrl, cert, key,
                                x509dnWhitelist, requireValidCert, isServer);
@@ -435,7 +435,7 @@ virNetTLSContextPtr virNetTLSContextNewServer(const char *cacert,
                                               const char *const*x509dnWhitelist,
                                               bool requireValidCert)
-    return virNetTLSContextNew(cacert, cacrl, key, cert,
+    return virNetTLSContextNew(cacert, cacrl, cert, key,
                                x509dnWhitelist, requireValidCert, true);

More information about the libvir-list mailing list