[libvirt] [PATCH] Add some basic sanity checking of certificates before use

Eric Blake eblake at redhat.com
Fri Jul 15 19:43:31 UTC 2011

On 07/15/2011 06:15 AM, Jiri Denemark wrote:
> On Fri, Jul 15, 2011 at 11:40:01 +0100, Daniel P. Berrange wrote:
>> If the libvirt daemon or libvirt client is configured with bogus
>> certificates, it is very unhelpful to only find out about this
>> when a TLS connection is actually attempted. Not least because
>> the error messages you get back for failures are incredibly
>> obscure.

>> +    if (gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM) < 0) {
>> +        virNetError(VIR_ERR_SYSTEM_ERROR,
>> +                    _("Unable to import %s certificate %s"),
>> +                    isServer ? "server" : "client", certFile);
> Shouldn't this and several other instances below rather be something like
>         isServer ? _("Unable to import server certificate %s")
>                  : _("Unable to import client certificate %s")

Yes, the translators _do_ prefer complete sentences.  Not to mention
that the patch as written doesn't translate "server" or "client", so it
would look weird having an English word injected into an otherwise
translated sentence.

>> +            virNetError(VIR_ERR_SYSTEM_ERROR,
>> +                        _("Unable to verify %s certificate against CA certificate"),
>> +                        isServer ? "server": "client");

Another instance of translation issues.

Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110715/f91abc8e/attachment-0001.sig>

More information about the libvir-list mailing list