[libvirt] [PATCH 03/10] Generic module for handling TLS encryption and x509 certs

Eric Blake eblake at redhat.com
Tue Mar 15 22:34:33 UTC 2011 

On 03/15/2011 11:51 AM, Daniel P. Berrange wrote:
> This provides two modules for handling TLS
> 
>  * virNetTLSContext provides the process-wide state, in particular
>    all the x509 credentials, DH params and x509 whitelists
>  * virNetTLSSession provides the per-connection state, ie the
>    TLS session itself.
> 
> The virNetTLSContext provides APIs for validating a TLS session's
> x509 credentials. The virNetTLSSession includes APIs for performing
> the initial TLS handshake and sending/recving encrypted data
> 
> * src/Makefile.am: Add to libvirt-net-rpc.la
> * src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
>   TLS handling code
> ---
>  configure.ac               |    2 +-
>  po/POTFILES.in             |    1 +
>  src/Makefile.am            |    5 +-
>  src/rpc/virnettlscontext.c |  892 ++++++++++++++++++++++++++++++++++++++++++++
>  src/rpc/virnettlscontext.h |  100 +++++
>  5 files changed, 998 insertions(+), 2 deletions(-)
>  create mode 100644 src/rpc/virnettlscontext.c
>  create mode 100644 src/rpc/virnettlscontext.h

No src/libvirt_private.syms entries?

> 
> diff --git a/configure.ac b/configure.ac
> index 49403dd..81bad91 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -134,7 +134,7 @@ LIBS=$old_libs
>  dnl Availability of various common headers (non-fatal if missing).
>  AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/un.h \
>    sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \
> -  sys/un.h sys/syscall.h netinet/tcp.h])
> +  sys/un.h sys/syscall.h netinet/tcp.h fnmatch.h])

Gnulib provides fnmatch.  We shouldn't be adding this check, but modify
bootstrap.conf instead.

> +++ b/src/rpc/virnettlscontext.c
> @@ -0,0 +1,892 @@
> +/*
> + * virnettlscontext.c: TLS encryption/x509 handling
> + *
> + * Copyright (C) 2010 Red Hat, Inc.

2011

> +#include <config.h>
> +
> +#include <unistd.h>
> +#ifdef HAVE_FNMATCH_H
> +# include <fnmatch.h>
> +#endif

This should be unconditional inclusion, thanks to gnulib.

> +
> +static int virNetTLSContextLoadCredentials(virNetTLSContextPtr ctxt,
> +                                           bool isServer,
> +                                           const char *cacert,
> +                                           const char *cacrl,
> +                                           const char *cert,
> +                                           const char *key)
> +{
> +    int ret = -1;
> +    int err;
> +
> +    if (cacert && cacert[0] != '\0') {
> +        if (virNetTLSContextCheckCertFile("CA certificate", cacert, false) < 0)
> +            goto cleanup;
> +
> +        VIR_DEBUG("loading CA cert from %s", cacert);
> +        err = gnutls_certificate_set_x509_trust_file(ctxt->x509cred,
> +                                                     cacert,
> +                                                     GNUTLS_X509_FMT_PEM);
> +        if (err < 0) {
> +            virNetError(VIR_ERR_SYSTEM_ERROR,
> +                        _("Unable to set x509 CA certificate: %s: %s"),
> +                        cacert, gnutls_strerror (err));

Consistency on ' (' vs. '(' for function calls.

> +        } else {
> +            VIR_DEBUG("Skipping non-existant cert %s key %s on client", cert, key);

s/existant/existent/

> +
> +/* Check DN is on tls_allowed_dn_list. */
> +static int
> +virNetTLSContextCheckDN(virNetTLSContextPtr ctxt,
> +                        const char *dname)
> +{
> +    const char *const*wildcards;
> +
> +    /* If the list is not set, allow any DN. */
> +    wildcards = ctxt->x509dnWhitelist;
> +    if (!wildcards)
> +        return 1;
> +
> +    while (*wildcards) {
> +#ifdef HAVE_FNMATCH_H
> +        int ret = fnmatch (*wildcards, dname, 0);

Use this unconditionally.

> +
> +#if 0
> +    PROBE(CLIENT_TLS_ALLOW, "fd=%d, name=%s",
> +          virNetServerClientGetFD(client), name);
> +#endif
> +    return 0;

Are these PROBE() statements worth keeping?  Are they for debug, for
systemtap probe points, or something else?

> --- /dev/null
> +++ b/src/rpc/virnettlscontext.h
> @@ -0,0 +1,100 @@
> +/*
> + * virnettlscontext.h: TLS encryption/x509 handling
> + *
> + * Copyright (C) 2010 Red Hat, Inc.

2011

> +#ifndef __VIR_NET_TLS_CONTEXT_H__
> +# define __VIR_NET_TLS_CONTEXT_H__
> +
> +# include <stdbool.h>

Is this redundant, now that "internal.h" guarantees this and all .c
files should be including "internal.h"?  I don't see any other headers
that include <stdbool.h> since commit 3541672.

> +
> +void virNetTLSSessionFree(virNetTLSSessionPtr sess);

Should cfg.mk list this as a free-like function?

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110315/5be42ac8/attachment-0001.sig>

More information about the libvir-list mailing list