[libvirt] [PATCH] qemu: Fix bug assuming usage of default UUID for certificate passphrase

Michal Privoznik mprivozn at redhat.com
Tue Aug 15 13:07:14 UTC 2017

On 07/21/2017 11:47 PM, John Ferlan wrote:
> If an environment specific _tls_x509_cert_dir is provided, then
> do not VIR_STRDUP the defaultTLSx509secretUUID as that would be
> for the "default" environment and not the vnc, spice, chardev, or
> migrate environments. If the environment needs a secret to decode
> it's certificate, then it must provide the secret. If the secrets
> happen to be the same, then configuration would use the same UUID
> as the default (but we cannot assume that nor can we assume that
> the secret would be necessary).
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>  While responding to a different patch today regarding Veritas and
>  usage of a default environment w/ or w/o secrets I realized that
>  the existing logic has a flaw in "assuming" that someone would want
>  to use the default secret. What if they defined their own environment
>  without a secret?  Then the code would create a secret object to pass
>  to QEMU which would think it needs to use it to decode the server
>  certificate (but it doesn't), so it would seemingly fail the start.
>  I assume based on the lack of complaints about this that everyone just
>  uses the default environment!
>  src/qemu/qemu_conf.c | 10 +++++++---
>  1 file changed, 7 insertions(+), 3 deletions(-)



More information about the libvir-list mailing list