[libvirt] [PATCH] qemu: Fix bug assuming usage of default UUID for certificate passphrase
Michal Privoznik
mprivozn at redhat.com
Tue Aug 15 13:07:14 UTC 2017
On 07/21/2017 11:47 PM, John Ferlan wrote:
> If an environment specific _tls_x509_cert_dir is provided, then
> do not VIR_STRDUP the defaultTLSx509secretUUID as that would be
> for the "default" environment and not the vnc, spice, chardev, or
> migrate environments. If the environment needs a secret to decode
> it's certificate, then it must provide the secret. If the secrets
> happen to be the same, then configuration would use the same UUID
> as the default (but we cannot assume that nor can we assume that
> the secret would be necessary).
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>
> While responding to a different patch today regarding Veritas and
> usage of a default environment w/ or w/o secrets I realized that
> the existing logic has a flaw in "assuming" that someone would want
> to use the default secret. What if they defined their own environment
> without a secret? Then the code would create a secret object to pass
> to QEMU which would think it needs to use it to decode the server
> certificate (but it doesn't), so it would seemingly fail the start.
> I assume based on the lack of complaints about this that everyone just
> uses the default environment!
>
> src/qemu/qemu_conf.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
ACK
Michal
More information about the libvir-list
mailing list