[PATCH 1/6] qemu: conf: Allow individual control of default value for *_tls_x509_verify
Michal Privoznik
mprivozn at redhat.com
Fri Nov 13 15:38:10 UTC 2020
On 11/13/20 4:01 PM, Peter Krempa wrote:
> Store whether "default_tls_x509_verify" was provided and enhance the
> SET_TLS_VERIFY_DEFAULT macro so that indiviual users can provide their
> own default if "default_tls_x509_verify" config option was not provided.
>
> For now we keep setting it to 'false'.
>
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> src/qemu/qemu.conf | 6 ++++++
> src/qemu/qemu_conf.c | 22 ++++++++++++++--------
> src/qemu/qemu_conf.h | 1 +
> 3 files changed, 21 insertions(+), 8 deletions(-)
>
> diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
> index 2fb2f021c2..c3a61816a4 100644
> --- a/src/qemu/qemu_conf.c
> +++ b/src/qemu/qemu_conf.c
> @@ -406,8 +406,10 @@ virQEMUDriverConfigLoadDefaultTLSEntry(virQEMUDriverConfigPtr cfg,
> if ((rv = virConfGetValueString(conf, "default_tls_x509_cert_dir", &cfg->defaultTLSx509certdir)) < 0)
> return -1;
> cfg->defaultTLSx509certdirPresent = (rv == 1);
> - if (virConfGetValueBool(conf, "default_tls_x509_verify", &cfg->defaultTLSx509verify) < 0)
> + if ((rv = virConfGetValueBool(conf, "default_tls_x509_verify", &cfg->defaultTLSx509verify)) < 0)
> return -1;
> + if (rv == 1)
> + cfg->defaultTLSx509verifyPresent = true;
> if (virConfGetValueString(conf, "default_tls_x509_secret_uuid",
> &cfg->defaultTLSx509secretUUID) < 0)
> return -1;
> @@ -1240,16 +1242,20 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
>
> #undef SET_TLS_X509_CERT_DEFAULT
>
> -#define SET_TLS_VERIFY_DEFAULT(val) \
> +#define SET_TLS_VERIFY_DEFAULT(val, defaultverify) \
> do { \
> - if (!cfg->val## TLSx509verifyPresent) \
> - cfg->val## TLSx509verify = cfg->defaultTLSx509verify; \
> + if (!cfg->val## TLSx509verifyPresent) {\
> + if (cfg->defaultTLSx509verifyPresent) \
> + cfg->val## TLSx509verify = cfg->defaultTLSx509verify; \
> + else \
> + cfg->val## TLSx509verify = defaultverify;\
Alignment.
> + }\
> } while (0)
>
Michal
More information about the libvir-list
mailing list