[PATCH 17/24] qemu: Store TLS config options for chardevs in qemuDomainChrSourcePrivate

[Peter Krempa]

When setting up TLS options from config in qemuDomainPrepareChardevSourceOne
we can also extract the x509 certificate path and default tlsVerify
setting so that 'qemuBuildChardevCommand' doesn't need to access the
config object any more.

Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
 src/qemu/qemu_command.c | 6 +++---
 src/qemu/qemu_domain.c  | 7 +++++++
 src/qemu/qemu_domain.h  | 3 +++
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 910508e725..583e311008 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1476,7 +1476,7 @@ qemuBuildChardevStr(const virDomainChrSourceDef *dev,

 static int
 qemuBuildChardevCommand(virCommand *cmd,
-                        virQEMUDriverConfig *cfg,
+                        virQEMUDriverConfig *cfg G_GNUC_UNUSED,
                         const virDomainChrSourceDef *dev,
                         const char *charAlias,
                         virQEMUCaps *qemuCaps)
@@ -1506,9 +1506,9 @@ qemuBuildChardevCommand(virCommand *cmd,
             if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias)))
                 return -1;

-            if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdir,
+            if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPath,
                                             dev->data.tcp.listen,
-                                            cfg->chardevTLSx509verify,
+                                            chrSourcePriv->tlsVerify,
                                             tlsCertEncSecAlias,
                                             objalias, qemuCaps) < 0) {
                 return -1;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a2ee160128..d7751f731d 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -867,6 +867,8 @@ qemuDomainChrSourcePrivateDispose(void *obj)
     VIR_FORCE_CLOSE(priv->fd);
     VIR_FORCE_CLOSE(priv->logfd);

+    g_free(priv->tlsCertPath);
+
     g_free(priv->fdset);
     g_free(priv->logFdset);
     g_free(priv->tlsCredsAlias);
@@ -9754,6 +9756,11 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef *dev,
                 charsrc->data.tcp.haveTLS = virTristateBoolFromBool(data->cfg->chardevTLS);
                 charsrc->data.tcp.tlsFromConfig = true;
             }
+
+            if (charsrc->data.tcp.haveTLS == VIR_TRISTATE_BOOL_YES) {
+                charpriv->tlsCertPath = g_strdup(data->cfg->chardevTLSx509certdir);
+                charpriv->tlsVerify = data->cfg->chardevTLSx509verify;
+            }
         }
         break;

diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index d07def3d85..5474d1dccc 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -346,6 +346,9 @@ struct _qemuDomainChrSourcePrivate {
     int logfd; /* file descriptor of the logging source */
     bool wait; /* wait for incomming connections on chardev */

+    char *tlsCertPath; /* path to certificates if TLS is requested */
+    bool tlsVerify; /* whether server should verify client certificates */
+
     char *fdset; /* fdset path corresponding to the passed filedescriptor */
     char *logFdset; /* fdset path corresponding to the passed filedescriptor for logfile */
     int passedFD; /* filedescriptor number when fdset passing it directly */
-- 
2.31.1