Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 636155

Summary: RFE: connection x509: set x509 cert location in the connection URI / auth callback
Product: [Community] Virtualization Tools Reporter: Daniel BerrangĂ© <berrange>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedCC: crobinso, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-07 14:39:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 636032    

Description Daniel Berrangé 2010-09-21 15:12:52 UTC 
Description of problem:
Support specifying an x509 certificate location in the URI, or via an auth callback.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Daniel Berrangé 2011-07-07 14:39:05 UTC 
commit 31242565ae9a9217fb790baf89da56f5a35dc0f6
Author: Osier Yang <jyang>
Date:   Thu Jan 27 16:34:54 2011 +0800

    remote: Add extra parameter pkipath for URI
    
    This new parameter allows user specifies where the client
    cerficate, client key, CA certificate of x509 is, instead of
    hardcoding it. If 'pkipath' is not specified, and the user
    is not root, try to find files in $HOME/.pki/libvirt, as long
    as one of client cerficate, client key, CA certificate can
    not be found, use default global location (LIBVIRT_CACERT,
    LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see
    src/remote/remote_driver.h)
    
    Example of use:
    
    [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
    error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file
    or directory
    error: failed to connect to the hypervisor
    [root@Osier client]# ls -l
    total 24
    -rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
    -rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
    -rw-r--r--. 1 root root  132 Jan 23 19:04 client.info
    -rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem
    
    [root@Osier client]# cp /tmp/cacert.pem .
    [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
    Welcome to virsh, the virtualization interactive terminal.
    
    Type:  'help' for help with commands
    'quit' to quit
    
    virsh #