Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 636155 - RFE: connection x509: set x509 cert location in the connection URI / auth callback
Summary: RFE: connection x509: set x509 cert location in the connection URI / auth cal...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Virtualization Tools
Classification: Community
Component: libvirt
Version: unspecified
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Veillard
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: libvirtTodoSecurity
TreeView+ depends on / blocked
 
Reported: 2010-09-21 15:12 UTC by Daniel Berrangé
Modified: 2011-07-07 14:39 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-07-07 14:39:05 UTC
Embargoed:


Attachments (Terms of Use)

Description Daniel Berrangé 2010-09-21 15:12:52 UTC
Description of problem:
Support specifying an x509 certificate location in the URI, or via an auth callback.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Daniel Berrangé 2011-07-07 14:39:05 UTC
commit 31242565ae9a9217fb790baf89da56f5a35dc0f6
Author: Osier Yang <jyang>
Date:   Thu Jan 27 16:34:54 2011 +0800

    remote: Add extra parameter pkipath for URI
    
    This new parameter allows user specifies where the client
    cerficate, client key, CA certificate of x509 is, instead of
    hardcoding it. If 'pkipath' is not specified, and the user
    is not root, try to find files in $HOME/.pki/libvirt, as long
    as one of client cerficate, client key, CA certificate can
    not be found, use default global location (LIBVIRT_CACERT,
    LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see
    src/remote/remote_driver.h)
    
    Example of use:
    
    [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
    error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file
    or directory
    error: failed to connect to the hypervisor
    [root@Osier client]# ls -l
    total 24
    -rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
    -rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
    -rw-r--r--. 1 root root  132 Jan 23 19:04 client.info
    -rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem
    
    [root@Osier client]# cp /tmp/cacert.pem .
    [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
    Welcome to virsh, the virtualization interactive terminal.
    
    Type:  'help' for help with commands
    'quit' to quit
    
    virsh #


Note You need to log in before you can comment on or make changes to this bug.