5:34 p.m.
On 03/15/2011 11:51 AM, Daniel P. Berrange wrote:
This provides two modules for handling TLS
* virNetTLSContext provides the process-wide state, in particular
all the x509 credentials, DH params and x509 whitelists
* virNetTLSSession provides the per-connection state, ie the
TLS session itself.
The virNetTLSContext provides APIs for validating a TLS session's
x509 credentials. The virNetTLSSession includes APIs for performing
the initial TLS handshake and sending/recving encrypted data
* src/Makefile.am: Add to libvirt-net-rpc.la
* src/rpc/virnettlscontext.c, src/rpc/virnettlscontext.h: Generic
TLS handling code
---
configure.ac | 2 +-
po/POTFILES.in | 1 +
src/Makefile.am | 5 +-
src/rpc/virnettlscontext.c | 892 ++++++++++++++++++++++++++++++++++++++++++++
src/rpc/virnettlscontext.h | 100 +++++
5 files changed, 998 insertions(+), 2 deletions(-)
create mode 100644 src/rpc/virnettlscontext.c
create mode 100644 src/rpc/virnettlscontext.h
No src/libvirt_private.syms entries?
diff --git a/configure.ac b/configure.ac
index 49403dd..81bad91 100644
--- a/configure.ac
+++ b/configure.ac
@@ -134,7 +134,7 @@ LIBS=$old_libs
dnl Availability of various common headers (non-fatal if missing).
AC_CHECK_HEADERS([pwd.h paths.h regex.h sys/syslimits.h sys/un.h \
sys/poll.h syslog.h mntent.h net/ethernet.h linux/magic.h \
- sys/un.h sys/syscall.h netinet/tcp.h])
+ sys/un.h sys/syscall.h netinet/tcp.h fnmatch.h])
Gnulib provides fnmatch. We shouldn't be adding this check, but modify
bootstrap.conf instead.
+++ b/src/rpc/virnettlscontext.c
@@ -0,0 +1,892 @@
+/*
+ * virnettlscontext.c: TLS encryption/x509 handling
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
2011
+#include <config.h>
+
+#include <unistd.h>
+#ifdef HAVE_FNMATCH_H
+# include <fnmatch.h>
+#endif
This should be unconditional inclusion, thanks to gnulib.
+
+static int virNetTLSContextLoadCredentials(virNetTLSContextPtr ctxt,
+ bool isServer,
+ const char *cacert,
+ const char *cacrl,
+ const char *cert,
+ const char *key)
+{
+ int ret = -1;
+ int err;
+
+ if (cacert && cacert[0] != '\0') {
+ if (virNetTLSContextCheckCertFile("CA certificate", cacert, false)
< 0)
+ goto cleanup;
+
+ VIR_DEBUG("loading CA cert from %s", cacert);
+ err = gnutls_certificate_set_x509_trust_file(ctxt->x509cred,
+ cacert,
+ GNUTLS_X509_FMT_PEM);
+ if (err < 0) {
+ virNetError(VIR_ERR_SYSTEM_ERROR,
+ _("Unable to set x509 CA certificate: %s: %s"),
+ cacert, gnutls_strerror (err));
Consistency on ' (' vs. '(' for function calls.
+ } else {
+ VIR_DEBUG("Skipping non-existant cert %s key %s on client", cert,
key);
s/existant/existent/
+
+/* Check DN is on tls_allowed_dn_list. */
+static int
+virNetTLSContextCheckDN(virNetTLSContextPtr ctxt,
+ const char *dname)
+{
+ const char *const*wildcards;
+
+ /* If the list is not set, allow any DN. */
+ wildcards = ctxt->x509dnWhitelist;
+ if (!wildcards)
+ return 1;
+
+ while (*wildcards) {
+#ifdef HAVE_FNMATCH_H
+ int ret = fnmatch (*wildcards, dname, 0);
Use this unconditionally.
+
+#if 0
+ PROBE(CLIENT_TLS_ALLOW, "fd=%d, name=%s",
+ virNetServerClientGetFD(client), name);
+#endif
+ return 0;
Are these PROBE() statements worth keeping? Are they for debug, for
systemtap probe points, or something else?
--- /dev/null
+++ b/src/rpc/virnettlscontext.h
@@ -0,0 +1,100 @@
+/*
+ * virnettlscontext.h: TLS encryption/x509 handling
+ *
+ * Copyright (C) 2010 Red Hat, Inc.
2011
+#ifndef __VIR_NET_TLS_CONTEXT_H__
+# define __VIR_NET_TLS_CONTEXT_H__
+
+# include <stdbool.h>
Is this redundant, now that "internal.h" guarantees this and all .c
files should be including "internal.h"? I don't see any other headers
that include <stdbool.h> since commit 3541672.
+
+void virNetTLSSessionFree(virNetTLSSessionPtr sess);
Should cfg.mk list this as a free-like function?
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org