On Mon, Jan 24, 2011 at 10:20:03PM +0800, Osier Yang wrote:
This new parameter allows user specifies where the client cerficate, client key, CA certificate of x509 is, instead of hardcoding it. If 'pkipath' is not specified, and the user is not root, try to find files in $HOME/.pki, as long as one of client cerficate, client key, CA certificate can not be found, use default global location (LIBVIRT_CACERT, LIBVIRT_CLIENTCERT, LIBVIRT_CLIENTKEY, see src/remote/remote_driver.h)
e.g.
[root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file or directory error: failed to connect to the hypervisor [root@Osier client]# ls -l total 24 -rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out -rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem -rw-r--r--. 1 root root 132 Jan 23 19:04 client.info -rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem
[root@Osier client]# cp /tmp/cacert.pem . [root@Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands 'quit' to quit
virsh #
* src/remote/remote_driver.c --- src/remote/remote_driver.c | 130 ++++++++++++++++++++++++++++++++++++++------ 1 files changed, 112 insertions(+), 18 deletions(-)
ACK, looks good now. Daniel