Re: [Libvir] PATCH: More useful error messages with missing certs

On the server end if you try to start the server with TLS enabled and you don't have the certs setup, you get a cryptic: gnutls_certificate_set_x509_trust_file: Error while reading file. Rather useless the gnutls error message not telling you what file was missing. Similarly with virsh: # ~/usr/bin/virsh --connect qemu://localhost/system list libvir: Remote error : Error while reading file. Since GNU TLS doesn't even tell you the actual problem - was it wrong permissions, or missing file altogether, I decided its better to do an explicit 'stat' check ahead of time. So now it gives: $ ~/usr/bin/virsh --connect qemu://celery.virt.boston.redhat.com/system start demo libvir: Remote error : Cannot access CA certificate '/home/berrange/usr/etc/pki/CA/cacert.pem': No such file or directory (2) Or $ ~/usr/bin/virsh --connect qemu://celery.virt.boston.redhat.com/system start demo libvir: Remote error : Cannot access CA certificate '/home/berrange/usr/etc/pki/CA/cacert.pem': Permission denied (13) Or in the daemon # /usr/sbin/libvirtd --listen Cannot access CA certificate '/home/berrange/usr/etc/pki/CA/cacert.pem': No such file or directory (2)

+#define CHECK_CERT(type, file) \ + do { if (stat(file, &sb) < 0) { \ + qemudLog (QEMUD_ERR, "Cannot access " type " '%s': %s (%d)", \ + file, strerror(errno), errno); \ + return -1; \ + } } while (0) +