From nobody Mon Dec 15 03:14:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1508513037858192.84558964295354; Fri, 20 Oct 2017 08:23:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 523ADC05166B; Fri, 20 Oct 2017 13:49:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 23F495D763; Fri, 20 Oct 2017 13:49:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DC8D4180BACD; Fri, 20 Oct 2017 13:49:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v9KDmLsh020391 for ; Fri, 20 Oct 2017 09:48:21 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6F1CA5EDF4; Fri, 20 Oct 2017 13:48:21 +0000 (UTC) Received: from angien.brq.redhat.com (unknown [10.43.2.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8175B5D763; Fri, 20 Oct 2017 13:48:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 523ADC05166B Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: Peter Krempa To: libvir-list@redhat.com Date: Fri, 20 Oct 2017 15:47:36 +0200 Message-Id: <9998930ab6c9bdf808e9f6c654869672f57f7e8f.1508507145.git.pkrempa@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com Cc: Peter Krempa Subject: [libvirt] [PATCH 11/12] qemu: domain: Prepare TLS data for the whole backing chain X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 20 Oct 2017 13:49:08 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Iterate through the backing chain when setting up TLS for disks. Reviewed-by: John Ferlan --- src/qemu/qemu_domain.c | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index aebe24e7b..3560cdd29 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7845,28 +7845,31 @@ int qemuDomainPrepareDiskSourceTLS(virStorageSourcePtr src, virQEMUDriverConfigPtr cfg) { + virStorageSourcePtr next; - /* VxHS uses only client certificates and thus has no need for - * the server-key.pem nor a secret that could be used to decrypt - * the it, so no need to add a secinfo for a secret UUID. */ - if (src->type =3D=3D VIR_STORAGE_TYPE_NETWORK && - src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS) { - - if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_ABSENT) { - if (cfg->vxhsTLS) - src->haveTLS =3D VIR_TRISTATE_BOOL_YES; - else - src->haveTLS =3D VIR_TRISTATE_BOOL_NO; - src->tlsFromConfig =3D true; - } + for (next =3D src; virStorageSourceIsBacking(next); next =3D next->bac= kingStore) { + /* VxHS uses only client certificates and thus has no need for + * the server-key.pem nor a secret that could be used to decrypt + * the it, so no need to add a secinfo for a secret UUID. */ + if (next->type =3D=3D VIR_STORAGE_TYPE_NETWORK && + next->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS) { + + if (next->haveTLS =3D=3D VIR_TRISTATE_BOOL_ABSENT) { + if (cfg->vxhsTLS) + next->haveTLS =3D VIR_TRISTATE_BOOL_YES; + else + next->haveTLS =3D VIR_TRISTATE_BOOL_NO; + next->tlsFromConfig =3D true; + } - if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { - /* Grab the vxhsTLSx509certdir and set the verify/listen value= s. - * NB: tlsAlias filled in during qemuDomainGetTLSObjects. */ - if (VIR_STRDUP(src->tlsCertdir, cfg->vxhsTLSx509certdir) < 0) - return -1; + if (next->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { + /* Grab the vxhsTLSx509certdir and set the verify/listen v= alues. + * NB: tlsAlias filled in during qemuDomainGetTLSObjects. = */ + if (VIR_STRDUP(next->tlsCertdir, cfg->vxhsTLSx509certdir) = < 0) + return -1; - src->tlsVerify =3D true; + next->tlsVerify =3D true; + } } } --=20 2.14.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list