From 89a7e6e75f8c3872f8418c34b974809d4d5d9ea5 Mon Sep 17 00:00:00 2001
Message-Id: <89a7e6e75f8c3872f8418c34b974809d4d5d9ea5.1285078089.git.jdenemar@redhat.com>
From: Justin Clift <jclift@redhat.com>
Date: Thu, 16 Sep 2010 18:41:38 +1000
Subject: [PATCH] libvirtd: improve the error message displayed on tls client auth failure
This address BZ # 556599:
https://bugzilla.redhat.com/show_bug.cgi?id=556599
(cherry picked from commit 63d1b07f83382fdd82ac348810a0e766c2c9bfd1)
---
daemon/libvirtd.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index 711360b..46e22bd 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1226,7 +1226,7 @@ remoteCheckCertificate (gnutls_session_t session)
if (i == 0) {
if (!remoteCheckDN (cert)) {
/* This is the most common error: make it informative. */
- VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
+ VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'certtool -i --infile clientcert.pem' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
gnutls_x509_crt_deinit (cert);
return -1;
}
--
1.7.3
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
ebe084c140192657f9094e135a84202c
>
files
>
88
