From 63d1b07f83382fdd82ac348810a0e766c2c9bfd1 Mon Sep 17 00:00:00 2001 From: Justin Clift Date: Thu, 16 Sep 2010 01:39:08 +1000 Subject: [PATCH] libvirtd: improve the error message displayed on tls client auth failure This address BZ # 556599: https://bugzilla.redhat.com/show_bug.cgi?id=556599 --- daemon/libvirtd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c index 711360b63b..46e22bd727 100644 --- a/daemon/libvirtd.c +++ b/daemon/libvirtd.c @@ -1226,7 +1226,7 @@ remoteCheckCertificate (gnutls_session_t session) if (i == 0) { if (!remoteCheckDN (cert)) { /* This is the most common error: make it informative. */ - VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option.")); + VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list). Use 'certtool -i --infile clientcert.pem' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option.")); gnutls_x509_crt_deinit (cert); return -1; }