libvirtd: improve the error message displayed on tls client auth failure

author Justin Clift <jclift@redhat.com>

Wed, 15 Sep 2010 15:39:08 +0000 (01:39 +1000)

committer Justin Clift <jclift@redhat.com>

Wed, 15 Sep 2010 16:49:54 +0000 (02:49 +1000)
author Justin Clift <jclift@redhat.com>
Wed, 15 Sep 2010 15:39:08 +0000 (01:39 +1000)
committer Justin Clift <jclift@redhat.com>
Wed, 15 Sep 2010 16:49:54 +0000 (02:49 +1000)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c

index 711360b63b616effe1e6b69f379b319979fecf2e..46e22bd727790346b4d33c5ea8061e5fc76bd637 100644 (file)
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -1226,7 +1226,7 @@ remoteCheckCertificate (gnutls_session_t session)
          if (i == 0) {
              if (!remoteCheckDN (cert)) {
                  /* This is the most common error: make it informative. */
-                VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list).  Use 'openssl x509 -in clientcert.pem -text' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
+                VIR_ERROR0(_("remoteCheckCertificate: client's Distinguished Name is not on the list of allowed clients (tls_allowed_dn_list).  Use 'certtool -i --infile clientcert.pem' to view the Distinguished Name field in the client certificate, or run this daemon with --verbose option."));
                  gnutls_x509_crt_deinit (cert);
                  return -1;
              }
author	Justin Clift <jclift@redhat.com>
	Wed, 15 Sep 2010 15:39:08 +0000 (01:39 +1000)
committer	Justin Clift <jclift@redhat.com>
	Wed, 15 Sep 2010 16:49:54 +0000 (02:49 +1000)