1. Patchew
  2. Libvirt
  3. [PATCH 00/10] remote: support multiple certificate identities
  4. View patch

[PATCH 06/10] rpc: skip fallback when using custom PKI path

Daniel P. Berrangé via Devel posted 10 patches 2 weeks ago
[PATCH 06/10] rpc: skip fallback when using custom PKI path
Posted by Daniel P. Berrangé via Devel 2 weeks ago 
From: Daniel P. Berrangé <berrange@redhat.com>

The virNetTLSConfigCustomCreds will always set the cert paths
to non-NULL strings. This in turn means that the later call to
virNetTLSConfigSystemCreds will be a no-op aside from duplicating
log information. Refactor the conditions so that the call to
find system credentials is skipped when using custom credentials.

While this patch could have just done an early "return 0" after
the virNetTLSConfigCustomCreds call, an "} else {" branch is
instead added, since this will facilitate a later patch in this
series which prefers a common return path.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/rpc/virnettlscontext.c | 50 ++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 5e9c262b48..37f635f47f 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -271,32 +271,34 @@ static int virNetTLSContextLocateCredentials(const char *pkipath,
         virNetTLSConfigCustomCreds(pkipath, isServer,
                                    cacert, cacrl,
                                    cert, key);
-    } else if (tryUserPkiPath) {
-        virNetTLSConfigUserCreds(isServer,
-                                 cacert, cacrl,
-                                 cert, key);
-
-        /*
-         * If some of the files can't be found, fallback
-         * to the global location for them
-         */
-        if (!virFileExists(*cacert))
-            VIR_FREE(*cacert);
-        if (!virFileExists(*cacrl))
-            VIR_FREE(*cacrl);
-
-        /* Check these as a pair, since it they are
-         * mutually dependent
-         */
-        if (!virFileExists(*key) || !virFileExists(*cert)) {
-            VIR_FREE(*key);
-            VIR_FREE(*cert);
+    } else {
+        if (tryUserPkiPath) {
+            virNetTLSConfigUserCreds(isServer,
+                                     cacert, cacrl,
+                                     cert, key);
+
+            /*
+             * If some of the files can't be found, fallback
+             * to the global location for them
+             */
+            if (!virFileExists(*cacert))
+                VIR_FREE(*cacert);
+            if (!virFileExists(*cacrl))
+                VIR_FREE(*cacrl);
+
+            /* Check these as a pair, since it they are
+             * mutually dependent
+             */
+            if (!virFileExists(*key) || !virFileExists(*cert)) {
+                VIR_FREE(*key);
+                VIR_FREE(*cert);
+            }
         }
-    }
 
-    virNetTLSConfigSystemCreds(isServer,
-                               cacert, cacrl,
-                               cert, key);
+        virNetTLSConfigSystemCreds(isServer,
+                                   cacert, cacrl,
+                                   cert, key);
+    }
 
     return 0;
 }
-- 
2.51.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.