From nobody Fri Nov 21 10:11:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1762441137; cv=none; d=zohomail.com; s=zohoarc; b=nYOO1nuKZPHgcmBfzet7HCmqLTfPSsaW21MHkh4niiluY1OVuc1CVxf0FME9eT+kuYa0JVF7517IBhsZx91NNCA7owEMHxdkbZmMhRpK237rNRezD85RNjAMF14WV9HW9a5dFiogLUDJ6sBtqDHbLPpxoKlDIq2C7rw8rDBPBps= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1762441137; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=r3LXN3CAwu/Jn30zhueYvM00GA+zql+vklFjUl8ASlE=; b=LfEbryjLFErjigHvJRj7fSqS8S3GltbAYTKQizRSIrhBeNE/6fxJZ2Rx1dc14FimfQjI1SZkxIRACb/j8aq9KXOzSJNEcyTRy5M4swgeZRw5M0mop9E4uDCX/P7ff96VYp5GnUrs1eguGuLdgvMz4sROjTtmt+L5Ggy9TI5UOqo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1762441137282307.5256466582822; Thu, 6 Nov 2025 06:58:57 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 97AD44415C; Thu, 6 Nov 2025 09:58:56 -0500 (EST) Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id BA713441E8; Thu, 6 Nov 2025 09:52:42 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 4808A418F9; Thu, 6 Nov 2025 09:51:05 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 96B85440C0 for ; Thu, 6 Nov 2025 09:51:03 -0500 (EST) Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-58-SuXdat8VNleJd9BumoWQPw-1; Thu, 06 Nov 2025 09:51:01 -0500 Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C7D431956050 for ; Thu, 6 Nov 2025 14:51:00 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.39]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D39E31800451; Thu, 6 Nov 2025 14:50:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1762440663; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=r3LXN3CAwu/Jn30zhueYvM00GA+zql+vklFjUl8ASlE=; b=aoeyf1PyxIUm7rzMACvZl7QYhcHcyCsv6kc6vO4Sz1qfJBxMlBZhpmmng7+2sSsxTc3Hb1 zMBlBZ/q0bf/WHPZoobHWRV5Yi2weJ8LvQ83D3r8bUo8fUo2ClgLqeWUHnLvSbiQyAeX+2 OQIn+S/I0mZQAspVGKhDCmnGhvn1/rE= X-MC-Unique: SuXdat8VNleJd9BumoWQPw-1 X-Mimecast-MFC-AGG-ID: SuXdat8VNleJd9BumoWQPw_1762440660 To: devel@lists.libvirt.org Subject: [PATCH 06/10] rpc: skip fallback when using custom PKI path Date: Thu, 6 Nov 2025 14:50:46 +0000 Message-ID: <20251106145050.1851526-7-berrange@redhat.com> In-Reply-To: <20251106145050.1851526-1-berrange@redhat.com> References: <20251106145050.1851526-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: Ergz4aWHAIzyVkRCuvFMgby3FtfoJVjG0uUDxCA-MVg_1762440660 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: STGVK2CN3G6GJTYEPO4RDT4AAERUFVYJ X-Message-ID-Hash: STGVK2CN3G6GJTYEPO4RDT4AAERUFVYJ X-MailFrom: berrange@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?= Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1762441138875154100 From: Daniel P. Berrang=C3=A9 The virNetTLSConfigCustomCreds will always set the cert paths to non-NULL strings. This in turn means that the later call to virNetTLSConfigSystemCreds will be a no-op aside from duplicating log information. Refactor the conditions so that the call to find system credentials is skipped when using custom credentials. While this patch could have just done an early "return 0" after the virNetTLSConfigCustomCreds call, an "} else {" branch is instead added, since this will facilitate a later patch in this series which prefers a common return path. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/rpc/virnettlscontext.c | 50 ++++++++++++++++++++------------------ 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 5e9c262b48..37f635f47f 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -271,32 +271,34 @@ static int virNetTLSContextLocateCredentials(const ch= ar *pkipath, virNetTLSConfigCustomCreds(pkipath, isServer, cacert, cacrl, cert, key); - } else if (tryUserPkiPath) { - virNetTLSConfigUserCreds(isServer, - cacert, cacrl, - cert, key); - - /* - * If some of the files can't be found, fallback - * to the global location for them - */ - if (!virFileExists(*cacert)) - VIR_FREE(*cacert); - if (!virFileExists(*cacrl)) - VIR_FREE(*cacrl); - - /* Check these as a pair, since it they are - * mutually dependent - */ - if (!virFileExists(*key) || !virFileExists(*cert)) { - VIR_FREE(*key); - VIR_FREE(*cert); + } else { + if (tryUserPkiPath) { + virNetTLSConfigUserCreds(isServer, + cacert, cacrl, + cert, key); + + /* + * If some of the files can't be found, fallback + * to the global location for them + */ + if (!virFileExists(*cacert)) + VIR_FREE(*cacert); + if (!virFileExists(*cacrl)) + VIR_FREE(*cacrl); + + /* Check these as a pair, since it they are + * mutually dependent + */ + if (!virFileExists(*key) || !virFileExists(*cert)) { + VIR_FREE(*key); + VIR_FREE(*cert); + } } - } =20 - virNetTLSConfigSystemCreds(isServer, - cacert, cacrl, - cert, key); + virNetTLSConfigSystemCreds(isServer, + cacert, cacrl, + cert, key); + } =20 return 0; } --=20 2.51.1