1. Patchew
  2. Libvirt
  3. [PATCH 0/7] tls: Improve validation of certificates if multiple certs are concatenated in one file
  4. View patch

[PATCH 4/7] rpc: virnettlscert: Rename virNetTLSCertLoadCAListFromFile to virNetTLSCertLoadListFromFile

Peter Krempa via Devel posted 7 patches 1 month, 3 weeks ago
[PATCH 4/7] rpc: virnettlscert: Rename virNetTLSCertLoadCAListFromFile to virNetTLSCertLoadListFromFile
Posted by Peter Krempa via Devel 1 month, 3 weeks ago 
From: Peter Krempa <pkrempa@redhat.com>

The function can load a generic list of certs, it doesn't necessarily
have to be the list of CAs. Rename the function, and change error to be
generic.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/rpc/virnettlscert.c | 14 +++++++-------
 src/rpc/virnettlscert.h |  5 +++++
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/rpc/virnettlscert.c b/src/rpc/virnettlscert.c
index 774dd5989a..3efc4f0716 100644
--- a/src/rpc/virnettlscert.c
+++ b/src/rpc/virnettlscert.c
@@ -408,10 +408,10 @@ gnutls_x509_crt_t virNetTLSCertLoadFromFile(const char *certFile,
 }


-static int virNetTLSCertLoadCAListFromFile(const char *certFile,
-                                           gnutls_x509_crt_t *certs,
-                                           unsigned int certMax,
-                                           size_t *ncerts)
+int virNetTLSCertLoadListFromFile(const char *certFile,
+                                  gnutls_x509_crt_t *certs,
+                                  unsigned int certMax,
+                                  size_t *ncerts)
 {
     gnutls_datum_t data;
     g_autofree char *buf = NULL;
@@ -427,7 +427,7 @@ static int virNetTLSCertLoadCAListFromFile(const char *certFile,

     if (gnutls_x509_crt_list_import(certs, &certMax, &data, GNUTLS_X509_FMT_PEM, 0) < 0) {
         virReportError(VIR_ERR_SYSTEM_ERROR,
-                       _("Unable to import CA certificate list %1$s"),
+                       _("Unable to import certificate list %1$s"),
                        certFile);
         return -1;
     }
@@ -452,8 +452,8 @@ int virNetTLSCertSanityCheck(bool isServer,
         !(cert = virNetTLSCertLoadFromFile(certFile, isServer)))
         goto cleanup;
     if ((access(cacertFile, R_OK) == 0) &&
-        virNetTLSCertLoadCAListFromFile(cacertFile, cacerts,
-                                        MAX_CERTS, &ncacerts) < 0)
+        virNetTLSCertLoadListFromFile(cacertFile, cacerts,
+                                      MAX_CERTS, &ncacerts) < 0)
         goto cleanup;

     if (cert &&
diff --git a/src/rpc/virnettlscert.h b/src/rpc/virnettlscert.h
index 0ac511a141..a2f591d172 100644
--- a/src/rpc/virnettlscert.h
+++ b/src/rpc/virnettlscert.h
@@ -40,3 +40,8 @@ char *virNetTLSCertValidate(gnutls_x509_crt_t cert,

 gnutls_x509_crt_t virNetTLSCertLoadFromFile(const char *certFile,
                                             bool isServer);
+
+int virNetTLSCertLoadListFromFile(const char *certFile,
+                                  gnutls_x509_crt_t *certs,
+                                  unsigned int certMax,
+                                  size_t *ncerts);
-- 
2.50.0
Re: [PATCH 4/7] rpc: virnettlscert: Rename virNetTLSCertLoadCAListFromFile to virNetTLSCertLoadListFromFile
Posted by Daniel P. Berrangé via Devel 1 month, 3 weeks ago 
On Thu, Jul 17, 2025 at 05:28:07PM +0200, Peter Krempa via Devel wrote:
> From: Peter Krempa <pkrempa@redhat.com>
> 
> The function can load a generic list of certs, it doesn't necessarily
> have to be the list of CAs. Rename the function, and change error to be
> generic.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  src/rpc/virnettlscert.c | 14 +++++++-------
>  src/rpc/virnettlscert.h |  5 +++++
>  2 files changed, 12 insertions(+), 7 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.