From nobody Mon Sep 8 17:12:43 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752766145; cv=none; d=zohomail.com; s=zohoarc; b=k+WU0H54xjxpiIKcOlk0ydLYANsQ1XZRldkz7bEdVgiP+IOk9D8fa57CA2+P0FYUAy2j+jZrrGLmXcDVNVEm1gBG1MZaoSfRaSqQbtb0oHlrsVURIZkPP+520FqwVg+MFRAAdBK1u9QiXFVYsbQkK3waPoDE+riGVxeiSV5CIA0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752766145; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=gjhdzFAtDXUXXt3Sq9u44nXDWLKmxEfifo14N0VAX9I=; b=DPuRWgZEiTzuCOecdosFp7us0z/8RZucmAEbMMlnMLTHwgE8o5gPYt40hSkXcL4PNAH9x8EjLMTSkQ/qCm1jD8kvVQS2TOwJnsE0ipYEemSgTRfnLGkxzzOQwuW9Lst3U3nZcQ3p25DWGXHhmsSj0C54V5k6WCu5fOmFFNksbQ4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752766145681245.39371219728298; Thu, 17 Jul 2025 08:29:05 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 9C5F01563; Thu, 17 Jul 2025 11:29:04 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 33B1213C5; Thu, 17 Jul 2025 11:28:22 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5EC441277; Thu, 17 Jul 2025 11:28:17 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id DBFADC06 for ; Thu, 17 Jul 2025 11:28:16 -0400 (EDT) Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-155-GevEHAm-PF-6ZDV2uyJzwQ-1; Thu, 17 Jul 2025 11:28:15 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2C9C0195FE11 for ; Thu, 17 Jul 2025 15:28:14 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 66996180049D for ; Thu, 17 Jul 2025 15:28:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752766096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=mt0BYUUZ6fvJbzw1XYqFW+u2hU76wIeSalVOa+CcSSc=; b=buq4lTwxhbtsydXRS0fPl/3Z/wXeIPPoLdVg/iszm16a5Gt/p44g1s48bBzW9H9GmEqDEY C9r5AqBifDeDWr5exBkr0+3KzHrjdCYAGcEdiQuMrgywLkDsE5LEZgOhYLEM7PIyarCtdi MkypFByqnQoc9Zd1EYp/QxAAFki3Mnc= X-MC-Unique: GevEHAm-PF-6ZDV2uyJzwQ-1 X-Mimecast-MFC-AGG-ID: GevEHAm-PF-6ZDV2uyJzwQ_1752766094 To: devel@lists.libvirt.org Subject: [PATCH 1/7] rpc: virnettlscontext: Fix formatting of function definitions Date: Thu, 17 Jul 2025 17:28:04 +0200 Message-ID: <615bf50e4f67f26aec773e12a4ddf4c1c9adb653.1752766013.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: uLUA6UZ94KXaaMJVnHRcocbDw0aPqWZSXOyMa0x-31M_1752766094 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: Y7AW6TML5VAVF562B23BXUJ666JDDMCO X-Message-ID-Hash: Y7AW6TML5VAVF562B23BXUJ666JDDMCO X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752766147358116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/rpc/virnettlscontext.c | 74 +++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index e8023133b4..bf83857a05 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -188,14 +188,14 @@ static int virNetTLSContextLoadCredentials(virNetTLSC= ontext *ctxt, static virNetTLSContext *virNetTLSContextNew(const char *cacert, - const char *cacrl, - const char *cert, - const char *key, - const char *const *x509dnAC= L, - const char *priority, - bool sanityCheckCert, - bool requireValidCert, - bool isServer) + const char *cacrl, + const char *cert, + const char *key, + const char *const *x509dnACL, + const char *priority, + bool sanityCheckCert, + bool requireValidCert, + bool isServer) { virNetTLSContext *ctxt; int err; @@ -301,12 +301,12 @@ static int virNetTLSContextLocateCredentials(const ch= ar *pkipath, static virNetTLSContext *virNetTLSContextNewPath(const char *pkipath, - bool tryUserPkiPath, - const char *const *x509= dnACL, - const char *priority, - bool sanityCheckCert, - bool requireValidCert, - bool isServer) + bool tryUserPkiPath, + const char *const *x509dn= ACL, + const char *priority, + bool sanityCheckCert, + bool requireValidCert, + bool isServer) { char *cacert =3D NULL, *cacrl =3D NULL, *key =3D NULL, *cert =3D NULL; virNetTLSContext *ctxt =3D NULL; @@ -328,21 +328,21 @@ static virNetTLSContext *virNetTLSContextNewPath(cons= t char *pkipath, } virNetTLSContext *virNetTLSContextNewServerPath(const char *pkipath, - bool tryUserPkiPath, - const char *const *x509d= nACL, - const char *priority, - bool sanityCheckCert, - bool requireValidCert) + bool tryUserPkiPath, + const char *const *x509dnA= CL, + const char *priority, + bool sanityCheckCert, + bool requireValidCert) { return virNetTLSContextNewPath(pkipath, tryUserPkiPath, x509dnACL, pri= ority, sanityCheckCert, requireValidCert, true= ); } virNetTLSContext *virNetTLSContextNewClientPath(const char *pkipath, - bool tryUserPkiPath, - const char *priority, - bool sanityCheckCert, - bool requireValidCert) + bool tryUserPkiPath, + const char *priority, + bool sanityCheckCert, + bool requireValidCert) { return virNetTLSContextNewPath(pkipath, tryUserPkiPath, NULL, priority, sanityCheckCert, requireValidCert, fals= e); @@ -350,13 +350,13 @@ virNetTLSContext *virNetTLSContextNewClientPath(const= char *pkipath, virNetTLSContext *virNetTLSContextNewServer(const char *cacert, - const char *cacrl, - const char *cert, - const char *key, - const char *const *x509dnACL, - const char *priority, - bool sanityCheckCert, - bool requireValidCert) + const char *cacrl, + const char *cert, + const char *key, + const char *const *x509dnACL, + const char *priority, + bool sanityCheckCert, + bool requireValidCert) { return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnACL, priori= ty, sanityCheckCert, requireValidCert, true); @@ -406,12 +406,12 @@ int virNetTLSContextReloadForServer(virNetTLSContext = *ctxt, virNetTLSContext *virNetTLSContextNewClient(const char *cacert, - const char *cacrl, - const char *cert, - const char *key, - const char *priority, - bool sanityCheckCert, - bool requireValidCert) + const char *cacrl, + const char *cert, + const char *key, + const char *priority, + bool sanityCheckCert, + bool requireValidCert) { return virNetTLSContextNew(cacert, cacrl, cert, key, NULL, priority, sanityCheckCert, requireValidCert, false); @@ -594,7 +594,7 @@ virNetTLSSessionPull(void *opaque, void *buf, size_t le= n) virNetTLSSession *virNetTLSSessionNew(virNetTLSContext *ctxt, - const char *hostname) + const char *hostname) { virNetTLSSession *sess; int err; --=20 2.50.0 From nobody Mon Sep 8 17:12:43 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752766164; cv=none; d=zohomail.com; s=zohoarc; b=nrGytmZlAiYTYRlZDHrPfm9IQRLTEjhuD9HH7AVo5+FTMjIpkdlGBJ8TebQw/QOY8mJtZOjiS96TqWaoPlwwzbxlCLKDaLdQPn7MeJNG62XhZtK4Ogh0W+I+kF86ZXunXUMykUbxb94nG8C+yPYSUyZbnBWBMO46DptjKCDl+Cg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752766164; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=ZkDt1t0GO3X+oGj0JCbFM5+4DL55JgnChk2uLyzve+I=; b=SNSTVV7eaEx/3IfHS9YSGCryq/YMh9A99Ve5yYVJKnh8C/szi46oIWKSVXlsh1UYsBG5Wyk8gz6SsmoeoBpE/RixY6nd1FdfnaKyR9vdo0zDUmvYfxuYHl1t4nXyGfhU6JhbywlvC0TpHY1QwN/JWWRUhAD+pG0NceHw3BiXwQw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752766164387158.36898023542267; Thu, 17 Jul 2025 08:29:24 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 62C6A153C; Thu, 17 Jul 2025 11:29:23 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id B9A761571; Thu, 17 Jul 2025 11:28:23 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 5674F1273; Thu, 17 Jul 2025 11:28:18 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id D4FB6121C for ; Thu, 17 Jul 2025 11:28:17 -0400 (EDT) Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-116-r77eOrtmOZyCXyjOnvfhjQ-1; Thu, 17 Jul 2025 11:28:16 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 74DF6193E8DC for ; Thu, 17 Jul 2025 15:28:15 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A0BF6180049D for ; Thu, 17 Jul 2025 15:28:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752766097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jS5EIvusZ1/qT8z4j5qsodRWTYyM9cjK7fg37//l4BY=; b=XBC6g/WchIM4H6dZfA3Lk4WyJfpwPSg7CjZyn6AUkCb48i9571YoQ/ugnjqtPKFLWK+Rwr Xii0Ttf6CVA9E9IXUzbSf/JXEvKBe5s7clnQw/beP1oLLDyfzBW1xQQN4a4bm80JZK+4mB vK4EFwIDI4TVNm+/woDb1ocwrmQPyNM= X-MC-Unique: r77eOrtmOZyCXyjOnvfhjQ-1 X-Mimecast-MFC-AGG-ID: r77eOrtmOZyCXyjOnvfhjQ_1752766095 To: devel@lists.libvirt.org Subject: [PATCH 2/7] virNetTLSContextNewPath: Refactor temporary variable usage Date: Thu, 17 Jul 2025 17:28:05 +0200 Message-ID: <5d6b6934ef31ff2c4d9807ca39e63e7a7081f1d7.1752766013.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: EEVWe4MnGrt_UIfEQRmUqRMOCjY8Lpr5XjWArNBUplQ_1752766095 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: GAIR7VYTQTVCUJTEZI7G5K5QOYIFAK6N X-Message-ID-Hash: GAIR7VYTQTVCUJTEZI7G5K5QOYIFAK6N X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752766165735116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa Use autofree for all temporary variables and return the result directly. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/rpc/virnettlscontext.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index bf83857a05..f857bb2339 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -308,23 +308,18 @@ static virNetTLSContext *virNetTLSContextNewPath(cons= t char *pkipath, bool requireValidCert, bool isServer) { - char *cacert =3D NULL, *cacrl =3D NULL, *key =3D NULL, *cert =3D NULL; - virNetTLSContext *ctxt =3D NULL; + g_autofree char *cacert =3D NULL; + g_autofree char *cacrl =3D NULL; + g_autofree char *key =3D NULL; + g_autofree char *cert =3D NULL; if (virNetTLSContextLocateCredentials(pkipath, tryUserPkiPath, isServe= r, &cacert, &cacrl, &cert, &key) < = 0) return NULL; - ctxt =3D virNetTLSContextNew(cacert, cacrl, cert, key, + return virNetTLSContextNew(cacert, cacrl, cert, key, x509dnACL, priority, sanityCheckCert, requireValidCert, isServer); - - VIR_FREE(cacert); - VIR_FREE(cacrl); - VIR_FREE(key); - VIR_FREE(cert); - - return ctxt; } virNetTLSContext *virNetTLSContextNewServerPath(const char *pkipath, --=20 2.50.0 From nobody Mon Sep 8 17:12:43 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752766227; cv=none; d=zohomail.com; s=zohoarc; b=XXy7m0+l2m+JlepRSLcDFIoDkMjSJtjfqpBBsy3xIKMsPLuOuKkCB/LPag9dg8XhYavTSuB89kZQdUaWisO53HvffrZzPFlPmwbLTHMHa1y3jCXFrH9CQLhEOfdVIi0/QXpNQfwlMdWVuiQ8u8uT+KZ/b12DDwSojooadz5gbMo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752766227; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=wrUZMnh5blnrfjn38hj2dtLJTic4/2aoIaiXkgOBxKM=; b=TPN9iWIN1T7UaFHmsTOl9EqpLku8FRCdrV+7beBBuxipyT3HqJgBan4T0BQBhRCpzmgpTQ4jS/fmPRaSunzeF22nTUsrA+h+rCEVUINS/90sASbbCaWDUDV12E2l5IVOrxQ5jG24ABEM7KDuYxHy94aHiCXajxT0MoH154BXwaQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752766226990841.4305301458464; Thu, 17 Jul 2025 08:30:26 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 083271448; Thu, 17 Jul 2025 11:30:26 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 5A1D5156E; Thu, 17 Jul 2025 11:28:40 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 88C4714CE; Thu, 17 Jul 2025 11:28:33 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id AAA8213EF for ; Thu, 17 Jul 2025 11:28:22 -0400 (EDT) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-132-4VRxCIBAPQGW1YB94AQvxw-1; Thu, 17 Jul 2025 11:28:19 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B33741808888 for ; Thu, 17 Jul 2025 15:28:16 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E2F71180049D for ; Thu, 17 Jul 2025 15:28:15 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752766102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nZNrZIV7ITDt0XecGvrwsv2b+reGZ/DUA44ST6W1bl0=; b=TQHpVw/RymN5vlpby9YU3WLDv4NYk4ZSizvu/N4AeZXIVfLiatsInat9Jfkdr+eW8LMcxk 0s2PSRHuhueG95uFG0sFZtvhxaldXHyI7WoRdAvZhFwCu5p0FpA6X2meXhsSPsU8f5++fD TLSpUQ57aPJCVgHJ48Ts0Vxou0uIwR4= X-MC-Unique: 4VRxCIBAPQGW1YB94AQvxw-1 X-Mimecast-MFC-AGG-ID: 4VRxCIBAPQGW1YB94AQvxw_1752766097 To: devel@lists.libvirt.org Subject: [PATCH 3/7] virNetTLSCertCheckPair: Fix function definition formatting Date: Thu, 17 Jul 2025 17:28:06 +0200 Message-ID: <9c19f9fcbfeff9f27dba73cee211d937c1dcd3d9.1752766013.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: IX3M7FEPevYZYmAc-tCDiMvrZargzq-ZaxAGT0hV1bc_1752766097 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: FIQODGTHCNJSIBIOAWGUKC6MHWYB5HPT X-Message-ID-Hash: FIQODGTHCNJSIBIOAWGUKC6MHWYB5HPT X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752766228774116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/rpc/virnettlscert.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/rpc/virnettlscert.c b/src/rpc/virnettlscert.c index 6a723c1ed4..774dd5989a 100644 --- a/src/rpc/virnettlscert.c +++ b/src/rpc/virnettlscert.c @@ -323,11 +323,11 @@ static int virNetTLSCertCheck(gnutls_x509_crt_t cert, static int virNetTLSCertCheckPair(gnutls_x509_crt_t cert, - const char *certFile, - gnutls_x509_crt_t *cacerts, - size_t ncacerts, - const char *cacertFile, - bool isServer) + const char *certFile, + gnutls_x509_crt_t *cacerts, + size_t ncacerts, + const char *cacertFile, + bool isServer) { unsigned int status; --=20 2.50.0 From nobody Mon Sep 8 17:12:43 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752766211; cv=none; d=zohomail.com; s=zohoarc; b=ckmgr9MjLjc6LKmE+GBXhjLWO/tiR0MSHeTfXekQ+2C3QXlsJPiMNK+2foQr6L+BEGreJpn9qUJEXN/y1u5SEJf0P/xe/XPKrEvfBZeaBGT9FcFfeOVAYP1ZjFoIZeKH+Gy0OC9xbh7v+4ic9Gg3hmOsUk6hQR6xSgMnM63qWDk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752766211; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=4R46TSbVlp3YvdnWP471pFMXsqyv6bMB5lH61E7W4xk=; b=KvBmWHZjZkMcrM7nZ2yFHzsmWRm0pJyqiukT+avaaMailZG8N+BTzv+UMMDJSNuaR0X8xNzWO1KCHR76tnc1SMEvD/bqxe/kmyYjgK38HNs/00s3gfyqcSBj6CsdT0vF2hgQb8yilbA6fWBdWFOUP3q14VXlOdeA8L5q+CXNp8A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752766211047313.29901090534815; Thu, 17 Jul 2025 08:30:11 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 1D0A91587; Thu, 17 Jul 2025 11:30:09 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id B62031585; Thu, 17 Jul 2025 11:28:38 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 6AE751380; Thu, 17 Jul 2025 11:28:33 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 90020135B for ; Thu, 17 Jul 2025 11:28:22 -0400 (EDT) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-474-WA50_p_9PQ6Bdn_0BHWB6w-1; Thu, 17 Jul 2025 11:28:21 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0499E18009E7 for ; Thu, 17 Jul 2025 15:28:18 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 3F83A1800287 for ; Thu, 17 Jul 2025 15:28:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752766102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Lg6rgwj9rWNAYqZ0ShRRXrcV2lFwHiOyx2+OILYIVY4=; b=D9rW3g9yIsiG/3B6WmQ0REQEDL8l9WVxDk5BR9Lv4GT39IuPe54XBVimrFnEOZrVfW+4VR 74941KdAXzUmF+M9WOzj96hfttl4lE9edZZwWH2XWxRk34uVU6DJVzM52aLiNEWLE/DQsX RiO6Ls0HdpWnXGNdSeBjcUja6wDAoBk= X-MC-Unique: WA50_p_9PQ6Bdn_0BHWB6w-1 X-Mimecast-MFC-AGG-ID: WA50_p_9PQ6Bdn_0BHWB6w_1752766100 To: devel@lists.libvirt.org Subject: [PATCH 4/7] rpc: virnettlscert: Rename virNetTLSCertLoadCAListFromFile to virNetTLSCertLoadListFromFile Date: Thu, 17 Jul 2025 17:28:07 +0200 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: JbpgRNTfcCW2BpMfRnIiDBYFrziNwmIC23amj4U_lP0_1752766100 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 6Y4FM5OV2B25HTSX4M6ARD3QN27VAEDN X-Message-ID-Hash: 6Y4FM5OV2B25HTSX4M6ARD3QN27VAEDN X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752766212419116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa The function can load a generic list of certs, it doesn't necessarily have to be the list of CAs. Rename the function, and change error to be generic. Signed-off-by: Peter Krempa Reviewed-by: Daniel P. Berrang=C3=A9 --- src/rpc/virnettlscert.c | 14 +++++++------- src/rpc/virnettlscert.h | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/rpc/virnettlscert.c b/src/rpc/virnettlscert.c index 774dd5989a..3efc4f0716 100644 --- a/src/rpc/virnettlscert.c +++ b/src/rpc/virnettlscert.c @@ -408,10 +408,10 @@ gnutls_x509_crt_t virNetTLSCertLoadFromFile(const cha= r *certFile, } -static int virNetTLSCertLoadCAListFromFile(const char *certFile, - gnutls_x509_crt_t *certs, - unsigned int certMax, - size_t *ncerts) +int virNetTLSCertLoadListFromFile(const char *certFile, + gnutls_x509_crt_t *certs, + unsigned int certMax, + size_t *ncerts) { gnutls_datum_t data; g_autofree char *buf =3D NULL; @@ -427,7 +427,7 @@ static int virNetTLSCertLoadCAListFromFile(const char *= certFile, if (gnutls_x509_crt_list_import(certs, &certMax, &data, GNUTLS_X509_FM= T_PEM, 0) < 0) { virReportError(VIR_ERR_SYSTEM_ERROR, - _("Unable to import CA certificate list %1$s"), + _("Unable to import certificate list %1$s"), certFile); return -1; } @@ -452,8 +452,8 @@ int virNetTLSCertSanityCheck(bool isServer, !(cert =3D virNetTLSCertLoadFromFile(certFile, isServer))) goto cleanup; if ((access(cacertFile, R_OK) =3D=3D 0) && - virNetTLSCertLoadCAListFromFile(cacertFile, cacerts, - MAX_CERTS, &ncacerts) < 0) + virNetTLSCertLoadListFromFile(cacertFile, cacerts, + MAX_CERTS, &ncacerts) < 0) goto cleanup; if (cert && diff --git a/src/rpc/virnettlscert.h b/src/rpc/virnettlscert.h index 0ac511a141..a2f591d172 100644 --- a/src/rpc/virnettlscert.h +++ b/src/rpc/virnettlscert.h @@ -40,3 +40,8 @@ char *virNetTLSCertValidate(gnutls_x509_crt_t cert, gnutls_x509_crt_t virNetTLSCertLoadFromFile(const char *certFile, bool isServer); + +int virNetTLSCertLoadListFromFile(const char *certFile, + gnutls_x509_crt_t *certs, + unsigned int certMax, + size_t *ncerts); --=20 2.50.0 From nobody Mon Sep 8 17:12:43 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752766190; cv=none; d=zohomail.com; s=zohoarc; b=nD+cOCwDK7qD/erinedXkuQnGyHDjHxTWO87PfymLrCaTK63VZzblwpiGM/8fcMmi/ZJsK54hqXSGNhh0pdYaWKVX7j1Q46Ie+UejrAVTnUD8kG/dNI1aoFzT4EqhxiMPyiLxRaRsVO6f/B3V9tCagmglpd9cpkUJX8VVzIQdP4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752766190; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=UhB0FMYm8DPKcm70OeC3HEZ/joQPXL2lRcZ2cdtioJs=; b=jCtjYeYonpJstiGHEDDk3SQPpbCr7GjjgpUCBtB1lvjsutg5slADU+h8TaupSXuuNVykmrwZBeFlGZwPUN8uCGMgf8TpWbaEHHQ2LQFjPhxVotl+DdwVAWTFzSW/724XzThAUkz+/+DS+/A1Ab/++7LuKKMpW5kLfvdhOlBmPNs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752766190339729.8903893946801; Thu, 17 Jul 2025 08:29:50 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 63A97154B; Thu, 17 Jul 2025 11:29:49 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id D824F145E; Thu, 17 Jul 2025 11:28:33 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 157EF1454; Thu, 17 Jul 2025 11:28:30 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 13D4213BF for ; Thu, 17 Jul 2025 11:28:22 -0400 (EDT) Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-554-o_L-0dzEM-ebNp3w8QxKeA-1; Thu, 17 Jul 2025 11:28:20 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 48FDF1955EAA for ; Thu, 17 Jul 2025 15:28:19 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7C8EE18004AD for ; Thu, 17 Jul 2025 15:28:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752766101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u1dz0PHQG3GJ//N+hqz1pv1oYOWHiIu53kcs4kcn+iw=; b=Kz58ZadVo4U3QGr2JeOpxYZbY5DVd1tJkjL20WVsr8d1xYfPtfWoGfrUV+A3WP4Lk38beD uI88sUFi9BYgQ3fVSBt1gGg93PgUuJ1eWU3rOK2efgHbNsh2zkK7IttukU+FNAqV5pl62T TyWjhzE83lkCfZ60qsZDdHbUsIEAlg4= X-MC-Unique: o_L-0dzEM-ebNp3w8QxKeA-1 X-Mimecast-MFC-AGG-ID: o_L-0dzEM-ebNp3w8QxKeA_1752766099 To: devel@lists.libvirt.org Subject: [PATCH 5/7] virPKIValidateIdentity: Validate all concatenated certificates Date: Thu, 17 Jul 2025 17:28:08 +0200 Message-ID: <1bb37599fc2cbc7e77789f1ee487d20413d62b35.1752766013.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: LiMJmZ-NWmhw-174mENYeWoJibHMqiLxZ-m4Z8q1Hv4_1752766099 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: H434MNHF3OPH746DRJEOZITQJGZ2Y3YS X-Message-ID-Hash: H434MNHF3OPH746DRJEOZITQJGZ2Y3YS X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752766192100116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa Since gnutls and thus by extension libvirt allows passing multiple certificates in one file by concatenating them, virt-pki-validate ought to validate the hostname of all of them, instead of only the first one to prevent issues when wrong certs are concatenated. Signed-off-by: Peter Krempa --- tools/virt-pki-validate.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/tools/virt-pki-validate.c b/tools/virt-pki-validate.c index e693ffaed6..a8ea396550 100644 --- a/tools/virt-pki-validate.c +++ b/tools/virt-pki-validate.c @@ -283,19 +283,29 @@ virPKIValidateIdentity(bool isServer, bool system, co= nst char *path) } if (isServer) { - gnutls_x509_crt_t crt; + gnutls_x509_crt_t crts[16] =3D { 0 }; + size_t ncrts =3D 0; virValidateCheck(scope, "%s", _("Checking cert hostname match")); - if (!(crt =3D virNetTLSCertLoadFromFile(cert, true))) { + if (virNetTLSCertLoadListFromFile(cert, crts, 16, &ncrts) < 0) { virValidateFail(VIR_VALIDATE_FAIL, _("Unable to load %1$s: %2$s"), cert, virGetLastErrorMessage()); + ok =3D false; } else { g_autofree char *hostname =3D virGetHostname(); - int ret =3D gnutls_x509_crt_check_hostname(crt, hostname); - gnutls_x509_crt_deinit(crt); - if (!ret) { + bool mismatch =3D false; + size_t i; + + for (i =3D 0; i < ncrts; i++) { + if (gnutls_x509_crt_check_hostname(crts[i], hostname) =3D= =3D 0) + mismatch =3D true; + + gnutls_x509_crt_deinit(crts[i]); + } + + if (mismatch) { /* Only warning, since there can be valid reasons for mis-= match */ virValidateFail(VIR_VALIDATE_WARN, _("Certificate %1$s owner does not match t= he hostname %2$s"), --=20 2.50.0 From nobody Mon Sep 8 17:12:43 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752766246; cv=none; d=zohomail.com; s=zohoarc; b=LyjHxHpY6dvnSu4S1nWJx6B3Pn701mtoSYFozs4x/w26myzyvoAOLSpDd7Ep0lEtgwbOErDmSec4WNCAlCsFSHiktO0IDdsGp7gnNv44n1Z17DQevIxzCfOQP9Ok8bsphJMxITjmDnjTjaamhYVttOPg+gHYQL0ChMPU873wZeI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752766246; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=KQohI3x0+c8x6+ATsPk6yUdDtfwMQRVqeTgwK6vzljw=; b=nL5YZ4heJ3rFrgBfYTnE1tu+SywZ+jX6/r6mL11WhbrdGHv9Gg5bHCkkW4ItcU8BAB5tyHh3VEcmnoxCmBdcQUqyt1a3JT7Lyh2jjCP1F/WBShivB1O50/IVFfIHUwiuy9Owlz18Wv99CCnBd9aoxd2aq0dDPlRCcWjE82HqmGk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752766246177916.6265635824285; Thu, 17 Jul 2025 08:30:46 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2F03A14C1; Thu, 17 Jul 2025 11:30:45 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 17D6B15B8; Thu, 17 Jul 2025 11:28:43 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id C76AA13F8; Thu, 17 Jul 2025 11:28:34 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E765E13F8 for ; Thu, 17 Jul 2025 11:28:22 -0400 (EDT) Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-10-3AxMuKW7Pu-ElCy8S7G4_g-1; Thu, 17 Jul 2025 11:28:21 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8742719783AE for ; Thu, 17 Jul 2025 15:28:20 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id BCCB7180049D for ; Thu, 17 Jul 2025 15:28:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752766102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=77XYYB0Zn58UqhDuo5Rwr3C0cfvR6TwBp/Go0YghyPI=; b=g55V/V1R+R4cwHE/ZMcbbgbi98LFu6WY53OVkbmgxwQ4bBwI8v9jBMUiThVjZBYXuqgoPY gcxkQ9FEeI0javCsCj5CY/TLv1IPsm13R8k7dMauv/Km7qofqNBpru1pK+m6fVHLv35Q2D EEGm+3DKa92zzaBABI2JvmvKlv7OxGk= X-MC-Unique: 3AxMuKW7Pu-ElCy8S7G4_g-1 X-Mimecast-MFC-AGG-ID: 3AxMuKW7Pu-ElCy8S7G4_g_1752766100 To: devel@lists.libvirt.org Subject: [PATCH 6/7] virNetTLSCertSanityCheck: Validate all concatenated certs Date: Thu, 17 Jul 2025 17:28:09 +0200 Message-ID: <3ead3dc0d38d7bb1f954dacdb004f8a9041e8835.1752766013.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: R8Wf0Jg_gObrXjdKTOMBCMwFW2KeihSuruk3YyZB0cc_1752766100 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: FHG6IVJWOXLVCWV2TCNC5T4AI5VX6Y43 X-Message-ID-Hash: FHG6IVJWOXLVCWV2TCNC5T4AI5VX6Y43 X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752766246737116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa Similarly to how we iterate the list of CAs in the concatenated bundle there's a possibility of the server/client certificates to be concatenated as well. If for some case the first certificate is okay but the further one have e.g. invalid signatures the validation code would not reject them but we'd encounter failures later when gnutls tries to use them. Iterate also the client/server certs rather than just the CAs. Signed-off-by: Peter Krempa --- src/rpc/virnettlscert.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/src/rpc/virnettlscert.c b/src/rpc/virnettlscert.c index 3efc4f0716..2724f55bbe 100644 --- a/src/rpc/virnettlscert.c +++ b/src/rpc/virnettlscert.c @@ -442,38 +442,43 @@ int virNetTLSCertSanityCheck(bool isServer, const char *cacertFile, const char *certFile) { - gnutls_x509_crt_t cert =3D NULL; + gnutls_x509_crt_t certs[MAX_CERTS] =3D { 0 }; + size_t ncerts =3D 0; gnutls_x509_crt_t cacerts[MAX_CERTS] =3D { 0 }; size_t ncacerts =3D 0; size_t i; int ret =3D -1; if ((access(certFile, R_OK) =3D=3D 0) && - !(cert =3D virNetTLSCertLoadFromFile(certFile, isServer))) + virNetTLSCertLoadListFromFile(certFile, certs, MAX_CERTS, &ncerts)= < 0) goto cleanup; + if ((access(cacertFile, R_OK) =3D=3D 0) && virNetTLSCertLoadListFromFile(cacertFile, cacerts, MAX_CERTS, &ncacerts) < 0) goto cleanup; - if (cert && - virNetTLSCertCheck(cert, certFile, isServer, false) < 0) - goto cleanup; - for (i =3D 0; i < ncacerts; i++) { - if (virNetTLSCertCheck(cacerts[i], cacertFile, isServer, true) < 0) + g_autofree char *cacertid =3D g_strdup_printf("%s[%zu]", cacertFil= e, i); + if (virNetTLSCertCheck(cacerts[i], cacertid, isServer, true) < 0) goto cleanup; } - if (cert && ncacerts && - virNetTLSCertCheckPair(cert, certFile, cacerts, ncacerts, cacertFi= le, isServer) < 0) - goto cleanup; + for (i =3D 0; i < ncerts; i++) { + g_autofree char *certid =3D g_strdup_printf("%s[%zu]", certFile, i= ); + if (virNetTLSCertCheck(certs[i], certid, isServer, false) < 0) + goto cleanup; + + if (ncacerts && + virNetTLSCertCheckPair(certs[i], certid, cacerts, ncacerts, ca= certFile, isServer) < 0) + goto cleanup; + } ret =3D 0; cleanup: - if (cert) - gnutls_x509_crt_deinit(cert); + for (i =3D 0; i < ncerts; i++) + gnutls_x509_crt_deinit(certs[i]); for (i =3D 0; i < ncacerts; i++) gnutls_x509_crt_deinit(cacerts[i]); return ret; --=20 2.50.0 From nobody Mon Sep 8 17:12:43 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1752766272; cv=none; d=zohomail.com; s=zohoarc; b=FGKCdzK1YL45dvvbjDDS1ANwGqqIqU2+7RvL6mDUTaQ4bSysNVym03ukgzzPm3Y2sEcOniKmfBruksX53PyqG3HoSFdH5GIk7ytlr3hs8opVu4fOwwBj3aesFOVEZVFeAwQQULXO7d+1LUhRszfRcIxUxD8RORzuqSx2TQ4lF9g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752766272; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=rjDH3SMB4I0jvOekt/QFMoJmxKjJpfyv6WUf5LTQTM8=; b=Pl3xejaXchH5Puy3Uq4t5H96FjwsdVGvQfrF/fTyb/i06QKxSpjVb5vdnYm2dbyez4ZIcgHI4NYGa4xHlmd3rCIjjWi6TJ3wxWeL8mU7KMoxqEoRjH4IkWWZyPw/1Birp4Nm91PFDGWu65YMYLClAh87C5N/2InOZWNtCKytUZM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 175276627211886.05366000602476; Thu, 17 Jul 2025 08:31:12 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 28E43121C; Thu, 17 Jul 2025 11:31:11 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id A7DFB15C7; Thu, 17 Jul 2025 11:28:50 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 3777A1490; Thu, 17 Jul 2025 11:28:46 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id F161B1490 for ; Thu, 17 Jul 2025 11:28:27 -0400 (EDT) Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-369-Q3oEaF2VOAO4YOjoweHegA-1; Thu, 17 Jul 2025 11:28:26 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CF79218009BE for ; Thu, 17 Jul 2025 15:28:21 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.45.242.5]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 055DE1800359 for ; Thu, 17 Jul 2025 15:28:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752766107; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=16NMPYRHx7q+UfziqiLs6zsoY+k/CK7h4J7eGVdVjRk=; b=c1EWXTTF1QcxNRJO8HPWR+nXxBUrLygtCGulDT62iQDcNSLRD8ni9fmKi3u4WsHB1Hpk2u BdsRyK6ojSzTLWb9ncRBgMvSRpFvH5bysFrXJpZUWP84/ehZ6FYMruf2gnnoNCKJ8ToSbm OUEzG3zi2cCZiLyxTFhju/cI5Kidky4= X-MC-Unique: Q3oEaF2VOAO4YOjoweHegA-1 X-Mimecast-MFC-AGG-ID: Q3oEaF2VOAO4YOjoweHegA_1752766105 To: devel@lists.libvirt.org Subject: [PATCH 7/7] Remove unused 'virNetTLSCertLoadFromFile' Date: Thu, 17 Jul 2025 17:28:10 +0200 Message-ID: <436bca9e91ded9377dae6f5e5e18489fd4c3fef8.1752766013.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: QtIyXKmejRJoScnqem_2LP0jMirRzc6pyKc_SZXbkfQ_1752766105 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: SGIZSM2ZCQFXLW3AOWW3PGG4KICPE6T3 X-Message-ID-Hash: SGIZSM2ZCQFXLW3AOWW3PGG4KICPE6T3 X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Peter Krempa via Devel Reply-To: Peter Krempa X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752766273201116600 Content-Type: text/plain; charset="utf-8" From: Peter Krempa We now always load a list of certificates rather than only the first one so this function is not used any more. Signed-off-by: Peter Krempa --- src/rpc/virnettlscert.c | 41 ----------------------------------------- src/rpc/virnettlscert.h | 3 --- 2 files changed, 44 deletions(-) diff --git a/src/rpc/virnettlscert.c b/src/rpc/virnettlscert.c index 2724f55bbe..5e036a4f2b 100644 --- a/src/rpc/virnettlscert.c +++ b/src/rpc/virnettlscert.c @@ -367,47 +367,6 @@ static int virNetTLSCertCheckPair(gnutls_x509_crt_t ce= rt, } -gnutls_x509_crt_t virNetTLSCertLoadFromFile(const char *certFile, - bool isServer) -{ - gnutls_datum_t data; - gnutls_x509_crt_t cert =3D NULL; - g_autofree char *buf =3D NULL; - int ret =3D -1; - - VIR_DEBUG("isServer %d certFile %s", - isServer, certFile); - - if (gnutls_x509_crt_init(&cert) < 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, "%s", - _("Unable to initialize certificate")); - goto cleanup; - } - - if (virFileReadAll(certFile, (1<<16), &buf) < 0) - goto cleanup; - - data.data =3D (unsigned char *)buf; - data.size =3D strlen(buf); - - if (gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM) < 0) { - virReportError(VIR_ERR_SYSTEM_ERROR, isServer ? - _("Unable to import server certificate %1$s") : - _("Unable to import client certificate %1$s"), - certFile); - goto cleanup; - } - - ret =3D 0; - - cleanup: - if (ret !=3D 0) { - g_clear_pointer(&cert, gnutls_x509_crt_deinit); - } - return cert; -} - - int virNetTLSCertLoadListFromFile(const char *certFile, gnutls_x509_crt_t *certs, unsigned int certMax, diff --git a/src/rpc/virnettlscert.h b/src/rpc/virnettlscert.h index a2f591d172..aa0fe16a91 100644 --- a/src/rpc/virnettlscert.h +++ b/src/rpc/virnettlscert.h @@ -38,9 +38,6 @@ char *virNetTLSCertValidate(gnutls_x509_crt_t cert, const char *hostname, const char *const *x509dnACL); -gnutls_x509_crt_t virNetTLSCertLoadFromFile(const char *certFile, - bool isServer); - int virNetTLSCertLoadListFromFile(const char *certFile, gnutls_x509_crt_t *certs, unsigned int certMax, --=20 2.50.0