fridtjof/qemu-cr16
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

crypto: switch to newer gnutls API for distinguished name

Browse source 
The new API automatically allocates the right amount of memory
to hold the distinguished name, avoiding the need to loop and
realloc.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2025-07-11 13:21:34 +01:00
parent 3995fc238e
commit 3b3257b00f
1 changed files with 3 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

12
crypto/tlssession.c
View file

@ -409,20 +409,14 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
}
if (i == 0) {
size_t dnameSize = 1024;
session->peername = g_malloc(dnameSize);
requery:
ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
gnutls_datum_t dname = {};
ret = gnutls_x509_crt_get_dn2(cert, &dname);
if (ret < 0) {
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
session->peername = g_realloc(session->peername,
dnameSize);
goto requery;
}
error_setg(errp, "Cannot get client distinguished name: %s",
gnutls_strerror(ret));
goto error;
}
session->peername = (char *)g_steal_pointer(&dname.data);
if (session->authzid) {
bool allow;