From: Daniel P. Berrangé Date: Wed, 29 Oct 2025 19:54:08 +0000 (+0000) Subject: crypto: remove redundant parameter checking CA certs X-Git-Tag: v10.2.0-rc1~24^2~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3821a538f7ec0a7973fa7b751dcea65d0b9b3213;p=thirdparty%2Fqemu.git crypto: remove redundant parameter checking CA certs The only caller of qcrypto_tls_creds_check_authority_chain always passes 'true' for the 'isCA' parameter. The point of this method is to check the CA chani, so no other value would ever make sense. Reviewed-by: Marc-André Lureau Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Daniel P. Berrangé --- diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index db2b74bafa..847fd4d9fa 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -315,7 +315,6 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCredsX509 *creds, unsigned int ncacerts, const char *cacertFile, bool isServer, - bool isCA, Error **errp) { gnutls_x509_crt_t cert_to_check = certs[ncerts - 1]; @@ -356,7 +355,7 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCredsX509 *creds, */ return qcrypto_tls_creds_check_cert( creds, cert_to_check, cacertFile, - isServer, isCA, errp); + isServer, true, errp); } for (int i = 0; i < ncacerts; i++) { if (gnutls_x509_crt_check_issuer(cert_to_check, @@ -370,7 +369,7 @@ qcrypto_tls_creds_check_authority_chain(QCryptoTLSCredsX509 *creds, } if (qcrypto_tls_creds_check_cert(creds, cert_issuer, cacertFile, - isServer, isCA, errp) < 0) { + isServer, true, errp) < 0) { return -1; } @@ -534,7 +533,7 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, certs, ncerts, cacerts, ncacerts, cacertFile, isServer, - true, errp) < 0) { + errp) < 0) { goto cleanup; }