From: Daniel P. Berrange Date: Fri, 15 Jul 2011 10:40:35 +0000 (+0100) Subject: Fix reporting of cert validation failures X-Git-Tag: v0.9.4-rc1~162 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2845177e2148edd44f90f14cc1bbb144a66f0ab;p=thirdparty%2Flibvirt.git Fix reporting of cert validation failures If the server succesfully validates the client cert, it will send back a single byte, under TLS. If it fails, it will close the connection. In this case, we were just reporting the standard I/O error. The original RPC code had a special case hack for the GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report a more useful error message * src/rpc/virnetclient.c: Return ENOMSG if we get GNUTLS_E_UNEXPECTED_PACKET_LENGTH * src/rpc/virnettlscontext.c: Report cert failure if we see ENOMSG --- diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c index b9f0fc807f..d3965c6d66 100644 --- a/src/rpc/virnetclient.c +++ b/src/rpc/virnetclient.c @@ -348,7 +348,7 @@ int virNetClientSetTLSSession(virNetClientPtr client, ignore_value(pthread_sigmask(SIG_BLOCK, &oldmask, NULL)); len = virNetTLSSessionRead(client->tls, buf, 1); - if (len < 0) { + if (len < 0 && errno != ENOMSG) { virReportSystemError(errno, "%s", _("Unable to read TLS confirmation")); goto error; diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 1120e1e894..8b8ba7fe84 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -796,6 +796,9 @@ ssize_t virNetTLSSessionWrite(virNetTLSSessionPtr sess, case GNUTLS_E_INTERRUPTED: errno = EINTR; break; + case GNUTLS_E_UNEXPECTED_PACKET_LENGTH: + errno = ENOMSG; + break; default: errno = EIO; break;