]> git.ipfire.org Git - thirdparty/qemu.git/commitdiff
projects / thirdparty / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3995fc2)
crypto: switch to newer gnutls API for distinguished name
authorDaniel P. Berrangé <berrange@redhat.com>
Fri, 11 Jul 2025 12:21:34 +0000 (13:21 +0100)
committerDaniel P. Berrangé <berrange@redhat.com>
Fri, 24 Oct 2025 15:36:48 +0000 (16:36 +0100)
The new API automatically allocates the right amount of memory
to hold the distinguished name, avoiding the need to loop and
realloc.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
crypto/tlssession.c patch | blob | blame | history

diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index 8c0bf457ad7d1ed6eda0bceb70d3d208f6ec51f5..92fe4f038098039df17009f06c8a70ee652d7ff7 100644 (file)
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -409,20 +409,14 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
         }
 
         if (i == 0) {
-            size_t dnameSize = 1024;
-            session->peername = g_malloc(dnameSize);
-        requery:
-            ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
+            gnutls_datum_t dname = {};
+            ret = gnutls_x509_crt_get_dn2(cert, &dname);
             if (ret < 0) {
-                if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
-                    session->peername = g_realloc(session->peername,
-                                                  dnameSize);
-                    goto requery;
-                }
                 error_setg(errp, "Cannot get client distinguished name: %s",
                            gnutls_strerror(ret));
                 goto error;
             }
+            session->peername = (char *)g_steal_pointer(&dname.data);
             if (session->authzid) {
                 bool allow;
 
Mirror of https://git.qemu.org/git/qemu.git