From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PATCH v2 5/6] crypto: switch to newer gnutls API for distinguished name
Date: Fri, 19 Sep 2025 11:10:21 +0100 [thread overview]
Message-ID: <20250919101022.1491007-6-berrange@redhat.com> (raw)
In-Reply-To: <20250919101022.1491007-1-berrange@redhat.com>
The new API automatically allocates the right amount of memory
to hold the distinguished name, avoiding the need to loop and
realloc.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/tlssession.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index 86d407a142..0f86d1393f 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -409,20 +409,14 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
}
if (i == 0) {
- size_t dnameSize = 1024;
- session->peername = g_malloc(dnameSize);
- requery:
- ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
+ gnutls_datum_t dname = {};
+ ret = gnutls_x509_crt_get_dn2(cert, &dname);
if (ret < 0) {
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
- session->peername = g_realloc(session->peername,
- dnameSize);
- goto requery;
- }
error_setg(errp, "Cannot get client distinguished name: %s",
gnutls_strerror(ret));
goto error;
}
+ session->peername = (char *)g_steal_pointer(&dname.data);
if (session->authzid) {
bool allow;
--
2.50.1
next prev parent reply other threads:[~2025-09-19 10:11 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-19 10:10 [PATCH v2 0/6] crypto: misc fixes and improvements to cert handling Daniel P. Berrangé
2025-09-19 10:10 ` [PATCH v2 1/6] crypto: only verify CA certs in chain of trust Daniel P. Berrangé
2025-10-16 14:37 ` Eric Blake
2025-10-16 14:38 ` Daniel P. Berrangé
2025-09-19 10:10 ` [PATCH v2 2/6] crypto: remove extraneous pointer usage in gnutls certs Daniel P. Berrangé
2025-10-16 14:52 ` Eric Blake
2025-09-19 10:10 ` [PATCH v2 3/6] crypto: allow client/server cert chains Daniel P. Berrangé
2025-10-16 15:28 ` Eric Blake
2025-10-20 11:22 ` Daniel P. Berrangé
2025-09-19 10:10 ` [PATCH v2 4/6] crypto: stop requiring "key encipherment" usage in x509 certs Daniel P. Berrangé
2025-10-16 15:41 ` Eric Blake
2025-10-20 11:27 ` Daniel P. Berrangé
2025-09-19 10:10 ` Daniel P. Berrangé [this message]
2025-10-16 15:43 ` [PATCH v2 5/6] crypto: switch to newer gnutls API for distinguished name Eric Blake
2025-09-19 10:10 ` [PATCH v2 6/6] crypto: fix error reporting in cert chain checks Daniel P. Berrangé
2025-10-16 15:50 ` Eric Blake
2025-10-20 11:47 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250919101022.1491007-6-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).