From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Daniel P. Berrangé" <berrange@redhat.com>,
"Eric Blake" <eblake@redhat.com>
Subject: [PATCH v3 7/7] crypto: switch to newer gnutls API for distinguished name
Date: Mon, 20 Oct 2025 15:12:37 +0100 [thread overview]
Message-ID: <20251020141237.2621796-8-berrange@redhat.com> (raw)
In-Reply-To: <20251020141237.2621796-1-berrange@redhat.com>
The new API automatically allocates the right amount of memory
to hold the distinguished name, avoiding the need to loop and
realloc.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/tlssession.c | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index ac38c2121d..00c7ab567b 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -409,20 +409,14 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
}
if (i == 0) {
- size_t dnameSize = 1024;
- session->peername = g_malloc(dnameSize);
- requery:
- ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
+ gnutls_datum_t dname = {};
+ ret = gnutls_x509_crt_get_dn2(cert, &dname);
if (ret < 0) {
- if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
- session->peername = g_realloc(session->peername,
- dnameSize);
- goto requery;
- }
error_setg(errp, "Cannot get client distinguished name: %s",
gnutls_strerror(ret));
goto error;
}
+ session->peername = (char *)g_steal_pointer(&dname.data);
if (session->authzid) {
bool allow;
--
2.50.1
prev parent reply other threads:[~2025-10-20 14:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-20 14:12 [PATCH v3 0/7] crypto: misc fixes and improvements to cert handling Daniel P. Berrangé
2025-10-20 14:12 ` [PATCH v3 1/7] crypto: only verify CA certs in chain of trust Daniel P. Berrangé
2025-10-20 14:12 ` [PATCH v3 2/7] crypto: remove extraneous pointer usage in gnutls certs Daniel P. Berrangé
2025-10-20 14:12 ` [PATCH v3 3/7] crypto: validate an error is reported in test expected fails Daniel P. Berrangé
2025-10-20 19:40 ` Eric Blake
2025-10-20 20:14 ` Philippe Mathieu-Daudé
2025-10-20 14:12 ` [PATCH v3 4/7] crypto: fix error reporting in cert chain checks Daniel P. Berrangé
2025-10-20 19:50 ` Eric Blake
2025-10-20 14:12 ` [PATCH v3 5/7] crypto: allow client/server cert chains Daniel P. Berrangé
2025-10-20 14:12 ` [PATCH v3 6/7] crypto: stop requiring "key encipherment" usage in x509 certs Daniel P. Berrangé
2025-10-20 14:12 ` Daniel P. Berrangé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251020141237.2621796-8-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).