From: "Philippe Mathieu-Daudé" <philmd@linaro.org>
To: "Daniel P. Berrangé" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: "Michael Roth" <michael.roth@amd.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Markus Armbruster" <armbru@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks
Date: Mon, 22 Jul 2024 16:35:43 +0200 [thread overview]
Message-ID: <2870ed4c-4f7d-4f8b-b7a9-6bc5ceba60b3@linaro.org> (raw)
In-Reply-To: <20240722131611.2820041-6-berrange@redhat.com>
On 22/7/24 15:16, Daniel P. Berrangé wrote:
> GNUTLS doesn't know how to perform I/O on anything other than plain
> FDs, so the TLS session provides it with some I/O callbacks. The
> GNUTLS API design requires these callbacks to return a unix errno
> value, which means we're currently loosing the useful QEMU "Error"
> object.
>
> This changes the I/O callbacks in QEMU to stash the "Error" object
> in the QCryptoTLSSession class, and fetch it when seeing an I/O
> error returned from GNUTLS, thus preserving useful error messages.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> crypto/tlssession.c | 71 +++++++++++++++++++++++++----
> include/crypto/tlssession.h | 10 +++-
> io/channel-tls.c | 18 ++++----
> tests/unit/test-crypto-tlssession.c | 28 ++++++++++--
> 4 files changed, 103 insertions(+), 24 deletions(-)
> @@ -505,11 +551,20 @@ qcrypto_tls_session_handshake(QCryptoTLSSession *session,
> ret == GNUTLS_E_AGAIN) {
> ret = 1;
> } else {
> - error_setg(errp, "TLS handshake failed: %s",
> - gnutls_strerror(ret));
> + if (session->rerr || session->werr) {
> + error_setg(errp, "TLS handshake failed: %s: %s",
> + gnutls_strerror(ret),
> + error_get_pretty(session->rerr ? session->rerr : session->werr));
Could leverage ternary operator here.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> + } else {
> + error_setg(errp, "TLS handshake failed: %s",
> + gnutls_strerror(ret));
> + }
> ret = -1;
> }
> }
> + error_free(session->rerr);
> + error_free(session->werr);
> + session->rerr = session->werr = NULL;
>
> return ret;
> }
prev parent reply other threads:[~2024-07-22 14:36 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-22 13:16 [PATCH 0/5] crypto: improve error reporting detail Daniel P. Berrangé
2024-07-22 13:16 ` [PATCH 1/5] qapi: allow for g_autoptr(Error) usage Daniel P. Berrangé
2024-07-22 14:31 ` Philippe Mathieu-Daudé
2024-07-23 11:36 ` Markus Armbruster
2024-07-23 13:06 ` Daniel P. Berrangé
2024-07-24 8:17 ` Markus Armbruster
2024-07-22 13:16 ` [PATCH 2/5] chardev: add tracing of socket error conditions Daniel P. Berrangé
2024-07-22 14:31 ` Philippe Mathieu-Daudé
2024-07-22 13:16 ` [PATCH 3/5] crypto: drop gnutls debug logging support Daniel P. Berrangé
2024-07-22 14:32 ` Philippe Mathieu-Daudé
2024-07-22 15:03 ` Daniel P. Berrangé
2024-07-22 13:16 ` [PATCH 4/5] crypto: push error reporting into TLS session I/O APIs Daniel P. Berrangé
2024-07-22 14:37 ` Philippe Mathieu-Daudé
2024-07-22 13:16 ` [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks Daniel P. Berrangé
2024-07-22 14:35 ` Philippe Mathieu-Daudé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2870ed4c-4f7d-4f8b-b7a9-6bc5ceba60b3@linaro.org \
--to=philmd@linaro.org \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).