mirror of
https://github.com/qemu/qemu.git
synced 2026-07-08 17:46:10 +00:00
crypto: switch to newer gnutls API for distinguished name
The new API automatically allocates the right amount of memory to hold the distinguished name, avoiding the need to loop and realloc. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
@@ -409,20 +409,14 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
|
||||
}
|
||||
|
||||
if (i == 0) {
|
||||
size_t dnameSize = 1024;
|
||||
session->peername = g_malloc(dnameSize);
|
||||
requery:
|
||||
ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
|
||||
gnutls_datum_t dname = {};
|
||||
ret = gnutls_x509_crt_get_dn2(cert, &dname);
|
||||
if (ret < 0) {
|
||||
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
|
||||
session->peername = g_realloc(session->peername,
|
||||
dnameSize);
|
||||
goto requery;
|
||||
}
|
||||
error_setg(errp, "Cannot get client distinguished name: %s",
|
||||
gnutls_strerror(ret));
|
||||
goto error;
|
||||
}
|
||||
session->peername = (char *)g_steal_pointer(&dname.data);
|
||||
if (session->authzid) {
|
||||
bool allow;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user