From 20c5ded9d013e8186e98e36ef62aea2e86f5c2f3 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 3 Jun 2016 17:20:19 +0100 Subject: [PATCH] rpc: set gnutls log function at global init time Currently we set the gnutls log function when creating a TLS context, however, the setting is in fact global, not per context. So we should be setting it when we first call gnutls_global_init() instead. Signed-off-by: Daniel P. Berrange --- src/rpc/virnettlscontext.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 9919556bc7..ef96587b24 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -701,7 +701,6 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert, bool isServer) { virNetTLSContextPtr ctxt; - const char *gnutlsdebug; int err; if (virNetTLSContextInitialize() < 0) @@ -710,16 +709,6 @@ static virNetTLSContextPtr virNetTLSContextNew(const char *cacert, if (!(ctxt = virObjectLockableNew(virNetTLSContextClass))) return NULL; - if ((gnutlsdebug = virGetEnvAllowSUID("LIBVIRT_GNUTLS_DEBUG")) != NULL) { - int val; - if (virStrToLong_i(gnutlsdebug, NULL, 10, &val) < 0) - val = 10; - gnutls_global_set_log_level(val); - gnutls_global_set_log_function(virNetTLSLog); - VIR_DEBUG("Enabled GNUTLS debug"); - } - - err = gnutls_certificate_allocate_credentials(&ctxt->x509cred); if (err) { virReportError(VIR_ERR_SYSTEM_ERROR, @@ -1433,5 +1422,15 @@ void virNetTLSSessionDispose(void *obj) */ void virNetTLSInit(void) { + const char *gnutlsdebug; + if ((gnutlsdebug = virGetEnvAllowSUID("LIBVIRT_GNUTLS_DEBUG")) != NULL) { + int val; + if (virStrToLong_i(gnutlsdebug, NULL, 10, &val) < 0) + val = 10; + gnutls_global_set_log_level(val); + gnutls_global_set_log_function(virNetTLSLog); + VIR_DEBUG("Enabled GNUTLS debug"); + } + gnutls_global_init(); }