External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-25 22:15:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor TLS to facilitate dynamic probing

Browse Source 
Pull the call to gnutls_x509_crt_get_dn up into a higher function
so that the 'dname' variable will be available for probe points

* src/rpc/virnettlscontext.c: Pull gnutls_x509_crt_get_dn up
  one level
This commit is contained in:
Daniel P. Berrange 2011-10-07 16:42:41 +01:00
parent 6aebc1943f
commit 5bcbb3902f
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/rpc/virnettlscontext.c
View File

@ -383,24 +383,11 @@ static int
virNetTLSContextCheckCertDN(gnutls_x509_crt_t cert, virNetTLSContextCheckCertDN(gnutls_x509_crt_t cert,
const char *certFile, const char *certFile,
const char *hostname, const char *hostname,
const char *dname,
const char *const* whitelist) const char *const* whitelist)
{ {
int ret; if (whitelist && dname &&
char name[256]; virNetTLSContextCheckCertDNWhitelist(dname, whitelist) <= 0)
size_t namesize = sizeof name;
memset(name, 0, namesize);
ret = gnutls_x509_crt_get_dn(cert, name, &namesize);
if (ret != 0) {
virNetError(VIR_ERR_SYSTEM_ERROR,
_("Failed to get certificate %s distinguished name: %s"),
certFile, gnutls_strerror(ret));
return -1;
}
VIR_DEBUG("Peer DN is %s", name);
if (whitelist &&
virNetTLSContextCheckCertDNWhitelist(name, whitelist) <= 0)
return -1; return -1;
if (hostname && if (hostname &&
@ -955,6 +942,10 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
unsigned int status; unsigned int status;
const gnutls_datum_t *certs; const gnutls_datum_t *certs;
unsigned int nCerts, i; unsigned int nCerts, i;
char dname[256];
size_t dnamesize = sizeof(dname);
memset(dname, 0, dnamesize);
if ((ret = gnutls_certificate_verify_peers2(sess->session, &status)) < 0){ if ((ret = gnutls_certificate_verify_peers2(sess->session, &status)) < 0){
virNetError(VIR_ERR_SYSTEM_ERROR, virNetError(VIR_ERR_SYSTEM_ERROR,
@ -1021,7 +1012,16 @@ static int virNetTLSContextValidCertificate(virNetTLSContextPtr ctxt,
} }
if (i == 0) { if (i == 0) {
if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostname, ret = gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
if (ret != 0) {
virNetError(VIR_ERR_SYSTEM_ERROR,
_("Failed to get certificate %s distinguished name: %s"),
"[session]", gnutls_strerror(ret));
goto authfail;
}
VIR_DEBUG("Peer DN is %s", dname);
if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostname, dname,
ctxt->x509dnWhitelist) < 0) { ctxt->x509dnWhitelist) < 0) {
gnutls_x509_crt_deinit(cert); gnutls_x509_crt_deinit(cert);
goto authdeny; goto authdeny;