mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 06:05:27 +00:00
Fix reporting of cert validation failures
If the server succesfully validates the client cert, it will send back a single byte, under TLS. If it fails, it will close the connection. In this case, we were just reporting the standard I/O error. The original RPC code had a special case hack for the GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report a more useful error message * src/rpc/virnetclient.c: Return ENOMSG if we get GNUTLS_E_UNEXPECTED_PACKET_LENGTH * src/rpc/virnettlscontext.c: Report cert failure if we see ENOMSG
This commit is contained in:
parent
618b55220a
commit
f2845177e2
@ -348,7 +348,7 @@ int virNetClientSetTLSSession(virNetClientPtr client,
|
||||
ignore_value(pthread_sigmask(SIG_BLOCK, &oldmask, NULL));
|
||||
|
||||
len = virNetTLSSessionRead(client->tls, buf, 1);
|
||||
if (len < 0) {
|
||||
if (len < 0 && errno != ENOMSG) {
|
||||
virReportSystemError(errno, "%s",
|
||||
_("Unable to read TLS confirmation"));
|
||||
goto error;
|
||||
|
@ -796,6 +796,9 @@ ssize_t virNetTLSSessionWrite(virNetTLSSessionPtr sess,
|
||||
case GNUTLS_E_INTERRUPTED:
|
||||
errno = EINTR;
|
||||
break;
|
||||
case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
|
||||
errno = ENOMSG;
|
||||
break;
|
||||
default:
|
||||
errno = EIO;
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user