From: Daniel P. Berrangé <[email protected]> The three different APIs for locating credentials differ only in what directories they search and their policy for missing files. Their code can be collapsed onto a single helper method. This will greatly facilitate the subsequent patch that expands the logic to locate many certificate files.
Signed-off-by: Daniel P. Berrangé <[email protected]> --- src/rpc/virnettlsconfig.c | 103 ++++++++++++++++++++------------------ 1 file changed, 53 insertions(+), 50 deletions(-) diff --git a/src/rpc/virnettlsconfig.c b/src/rpc/virnettlsconfig.c index 1479eb01ae..59cb8c2566 100644 --- a/src/rpc/virnettlsconfig.c +++ b/src/rpc/virnettlsconfig.c @@ -248,35 +248,58 @@ static int virNetTLSConfigEnsureIdentity(char **cert, char **key, } -int virNetTLSConfigCustomCreds(const char *pkipath, - bool isServer, - char **cacert, - char **cacrl, - char **cert, - char **key) +static int virNetTLSConfigCreds(const char *cacertdir, + const char *cacrldir, + const char *certdir, + const char *keydir, + bool isServer, + bool allowMissingCA, + bool allowMissingIdentity, + char **cacert, + char **cacrl, + char **cert, + char **key) { - VIR_DEBUG("Locating creds in custom dir %s", pkipath); - virNetTLSConfigTrust(pkipath, - pkipath, + virNetTLSConfigTrust(cacertdir, + cacrldir, cacert, cacrl); - if (virNetTLSConfigEnsureTrust(cacert, cacrl, false) < 0) + if (virNetTLSConfigEnsureTrust(cacert, cacrl, allowMissingCA) < 0) return -1; virNetTLSConfigIdentity(isServer, - pkipath, - pkipath, + certdir, + keydir, cert, key); - - if (virNetTLSConfigEnsureIdentity(cert, key, !isServer) < 0) + if (virNetTLSConfigEnsureIdentity(cert, key, allowMissingIdentity) < 0) return -1; return 0; } + +int virNetTLSConfigCustomCreds(const char *pkipath, + bool isServer, + char **cacert, + char **cacrl, + char **cert, + char **key) +{ + VIR_DEBUG("Locating creds in custom dir %s", pkipath); + + return virNetTLSConfigCreds(pkipath, pkipath, + pkipath, pkipath, + isServer, + false, + !isServer, + cacert, cacrl, + cert, key); +} + + int virNetTLSConfigUserCreds(bool isServer, char **cacert, char **cacrl, @@ -287,24 +310,13 @@ int virNetTLSConfigUserCreds(bool isServer, VIR_DEBUG("Locating creds in user dir %s", pkipath); - virNetTLSConfigTrust(pkipath, - pkipath, - cacert, - cacrl); - - if (virNetTLSConfigEnsureTrust(cacert, cacrl, true) < 0) - return -1; - - virNetTLSConfigIdentity(isServer, - pkipath, - pkipath, - cert, - key); - - if (virNetTLSConfigEnsureIdentity(cert, key, true) < 0) - return -1; - - return 0; + return virNetTLSConfigCreds(pkipath, pkipath, + pkipath, pkipath, + isServer, + true, + true, + cacert, cacrl, + cert, key); } int virNetTLSConfigSystemCreds(bool isServer, @@ -315,22 +327,13 @@ int virNetTLSConfigSystemCreds(bool isServer, { VIR_DEBUG("Locating creds in system dir %s", LIBVIRT_PKI_DIR); - virNetTLSConfigTrust(LIBVIRT_CACERT_DIR, - LIBVIRT_CACRL_DIR, - cacert, - cacrl); - - if (virNetTLSConfigEnsureTrust(cacert, cacrl, false) < 0) - return -1; - - virNetTLSConfigIdentity(isServer, - LIBVIRT_CERT_DIR, - LIBVIRT_KEY_DIR, - cert, - key); - - if (virNetTLSConfigEnsureIdentity(cert, key, !isServer) < 0) - return -1; - - return 0; + return virNetTLSConfigCreds(LIBVIRT_CACERT_DIR, + LIBVIRT_CACRL_DIR, + LIBVIRT_CERT_DIR, + LIBVIRT_KEY_DIR, + isServer, + false, + !isServer, + cacert, cacrl, + cert, key); } -- 2.51.1
