On Tue, Jun 15, 2021 at 06:47:46PM +0200, Philippe Mathieu-Daudé wrote:
> Avoid accessing QCryptoTLSCreds internals by using
> the qcrypto_tls_creds_check_endpoint() helper.
>
> Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com>
> ---
> block/nbd.c | 3 ++-
> blockdev-nbd.c | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/block/nbd.c b/block/nbd.c
> index 616f9ae6c4d..c3523ebf785 100644
> --- a/block/nbd.c
> +++ b/block/nbd.c
> @@ -2159,7 +2159,8 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char
> *id, Error **errp)
> return NULL;
> }
>
> - if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
> + if (!qcrypto_tls_creds_check_endpoint(creds,
> +
> QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT)) {
> error_setg(errp,
> "Expecting TLS credentials with a client endpoint");
I'd suggest we pass 'errp' into the qcrypto_tls_creds_check_endpoint
method, so we don't duplicate the error message in all callers.
> return NULL;
> diff --git a/blockdev-nbd.c b/blockdev-nbd.c
> index b264620b98d..b6023052ac7 100644
> --- a/blockdev-nbd.c
> +++ b/blockdev-nbd.c
> @@ -108,7 +108,8 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id,
> Error **errp)
> return NULL;
> }
>
> - if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
> + if (!qcrypto_tls_creds_check_endpoint(creds,
> +
> QCRYPTO_TLS_CREDS_ENDPOINT_SERVER)) {
> error_setg(errp,
> "Expecting TLS credentials with a server endpoint");
> return NULL;
> --
> 2.31.1
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
