If the server succesfully validates the client cert, it will send
back a single byte, under TLS. If it fails, it will close the
connection. In this case, we were just reporting the standard
I/O error. The original RPC code had a special case hack for the
GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
a more useful error message
* src/rpc/virnetclient.c: Return ENOMSG if we get
GNUTLS_E_UNEXPECTED_PACKET_LENGTH
* src/rpc/virnettlscontext.c: Report cert failure if we
see ENOMSG
---
src/rpc/virnetclient.c | 2 +-
src/rpc/virnettlscontext.c | 3 +++
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index b9f0fc8..d3965c6 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -348,7 +348,7 @@ int virNetClientSetTLSSession(virNetClientPtr client,
ignore_value(pthread_sigmask(SIG_BLOCK, &oldmask, NULL));
len = virNetTLSSessionRead(client->tls, buf, 1);
- if (len < 0) {
+ if (len < 0 && errno != ENOMSG) {
virReportSystemError(errno, "%s",
_("Unable to read TLS confirmation"));
goto error;
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index b778550..4963ab7 100644
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -932,6 +932,9 @@ ssize_t virNetTLSSessionWrite(virNetTLSSessionPtr sess,
case GNUTLS_E_INTERRUPTED:
errno = EINTR;
break;
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+ errno = ENOMSG;
+ break;
default:
errno = EIO;
break;
--
1.7.4.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list