[glib-networking/mcatanzaro/session-resumption: 16/24] Ensure gnutls_certificate_allocate_credentials() is successful

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking/mcatanzaro/session-resumption: 16/24] Ensure gnutls_certificate_allocate_credentials() is successful
Date: Tue, 29 Oct 2019 19:07:14 +0000 (UTC)
commit d725186f0c6e7ed78f3dd28e97e5da9156db0082
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Sun Aug 18 17:37:40 2019 -0500

    Ensure gnutls_certificate_allocate_credentials() is successful
    
    This should never happen, and it does never happen in my extensive
    testing. But for robustness, we really should check to be sure it's not
    happening.

 tls/gnutls/gtlsclientconnection-gnutls.c | 11 +++++------
 tls/gnutls/gtlsconnection-gnutls.c       |  9 ++++++---
 tls/gnutls/gtlsserverconnection-gnutls.c | 11 +++++------
 3 files changed, 16 insertions(+), 15 deletions(-)
---
diff --git a/tls/gnutls/gtlsclientconnection-gnutls.c b/tls/gnutls/gtlsclientconnection-gnutls.c
index c2f116c..86a4f19 100644
--- a/tls/gnutls/gtlsclientconnection-gnutls.c
+++ b/tls/gnutls/gtlsclientconnection-gnutls.c
@@ -102,10 +102,6 @@ clear_gnutls_certificate_copy (GTlsClientConnectionGnutls *gnutls)
 static void
 g_tls_client_connection_gnutls_init (GTlsClientConnectionGnutls *gnutls)
 {
-  gnutls_certificate_credentials_t creds;
-
-  creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
-  gnutls_certificate_set_retrieve_function2 (creds, 
g_tls_client_connection_gnutls_handshake_thread_retrieve_function);
 }
 
 static const gchar *
@@ -203,11 +199,14 @@ g_tls_client_connection_gnutls_initable_init (GInitable       *initable,
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
   gnutls_session_t session;
   const gchar *hostname;
+  gnutls_certificate_credentials_t creds;
 
-  if (!g_tls_client_connection_gnutls_parent_initable_iface->
-      init (initable, cancellable, error))
+  if (!g_tls_client_connection_gnutls_parent_initable_iface->init (initable, cancellable, error))
     return FALSE;
 
+  creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
+  gnutls_certificate_set_retrieve_function2 (creds, 
g_tls_client_connection_gnutls_handshake_thread_retrieve_function);
+
   session = g_tls_connection_gnutls_get_session (gnutls);
   hostname = get_server_identity (G_TLS_CLIENT_CONNECTION_GNUTLS (gnutls));
   if (hostname)
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index 86c4839..42faa8a 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -90,9 +90,7 @@ static void
 g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls)
 {
   GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
-  gint unique_id;
-
-  gnutls_certificate_allocate_credentials (&priv->creds);
+  int unique_id;
 
   unique_id = g_atomic_int_add (&unique_interaction_id, 1);
   priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id);
@@ -201,6 +199,7 @@ g_tls_connection_gnutls_initable_init (GInitable     *initable,
   gboolean client = G_IS_TLS_CLIENT_CONNECTION (gnutls);
   guint flags = client ? GNUTLS_CLIENT : GNUTLS_SERVER;
   int status;
+  int ret;
 
   g_object_get (gnutls,
                 "base-io-stream", &base_io_stream,
@@ -213,6 +212,10 @@ g_tls_connection_gnutls_initable_init (GInitable     *initable,
   if (base_socket)
     flags |= GNUTLS_DATAGRAM;
 
+  ret = gnutls_certificate_allocate_credentials (&priv->creds);
+  if (ret != GNUTLS_E_SUCCESS)
+    return FALSE;
+
   gnutls_init (&priv->session, flags);
 
   gnutls_session_set_ptr (priv->session, gnutls);
diff --git a/tls/gnutls/gtlsserverconnection-gnutls.c b/tls/gnutls/gtlsserverconnection-gnutls.c
index 36f25b0..7d72670 100644
--- a/tls/gnutls/gtlsserverconnection-gnutls.c
+++ b/tls/gnutls/gtlsserverconnection-gnutls.c
@@ -96,10 +96,6 @@ clear_gnutls_certificate_copy (GTlsServerConnectionGnutls *gnutls)
 static void
 g_tls_server_connection_gnutls_init (GTlsServerConnectionGnutls *gnutls)
 {
-  gnutls_certificate_credentials_t creds;
-
-  creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
-  gnutls_certificate_set_retrieve_function2 (creds, 
g_tls_server_connection_gnutls_handshake_thread_retrieve_function);
 }
 
 static void
@@ -120,11 +116,14 @@ g_tls_server_connection_gnutls_initable_init (GInitable       *initable,
   GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (initable);
   GTlsCertificate *cert;
   gnutls_session_t session;
+  gnutls_certificate_credentials_t creds;
 
-  if (!g_tls_server_connection_gnutls_parent_initable_iface->
-      init (initable, cancellable, error))
+  if (!g_tls_server_connection_gnutls_parent_initable_iface->init (initable, cancellable, error))
     return FALSE;
 
+  creds = g_tls_connection_gnutls_get_credentials (G_TLS_CONNECTION_GNUTLS (gnutls));
+  gnutls_certificate_set_retrieve_function2 (creds, 
g_tls_server_connection_gnutls_handshake_thread_retrieve_function);
+
   session = g_tls_connection_gnutls_get_session (G_TLS_CONNECTION_GNUTLS (gnutls));
   gnutls_db_set_retrieve_function (session, g_tls_server_connection_gnutls_db_retrieve);
   gnutls_db_set_store_function (session, g_tls_server_connection_gnutls_db_store);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]