GNUTLS_CRT_OPENPGP,
0
};
+ bool success = false;
int err;
gnutls_session_t session;
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set TLS algorithm priority: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
err =
gnutls_certificate_type_set_priority (session,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set certificate priority: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
/* put the x509 credentials to the current session
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set session credentials: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
gnutls_transport_set_ptr (session,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to complete TLS handshake: %s"),
gnutls_strerror (err));
- return NULL;
+ goto cleanup;
}
/* Verify certificate. */
if (verify_certificate (conn, priv, session) == -1) {
VIR_DEBUG0("failed to verify peer's certificate");
- if (!no_verify) return NULL;
+ if (!no_verify)
+ goto cleanup;
}
/* At this point, the server is verifying _our_ certificate, IP address,
remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to complete TLS initialization: %s"),
gnutls_strerror (len));
- return NULL;
+ goto cleanup;
}
if (len != 1 || buf[0] != '\1') {
remoteError(VIR_ERR_RPC, "%s",
_("server verification (of our certificate or IP "
"address) failed"));
- return NULL;
+ goto cleanup;
}
#if 0
print_info (session);
#endif
+ success = true;
+
+cleanup:
+ if (!success) {
+ gnutls_deinit(session);
+ session = NULL;
+ }
+
return session;
}
projects / libvirt.git / commitdiff