Fix reporting of cert validation failures

If the server succesfully validates the client cert, it will send
back a single byte, under TLS. If it fails, it will close the
connection. In this case, we were just reporting the standard
I/O error. The original RPC code had a special case hack for the
GNUTLS_E_UNEXPECTED_PACKET_LENGTH error code to make us report
a more useful error message

* src/rpc/virnetclient.c: Return ENOMSG if we get
  GNUTLS_E_UNEXPECTED_PACKET_LENGTH
* src/rpc/virnettlscontext.c: Report cert failure if we
  see ENOMSG

diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index b9f0fc807fb8cf0c3cfa9339588c14178f178d51..d3965c6d66162bc3a5bb737a7a879c420fc42580 100644 (file)
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -348,7 +348,7 @@ int virNetClientSetTLSSession(virNetClientPtr client,
     ignore_value(pthread_sigmask(SIG_BLOCK, &oldmask, NULL));
 
     len = virNetTLSSessionRead(client->tls, buf, 1);
-    if (len < 0) {
+    if (len < 0 && errno != ENOMSG) {
         virReportSystemError(errno, "%s",
                              _("Unable to read TLS confirmation"));
         goto error;

diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
index 1120e1e89495325f9225afbde787f1c00245761c..8b8ba7fe84a7d3693c428fb2702dc5ee0cf53185 100644 (file)
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@@ -796,6 +796,9 @@ ssize_t virNetTLSSessionWrite(virNetTLSSessionPtr sess,
     case GNUTLS_E_INTERRUPTED:
         errno = EINTR;
         break;
+    case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+        errno = ENOMSG;
+        break;
     default:
         errno = EIO;
         break;