search for: gnutls_strerror

...61 @@ crypto_negotiate_tls (struct connection *conn, int sockin, int sockout) return -1; } - err = gnutls_priority_set_direct (*session, TLS_PRIORITY, NULL); - if (err < 0) { - nbdkit_error ("failed to set TLS session priority to %s: %s", - TLS_PRIORITY, gnutls_strerror (err)); - goto error; - } + switch (crypto_auth) { + case CRYPTO_AUTH_CERTIFICATES: + /* Associate the session with the server credentials (key, cert). */ + err = gnutls_credentials_set (*session, GNUTLS_CRD_CERTIFICATE, + x509_creds); + if (err <...

Offending lines in src/login-common/ssl-proxy-gnutls.c 519 ret = gnutls_certificate_set_dh_params(x509_cred, dh_params); 520 if (ret < 0) 521 i_fatal("Can't set DH parameters: %s", gnutls_strerror(ret)); 522 ret = gnutls_certificate_set_rsa_params(x509_cred, rsa_params); 523 if (ret < 0) 524 i_fatal("Can't set RSA parameters: %s", gnutls_strerror(ret)); Problem: gnutls.h lists these two functions as returning void Solution: remove the ret and the check code Compilat...

This is ready for review but needs a bit more real-world testing before I'd be happy about it going upstream. It also needs tests. It does interoperate with qemu, at least in my limited tests. Rich.

On 11/29/18 12:07 PM, Eric Blake wrote: > On 11/29/18 11:21 AM, Eric Blake wrote: >> Our use of "%m" in various error messages is testament to the >> project's initial life on Linux - but other than Cygwin, I know >> of no other platforms supporting that glibc extension. >> >> We COULD audit the code and manually turn "%m" into >>

v2: * Improved documentation. * Added a test (interop with qemu client).

What about calls to gettext (ie. _(...))? gnutls_strerror seems at first glance to be thread safe, but it then passes the result through gettext. https://github.com/gnutls/gnutls/blob/5fb3a45e34a843942f0fe55d55779111d7f18eaa/lib/errors.c#L547 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and...

nbdkit 1.2 as a server waits for read() to see EOF, even after the client has sent NBD_CMD_DISC. That was fixed in mbdkit 1.4; and most modern NBD servers are smarter than this (they close() the write end of their traffic soon after NBD_CMD_DISC). But it's easy enough to revert nbdkit commit c70616f8 to get back to a server with the same behavior as the older nbdkit, at which point both

...to special-case it. + */ + if (len == 0) { + ret->data = NULL; + ret->len = 0; + return 0; + } + + in.data = (unsigned char *) data; + in.size = len; + err = gnutls_base64_decode2 (&in, &out); + if (err != GNUTLS_E_SUCCESS) { + nbdkit_error ("base64: %s", gnutls_strerror (err)); + /* We don't have to free out.data. I verified that it is freed on + * the error path of gnutls_base64_decode2. + */ + return -1; + } + + ret->data = out.data; /* caller frees, eventually */ + ret->len = out.size; + return 0; +#else + nbdkit_error (&qu...

This series is based on my blog posting here: https://rwmj.wordpress.com/2019/09/13/nbdkit-supports-exportnames/ It depends on the fix for realloc: https://www.redhat.com/archives/libguestfs/2019-September/thread.html#00103 This series adds a fun plugin, and also an semi-related feature I've long thought to be desirable. You can consider patches 1 & 4, and patches 2 & 3 as forming

This isn't quite finished because not all of the tests or examples have been updated, but it demonstrates an idea: Should we forget about the concept of having multiple connections managed under a single handle? In this patch there is a single ‘struct nbd_handle *’ which manages a single state machine and connection (and therefore no nbd_connection). To connect to a multi-conn server you must