Hi On Thu, Oct 30, 2025 at 6:48 PM Daniel P. Berrangé <[email protected]> wrote:
> The qcrypto_tls_creds_get_path method will perform an access() > check on the file and return a NULL path if it fails. By the > time we get to loading the cert files we know they must exist > on disk and thus the second access() check is redundant. > > Signed-off-by: Daniel P. Berrangé <[email protected]> > Reviewed-by: Marc-André Lureau <[email protected]> > --- > crypto/tlscredsx509.c | 22 ++++++++++------------ > 1 file changed, 10 insertions(+), 12 deletions(-) > > diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c > index 75c70af522..0acb17b6ec 100644 > --- a/crypto/tlscredsx509.c > +++ b/crypto/tlscredsx509.c > @@ -496,8 +496,7 @@ > qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, > size_t i; > int ret = -1; > > - if (certFile && > - access(certFile, R_OK) == 0) { > + if (certFile) { > if (qcrypto_tls_creds_load_cert_list(creds, > certFile, > &certs, > @@ -508,16 +507,15 @@ > qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, > goto cleanup; > } > } > - if (access(cacertFile, R_OK) == 0) { > - if (qcrypto_tls_creds_load_cert_list(creds, > - cacertFile, > - &cacerts, > - &ncacerts, > - isServer, > - true, > - errp) < 0) { > - goto cleanup; > - } > + > + if (qcrypto_tls_creds_load_cert_list(creds, > + cacertFile, > + &cacerts, > + &ncacerts, > + isServer, > + true, > + errp) < 0) { > + goto cleanup; > } > > for (i = 0; i < ncerts; i++) { > -- > 2.51.1 > >
