On Thu, Oct 30, 2025 at 6:48 PM Daniel P. Berrangé <[email protected]> wrote:
> The only caller of qcrypto_tls_creds_check_authority_chain always > passes 'true' for the 'isCA' parameter. The point of this method > is to check the CA chani, so no other value would ever make sense. > > Signed-off-by: Daniel P. Berrangé <[email protected]> > Reviewed-by: Marc-André Lureau <[email protected]> > --- > crypto/tlscredsx509.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) > > diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c > index db2b74bafa..847fd4d9fa 100644 > --- a/crypto/tlscredsx509.c > +++ b/crypto/tlscredsx509.c > @@ -315,7 +315,6 @@ > qcrypto_tls_creds_check_authority_chain(QCryptoTLSCredsX509 *creds, > unsigned int ncacerts, > const char *cacertFile, > bool isServer, > - bool isCA, > Error **errp) > { > gnutls_x509_crt_t cert_to_check = certs[ncerts - 1]; > @@ -356,7 +355,7 @@ > qcrypto_tls_creds_check_authority_chain(QCryptoTLSCredsX509 *creds, > */ > return qcrypto_tls_creds_check_cert( > creds, cert_to_check, cacertFile, > - isServer, isCA, errp); > + isServer, true, errp); > } > for (int i = 0; i < ncacerts; i++) { > if (gnutls_x509_crt_check_issuer(cert_to_check, > @@ -370,7 +369,7 @@ > qcrypto_tls_creds_check_authority_chain(QCryptoTLSCredsX509 *creds, > } > > if (qcrypto_tls_creds_check_cert(creds, cert_issuer, cacertFile, > - isServer, isCA, errp) < 0) { > + isServer, true, errp) < 0) { > return -1; > } > > @@ -534,7 +533,7 @@ > qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, > certs, ncerts, > cacerts, ncacerts, > cacertFile, isServer, > - true, errp) < 0) { > + errp) < 0) { > goto cleanup; > } > > -- > 2.51.1 > >
