Hi On Thu, Oct 30, 2025 at 6:49 PM Daniel P. Berrangé <[email protected]> wrote:
> The CA cert is mandatory in both client and server scenarios. > > Signed-off-by: Daniel P. Berrangé <[email protected]> > Reviewed-by: Marc-André Lureau <[email protected]> --- > crypto/tlscredsx509.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c > index 08223781d7..f2f1aa2815 100644 > --- a/crypto/tlscredsx509.c > +++ b/crypto/tlscredsx509.c > @@ -578,11 +578,14 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 > *creds, > > trace_qcrypto_tls_creds_x509_load(creds, creds->parent_obj.dir); > > + if (qcrypto_tls_creds_get_path(&creds->parent_obj, > + QCRYPTO_TLS_CREDS_X509_CA_CERT, > + true, &cacert, errp) < 0) { > + return -1; > + } > + > if (isServer) { > if (qcrypto_tls_creds_get_path(&creds->parent_obj, > - QCRYPTO_TLS_CREDS_X509_CA_CERT, > - true, &cacert, errp) < 0 || > - qcrypto_tls_creds_get_path(&creds->parent_obj, > QCRYPTO_TLS_CREDS_X509_CA_CRL, > false, &cacrl, errp) < 0 || > qcrypto_tls_creds_get_path(&creds->parent_obj, > @@ -598,9 +601,6 @@ qcrypto_tls_creds_x509_load(QCryptoTLSCredsX509 *creds, > } > } else { > if (qcrypto_tls_creds_get_path(&creds->parent_obj, > - QCRYPTO_TLS_CREDS_X509_CA_CERT, > - true, &cacert, errp) < 0 || > - qcrypto_tls_creds_get_path(&creds->parent_obj, > QCRYPTO_TLS_CREDS_X509_CLIENT_CERT, > false, &cert, errp) < 0 || > qcrypto_tls_creds_get_path(&creds->parent_obj, > -- > 2.51.1 > >
