[Spice-devel] [spice-gtk] Emit SPICE_CHANNEL_ERROR_TLS when certificate can't be found

Sun Jun 10 14:36:15 PDT 2012

When trying to start remote-viewer with SPICE over TLS with
--spice-ca-file with a wrong filename, the connection fails
but remote-viewer keeps displaying the "Trying to connect"
message. The only hint that something went wrong is:
(remote-viewer:12924): GSpice-WARNING **: loading ca certs from a/home/teuf/foo.crt

This patch makes sure we emit a SPICE_CHANNEL_ERROR_TLS before
giving up on channel creation to inform the application that
an error happened.
---
 gtk/spice-channel.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 3cd047d..4cac8ce 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -2144,15 +2144,16 @@ reconnect:
             g_warn_if_fail(ca_file != NULL);
             SPICE_DEBUG("CA file: %s", ca_file);
             rc = SSL_CTX_load_verify_locations(c->ctx, ca_file, NULL);
-            if (rc != 1)
-                g_warning("loading ca certs from %s failed", ca_file);
 
             if (rc != 1) {
+                g_warning("loading ca certs from %s failed", ca_file);
                 if (verify & SPICE_SESSION_VERIFY_PUBKEY) {
                     g_warning("only pubkey active");
                     verify = SPICE_SESSION_VERIFY_PUBKEY;
-                } else
+                } else {
+                    emit_main_context(channel, SPICE_CHANNEL_EVENT, SPICE_CHANNEL_ERROR_TLS);
                     goto cleanup;
+                }
             }
         }
 
-- 
1.7.10.2

