diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index dc46bc40f7..d080deb83e 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, int ret = -1; memset(cacerts, 0, sizeof(cacerts)); - if (access(certFile, R_OK) == 0) { + if (certFile && + access(certFile, R_OK) == 0) { cert = qcrypto_tls_creds_load_cert(creds, certFile, isServer, errp); @@ -654,6 +655,10 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds) gnutls_certificate_free_credentials(creds->data); creds->data = NULL; } + if (creds->parent_obj.dh_params) { + gnutls_dh_params_deinit(creds->parent_obj.dh_params); + creds->parent_obj.dh_params = NULL; + } } diff --git a/crypto/tlssession.c b/crypto/tlssession.c index ffc5c47949..373552942c 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -304,9 +304,9 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, allow = qemu_acl_party_is_allowed(acl, session->peername); - error_setg(errp, "TLS x509 ACL check for %s is %s", - session->peername, allow ? "allowed" : "denied"); if (!allow) { + error_setg(errp, "TLS x509 ACL check for %s is denied", + session->peername); goto error; } } diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c index c5de67baaf..47b4c7ba53 100644 --- a/tests/crypto-tls-x509-helpers.c +++ b/tests/crypto-tls-x509-helpers.c @@ -153,6 +153,7 @@ test_tls_get_ipaddr(const char *addrstr, *datalen = res->ai_addrlen; *data = g_new(char, *datalen); memcpy(*data, res->ai_addr, *datalen); + freeaddrinfo(res); } /* @@ -465,6 +466,7 @@ void test_tls_write_cert_chain(const char *filename, if (!g_file_set_contents(filename, buffer, offset, NULL)) { abort(); } + g_free(buffer); }