Re: [PATCH 12/21] crypto: introduce method for reloading TLS creds

30 Oct 2025

On Thu, Oct 30, 2025 at 6:49 PM Daniel P. Berrangé <berrange@redhat.com>
wrote:
...
This prevents direct access of the class members by the VNC
display code.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
...
---
 crypto/tlscreds.c         | 15 +++++++++++++++
 include/crypto/tlscreds.h | 13 +++++++++++++
 ui/vnc.c                  |  9 +--------
 3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c
index 49c7eb46a5..9433b4c363 100644
--- a/crypto/tlscreds.c
+++ b/crypto/tlscreds.c
@@ -281,6 +281,21 @@ char *qcrypto_tls_creds_get_priority(QCryptoTLSCreds
*creds)
 }
+bool qcrypto_tls_creds_reload(QCryptoTLSCreds *creds,
+                              Error **errp)
+{
+    QCryptoTLSCredsClass *credscls =
QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(creds));
+
OBJECT() unnecessary here
...
+    if (credscls->reload) {
+        return credscls->reload(creds, errp);
+    }
+
+    error_setg(errp, "%s does not support reloading credentials",
+               object_get_typename(OBJECT(creds)));
+    return false;
+}
+
+
 static const TypeInfo qcrypto_tls_creds_info = {
     .parent = TYPE_OBJECT,
     .name = TYPE_QCRYPTO_TLS_CREDS,
diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h
index afd1016088..bb9280ed1a 100644
--- a/include/crypto/tlscreds.h
+++ b/include/crypto/tlscreds.h
@@ -77,4 +77,17 @@ bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds
*creds,
  */
 char *qcrypto_tls_creds_get_priority(QCryptoTLSCreds *creds);
+
+/**
+ * qcrypto_tls_creds_reload:
+ * @creds: pointer to a TLS credentials object
+ * @errp: pointer to a NULL-initialized error object
+ *
+ * Request a reload of the TLS credentials, if supported
+ *
+ * Returns: true on success, false on error or if not supported
+ */
+bool qcrypto_tls_creds_reload(QCryptoTLSCreds *creds,
+                              Error **errp);
+
 #endif /* QCRYPTO_TLSCREDS_H */
diff --git a/ui/vnc.c b/ui/vnc.c
index 77c823bf2e..6b32dd0fe9 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -578,7 +578,6 @@ VncInfo2List *qmp_query_vnc_servers(Error **errp)
 bool vnc_display_reload_certs(const char *id, Error **errp)
 {
     VncDisplay *vd = vnc_display_find(id);
-    QCryptoTLSCredsClass *creds = NULL;
if (!vd) {
         error_setg(errp, "Can not find vnc display");
@@ -590,13 +589,7 @@ bool vnc_display_reload_certs(const char *id, Error
**errp)
         return false;
     }
-    creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
-    if (creds->reload == NULL) {
-        error_setg(errp, "%s doesn't support to reload TLS credential",
-                   object_get_typename(OBJECT(vd->tlscreds)));
-        return false;
-    }
-    if (!creds->reload(vd->tlscreds, errp)) {
+    if (!qcrypto_tls_creds_reload(vd->tlscreds, errp)) {
         return false;
     }
--
2.51.1


    