diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-09-06 12:52:29 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-09-06 16:26:18 +0200 |
commit | f0bb4555cb6ee50cbda38c5631f9d4d9c8a5aabe (patch) | |
tree | a29ee05bfba7c338af38b145a463203e0f5d5af1 | |
parent | 2cc280cb4aa0a865553c6651f84264aa3562e42d (diff) | |
download | gnutls-f0bb4555cb6ee50cbda38c5631f9d4d9c8a5aabe.tar.gz |
Modified fix of "Allow CA importing of 0 certificates to succeed".
gnutls_x509_crt_list_import() is still failing when no certificates
are found and only gnutls_certificate_set_x509_trust_mem() returns
zero when no certificates are found.
-rw-r--r-- | lib/gnutls_x509.c | 23 | ||||
-rw-r--r-- | lib/x509/x509.c | 7 |
2 files changed, 12 insertions, 18 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 6f73c44cd5..43059d02b0 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1201,10 +1201,8 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); if (ptr == NULL) - { - gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; - } + return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); + size = input_cert_size - (ptr - input_cert); i = *ncerts + 1; @@ -1357,6 +1355,9 @@ gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res, ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, ca->data, ca->size); + if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) + return 0; + if ((ret2 = add_new_crt_to_rdn_seq (res, ret)) < 0) return ret2; @@ -1455,7 +1456,7 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, { int ret, ret2; size_t size; - char *data; + gnutls_datum_t cas; #ifdef ENABLE_PKCS11 if (strncmp (cafile, "pkcs11:", 7) == 0) @@ -1464,19 +1465,17 @@ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, } #endif - data = read_binary_file (cafile, &size); - if (data == NULL) + cas.data = read_binary_file (cafile, &size); + if (cas.data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; } - if (type == GNUTLS_X509_FMT_DER) - ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); - else - ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size); + cas.size = size; + ret = gnutls_certificate_set_x509_trust_mem (res, &cas, type); - free (data); + free (cas.data); if (ret < 0) { diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 31514b52b3..6f82b8b4fc 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -3181,12 +3181,7 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); if (ptr == NULL) - { - gnutls_assert (); - *cert_max = 0; - /* no certificate found, likely empty file or garbage input */ - return 0; - } + return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND); count = 0; |