libgnutls: Allow CA importing of 0 certificates to succeed.

Reported by Jonathan Nieder <jrnieder@gmail.com> in
<http://bugs.debian.org/640639>.

3 files changed, 21 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 15917849f4..0fd87e30d6 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,16 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
               2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+Version 2.12.11 (unreleased)
+
+** libgnutls: Allow CA importing of 0 certificates to succeed.
+Reported by Jonathan Nieder <jrnieder@gmail.com> in
+<http://bugs.debian.org/640639>.
+
+** API and ABI modifications:
+No changes since last version.
+
+
 * Version 2.12.10 (released 2011-09-01)
 
 ** libgnutls: OpenPGP certificate type is not enabled
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 3e2948de29..31514b52b3 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3183,7 +3183,9 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
   if (ptr == NULL)
     {
       gnutls_assert ();
-      return GNUTLS_E_BASE64_DECODING_ERROR;
+      *cert_max = 0;
+      /* no certificate found, likely empty file or garbage input */
+      return 0;
     }
 
   count = 0;
diff --git a/tests/parse_ca.c b/tests/parse_ca.c
index 9f81887e27..42d9eb38ee 100644
--- a/tests/parse_ca.c
+++ b/tests/parse_ca.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc.
  *
  * Author: Simon Josefsson
  *
@@ -72,6 +72,13 @@ doit (void)
   if (rc != 2)
     fail ("import ca failed: %d\n", rc);
 
+  ca.data = (unsigned char*) "";
+  ca.size = 0;
+
+  rc = gnutls_certificate_set_x509_trust_mem (cred, &ca, GNUTLS_X509_FMT_PEM);
+  if (rc != 0)
+    fail ("import ca failed: %d\n", rc);
+
   gnutls_certificate_free_credentials (cred);
 
   gnutls_global_deinit ();