libgnutls: Allow CA importing of 0 certificates to succeed.

Reported by Jonathan Nieder <jrnieder@gmail.com> in
<http://bugs.debian.org/640639>.

3 files changed, 15 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 4d787a3218..419bb8566e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ GnuTLS NEWS -- History of user-visible changes.                -*- outline -*-
 Copyright (C) 2000-2011 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+** libgnutls: Allow CA importing of 0 certificates to succeed.
+Reported by Jonathan Nieder <jrnieder@gmail.com> in
+<http://bugs.debian.org/640639>.
+
 * Version 3.0.2 (released 2011-09-01)
 
 ** libgnutls: OpenPGP certificate type is not enabled
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 606d44fd6b..9d85384777 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3219,7 +3219,9 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
   if (ptr == NULL)
     {
       gnutls_assert ();
-      return GNUTLS_E_BASE64_DECODING_ERROR;
+      *cert_max = 0;
+      /* no certificate found, likely empty file or garbage input */
+      return 0;
     }
 
   count = 0;
diff --git a/tests/parse_ca.c b/tests/parse_ca.c
index 9f81887e27..42d9eb38ee 100644
--- a/tests/parse_ca.c
+++ b/tests/parse_ca.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc.
  *
  * Author: Simon Josefsson
  *
@@ -72,6 +72,13 @@ doit (void)
   if (rc != 2)
     fail ("import ca failed: %d\n", rc);
 
+  ca.data = (unsigned char*) "";
+  ca.size = 0;
+
+  rc = gnutls_certificate_set_x509_trust_mem (cred, &ca, GNUTLS_X509_FMT_PEM);
+  if (rc != 0)
+    fail ("import ca failed: %d\n", rc);
+
   gnutls_certificate_free_credentials (cred);
 
   gnutls_global_deinit ();