diff options
author | Simon Josefsson <simon@josefsson.org> | 2011-09-06 12:09:03 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-09-06 15:47:57 +0200 |
commit | 2cc280cb4aa0a865553c6651f84264aa3562e42d (patch) | |
tree | 5de528f015c312a7bed6dd4dcf2c3cf41a7e1880 | |
parent | be5603c14c177f07dbb553bc6977b68ca7afd7a4 (diff) | |
download | gnutls-2cc280cb4aa0a865553c6651f84264aa3562e42d.tar.gz |
libgnutls: Allow CA importing of 0 certificates to succeed.
Reported by Jonathan Nieder <jrnieder@gmail.com> in
<http://bugs.debian.org/640639>.
-rw-r--r-- | NEWS | 10 | ||||
-rw-r--r-- | lib/x509/x509.c | 4 | ||||
-rw-r--r-- | tests/parse_ca.c | 9 |
3 files changed, 21 insertions, 2 deletions
@@ -3,6 +3,16 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. See the end for copying conditions. +Version 2.12.11 (unreleased) + +** libgnutls: Allow CA importing of 0 certificates to succeed. +Reported by Jonathan Nieder <jrnieder@gmail.com> in +<http://bugs.debian.org/640639>. + +** API and ABI modifications: +No changes since last version. + + * Version 2.12.10 (released 2011-09-01) ** libgnutls: OpenPGP certificate type is not enabled diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 3e2948de29..31514b52b3 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -3183,7 +3183,9 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, if (ptr == NULL) { gnutls_assert (); - return GNUTLS_E_BASE64_DECODING_ERROR; + *cert_max = 0; + /* no certificate found, likely empty file or garbage input */ + return 0; } count = 0; diff --git a/tests/parse_ca.c b/tests/parse_ca.c index 9f81887e27..42d9eb38ee 100644 --- a/tests/parse_ca.c +++ b/tests/parse_ca.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007, 2010 Free Software Foundation, Inc. + * Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc. * * Author: Simon Josefsson * @@ -72,6 +72,13 @@ doit (void) if (rc != 2) fail ("import ca failed: %d\n", rc); + ca.data = (unsigned char*) ""; + ca.size = 0; + + rc = gnutls_certificate_set_x509_trust_mem (cred, &ca, GNUTLS_X509_FMT_PEM); + if (rc != 0) + fail ("import ca failed: %d\n", rc); + gnutls_certificate_free_credentials (cred); gnutls_global_deinit (); |