summaryrefslogtreecommitdiff
path: root/lib/x509/name_constraints.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/x509/name_constraints.c')
-rw-r--r--lib/x509/name_constraints.c38
1 files changed, 18 insertions, 20 deletions
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index d5ce52ee70..dba2fd4b9f 100644
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -116,7 +116,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr,
{
int ret;
char tmpstr[128];
- unsigned indx = 0;
+ unsigned indx;
gnutls_datum_t tmp = { NULL, 0 };
unsigned int type;
struct name_constraints_node_st *nc, *prev;
@@ -127,8 +127,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr,
prev = prev->next;
}
- do {
- indx++;
+ for (indx=1;;indx++) {
snprintf(tmpstr, sizeof(tmpstr), "%s.?%u.base", vstr, indx);
ret =
@@ -164,7 +163,7 @@ int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr,
}
tmp.data = NULL;
- } while (ret >= 0);
+ }
if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
gnutls_assert();
@@ -1071,13 +1070,12 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert,
unsigned san_type;
int ret;
- idx = 0;
found_one = 0;
- do {
+ for (idx=0;;idx++) {
name_size = sizeof(name);
ret = gnutls_x509_crt_get_subject_alt_name2(cert,
- idx++, name, &name_size, &san_type, NULL);
+ idx, name, &name_size, &san_type, NULL);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret < 0)
@@ -1088,7 +1086,7 @@ static unsigned check_unsupported_constraint2(gnutls_x509_crt_t cert,
found_one = 1;
break;
- } while(ret >= 0);
+ }
if (found_one != 0)
return check_unsupported_constraint(nc, type);
@@ -1129,11 +1127,11 @@ unsigned found_one;
return 1; /* shortcut; no constraints to check */
if (type == GNUTLS_SAN_RFC822NAME) {
- idx = found_one = 0;
- do {
+ found_one = 0;
+ for (idx=0;;idx++) {
name_size = sizeof(name);
ret = gnutls_x509_crt_get_subject_alt_name2(cert,
- idx++, name, &name_size, &san_type, NULL);
+ idx, name, &name_size, &san_type, NULL);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret < 0)
@@ -1149,7 +1147,7 @@ unsigned found_one;
&n);
if (t == 0)
return gnutls_assert_val(t);
- } while(ret >= 0);
+ }
/* there is at least a single e-mail. That means that the EMAIL field will
* not be used for verifying the identity of the holder. */
@@ -1190,11 +1188,11 @@ unsigned found_one;
return gnutls_assert_val(1);
}
} else if (type == GNUTLS_SAN_DNSNAME) {
- idx = found_one = 0;
- do {
+ found_one = 0;
+ for (idx=0;;idx++) {
name_size = sizeof(name);
ret = gnutls_x509_crt_get_subject_alt_name2(cert,
- idx++, name, &name_size, &san_type, NULL);
+ idx, name, &name_size, &san_type, NULL);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret < 0)
@@ -1210,7 +1208,7 @@ unsigned found_one;
&n);
if (t == 0)
return gnutls_assert_val(t);
- } while(ret >= 0);
+ }
/* there is at least a single DNS name. That means that the CN will
* not be used for verifying the identity of the holder. */
@@ -1256,11 +1254,11 @@ unsigned found_one;
return gnutls_assert_val(1);
}
} else if (type == GNUTLS_SAN_IPADDRESS) {
- idx = found_one = 0;
- do {
+ found_one = 0;
+ for (idx=0;;idx++) {
name_size = sizeof(name);
ret = gnutls_x509_crt_get_subject_alt_name2(cert,
- idx++, name, &name_size, &san_type, NULL);
+ idx, name, &name_size, &san_type, NULL);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
else if (ret < 0)
@@ -1275,7 +1273,7 @@ unsigned found_one;
t = gnutls_x509_name_constraints_check(nc, GNUTLS_SAN_IPADDRESS, &n);
if (t == 0)
return gnutls_assert_val(t);
- } while(ret >= 0);
+ }
/* there is at least a single IP address. */
View Lorry Controller Status