diff options
author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-10-30 20:10:40 +0000 |
---|---|---|
committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2008-10-30 20:10:40 +0000 |
commit | 86f4e40ff4f617573e4eee69db71ffc7f6493ccf (patch) | |
tree | 994163d06a1e3c849c4818eab77bf7433e4547b9 /src/ne_gnutls.c | |
parent | 2e41a622add67882c4c552816732635576767a1a (diff) | |
download | neon-86f4e40ff4f617573e4eee69db71ffc7f6493ccf.tar.gz |
* src/ne_gnutls.c (pkcs12_parse): Ignore any but the first key or cert
encountered. Should fix issues with PKCS#12 files with embedded CA
certs, see Debian bug 480041.
* test/ssl.c (client_cert_ca): Add test case.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1589 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
Diffstat (limited to 'src/ne_gnutls.c')
-rw-r--r-- | src/ne_gnutls.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index 5d58a9d..d2cf207 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -974,6 +974,10 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, switch (type) { case GNUTLS_BAG_PKCS8_KEY: case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: + /* Ignore any but the first key encountered; really + * need to match up keyids. */ + if (*pkey) break; + gnutls_x509_privkey_init(pkey); ret = gnutls_pkcs12_bag_get_data(bag, j, &data); @@ -986,6 +990,10 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, if (ret < 0) continue; break; case GNUTLS_BAG_CERTIFICATE: + /* Ignore any but the first cert encountered; again, + * really need to match up keyids. */ + if (*x5) break; + gnutls_x509_crt_init(x5); ret = gnutls_pkcs12_bag_get_data(bag, j, &data); |