[gnutls-devel] [PATCH 2/5] Fix gnutls_pkcs12_simple_parse to always extract the complete chain
Stefan Sørensen
stefan.sorensen at spectralink.com
Mon Aug 8 13:31:15 CEST 2016
gnutls_pkcs12_simple_parse was only collecting extra certificates that was
possible elements of the certificate chain when the extra_certs argument was
not NULL. Fix by allways collecting all the certificates, any unneeded
certificates are released before returning if extra_certs is NULL anyway.
Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
---
lib/x509/pkcs12.c | 35 +++++++++++++++--------------------
1 file changed, 15 insertions(+), 20 deletions(-)
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 5b072dd..e39dcde 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -1683,27 +1683,22 @@ gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
}
if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */
- if (extra_certs) {
- _extra_certs =
- gnutls_realloc_fast
- (_extra_certs,
- sizeof(_extra_certs
- [0]) *
- ++_extra_certs_len);
- if (!_extra_certs) {
- gnutls_assert();
- ret =
- GNUTLS_E_MEMORY_ERROR;
- goto done;
- }
- _extra_certs
- [_extra_certs_len -
- 1] = this_cert;
- this_cert = NULL;
- } else {
- gnutls_x509_crt_deinit
- (this_cert);
+ _extra_certs =
+ gnutls_realloc_fast
+ (_extra_certs,
+ sizeof(_extra_certs
+ [0]) *
+ ++_extra_certs_len);
+ if (!_extra_certs) {
+ gnutls_assert();
+ ret =
+ GNUTLS_E_MEMORY_ERROR;
+ goto done;
}
+ _extra_certs
+ [_extra_certs_len -
+ 1] = this_cert;
+ this_cert = NULL;
} else {
if (chain && _chain_len == 0) {
_chain =
--
2.7.4
More information about the Gnutls-devel
mailing list