[gnutls-devel] GnuTLS | WIP: AIA callback to retrieve missing chain certificates (!1262)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat May 30 12:45:47 CEST 2020
Daiki Ueno commented on a discussion on tests/missingissuer.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352275853
> + gnutls_datum_t tmp;
> + int ret;
> +
> + tmp.data = (unsigned char *)missing_cert_insert;
> + tmp.size = strlen(missing_cert_insert);
> +
> + ret = gnutls_x509_crt_import(issuer, &tmp, GNUTLS_X509_FMT_PEM);
> + if (ret < 0) {
> + fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
> + return -1;
> + }
> +
> + ret = gnutls_x509_crt_print(crt, GNUTLS_CRT_PRINT_ONELINE, &tmp);
> + if (ret < 0) {
> + fprintf(stderr, "error: %s\n", gnutls_strerror(ret));
> + gnutls_free(tmp.data);
That is true, but `gnutls_x509_crt_print` can return without touching the `out` parameter upon failure, e.g., around https://gitlab.com/gnutls/gnutls/-/blob/master/lib/x509/output.c#L2218. In that case `tmp.data` will still point to the static memory.
In general, I think you can safely assume that the out parameter is not modified when the operation fails.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1262#note_352275853
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200530/cf818b31/attachment-0001.html>
More information about the Gnutls-devel
mailing list