<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<p style="color: #777777;">
<a href="https://gitlab.com/sundbry">Ryan Sundberg</a>
commented on a
discussion on <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852837122">lib/system/certs.c</a>:
</p>
<table>
<tr class="line_holder">
<td class="old_line diff-line-num" data-linenumber="116" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
116
</td>
<td class="new_line diff-line-num" data-linenumber="157" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
157
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC157" class="line" lang="c"><span class="cp" style="color: #999; font-weight: 600;">#endif</span></span>
</pre></td>
</tr>
<tr class="line_holder">
<td class="old_line diff-line-num" data-linenumber="117" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
117
</td>
<td class="new_line diff-line-num" data-linenumber="158" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
158
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC158" class="line" lang="c"></span>
</pre></td>
</tr>
<tr class="line_holder">
<td class="old_line diff-line-num" data-linenumber="118" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
118
</td>
<td class="new_line diff-line-num" data-linenumber="159" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">
159
</td>
<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;"><pre style="margin: 0;"> <span id="LC159" class="line" lang="c"><span class="cp" style="color: #999; font-weight: 600;">#if defined(ENABLE_PKCS11) && defined(DEFAULT_TRUST_STORE_PKCS11)</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="119" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
119
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC119" class="line" lang="c"> <span class="n" style="color: #333;">ret</span> <span class="o" style="font-weight: 600;">=</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="120" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
120
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC120" class="line" lang="c"> <span class="n" style="color: #333;">gnutls_x509_trust_list_add_trust_file</span><span class="p">(</span><span class="n" style="color: #333;">list</span><span class="p">,</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="121" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
121
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC121" class="line" lang="c"> <span class="n" style="color: #333;">DEFAULT_TRUST_STORE_PKCS11</span><span class="p">,</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="122" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
122
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC122" class="line" lang="c"> <span class="n" style="color: #333;">crl_file</span><span class="p">,</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="123" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
123
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC123" class="line" lang="c"> <span class="n" style="color: #333;">GNUTLS_X509_FMT_DER</span><span class="p">,</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="124" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
124
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC124" class="line" lang="c"> <span class="n" style="color: #333;">tl_flags</span><span class="p">,</span> <span class="n" style="color: #333;">tl_vflags</span><span class="p">);</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="125" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
125
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC125" class="line" lang="c"> <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="n" style="color: #333;">ret</span> <span class="o" style="font-weight: 600;">></span> <span class="mi" style="color: #099;">0</span><span class="p">)</span></span>
</pre></td>
</tr>
<tr class="line_holder old">
<td class="old_line diff-line-num old" data-linenumber="126" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
126
</td>
<td class="new_line diff-line-num old" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">
</td>
<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb"><pre style="margin: 0;">-<span id="LC126" class="line" lang="c"> <span class="n" style="color: #333;">r</span> <span class="o" style="font-weight: 600;">+=</span> <span class="n" style="color: #333;">ret</span><span class="p">;</span></span>
</pre></td>
</tr>
<tr class="line_holder new">
<td class="old_line diff-line-num new" data-linenumber="127" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
</td>
<td class="new_line diff-line-num new" data-linenumber="160" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">
160
</td>
<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0"><pre style="margin: 0;">+<span id="LC160" class="line" lang="c"> <span class="k" style="font-weight: 600;">if</span> <span class="p">(</span><span class="n" style="color: #333;">r</span> <span class="o" style="font-weight: 600;">==</span> <span class="mi" style="color: #099;">0</span><span class="p">)</span> <span class="p">{</span></span>
</pre></td>
</tr>
</table>
<div style="">
<p dir="auto">I was trying to be security conscious while merging the two functions together. My thought here was that if the user has some method explicitly configured for the root certs, it should short circuit on the first one and return there. For example, if the user has a PKCS11 module for the root certs, and some certs are loaded from there, the environment variable should not be read (it should ONLY use the pkcs11 certs). Or if they have the environment variable set, and some are loaded, it should bypass loading the default /etc/ssl/certs.</p>
<p dir="auto">I don't know how many installations are out there with both <code>DEFAULT_TRUST_STORE_PKCS11</code> and <code>DEFAULT_TRUST_STORE_FILE</code> configured, if any, where this may affect them if they wanted to load certs from more than one default source concurrently.</p>
</div>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852837122">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/14ed27f3823e90df6b68ec41df4f667e/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/-/merge_requests/1541#note_852837122"}}</script>
</p>
</div>
</body>
</html>