[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_10-5-gf0bb4
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_10-5-gf0bb455 |
|
Date: |
Tue, 06 Sep 2011 14:27:31 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=f0bb4555cb6ee50cbda38c5631f9d4d9c8a5aabe
The branch, gnutls_2_12_x has been updated
via f0bb4555cb6ee50cbda38c5631f9d4d9c8a5aabe (commit)
via 2cc280cb4aa0a865553c6651f84264aa3562e42d (commit)
from be5603c14c177f07dbb553bc6977b68ca7afd7a4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f0bb4555cb6ee50cbda38c5631f9d4d9c8a5aabe
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Sep 6 12:52:29 2011 +0200
Modified fix of "Allow CA importing of 0 certificates to succeed".
gnutls_x509_crt_list_import() is still failing when no certificates
are found and only gnutls_certificate_set_x509_trust_mem() returns
zero when no certificates are found.
commit 2cc280cb4aa0a865553c6651f84264aa3562e42d
Author: Simon Josefsson <address@hidden>
Date: Tue Sep 6 12:09:03 2011 +0200
libgnutls: Allow CA importing of 0 certificates to succeed.
Reported by Jonathan Nieder <address@hidden> in
<http://bugs.debian.org/640639>.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 10 ++++++++++
lib/gnutls_x509.c | 23 +++++++++++------------
lib/x509/x509.c | 5 +----
tests/parse_ca.c | 9 ++++++++-
4 files changed, 30 insertions(+), 17 deletions(-)
diff --git a/NEWS b/NEWS
index 1591784..0fd87e3 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,16 @@ Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
See the end for copying conditions.
+Version 2.12.11 (unreleased)
+
+** libgnutls: Allow CA importing of 0 certificates to succeed.
+Reported by Jonathan Nieder <address@hidden> in
+<http://bugs.debian.org/640639>.
+
+** API and ABI modifications:
+No changes since last version.
+
+
* Version 2.12.10 (released 2011-09-01)
** libgnutls: OpenPGP certificate type is not enabled
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 6f73c44..43059d0 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -1201,10 +1201,8 @@ parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list,
unsigned *ncerts,
PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
if (ptr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
+
size = input_cert_size - (ptr - input_cert);
i = *ncerts + 1;
@@ -1357,6 +1355,9 @@ gnutls_certificate_set_x509_trust_mem
(gnutls_certificate_credentials_t res,
ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas,
ca->data, ca->size);
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND)
+ return 0;
+
if ((ret2 = add_new_crt_to_rdn_seq (res, ret)) < 0)
return ret2;
@@ -1455,7 +1456,7 @@ gnutls_certificate_set_x509_trust_file
(gnutls_certificate_credentials_t res,
{
int ret, ret2;
size_t size;
- char *data;
+ gnutls_datum_t cas;
#ifdef ENABLE_PKCS11
if (strncmp (cafile, "pkcs11:", 7) == 0)
@@ -1464,19 +1465,17 @@ gnutls_certificate_set_x509_trust_file
(gnutls_certificate_credentials_t res,
}
#endif
- data = read_binary_file (cafile, &size);
- if (data == NULL)
+ cas.data = read_binary_file (cafile, &size);
+ if (cas.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
- if (type == GNUTLS_X509_FMT_DER)
- ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
- else
- ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
+ cas.size = size;
+ ret = gnutls_certificate_set_x509_trust_mem (res, &cas, type);
- free (data);
+ free (cas.data);
if (ret < 0)
{
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 3e2948d..6f82b8b 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3181,10 +3181,7 @@ gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
if (ptr == NULL)
- {
- gnutls_assert ();
- return GNUTLS_E_BASE64_DECODING_ERROR;
- }
+ return gnutls_assert_val(GNUTLS_E_NO_CERTIFICATE_FOUND);
count = 0;
diff --git a/tests/parse_ca.c b/tests/parse_ca.c
index 9f81887..42d9eb3 100644
--- a/tests/parse_ca.c
+++ b/tests/parse_ca.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2007, 2010, 2011 Free Software Foundation, Inc.
*
* Author: Simon Josefsson
*
@@ -72,6 +72,13 @@ doit (void)
if (rc != 2)
fail ("import ca failed: %d\n", rc);
+ ca.data = (unsigned char*) "";
+ ca.size = 0;
+
+ rc = gnutls_certificate_set_x509_trust_mem (cred, &ca, GNUTLS_X509_FMT_PEM);
+ if (rc != 0)
+ fail ("import ca failed: %d\n", rc);
+
gnutls_certificate_free_credentials (cred);
gnutls_global_deinit ();
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_10-5-gf0bb455,
Nikos Mavrogiannopoulos <=