forked from wolfSSL/wolfssl
when processing multiple cert files don't error out if some junk at eof
This commit is contained in:
Todd A Ouska
@ -338,6 +338,7 @@ enum Misc {
|
|||||||
|
|
||||||
MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
|
MAX_CHAIN_DEPTH = 4, /* max cert chain peer depth */
|
||||||
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
|
MAX_X509_SIZE = 2048, /* max static x509 buffer size */
|
||||||
|
CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
|
||||||
FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
|
FILE_BUFFER_SIZE = 1024, /* default static file buffer size for input,
|
||||||
will use dynamic buffer if not big enough */
|
will use dynamic buffer if not big enough */
|
||||||
|
|
||||||
|
|||||||
14
src/ssl.c
14
src/ssl.c
@ -620,6 +620,7 @@ int AddCA(SSL_CTX* ctx, buffer der)
|
|||||||
|
|
||||||
CYASSL_MSG("Processing Cert Chain");
|
CYASSL_MSG("Processing Cert Chain");
|
||||||
while (consumed < sz) {
|
while (consumed < sz) {
|
||||||
|
long left;
|
||||||
buffer part;
|
buffer part;
|
||||||
info.consumed = 0;
|
info.consumed = 0;
|
||||||
part.buffer = 0;
|
part.buffer = 0;
|
||||||
@ -648,6 +649,12 @@ int AddCA(SSL_CTX* ctx, buffer der)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
CYASSL_MSG(" Consumed another Cert in Chain");
|
CYASSL_MSG(" Consumed another Cert in Chain");
|
||||||
|
|
||||||
|
left = sz - consumed;
|
||||||
|
if (left > 0 && left < CERT_MIN_SIZE) {
|
||||||
|
CYASSL_MSG(" Non Cert at end of file");
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
CYASSL_MSG("Finished Processing Cert Chain");
|
CYASSL_MSG("Finished Processing Cert Chain");
|
||||||
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
|
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
|
||||||
@ -825,6 +832,7 @@ static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff,
|
|||||||
CYASSL_MSG("Processing CA PEM file");
|
CYASSL_MSG("Processing CA PEM file");
|
||||||
while (used < sz) {
|
while (used < sz) {
|
||||||
long consumed = 0;
|
long consumed = 0;
|
||||||
|
long left;
|
||||||
|
|
||||||
ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
|
ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
|
||||||
&consumed);
|
&consumed);
|
||||||
@ -833,6 +841,12 @@ static int ProcessChainBuffer(SSL_CTX* ctx, const unsigned char* buff,
|
|||||||
|
|
||||||
CYASSL_MSG(" Processed a CA");
|
CYASSL_MSG(" Processed a CA");
|
||||||
used += consumed;
|
used += consumed;
|
||||||
|
|
||||||
|
left = sz - used;
|
||||||
|
if (left > 0 && left < CERT_MIN_SIZE) { /* non cert stuff at eof */
|
||||||
|
CYASSL_MSG(" Non CA cert at eof");
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user