diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem index 4a9786a50..b2dc6ae6e 100644 --- a/certs/ca-cert.pem +++ b/certs/ca-cert.pem @@ -1,3 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD +VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G +A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3 +dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx +MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 +aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd +MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q +8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k +EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A +dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/ +mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ +CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O +BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd +P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u +dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV +BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG +9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513 +PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH +Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr +G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m +ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi +rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg== +-----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) @@ -58,30 +85,3 @@ Certificate: f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4: b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70: 5a:1f:7f:ca ------BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD -VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G -A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3 -dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx -MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q -8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k -EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A -dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/ -mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ -CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O -BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd -P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u -dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV -BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG -9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513 -PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH -Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr -G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m -ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi -rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg== ------END CERTIFICATE----- diff --git a/cyassl/error.h b/cyassl/error.h index d9d35ff75..acc269db6 100644 --- a/cyassl/error.h +++ b/cyassl/error.h @@ -104,6 +104,7 @@ enum CyaSSL_ErrorCodes { COOKIE_ERROR = -269, /* dtls cookie error */ SEQUENCE_ERROR = -270, /* dtls sequence error */ SUITES_ERROR = -271, /* suites pointer error */ + SSL_NO_PEM_HEADER = -272, /* no PEM header found */ /* add strings to SetErrorString !!!!! */ /* begin negotiation parameter errors */ diff --git a/src/internal.c b/src/internal.c index 25748b176..5f467ed7f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4259,6 +4259,10 @@ void SetErrorString(int error, char* str) XSTRNCPY(str, "Suites Pointer Error", max); break; + case SSL_NO_PEM_HEADER: + XSTRNCPY(str, "No PEM Header Error", max); + break; + default : XSTRNCPY(str, "unknown error number", max); } diff --git a/src/ssl.c b/src/ssl.c index 4edeb2077..26cc47d7c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -831,8 +831,10 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) headerEnd = XSTRNSTR((char*)buff, header, sz); } - if (!headerEnd) - return SSL_BAD_FILE; + if (!headerEnd) { + CYASSL_MSG("Couldn't find PEM header"); + return SSL_NO_PEM_HEADER; + } headerEnd += XSTRLEN(header); /* get next line */ @@ -985,6 +987,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) word32 bufferSz = sizeof(staticBuffer); long consumed = info.consumed; word32 idx = 0; + int gotOne = 0; if ( (sz - consumed) > (int)bufferSz) { CYASSL_MSG("Growing Tmp Chain Buffer"); @@ -1000,7 +1003,6 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) CYASSL_MSG("Processing Cert Chain"); while (consumed < sz) { - long left; buffer part; info.consumed = 0; part.buffer = 0; @@ -1008,6 +1010,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) ret = PemToDer(buff + consumed, sz - consumed, type, &part, ctx->heap, &info, &eccKey); if (ret == 0) { + gotOne = 1; if ( (idx + part.length) > bufferSz) { CYASSL_MSG(" Cert Chain bigger than buffer"); ret = BUFFER_E; @@ -1024,18 +1027,19 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) } XFREE(part.buffer, ctx->heap, dynamicType); + + if (ret == SSL_NO_PEM_HEADER && gotOne) { + CYASSL_MSG("We got one good PEM so stuff at end ok"); + ret = 0; + break; + } + if (ret < 0) { CYASSL_MSG(" Error in Cert in Chain"); XFREE(der.buffer, ctx->heap, dynamicType); return ret; } CYASSL_MSG(" Consumed another Cert in Chain"); - - left = sz - consumed; - if (left > 0 && left < CERT_MIN_SIZE) { - CYASSL_MSG(" Non Cert at end of file"); - break; - } } CYASSL_MSG("Finished Processing Cert Chain"); ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap, @@ -1230,28 +1234,31 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify) static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff, long sz, int format, int type, CYASSL* ssl) { - long used = 0; - int ret = 0; + long used = 0; + int ret = 0; + int gotOne = 0; CYASSL_MSG("Processing CA PEM file"); while (used < sz) { long consumed = 0; - long left; ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl, &consumed, 0); + + if (ret == SSL_NO_PEM_HEADER && gotOne) { + CYASSL_MSG("We got one good PEM file so stuff at end ok"); + ret = SSL_SUCCESS; + break; + } + if (ret < 0) break; CYASSL_MSG(" Processed a CA"); + gotOne = 1; used += consumed; - - left = sz - used; - if (left > 0 && left < CERT_MIN_SIZE) { /* non cert stuff at eof */ - CYASSL_MSG(" Non CA cert at eof"); - break; - } } + return ret; }