allow meta PEM data at end of file too
This commit is contained in:
toddouska
parent
e9c7cbf803
commit
53ccbddd01
@ -1,3 +1,30 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
|
||||
A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
|
||||
dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
|
||||
MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
|
||||
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
|
||||
aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
|
||||
MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
|
||||
8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
|
||||
EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
|
||||
dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
|
||||
mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
|
||||
CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
|
||||
BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
|
||||
P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
|
||||
dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
|
||||
BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
|
||||
9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
|
||||
BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
|
||||
PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
|
||||
Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
|
||||
G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
|
||||
ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
|
||||
rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
|
||||
-----END CERTIFICATE-----
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
@ -58,30 +85,3 @@ Certificate:
|
||||
f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
|
||||
b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
|
||||
5a:1f:7f:ca
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
|
||||
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
|
||||
A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
|
||||
dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
|
||||
MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
|
||||
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
|
||||
aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
|
||||
MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
|
||||
8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
|
||||
EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
|
||||
dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
|
||||
mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
|
||||
CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
|
||||
BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
|
||||
P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
|
||||
dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
|
||||
BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
|
||||
9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
|
||||
BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
|
||||
PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
|
||||
Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
|
||||
G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
|
||||
ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
|
||||
rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
@ -104,6 +104,7 @@ enum CyaSSL_ErrorCodes {
|
||||
COOKIE_ERROR = -269, /* dtls cookie error */
|
||||
SEQUENCE_ERROR = -270, /* dtls sequence error */
|
||||
SUITES_ERROR = -271, /* suites pointer error */
|
||||
SSL_NO_PEM_HEADER = -272, /* no PEM header found */
|
||||
/* add strings to SetErrorString !!!!! */
|
||||
|
||||
/* begin negotiation parameter errors */
|
||||
|
||||
@ -4259,6 +4259,10 @@ void SetErrorString(int error, char* str)
|
||||
XSTRNCPY(str, "Suites Pointer Error", max);
|
||||
break;
|
||||
|
||||
case SSL_NO_PEM_HEADER:
|
||||
XSTRNCPY(str, "No PEM Header Error", max);
|
||||
break;
|
||||
|
||||
default :
|
||||
XSTRNCPY(str, "unknown error number", max);
|
||||
}
|
||||
|
||||
43
src/ssl.c
43
src/ssl.c
@ -831,8 +831,10 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||
|
||||
headerEnd = XSTRNSTR((char*)buff, header, sz);
|
||||
}
|
||||
if (!headerEnd)
|
||||
return SSL_BAD_FILE;
|
||||
if (!headerEnd) {
|
||||
CYASSL_MSG("Couldn't find PEM header");
|
||||
return SSL_NO_PEM_HEADER;
|
||||
}
|
||||
headerEnd += XSTRLEN(header);
|
||||
|
||||
/* get next line */
|
||||
@ -985,6 +987,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||
word32 bufferSz = sizeof(staticBuffer);
|
||||
long consumed = info.consumed;
|
||||
word32 idx = 0;
|
||||
int gotOne = 0;
|
||||
|
||||
if ( (sz - consumed) > (int)bufferSz) {
|
||||
CYASSL_MSG("Growing Tmp Chain Buffer");
|
||||
@ -1000,7 +1003,6 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||
|
||||
CYASSL_MSG("Processing Cert Chain");
|
||||
while (consumed < sz) {
|
||||
long left;
|
||||
buffer part;
|
||||
info.consumed = 0;
|
||||
part.buffer = 0;
|
||||
@ -1008,6 +1010,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||
ret = PemToDer(buff + consumed, sz - consumed, type, &part,
|
||||
ctx->heap, &info, &eccKey);
|
||||
if (ret == 0) {
|
||||
gotOne = 1;
|
||||
if ( (idx + part.length) > bufferSz) {
|
||||
CYASSL_MSG(" Cert Chain bigger than buffer");
|
||||
ret = BUFFER_E;
|
||||
@ -1024,18 +1027,19 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||
}
|
||||
|
||||
XFREE(part.buffer, ctx->heap, dynamicType);
|
||||
|
||||
if (ret == SSL_NO_PEM_HEADER && gotOne) {
|
||||
CYASSL_MSG("We got one good PEM so stuff at end ok");
|
||||
ret = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
CYASSL_MSG(" Error in Cert in Chain");
|
||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
||||
return ret;
|
||||
}
|
||||
CYASSL_MSG(" Consumed another Cert in Chain");
|
||||
|
||||
left = sz - consumed;
|
||||
if (left > 0 && left < CERT_MIN_SIZE) {
|
||||
CYASSL_MSG(" Non Cert at end of file");
|
||||
break;
|
||||
}
|
||||
}
|
||||
CYASSL_MSG("Finished Processing Cert Chain");
|
||||
ctx->certChain.buffer = (byte*)XMALLOC(idx, ctx->heap,
|
||||
@ -1230,28 +1234,31 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
||||
static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
|
||||
long sz, int format, int type, CYASSL* ssl)
|
||||
{
|
||||
long used = 0;
|
||||
int ret = 0;
|
||||
long used = 0;
|
||||
int ret = 0;
|
||||
int gotOne = 0;
|
||||
|
||||
CYASSL_MSG("Processing CA PEM file");
|
||||
while (used < sz) {
|
||||
long consumed = 0;
|
||||
long left;
|
||||
|
||||
ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
|
||||
&consumed, 0);
|
||||
|
||||
if (ret == SSL_NO_PEM_HEADER && gotOne) {
|
||||
CYASSL_MSG("We got one good PEM file so stuff at end ok");
|
||||
ret = SSL_SUCCESS;
|
||||
break;
|
||||
}
|
||||
|
||||
if (ret < 0)
|
||||
break;
|
||||
|
||||
CYASSL_MSG(" Processed a CA");
|
||||
gotOne = 1;
|
||||
used += consumed;
|
||||
|
||||
left = sz - used;
|
||||
if (left > 0 && left < CERT_MIN_SIZE) { /* non cert stuff at eof */
|
||||
CYASSL_MSG(" Non CA cert at eof");
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user