removed limit on ca certificates' number

author: Nokis Mavrogiannopoulos 2009-01-24 17:47:18 +0000
committer: Nokis Mavrogiannopoulos 2009-01-24 17:47:18 +0000
commit: 13494386eec6efd9650f7383ae081393bed7e152 (patch)
tree: a97bf84d4eedd0fde5e6207e5f3178136062cedf /src
parent: f30552add803008836c069509396c0a50ea6ea6c (diff)
1 files changed, 27 insertions, 5 deletions
diff --git a/src/gnutls_config.c b/src/gnutls_config.c
index e290d90..0a56b38 100644
--- a/src/gnutls_config.c
+++ b/src/gnutls_config.c
@@ -398,6 +398,7 @@ const char *mgs_set_client_verify(cmd_parms * parms, void *dummy,
    return NULL;
 }
+#define INIT_CA_SIZE 128
 const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
                                   const char *arg)
 {
@@ -419,15 +420,36 @@ const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
                            "Client CA File '%s'", file);
    }
-    sc->ca_list_size = MAX_CA_CRTS;
+    sc->ca_list_size = INIT_CA_SIZE;
+    sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list));
+    if (sc->ca_list == NULL) {
+                return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error");
+    }
    rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
-                                     &data, GNUTLS_X509_FMT_PEM,
+                                     &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
-                                     GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+    if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) {
-    if (rv < 0) {
+                        return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
-        return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
                            "Client CA File '%s': (%d) %s", file, rv,
                            gnutls_strerror(rv));
    }
+    
+    if (INIT_CA_SIZE < sc->ca_list_size) {
+                    sc->ca_list = realloc(sc->ca_list, sc->ca_list_size*sizeof(*sc->ca_list));
+                    if (sc->ca_list == NULL) {
+                                return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error");
+                    }
+                /* re-read */
+                rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
+                                     &data, GNUTLS_X509_FMT_PEM, 0);
+                    if (rv < 0) {
+                                        return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
+                                            "Client CA File '%s': (%d) %s", file, rv,
+                                            gnutls_strerror(rv));
+                    }
+    }
    apr_pool_destroy(spool);
    return NULL;
author	Nokis Mavrogiannopoulos	2009-01-24 17:47:18 +0000
committer	Nokis Mavrogiannopoulos	2009-01-24 17:47:18 +0000
commit	13494386eec6efd9650f7383ae081393bed7e152 (patch)
tree	a97bf84d4eedd0fde5e6207e5f3178136062cedf /src
parent	f30552add803008836c069509396c0a50ea6ea6c (diff)

diff --git a/src/gnutls_config.c b/src/gnutls_config.c index e290d90..0a56b38 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c
@@ -398,6 +398,7 @@ const char mgs_set_client_verify(cmd_parms parms, void *dummy,
398	return NULL;	398	return NULL;
399	}	399	}
400		400
		401	#define INIT_CA_SIZE 128
401	const char mgs_set_client_ca_file(cmd_parms parms, void *dummy,	402	const char mgs_set_client_ca_file(cmd_parms parms, void *dummy,
402	const char *arg)	403	const char *arg)
403	{	404	{
@@ -419,15 +420,36 @@ const char mgs_set_client_ca_file(cmd_parms parms, void *dummy,
419	"Client CA File '%s'", file);	420	"Client CA File '%s'", file);
420	}	421	}
421		422
422	sc->ca_list_size = MAX_CA_CRTS;	423	sc->ca_list_size = INIT_CA_SIZE;
		424	sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list));
		425	if (sc->ca_list == NULL) {
		426	return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error");
		427	}
		428
423	rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,	429	rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
424	&data, GNUTLS_X509_FMT_PEM,	430	&data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
425	GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);	431	if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) {
426	if (rv < 0) {	432	return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
427	return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
428	"Client CA File '%s': (%d) %s", file, rv,	433	"Client CA File '%s': (%d) %s", file, rv,
429	gnutls_strerror(rv));	434	gnutls_strerror(rv));
430	}	435	}
		436
		437	if (INIT_CA_SIZE < sc->ca_list_size) {
		438	sc->ca_list = realloc(sc->ca_list, sc->ca_list_sizesizeof(sc->ca_list));
		439	if (sc->ca_list == NULL) {
		440	return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error");
		441	}
		442
		443	/* re-read */
		444	rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
		445	&data, GNUTLS_X509_FMT_PEM, 0);
		446
		447	if (rv < 0) {
		448	return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
		449	"Client CA File '%s': (%d) %s", file, rv,
		450	gnutls_strerror(rv));
		451	}
		452	}
431		453
432	apr_pool_destroy(spool);	454	apr_pool_destroy(spool);
433	return NULL;	455	return NULL;