From 8663ace30034bc7c7e0775ed48a77c5f7f5c8da2 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 24 Jan 2009 17:47:18 +0000 Subject: removed limit on ca certificates' number --- src/gnutls_config.c | 32 +++++++++++++++++++++++++++----- 1 file changed, 27 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/gnutls_config.c b/src/gnutls_config.c index e290d90..0a56b38 100644 --- a/src/gnutls_config.c +++ b/src/gnutls_config.c @@ -398,6 +398,7 @@ const char *mgs_set_client_verify(cmd_parms * parms, void *dummy, return NULL; } +#define INIT_CA_SIZE 128 const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy, const char *arg) { @@ -419,15 +420,36 @@ const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy, "Client CA File '%s'", file); } - sc->ca_list_size = MAX_CA_CRTS; + sc->ca_list_size = INIT_CA_SIZE; + sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list)); + if (sc->ca_list == NULL) { + return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error"); + } + rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size, - &data, GNUTLS_X509_FMT_PEM, - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); - if (rv < 0) { - return apr_psprintf(parms->pool, "GnuTLS: Failed to load " + &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) { + return apr_psprintf(parms->pool, "GnuTLS: Failed to load " "Client CA File '%s': (%d) %s", file, rv, gnutls_strerror(rv)); } + + if (INIT_CA_SIZE < sc->ca_list_size) { + sc->ca_list = realloc(sc->ca_list, sc->ca_list_size*sizeof(*sc->ca_list)); + if (sc->ca_list == NULL) { + return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error"); + } + + /* re-read */ + rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size, + &data, GNUTLS_X509_FMT_PEM, 0); + + if (rv < 0) { + return apr_psprintf(parms->pool, "GnuTLS: Failed to load " + "Client CA File '%s': (%d) %s", file, rv, + gnutls_strerror(rv)); + } + } apr_pool_destroy(spool); return NULL; -- cgit