Changeset 8663ace in mod_gnutls


Ignore:
Timestamp:
Jan 24, 2009, 12:47:18 PM (14 years ago)
Author:
Nokis Mavrogiannopoulos <nmav@…>
Branches:
asyncio, debian/master, debian/stretch-backports, jessie-backports, main, master, msva, proxy-ticket, upstream
Children:
7ef38d4
Parents:
f46e1f2
git-author:
Nikos Mavrogiannopoulos <nmav@…> (01/24/09 12:47:18)
git-committer:
Nokis Mavrogiannopoulos <nmav@…> (01/24/09 12:47:18)
Message:

removed limit on ca certificates' number

Files:
3 edited

Legend:

Unmodified
Added
Removed

  • NEWS

    rf46e1f2 r8663ace  
    1 ** Verison 0.5.4 (2009-01-04)
     1** Version 0.5.5 (unreleased)
     2
     3- Removed limits on CA certificate loading. Reported by
     4  Sander Marechal and Jack Bates.
     5
     6** Version 0.5.4 (2009-01-04)
    27
    38- mod_gnutls.h: modified definition to extern to avoid compilation

  • include/mod_gnutls.h.in

    rf46e1f2 r8663ace  
    7979} mgs_dirconf_rec;
    8080
    81 
    82 /* The maximum number of client CA certificates allowed.
    83  */
    84 #define MAX_CA_CRTS 128
    8581
    8682/* The maximum number of certificates to send in a chain
     
    112108    const char* srp_tpasswd_file;
    113109    const char* srp_tpasswd_conf_file;
    114     gnutls_x509_crt_t ca_list[MAX_CA_CRTS];
     110    gnutls_x509_crt_t *ca_list;
    115111    gnutls_openpgp_keyring_t pgp_list;
    116112    unsigned int ca_list_size;

  • src/gnutls_config.c

    rf46e1f2 r8663ace  
    399399}
    400400
     401#define INIT_CA_SIZE 128
    401402const char *mgs_set_client_ca_file(cmd_parms * parms, void *dummy,
    402403                                   const char *arg)
     
    420421    }
    421422
    422     sc->ca_list_size = MAX_CA_CRTS;
     423    sc->ca_list_size = INIT_CA_SIZE;
     424    sc->ca_list = malloc(sc->ca_list_size * sizeof(*sc->ca_list));
     425    if (sc->ca_list == NULL) {
     426                return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error");
     427    }
     428
    423429    rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
    424                                      &data, GNUTLS_X509_FMT_PEM,
    425                                      GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
    426     if (rv < 0) {
    427         return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
     430                                     &data, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
     431    if (rv < 0 && rv != GNUTLS_E_SHORT_MEMORY_BUFFER) {
     432                        return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
    428433                            "Client CA File '%s': (%d) %s", file, rv,
    429434                            gnutls_strerror(rv));
     435    }
     436   
     437    if (INIT_CA_SIZE < sc->ca_list_size) {
     438                    sc->ca_list = realloc(sc->ca_list, sc->ca_list_size*sizeof(*sc->ca_list));
     439                    if (sc->ca_list == NULL) {
     440                                return apr_psprintf(parms->pool, "mod_gnutls: Memory allocation error");
     441                    }
     442
     443                /* re-read */
     444                rv = gnutls_x509_crt_list_import(sc->ca_list, &sc->ca_list_size,
     445                                     &data, GNUTLS_X509_FMT_PEM, 0);
     446
     447                    if (rv < 0) {
     448                                        return apr_psprintf(parms->pool, "GnuTLS: Failed to load "
     449                                            "Client CA File '%s': (%d) %s", file, rv,
     450                                            gnutls_strerror(rv));
     451                    }
    430452    }
    431453
Note: See TracChangeset for help on using the changeset viewer.