From 1922a4e6aade7b1d685af19d4d9339ddb5c02859 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 6 Jun 2013 15:11:16 +0200 Subject: [PATCH] ssl_parse_certificate() now calls x509parse_crt_der() directly --- ChangeLog | 3 +++ include/polarssl/x509.h | 12 ++++++++++++ library/ssl_tls.c | 4 ++-- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 59be48bee..7561aba9d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,9 @@ Bugfix * Fixed offset for cert_type list in ssl_parse_certificate_request() * Fixed const correctness issues that have no impact on the ABI * x509parse_crt() now better handles PEM error situations + * ssl_parse_certificate() now calls x509parse_crt_der() directly + instead of the x509parse_crt() wrapper that can also parse PEM + certificates = Version 1.2.7 released 2013-04-13 Features diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 87151c927..296925f5e 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -424,6 +424,18 @@ extern "C" { */ /** \ingroup x509_module */ +/** + * \brief Parse a single DER formatted certificate and add it + * to the chained list. + * + * \param chain points to the start of the chain + * \param buf buffer holding the certificate DER data + * \param buflen size of the buffer + * + * \return 0 if successful, or a specific X509 or PEM error code + */ +int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen ); + /** * \brief Parse one or more certificates and add them * to the chained list. Parses permissively. If some diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9087ab4fa..e0cddf89f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2375,8 +2375,8 @@ int ssl_parse_certificate( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); } - ret = x509parse_crt( ssl->session_negotiate->peer_cert, ssl->in_msg + i, - n ); + ret = x509parse_crt_der( ssl->session_negotiate->peer_cert, + ssl->in_msg + i, n ); if( ret != 0 ) { SSL_DEBUG_RET( 1, " x509parse_crt", ret );