From b5df3bf1b47775963689c62a866f807ed26e6ad0 Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 19 Jun 2013 12:08:47 +0200 Subject: [PATCH] ssl_parse_certificate() now calls x509parse_crt_der() directly (cherry picked from commit 1922a4e6aade7b1d685af19d4d9339ddb5c02859) Conflicts: library/ssl_tls.c --- ChangeLog | 3 +++ include/polarssl/x509.h | 12 ++++++++++++ library/ssl_tls.c | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4e9fb7c93..9485cacd8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ Changes Bugfix * x509parse_crt() now better handles PEM error situations + * ssl_parse_certificate() now calls x509parse_crt_der() directly + instead of the x509parse_crt() wrapper that can also parse PEM + certificates = Version 1.1.6 released on 2013-03-11 Bugfix diff --git a/include/polarssl/x509.h b/include/polarssl/x509.h index 9b07a0921..a5ea52d6b 100644 --- a/include/polarssl/x509.h +++ b/include/polarssl/x509.h @@ -416,6 +416,18 @@ extern "C" { */ /** \ingroup x509_module */ +/** + * \brief Parse a single DER formatted certificate and add it + * to the chained list. + * + * \param chain points to the start of the chain + * \param buf buffer holding the certificate DER data + * \param buflen size of the buffer + * + * \return 0 if successful, or a specific X509 or PEM error code + */ +int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen ); + /** * \brief Parse one or more certificates and add them * to the chained list. Parses permissively. If some diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 013483494..27f2172fc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1474,7 +1474,7 @@ int ssl_parse_certificate( ssl_context *ssl ) return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE ); } - ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n ); + ret = x509parse_crt_der( ssl->peer_cert, ssl->in_msg + i, n ); if( ret != 0 ) { SSL_DEBUG_RET( 1, " x509parse_crt", ret );