summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authorattilamolnar <attilamolnar@hush.com>2012-11-19 17:25:31 +0100
committerattilamolnar <attilamolnar@hush.com>2012-11-19 18:32:46 +0100
commit851b9aa26b2b3d29d291e837622761dd1de0f049 (patch)
tree92a90dd0c4d5b8c3e2c50948b3ee259dd82199f8 /src/modules
parent77e325c3e09229c4ee976ea1ed9ea8383de02de3 (diff)
m_ssl_gnutls Dynamically detect the number of certificates in the certfile
Remove the "certcount" setting, as it's no longer needed When finished reading the certs, resize the buffer to the actual number of certs read
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp19
1 files changed, 15 insertions, 4 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 45076c8b4..a8a35fa78 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -342,12 +342,23 @@ class ModuleSSLGnuTLS : public Module
gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), static_cast<unsigned int>(key_string.length()) };
// If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException
- unsigned int certcount = Conf->getInt("certcount", 3);
+ unsigned int certcount = 3;
x509_certs.resize(certcount);
ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret < 0)
- throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + std::string(gnutls_strerror(ret)));
- x509_certs.resize(certcount);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ // the buffer wasn't big enough to hold all certs but gnutls updated certcount to the number of available certs, try again with a bigger buffer
+ x509_certs.resize(certcount);
+ ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ }
+
+ if (ret <= 0)
+ {
+ // clear the vector so we won't call gnutls_x509_crt_deinit() on the (uninited) certs later
+ x509_certs.clear();
+ throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + ((ret < 0) ? (std::string(gnutls_strerror(ret))) : "No certs could be read"));
+ }
+ x509_certs.resize(ret);
if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0)
throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret)));