diff options
author | attilamolnar <attilamolnar@hush.com> | 2012-11-19 17:25:31 +0100 |
---|---|---|
committer | attilamolnar <attilamolnar@hush.com> | 2012-11-19 18:32:46 +0100 |
commit | 851b9aa26b2b3d29d291e837622761dd1de0f049 (patch) | |
tree | 92a90dd0c4d5b8c3e2c50948b3ee259dd82199f8 /src/modules | |
parent | 77e325c3e09229c4ee976ea1ed9ea8383de02de3 (diff) |
m_ssl_gnutls Dynamically detect the number of certificates in the certfile
Remove the "certcount" setting, as it's no longer needed
When finished reading the certs, resize the buffer to the actual number of certs read
Diffstat (limited to 'src/modules')
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 45076c8b4..a8a35fa78 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -342,12 +342,23 @@ class ModuleSSLGnuTLS : public Module gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), static_cast<unsigned int>(key_string.length()) }; // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException - unsigned int certcount = Conf->getInt("certcount", 3); + unsigned int certcount = 3; x509_certs.resize(certcount); ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); - if (ret < 0) - throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + std::string(gnutls_strerror(ret))); - x509_certs.resize(certcount); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + // the buffer wasn't big enough to hold all certs but gnutls updated certcount to the number of available certs, try again with a bigger buffer + x509_certs.resize(certcount); + ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + } + + if (ret <= 0) + { + // clear the vector so we won't call gnutls_x509_crt_deinit() on the (uninited) certs later + x509_certs.clear(); + throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + ((ret < 0) ? (std::string(gnutls_strerror(ret))) : "No certs could be read")); + } + x509_certs.resize(ret); if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0) throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret))); |