From 851b9aa26b2b3d29d291e837622761dd1de0f049 Mon Sep 17 00:00:00 2001 From: attilamolnar Date: Mon, 19 Nov 2012 17:25:31 +0100 Subject: m_ssl_gnutls Dynamically detect the number of certificates in the certfile Remove the "certcount" setting, as it's no longer needed When finished reading the certs, resize the buffer to the actual number of certs read --- src/modules/extra/m_ssl_gnutls.cpp | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 45076c8b4..a8a35fa78 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -342,12 +342,23 @@ class ModuleSSLGnuTLS : public Module gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), static_cast(key_string.length()) }; // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException - unsigned int certcount = Conf->getInt("certcount", 3); + unsigned int certcount = 3; x509_certs.resize(certcount); ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); - if (ret < 0) - throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + std::string(gnutls_strerror(ret))); - x509_certs.resize(certcount); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + // the buffer wasn't big enough to hold all certs but gnutls updated certcount to the number of available certs, try again with a bigger buffer + x509_certs.resize(certcount); + ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + } + + if (ret <= 0) + { + // clear the vector so we won't call gnutls_x509_crt_deinit() on the (uninited) certs later + x509_certs.clear(); + throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + ((ret < 0) ? (std::string(gnutls_strerror(ret))) : "No certs could be read")); + } + x509_certs.resize(ret); if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0) throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret))); -- cgit v1.2.3