ssl_parse_certificate() now calls x509parse_crt_der() directly

2024-11-25 21:47:52 +00:00 · 2013-06-06 15:11:16 +02:00 · 2013-06-06 15:11:16 +02:00 · 1922a4e6aa
commit 1922a4e6aa
parent 6417186365
3 changed files with 17 additions and 2 deletions
--- a/3
+++ b/3
@ -10,6 +10,9 @@ Bugfix
   * Fixed offset for cert_type list in ssl_parse_certificate_request()
   * Fixed const correctness issues that have no impact on the ABI
   * x509parse_crt() now better handles PEM error situations
+   * ssl_parse_certificate() now calls x509parse_crt_der() directly
+     instead of the x509parse_crt() wrapper that can also parse PEM
+	 certificates

 = Version 1.2.7 released 2013-04-13
 Features
--- a/include/polarssl/x509.h
+++ b/include/polarssl/x509.h
@ -424,6 +424,18 @@ extern "C" {
 */

 /** \ingroup x509_module */
+/**
+ * \brief          Parse a single DER formatted certificate and add it
+ *                 to the chained list.
+ *
+ * \param chain    points to the start of the chain
+ * \param buf      buffer holding the certificate DER data
+ * \param buflen   size of the buffer
+ *
+ * \return         0 if successful, or a specific X509 or PEM error code
+ */
+int x509parse_crt_der( x509_cert *chain, const unsigned char *buf, size_t buflen );
+
 /**
 * \brief          Parse one or more certificates and add them
 *                 to the chained list. Parses permissively. If some
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -2375,8 +2375,8 @@ int ssl_parse_certificate( ssl_context *ssl )
            return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
        }

-        ret = x509parse_crt( ssl->session_negotiate->peer_cert, ssl->in_msg + i,
-                             n );
+        ret = x509parse_crt_der( ssl->session_negotiate->peer_cert,
+                                 ssl->in_msg + i, n );
        if( ret != 0 )
        {
            SSL_DEBUG_RET( 1, " x509parse_crt", ret );