OpenSSL: Allow ca_cert_blob in PEM format
GnuTLS backend already accepts CA cert blobs in both DER and PEM formats. Implement similar trial-and-error handling in OpenSSL backend. Signed-off-by: Santtu Lakkala <santtu.lakkala@jolla.com>
This commit is contained in:
parent
2080f4c779
commit
8ba809f67b
1 changed files with 17 additions and 3 deletions
|
@ -2577,9 +2577,23 @@ static int tls_connection_ca_cert(struct tls_data *data,
|
|||
(const unsigned char **) &ca_cert_blob,
|
||||
ca_cert_blob_len);
|
||||
if (cert == NULL) {
|
||||
tls_show_errors(MSG_WARNING, __func__,
|
||||
"Failed to parse ca_cert_blob");
|
||||
return -1;
|
||||
BIO *bio = BIO_new_mem_buf(ca_cert_blob,
|
||||
ca_cert_blob_len);
|
||||
|
||||
if (bio) {
|
||||
cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
|
||||
BIO_free(bio);
|
||||
}
|
||||
|
||||
if (!cert) {
|
||||
tls_show_errors(MSG_WARNING, __func__,
|
||||
"Failed to parse ca_cert_blob");
|
||||
return -1;
|
||||
}
|
||||
|
||||
while (ERR_get_error()) {
|
||||
/* Ignore errors from DER conversion. */
|
||||
}
|
||||
}
|
||||
|
||||
if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ssl_ctx),
|
||||
|
|
Loading…
Reference in a new issue