Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-23 15:55:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.

Browse source 
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
This commit is contained in:
Paul Bakker 2011-12-10 21:55:01 +00:00
parent 18d32911c0
commit 69e095cc15
38 changed files with 254 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

8
programs/ssl/ssl_client2.c
View file

@ -241,12 +241,12 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO)
if( strlen( opt.ca_file ) )
ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
ret = x509parse_crtfile( &cacert, opt.ca_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
strlen( test_ca_crt ) );
#else
{
ret = 1;
@ -271,12 +271,12 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) )
ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
ret = x509parse_crtfile( &clicert, opt.crt_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
strlen( test_cli_crt ) );
#else
{
ret = 1;

4
programs/ssl/ssl_fork_server.c
View file

@ -250,7 +250,7 @@ int main( int argc, char *argv[] )
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
@ -258,7 +258,7 @@ int main( int argc, char *argv[] )
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );

12
programs/ssl/ssl_mail_client.c
View file

@ -493,12 +493,12 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO)
if( strlen( opt.ca_file ) )
ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
ret = x509parse_crtfile( &cacert, opt.ca_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
strlen( test_ca_crt ) );
#else
{
ret = 1;
@ -523,15 +523,15 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) )
ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
ret = x509parse_crtfile( &clicert, opt.crt_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
strlen( test_cli_crt ) );
#else
{
ret = 1;
ret = -1;
printf("POLARSSL_CERTS_C not defined.");
}
#endif
@ -551,7 +551,7 @@ int main( int argc, char *argv[] )
strlen( test_cli_key ), NULL, 0 );
#else
{
ret = 1;
ret = -1;
printf("POLARSSL_CERTS_C not defined.");
}
#endif

4
programs/ssl/ssl_server.c
View file

@ -220,7 +220,7 @@ int main( int argc, char *argv[] )
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
@ -228,7 +228,7 @@ int main( int argc, char *argv[] )
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );

4
programs/test/ssl_cert_test.c
View file

@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
* Alternatively, you may load the CA certificates from a .pem or
* .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
*/
ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt", X509_NON_PERMISSIVE );
ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt" );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crtfile returned %d\n\n", ret );
@ -148,7 +148,7 @@ int main( int argc, char *argv[] )
printf( " . Loading the client certificate %s...", name );
fflush( stdout );
ret = x509parse_crtfile( &clicert, name, X509_NON_PERMISSIVE );
ret = x509parse_crtfile( &clicert, name );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );

4
programs/test/ssl_test.c
View file

@ -214,7 +214,7 @@ static int ssl_test( struct options *opt )
goto exit;
#else
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " ! x509parse_crt returned %d\n\n", ret );
@ -222,7 +222,7 @@ static int ssl_test( struct options *opt )
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " ! x509parse_crt returned %d\n\n", ret );

12
programs/x509/cert_app.c
View file

@ -200,17 +200,25 @@ int main( int argc, char *argv[] )
printf( "\n . Loading the certificate(s) ..." );
fflush( stdout );
ret = x509parse_crtfile( &crt, opt.filename, opt.permissive );
ret = x509parse_crtfile( &crt, opt.filename );
if( ret != 0 )
if( ret < 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
x509_free( &crt );
goto exit;
}
if( opt.permissive == 0 && ret > 0 )
{
printf( " failed\n ! x509parse_crt failed to parse %d certificates\n\n", ret );
x509_free( &crt );
goto exit;
}
printf( " ok\n" );
/*
* 1.2 Print the certificate(s)
*/