summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorattilamolnar <attilamolnar@hush.com>2012-11-19 17:25:31 +0100
committerattilamolnar <attilamolnar@hush.com>2012-11-19 18:32:46 +0100
commit851b9aa26b2b3d29d291e837622761dd1de0f049 (patch)
tree92a90dd0c4d5b8c3e2c50948b3ee259dd82199f8
parent77e325c3e09229c4ee976ea1ed9ea8383de02de3 (diff)
m_ssl_gnutls Dynamically detect the number of certificates in the certfile
Remove the "certcount" setting, as it's no longer needed When finished reading the certs, resize the buffer to the actual number of certs read
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp19
1 files changed, 15 insertions, 4 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 45076c8b4..a8a35fa78 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -342,12 +342,23 @@ class ModuleSSLGnuTLS : public Module
gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), static_cast<unsigned int>(key_string.length()) };
// If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException
- unsigned int certcount = Conf->getInt("certcount", 3);
+ unsigned int certcount = 3;
x509_certs.resize(certcount);
ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
- if (ret < 0)
- throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + std::string(gnutls_strerror(ret)));
- x509_certs.resize(certcount);
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ // the buffer wasn't big enough to hold all certs but gnutls updated certcount to the number of available certs, try again with a bigger buffer
+ x509_certs.resize(certcount);
+ ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
+ }
+
+ if (ret <= 0)
+ {
+ // clear the vector so we won't call gnutls_x509_crt_deinit() on the (uninited) certs later
+ x509_certs.clear();
+ throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + ((ret < 0) ? (std::string(gnutls_strerror(ret))) : "No certs could be read"));
+ }
+ x509_certs.resize(ret);
if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0)
throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret)));