From: attilamolnar Date: Mon, 19 Nov 2012 16:25:31 +0000 (+0100) Subject: m_ssl_gnutls Dynamically detect the number of certificates in the certfile X-Git-Tag: v2.0.23~448 X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=851b9aa26b2b3d29d291e837622761dd1de0f049;p=user%2Fhenk%2Fcode%2Finspircd.git m_ssl_gnutls Dynamically detect the number of certificates in the certfile Remove the "certcount" setting, as it's no longer needed When finished reading the certs, resize the buffer to the actual number of certs read --- diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 45076c8b4..a8a35fa78 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -342,12 +342,23 @@ class ModuleSSLGnuTLS : public Module gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), static_cast(key_string.length()) }; // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException - unsigned int certcount = Conf->getInt("certcount", 3); + unsigned int certcount = 3; x509_certs.resize(certcount); ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); - if (ret < 0) - throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + std::string(gnutls_strerror(ret))); - x509_certs.resize(certcount); + if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) + { + // the buffer wasn't big enough to hold all certs but gnutls updated certcount to the number of available certs, try again with a bigger buffer + x509_certs.resize(certcount); + ret = gnutls_x509_crt_list_import(&x509_certs[0], &certcount, &cert_datum, GNUTLS_X509_FMT_PEM, GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED); + } + + if (ret <= 0) + { + // clear the vector so we won't call gnutls_x509_crt_deinit() on the (uninited) certs later + x509_certs.clear(); + throw ModuleException("Unable to load GnuTLS server certificate (" + certfile + "): " + ((ret < 0) ? (std::string(gnutls_strerror(ret))) : "No certs could be read")); + } + x509_certs.resize(ret); if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0) throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret)));