|
 |
873a72 |
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
|
|
|
873a72 |
index b102f4d..a4921f9 100644
|
|
|
873a72 |
--- a/lib/gnutls_x509.c
|
|
|
873a72 |
+++ b/lib/gnutls_x509.c
|
|
|
873a72 |
@@ -697,11 +697,11 @@ static int
|
|
|
873a72 |
read_cert_url(gnutls_certificate_credentials_t res, const char *url)
|
|
|
873a72 |
{
|
|
|
873a72 |
int ret;
|
|
|
873a72 |
- gnutls_x509_crt_t crt;
|
|
|
873a72 |
+ gnutls_x509_crt_t crt = NULL;
|
|
|
873a72 |
gnutls_pcert_st *ccert;
|
|
|
873a72 |
gnutls_str_array_t names;
|
|
|
873a72 |
gnutls_datum_t t = {NULL, 0};
|
|
|
873a72 |
- unsigned i;
|
|
|
873a72 |
+ unsigned i, count = 0;
|
|
|
873a72 |
|
|
|
873a72 |
_gnutls_str_array_init(&names);
|
|
|
873a72 |
|
|
|
873a72 |
@@ -729,13 +729,13 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
|
|
|
873a72 |
|
|
|
873a72 |
if (ret < 0) {
|
|
|
873a72 |
gnutls_assert();
|
|
|
873a72 |
- goto cleanup1;
|
|
|
873a72 |
+ goto cleanup;
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
ret = get_x509_name(crt, &names);
|
|
|
873a72 |
if (ret < 0) {
|
|
|
873a72 |
gnutls_assert();
|
|
|
873a72 |
- goto cleanup1;
|
|
|
873a72 |
+ goto cleanup;
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
/* Try to load the whole certificate chain from the PKCS #11 token */
|
|
|
873a72 |
@@ -747,17 +747,18 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
ret = gnutls_pcert_import_x509(&ccert[i], crt, 0);
|
|
|
873a72 |
- gnutls_x509_crt_deinit(crt);
|
|
|
873a72 |
-
|
|
|
873a72 |
if (ret < 0) {
|
|
|
873a72 |
gnutls_assert();
|
|
|
873a72 |
goto cleanup;
|
|
|
873a72 |
}
|
|
|
873a72 |
+ count++;
|
|
|
873a72 |
|
|
|
873a72 |
ret = gnutls_pkcs11_get_raw_issuer(url, crt, &t, GNUTLS_X509_FMT_DER, 0);
|
|
|
873a72 |
if (ret < 0)
|
|
|
873a72 |
break;
|
|
|
873a72 |
-
|
|
|
873a72 |
+
|
|
|
873a72 |
+ gnutls_x509_crt_deinit(crt);
|
|
|
873a72 |
+ crt = NULL;
|
|
|
873a72 |
ret = gnutls_x509_crt_init(&crt;;
|
|
|
873a72 |
if (ret < 0) {
|
|
|
873a72 |
gnutls_assert();
|
|
|
873a72 |
@@ -767,23 +768,25 @@ read_cert_url(gnutls_certificate_credentials_t res, const char *url)
|
|
|
873a72 |
ret = gnutls_x509_crt_import(crt, &t, GNUTLS_X509_FMT_DER);
|
|
|
873a72 |
if (ret < 0) {
|
|
|
873a72 |
gnutls_assert();
|
|
|
873a72 |
- goto cleanup1;
|
|
|
873a72 |
+ goto cleanup;
|
|
|
873a72 |
}
|
|
|
873a72 |
gnutls_free(t.data);
|
|
|
873a72 |
t.data = NULL;
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
- ret = certificate_credential_append_crt_list(res, names, ccert, i+1);
|
|
|
873a72 |
+ ret = certificate_credential_append_crt_list(res, names, ccert, count);
|
|
|
873a72 |
if (ret < 0) {
|
|
|
873a72 |
gnutls_assert();
|
|
|
873a72 |
goto cleanup;
|
|
|
873a72 |
}
|
|
|
873a72 |
|
|
|
873a72 |
- return 0;
|
|
|
873a72 |
-cleanup1:
|
|
|
873a72 |
- gnutls_x509_crt_deinit(crt);
|
|
|
873a72 |
+ if (crt != NULL)
|
|
|
873a72 |
+ gnutls_x509_crt_deinit(crt);
|
|
|
873a72 |
|
|
|
873a72 |
+ return 0;
|
|
|
873a72 |
cleanup:
|
|
|
873a72 |
+ if (crt != NULL)
|
|
|
873a72 |
+ gnutls_x509_crt_deinit(crt);
|
|
|
873a72 |
gnutls_free(t.data);
|
|
|
873a72 |
_gnutls_str_array_clear(&names);
|
|
|
873a72 |
gnutls_free(ccert);
|
|
|
873a72 |
@@ -959,7 +962,6 @@ static int check_if_sorted(gnutls_pcert_st * crt, int nr)
|
|
|
873a72 |
ret = gnutls_x509_crt_init(&x509);
|
|
|
873a72 |
if (ret < 0)
|
|
|
873a72 |
return gnutls_assert_val(ret);
|
|
|
873a72 |
-
|
|
|
873a72 |
ret =
|
|
|
873a72 |
gnutls_x509_crt_import(x509, &crt[i].cert,
|
|
|
873a72 |
GNUTLS_X509_FMT_DER);
|