Commit 08fda128 authored by Jiří Klimeš's avatar Jiří Klimeš

libnm-util: fix loading/verifying certificates to allow DER format (rh #699591)

The start and end tags '-----BEGIN/END CERTIFICATE-----' was checked first,
which ruled out DER format. This is fixed now and a test is added.
parent a0fd1450
......@@ -585,14 +585,19 @@ crypto_load_and_verify_certificate (const char *file,
return contents;
}
array = extract_pem_cert_data (contents, error);
if (!array) {
g_byte_array_free (contents, TRUE);
return NULL;
}
/* Check for plain DER format */
if (contents->len > 2 && contents->data[0] == 0x30 && contents->data[1] == 0x82) {
*out_file_format = crypto_verify_cert (contents->data, contents->len, error);
} else {
array = extract_pem_cert_data (contents, error);
if (!array) {
g_byte_array_free (contents, TRUE);
return NULL;
}
*out_file_format = crypto_verify_cert (array->data, array->len, error);
g_byte_array_free (array, TRUE);
*out_file_format = crypto_verify_cert (array->data, array->len, error);
g_byte_array_free (array, TRUE);
}
if (*out_file_format != NM_CRYPTO_FILE_FORMAT_X509) {
g_byte_array_free (contents, TRUE);
......
......@@ -93,6 +93,9 @@ check-local: test-settings-defaults test-crypto test-secrets
# Another CA certificate
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_ca_cert.pem
# Normal CA certificate (DER format)
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.der
# CA certificate without an ending newline
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/ca-no-ending-newline.pem
......
......@@ -9,6 +9,7 @@
EXTRA_DIST = \
test_ca_cert.pem \
test_ca_cert.der \
test_key_and_cert.pem \
test-cert.p12 \
test2_ca_cert.pem \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment