projects / platform / upstream / openconnect.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6e4deee)
Don't repack extra_certs[] when matching key; just cope with it being sparse
authorDavid Woodhouse <David.Woodhouse@intel.com>
Thu, 14 Jun 2012 23:56:31 +0000 (00:56 +0100)
committerDavid Woodhouse <David.Woodhouse@intel.com>
Thu, 14 Jun 2012 23:56:40 +0000 (00:56 +0100)
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
gnutls.c patch | blob | history

diff --git a/gnutls.c b/gnutls.c
index b69ba78..04cd1de 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -893,12 +893,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
                if (cert_id_size == key_id_size && !memcmp(cert_id, key_id, key_id_size)) {
                        if (extra_certs) {
                                cert = extra_certs[i];
-
-                               /* Move the rest of the array down */
-                               for (; i < nr_extra_certs - 1; i++)
-                                       extra_certs[i] = extra_certs[i+1];
-
-                               nr_extra_certs--;
+                               extra_certs[i] = NULL;
                        }
                        goto got_key;
                }
@@ -953,12 +948,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
                        if (err >= 0) {
                                if (extra_certs) {
                                        cert = extra_certs[i];
-
-                                       /* Move the rest of the array down */
-                                       for (; i < nr_extra_certs - 1; i++)
-                                               extra_certs[i] = extra_certs[i+1];
-
-                                       nr_extra_certs--;
+                                       extra_certs[i] = NULL;
                                }
                                gnutls_free(pkey_sig.data);
                                goto got_key;
@@ -1016,7 +1006,8 @@ static int load_certificate(struct openconnect_info *vpninfo)
                gnutls_x509_crt_t issuer;
 
                for (i = 0; i < nr_extra_certs; i++) {
-                       if (gnutls_x509_crt_check_issuer(last_cert, extra_certs[i]) &&
+                       if (extra_certs[i] &&
+                           gnutls_x509_crt_check_issuer(last_cert, extra_certs[i]) &&
                            !check_issuer_sanity(last_cert, extra_certs[i]))
                                break;
                }
Domain: Network & Connectivity / Data Network; Licenses: LGPL-2.1+;