send full certificate chain during handshake

Upstream Patch : https://bugzilla.gnome.org/show_bug.cgi?id=724708

Change-Id: I24059721b1cd9f5b4f29a54aaa0db191a5b325af
Signed-off-by: su.g.kim <su.g.kim@samsung.com>

diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index 354f4c1..e47dcdd 100755 (executable)
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -413,24 +413,45 @@ g_tls_certificate_gnutls_real_copy (GTlsCertificateGnutls    *gnutls,
                                     const gchar              *interaction_id,
                                     gnutls_retr2_st          *st)
 {
+  GTlsCertificateGnutls *chain;
   gnutls_x509_crt_t cert;
   gnutls_datum_t data;
+  guint num_certs = 0;
   size_t size = 0;
 
-  gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
-                          NULL, &size);
-  data.data = g_malloc (size);
-  data.size = size;
-  gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
-                          data.data, &size);
+  /* We will do this loop twice. It's probably more efficient than
+   * re-allocating memory.
+   */
+  chain = gnutls;
+  while (chain != NULL)
+    {
+      num_certs++;
+      chain = chain->priv->issuer;
+    }
+
+  st->ncerts = 0;
+  st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t) * num_certs);
 
-  gnutls_x509_crt_init (&cert);
-  gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
-  g_free (data.data);
+/* Now do the actual copy of the whole chain. */
+  chain = gnutls;
+  while (chain != NULL)
+    {
+      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+                              NULL, &size);
+      data.data = g_malloc (size);
+      data.size = size;
+      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+                              data.data, &size);
+
+      gnutls_x509_crt_init (&cert);
+      gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
+      g_free (data.data);
 
-  st->ncerts = 1;
-  st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t));
-  st->cert.x509[0] = cert;
+      st->cert.x509[st->ncerts] = cert;
+      st->ncerts++;
+
+      chain = chain->priv->issuer;
+    }
 
   if (gnutls->priv->key != NULL)
     {