1
0
mirror of https://git.sr.ht/~sircmpwn/gmni synced 2024-11-23 09:02:04 +01:00

TOFU: more improvements to new cert handling logic

This commit is contained in:
Drew DeVault 2021-03-04 16:22:14 -05:00
parent 06df35d004
commit 2017d26c41

@ -25,7 +25,7 @@ static void
xt_start_cert(const br_x509_class **ctx, uint32_t length) xt_start_cert(const br_x509_class **ctx, uint32_t length)
{ {
struct x509_tofu_context *cc = (struct x509_tofu_context *)(void *)ctx; struct x509_tofu_context *cc = (struct x509_tofu_context *)(void *)ctx;
if (cc->err != 0) { if (cc->err != 0 || cc->pkey) {
return; return;
} }
if (length == 0) { if (length == 0) {
@ -40,7 +40,7 @@ static void
xt_append(const br_x509_class **ctx, const unsigned char *buf, size_t len) xt_append(const br_x509_class **ctx, const unsigned char *buf, size_t len)
{ {
struct x509_tofu_context *cc = (struct x509_tofu_context *)(void *)ctx; struct x509_tofu_context *cc = (struct x509_tofu_context *)(void *)ctx;
if (cc->err != 0) { if (cc->err != 0 || cc->pkey) {
return; return;
} }
br_x509_decoder_push(&cc->decoder, buf, len); br_x509_decoder_push(&cc->decoder, buf, len);
@ -63,7 +63,7 @@ xt_end_cert(const br_x509_class **ctx)
cc->err = err; cc->err = err;
return; return;
} }
if (br_x509_decoder_isCA(&cc->decoder) && cc->pkey) { if (br_x509_decoder_isCA(&cc->decoder)) {
return; return;
} }
cc->pkey = br_x509_decoder_get_pkey(&cc->decoder); cc->pkey = br_x509_decoder_get_pkey(&cc->decoder);