diff options
| author | Steven Fackler <[email protected]> | 2016-08-17 19:30:57 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2016-08-17 19:30:57 -0700 |
| commit | cd69343d67081ab9c070f21d58918433a44f97bf (patch) | |
| tree | 34367513c37714a94cad3ccd0326f82ee796795b /openssl/src/x509 | |
| parent | Ignore flickering test on windows (diff) | |
| download | rust-openssl-cd69343d67081ab9c070f21d58918433a44f97bf.tar.xz rust-openssl-cd69343d67081ab9c070f21d58918433a44f97bf.zip | |
Fix SslContext::add_extra_chain_cert
SSL_CTX_add_extra_chain_cert assumes ownership of the certificate, so
the method really needs to take an X509 by value. Work around this by
manually cloning the cert.
This method has been around for over a year but I'm guessing nobody
actually used it since it produces a nice double free into segfault!
Diffstat (limited to 'openssl/src/x509')
| -rw-r--r-- | openssl/src/x509/mod.rs | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/openssl/src/x509/mod.rs b/openssl/src/x509/mod.rs index 1319b75c..f5369447 100644 --- a/openssl/src/x509/mod.rs +++ b/openssl/src/x509/mod.rs @@ -1,4 +1,5 @@ use libc::{c_char, c_int, c_long, c_ulong, c_void}; +use std::cmp; use std::ffi::CString; use std::mem; use std::ptr; @@ -492,6 +493,16 @@ impl X509 { X509::from_ptr(x509) } + /// Reads a certificate from DER. + pub fn from_der(buf: &[u8]) -> Result<X509, ErrorStack> { + unsafe { + let mut ptr = buf.as_ptr() as *mut _; + let len = cmp::min(buf.len(), c_long::max_value() as usize) as c_long; + let x509 = try_ssl_null!(ffi::d2i_X509(ptr::null_mut(), &mut ptr, len)); + Ok(X509::from_ptr(x509)) + } + } + /// Reads a certificate from PEM. pub fn from_pem(buf: &[u8]) -> Result<X509, ErrorStack> { let mem_bio = try!(MemBioSlice::new(buf)); |