mirror of
https://gitlab.freedesktop.org/NetworkManager/NetworkManager
synced 2024-09-20 00:21:29 +00:00
libnm-util: fix loading/verifying certificates to allow DER format (rh #699591)
The start and end tags '-----BEGIN/END CERTIFICATE-----' was checked first, which ruled out DER format. This is fixed now and a test is added.
This commit is contained in:
parent
a0fd14500e
commit
08fda12858
|
@ -585,14 +585,19 @@ crypto_load_and_verify_certificate (const char *file,
|
|||
return contents;
|
||||
}
|
||||
|
||||
array = extract_pem_cert_data (contents, error);
|
||||
if (!array) {
|
||||
g_byte_array_free (contents, TRUE);
|
||||
return NULL;
|
||||
}
|
||||
/* Check for plain DER format */
|
||||
if (contents->len > 2 && contents->data[0] == 0x30 && contents->data[1] == 0x82) {
|
||||
*out_file_format = crypto_verify_cert (contents->data, contents->len, error);
|
||||
} else {
|
||||
array = extract_pem_cert_data (contents, error);
|
||||
if (!array) {
|
||||
g_byte_array_free (contents, TRUE);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
*out_file_format = crypto_verify_cert (array->data, array->len, error);
|
||||
g_byte_array_free (array, TRUE);
|
||||
*out_file_format = crypto_verify_cert (array->data, array->len, error);
|
||||
g_byte_array_free (array, TRUE);
|
||||
}
|
||||
|
||||
if (*out_file_format != NM_CRYPTO_FILE_FORMAT_X509) {
|
||||
g_byte_array_free (contents, TRUE);
|
||||
|
|
|
@ -93,6 +93,9 @@ check-local: test-settings-defaults test-crypto test-secrets
|
|||
# Another CA certificate
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test2_ca_cert.pem
|
||||
|
||||
# Normal CA certificate (DER format)
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/test_ca_cert.der
|
||||
|
||||
# CA certificate without an ending newline
|
||||
$(abs_builddir)/test-crypto --cert $(srcdir)/certs/ca-no-ending-newline.pem
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
|
||||
EXTRA_DIST = \
|
||||
test_ca_cert.pem \
|
||||
test_ca_cert.der \
|
||||
test_key_and_cert.pem \
|
||||
test-cert.p12 \
|
||||
test2_ca_cert.pem \
|
||||
|
|
BIN
libnm-util/tests/certs/test_ca_cert.der
Normal file
BIN
libnm-util/tests/certs/test_ca_cert.der
Normal file
Binary file not shown.
Loading…
Reference in a new issue