certtool: removed limit on maximum imported certificates in the -i option

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-08-12 23:03:20 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-08-12 23:06:43 +0200
commit: 27ed11bb58fe643f81f3a12317e2cb876281a574 (patch)
tree: 8fe3e420b734e1e528ffce16d8ae51ee5dbd8b5e
parent: c235c7600a479b7feac84cea381d3d81c843f1b0 (diff)
download: gnutls-27ed11bb58fe643f81f3a12317e2cb876281a574.tar.gz
1 files changed, 8 insertions, 17 deletions
diff --git a/src/certtool.c b/src/certtool.c
index 4467514393..392f5bad37 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1278,10 +1278,9 @@ static void cmd_parser(int argc, char **argv)
 	gnutls_global_deinit();
 }
 
-#define MAX_CRTS 500
 void certificate_info(int pubkey, common_info_st * cinfo)
 {
-	gnutls_x509_crt_t crt[MAX_CRTS];
+	gnutls_x509_crt_t *crts = NULL;
 	size_t size;
 	int ret, i, count;
 	gnutls_datum_t pem;
@@ -1290,17 +1289,8 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 	pem.data = (void *) fread_file(infile, &size);
 	pem.size = size;
 
-	crt_num = MAX_CRTS;
 	ret =
-	    gnutls_x509_crt_list_import(crt, &crt_num, &pem, incert_format,
-					GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED);
-	if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
-		fprintf(stderr, "too many certificates (%d); "
-			"will only read the first %d", crt_num, MAX_CRTS);
-		crt_num = MAX_CRTS;
-		ret = gnutls_x509_crt_list_import(crt, &crt_num, &pem,
-						  incert_format, 0);
-	}
+	    gnutls_x509_crt_list_import2(&crts, &crt_num, &pem, incert_format, 0);
 	if (ret < 0) {
 		fprintf(stderr, "import error: %s\n", gnutls_strerror(ret));
 		exit(1);
@@ -1308,7 +1298,7 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 
 	free(pem.data);
 
-	count = ret;
+	count = crt_num;
 
 	if (count > 1 && outcert_format == GNUTLS_X509_FMT_DER) {
 		fprintf(stderr,
@@ -1322,14 +1312,14 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 			fprintf(outfile, "\n");
 
 		if (outcert_format == GNUTLS_X509_FMT_PEM)
-			print_certificate_info(crt[i], outfile, 1);
+			print_certificate_info(crts[i], outfile, 1);
 
 		if (pubkey)
-			pubkey_info(crt[i], cinfo);
+			pubkey_info(crts[i], cinfo);
 		else {
 			size = lbuffer_size;
 			ret =
-			    gnutls_x509_crt_export(crt[i], outcert_format,
+			    gnutls_x509_crt_export(crts[i], outcert_format,
 						   lbuffer, &size);
 			if (ret < 0) {
 				fprintf(stderr, "export error: %s\n",
@@ -1340,8 +1330,9 @@ void certificate_info(int pubkey, common_info_st * cinfo)
 			fwrite(lbuffer, 1, size, outfile);
 		}
 
-		gnutls_x509_crt_deinit(crt[i]);
+		gnutls_x509_crt_deinit(crts[i]);
 	}
+	gnutls_free(crts);
 }
 
 #ifdef ENABLE_OPENPGP
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-08-12 23:03:20 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-08-12 23:06:43 +0200
commit	27ed11bb58fe643f81f3a12317e2cb876281a574 (patch)
tree	8fe3e420b734e1e528ffce16d8ae51ee5dbd8b5e
parent	c235c7600a479b7feac84cea381d3d81c843f1b0 (diff)
download	gnutls-27ed11bb58fe643f81f3a12317e2cb876281a574.tar.gz