Check-in [8e0ed4e723]
Bounty program for improvements to Tcl and certain Tcl packages.
Overview
Comment:Better handling of reading certificate PEM data, resolves [2059171e7d]
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 8e0ed4e7234da5654908e5959d2d214bcf2d8cf9aff5f365377dd2ee69213862
User & Date: rkeene on 2019-04-09 17:25:32
Other Links: manifest | tags
Context
2019-04-09
17:55
Merged in TLS 1.3 support check-in: 737b9c0d46 user: rkeene tags: trunk
17:25
Better handling of reading certificate PEM data, resolves [2059171e7d] check-in: 8e0ed4e723 user: rkeene tags: trunk
15:58
Better handling of the case where the shared and static extensions are the same (AIX) check-in: 9c59fec751 user: rkeene tags: trunk
Changes

Modified tlsX509.c from [09234d9be9] to [ecfb13f8ce].

    80     80    *	Result:
    81     81    *		A Tcl List Object representing the provided
    82     82    *		X509 certificate.
    83     83    *
    84     84    *------------------------------------------------------*
    85     85    */
    86     86   
           87  +#define CERT_STR_SIZE 16384
           88  +
    87     89   Tcl_Obj*
    88     90   Tls_NewX509Obj( interp, cert)
    89     91       Tcl_Interp *interp;
    90     92       X509 *cert;
    91     93   {
    92     94       Tcl_Obj *certPtr = Tcl_NewListObj( 0, NULL);
    93     95       BIO *bio;
................................................................................
    94     96       int n;
    95     97       unsigned long flags;
    96     98       char subject[BUFSIZ];
    97     99       char issuer[BUFSIZ];
    98    100       char serial[BUFSIZ];
    99    101       char notBefore[BUFSIZ];
   100    102       char notAfter[BUFSIZ];
   101         -    char certStr[BUFSIZ];
          103  +    char certStr[CERT_STR_SIZE], *certStr_p;
          104  +    int certStr_len, toRead;
   102    105   #ifndef NO_SSL_SHA
   103    106       int shai;
   104    107       char sha_hash_ascii[SHA_DIGEST_LENGTH * 2 + 1];
   105    108       unsigned char sha_hash_binary[SHA_DIGEST_LENGTH];
   106    109       const char *shachars="0123456789ABCDEF";
   107    110   
   108    111       sha_hash_ascii[SHA_DIGEST_LENGTH * 2] = '\0';
................................................................................
   132    135   	i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
   133    136   	n = BIO_read(bio, serial, min(BIO_pending(bio), BUFSIZ - 1));
   134    137   	n = max(n, 0);
   135    138   	serial[n] = 0;
   136    139   	(void)BIO_flush(bio);
   137    140   
   138    141           if (PEM_write_bio_X509(bio, cert)) {
   139         -            n = BIO_read(bio, certStr, min(BIO_pending(bio), BUFSIZ - 1));
   140         -            n = max(n, 0);
   141         -            certStr[n] = 0;
          142  +            certStr_p = certStr;
          143  +            certStr_len = 0;
          144  +            while (1) {
          145  +                toRead = min(BIO_pending(bio), CERT_STR_SIZE - certStr_len - 1);
          146  +                toRead = min(toRead, BUFSIZ);
          147  +                if (toRead == 0) {
          148  +                    break;
          149  +                }
          150  +                dprintf("Reading %i bytes from the certificate...", toRead);
          151  +                n = BIO_read(bio, certStr_p, toRead);
          152  +                if (n <= 0) {
          153  +                    break;
          154  +                }
          155  +                certStr_len += n;
          156  +                certStr_p   += n;
          157  +            }
          158  +            *certStr_p = '\0';
   142    159               (void)BIO_flush(bio);
   143    160           }
   144    161   
   145    162   	BIO_free(bio);
   146    163       }
   147    164   
   148    165       strcpy( notBefore, ASN1_UTCTIME_tostr( X509_get_notBefore(cert) ));