VEC_CLEAR(vdn);
return -1;
}
- ta->dn = VEC_TOARRAY(vdn);
- ta->dn_len = VEC_LEN(vdn);
+ ta->dn.data = VEC_TOARRAY(vdn);
+ ta->dn.len = VEC_LEN(vdn);
VEC_CLEAR(vdn);
ta->flags = 0;
if (br_x509_decoder_isCA(&dc)) {
break;
default:
fprintf(stderr, "ERROR: unsupported public key type in CA\n");
- xfree(ta->dn);
+ xfree(ta->dn.data);
return -1;
}
return 0;
void
free_ta_contents(br_x509_trust_anchor *ta)
{
- xfree(ta->dn);
+ xfree(ta->dn.data);
switch (ta->pkey.key_type) {
case BR_KEYTYPE_RSA:
xfree(ta->pkey.key.rsa.n);
if (certificate_to_trust_anchor_inner(&ta, &xcs[u]) < 0) {
VEC_CLEAREXT(tas, free_ta_contents);
+ free_certificates(xcs, num);
return 0;
}
VEC_ADD(tas, ta);
}
VEC_ADDMANY(*dst, &VEC_ELT(tas, 0), num);
VEC_CLEAR(tas);
+ free_certificates(xcs, num);
return num;
}
+/* see brssl.h */
+int
+get_cert_signer_algo(br_x509_certificate *xc)
+{
+ br_x509_decoder_context dc;
+ int err;
+
+ br_x509_decoder_init(&dc, 0, 0);
+ br_x509_decoder_push(&dc, xc->data, xc->data_len);
+ err = br_x509_decoder_last_error(&dc);
+ if (err != 0) {
+ fprintf(stderr,
+ "ERROR: certificate decoding failed with error %d\n",
+ -err);
+ return 0;
+ }
+ return br_x509_decoder_get_signer_key_type(&dc);
+}
+
static void
-xwc_start_chain(const br_x509_class **ctx,
- unsigned expected_key_type, const char *server_name)
+xwc_start_chain(const br_x509_class **ctx, const char *server_name)
{
x509_noanchor_context *xwc;
xwc = (x509_noanchor_context *)ctx;
- (*xwc->inner)->start_chain(xwc->inner,
- expected_key_type, server_name);
+ (*xwc->inner)->start_chain(xwc->inner, server_name);
}
static void
}
static const br_x509_pkey *
-xwc_get_pkey(const br_x509_class *const *ctx)
+xwc_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
{
x509_noanchor_context *xwc;
xwc = (x509_noanchor_context *)ctx;
- return (*xwc->inner)->get_pkey(xwc->inner);
+ return (*xwc->inner)->get_pkey(xwc->inner, usages);
}
/* see brssl.h */