From 961e6d1480d837817563cf8e97ebe491627829a8 Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Sat, 15 Dec 2018 00:30:01 +0100 Subject: [PATCH] eap-tls: Replace l_pem_load_certificate() with newer functions Stop using l_pem_load_certificate which has been removed from ell, use the same functions to load certificate files to validate them as those used by the TLS implementation itself. --- src/eap-tls-common.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/eap-tls-common.c b/src/eap-tls-common.c index f7aa0472..fdec2b81 100644 --- a/src/eap-tls-common.c +++ b/src/eap-tls-common.c @@ -725,8 +725,6 @@ int eap_tls_common_settings_check(struct l_settings *settings, char setting_key[72]; char client_cert_setting[72]; char passphrase_setting[72]; - uint8_t *cert; - size_t size; L_AUTO_FREE_VAR(char *, path); L_AUTO_FREE_VAR(char *, client_cert) = NULL; @@ -735,13 +733,16 @@ int eap_tls_common_settings_check(struct l_settings *settings, snprintf(setting_key, sizeof(setting_key), "%sCACert", prefix); path = l_settings_get_string(settings, "Security", setting_key); if (path) { - cert = l_pem_load_certificate(path, &size); - if (!cert) { + struct l_queue *cacerts; + + cacerts = l_pem_load_certificate_list(path); + if (!cacerts) { l_error("Failed to load %s", path); return -EIO; } - l_free(cert); + l_queue_destroy(cacerts, + (l_queue_destroy_func_t) l_cert_free); } snprintf(client_cert_setting, sizeof(client_cert_setting), @@ -749,13 +750,15 @@ int eap_tls_common_settings_check(struct l_settings *settings, client_cert = l_settings_get_string(settings, "Security", client_cert_setting); if (client_cert) { - cert = l_pem_load_certificate(client_cert, &size); + struct l_certchain *cert; + + cert = l_pem_load_certificate_chain(client_cert); if (!cert) { l_error("Failed to load %s", client_cert); return -EIO; } - l_free(cert); + l_certchain_free(cert); } l_free(path);