X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5976eb9983e5f88f22d55f26ddac53c23aeb7f3d..dc6d17694a767a23c5560835303be32a4238b7b3:/src/src/tlscert-gnu.c diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c index 65d01214a..cebeae526 100644 --- a/src/src/tlscert-gnu.c +++ b/src/src/tlscert-gnu.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Jeremy Harris 2014 - 2015 */ +/* Copyright (c) Jeremy Harris 2014 - 2018 */ /* This file provides TLS/SSL support for Exim using the GnuTLS library, one of the available supported implementations. This file is #included into @@ -113,7 +113,7 @@ if (mod && Ustrcmp(mod, "int") == 0) return string_sprintf("%u", (unsigned)t); cp = store_get(len); -if (timestamps_utc) +if (f.timestamps_utc) { uschar * tz = to_tz(US"GMT0"); len = strftime(CS cp, len, "%b %e %T %Y %Z", gmtime(&t)); @@ -173,16 +173,15 @@ uschar * tls_cert_serial_number(void * cert, uschar * mod) { uschar bin[50], txt[150]; +uschar * sp = bin; size_t sz = sizeof(bin); -uschar * sp; -uschar * dp; int ret; if ((ret = gnutls_x509_crt_get_serial((gnutls_x509_crt_t)cert, bin, &sz))) return g_err("gs0", __FUNCTION__, ret); -for(dp = txt, sp = bin; sz; sz--) +for(uschar * dp = txt; sz; sz--) dp += sprintf(CS dp, "%.2x", *sp++); for(sp = txt; sp[0]=='0' && sp[1]; ) sp++; /* leading zeroes */ return string_copy(sp); @@ -255,14 +254,14 @@ unsigned int crit; int ret; ret = gnutls_x509_crt_get_extension_by_oid ((gnutls_x509_crt_t)cert, - oid, idx, CS cp1, &siz, &crit); + CS oid, idx, CS cp1, &siz, &crit); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) return g_err("ge0", __FUNCTION__, ret); cp1 = store_get(siz*4 + 1); ret = gnutls_x509_crt_get_extension_by_oid ((gnutls_x509_crt_t)cert, - oid, idx, CS cp1, &siz, &crit); + CS oid, idx, CS cp1, &siz, &crit); if (ret < 0) return g_err("ge1", __FUNCTION__, ret); @@ -279,9 +278,7 @@ return cp2; uschar * tls_cert_subject_altname(void * cert, uschar * mod) { -uschar * list = NULL; -int lsize = 0, llen = 0; -int index; +gstring * list = NULL; size_t siz; int ret; uschar sep = '\n'; @@ -301,14 +298,14 @@ while (mod) break; } -for(index = 0;; index++) +for (int index = 0;; index++) { siz = 0; switch(ret = gnutls_x509_crt_get_subject_alt_name( (gnutls_x509_crt_t)cert, index, NULL, &siz, NULL)) { case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE: - return list; /* no more elements; normal exit */ + return string_from_gstring(list); /* no more elements; normal exit */ case GNUTLS_E_SHORT_MEMORY_BUFFER: break; @@ -333,7 +330,7 @@ for(index = 0;; index++) case GNUTLS_SAN_RFC822NAME: tag = US"MAIL"; break; default: continue; /* ignore unrecognised types */ } - list = string_append_listele(list, &lsize, &llen, sep, + list = string_append_listele(list, sep, match == -1 ? string_sprintf("%s=%s", tag, ele) : ele); } /*NOTREACHED*/ @@ -346,25 +343,22 @@ tls_cert_ocsp_uri(void * cert, uschar * mod) gnutls_datum_t uri; int ret; uschar sep = '\n'; -int index; -uschar * list = NULL; -int lsize = 0, llen = 0; +gstring * list = NULL; if (mod) if (*mod == '>' && *++mod) sep = *mod++; -for(index = 0;; index++) +for (int index = 0;; index++) { ret = gnutls_x509_crt_get_authority_info_access((gnutls_x509_crt_t)cert, index, GNUTLS_IA_OCSP_URI, &uri, NULL); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) - return list; + return string_from_gstring(list); if (ret < 0) return g_err("gai", __FUNCTION__, ret); - list = string_append_listele_n(list, &lsize, &llen, sep, - uri.data, uri.size); + list = string_append_listele_n(list, sep, uri.data, uri.size); } /*NOTREACHED*/ @@ -382,24 +376,21 @@ uschar * tls_cert_crl_uri(void * cert, uschar * mod) { int ret; -size_t siz; uschar sep = '\n'; -int index; -uschar * list = NULL; -int lsize = 0, llen = 0; +gstring * list = NULL; uschar * ele; if (mod) if (*mod == '>' && *++mod) sep = *mod++; -for(index = 0;; index++) +for (int index = 0;; index++) { - siz = 0; + size_t siz = 0; switch(ret = gnutls_x509_crt_get_crl_dist_points( (gnutls_x509_crt_t)cert, index, NULL, &siz, NULL, NULL)) { case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE: - return list; + return string_from_gstring(list); case GNUTLS_E_SHORT_MEMORY_BUFFER: break; default: @@ -411,7 +402,7 @@ for(index = 0;; index++) (gnutls_x509_crt_t)cert, index, ele, &siz, NULL, NULL)) < 0) return g_err("gc1", __FUNCTION__, ret); - list = string_append_listele_n(list, &lsize, &llen, sep, ele, siz); + list = string_append_listele_n(list, sep, ele, siz); } /*NOTREACHED*/ } @@ -438,7 +429,7 @@ if ( (fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert, gnutls_strerror(fail)); return NULL; } -return b64encode(cp, (int)len); +return b64encode(CUS cp, (int)len); } @@ -449,7 +440,6 @@ int ret; size_t siz = 0; uschar * cp; uschar * cp2; -uschar * cp3; if ((ret = gnutls_x509_crt_get_fingerprint(cert, algo, NULL, &siz)) != GNUTLS_E_SHORT_MEMORY_BUFFER) @@ -459,7 +449,7 @@ cp = store_get(siz*3+1); if ((ret = gnutls_x509_crt_get_fingerprint(cert, algo, cp, &siz)) < 0) return g_err("gf1", __FUNCTION__, ret); -for (cp3 = cp2 = cp+siz; cp < cp2; cp++) +for (uschar * cp3 = cp2 = cp+siz; cp < cp2; cp++) cp3 += sprintf(CS cp3, "%02X", *cp); return cp2; }