X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=tools%2Fcerts.c;h=8986446ee130291a802e6db9981b123310dff045;hp=fdee5c61d322f4e49fafa366b4ce8f4883e4f72a;hb=dda1f8a0c46e15b4a235163470ff700b2f13dcc5;hpb=3210f38e0491b39aec1ef419cb4114e9483089fb

diff --git a/tools/certs.c b/tools/certs.c
index fdee5c6..8986446 100644
--- a/tools/certs.c
+++ b/tools/certs.c
@@ -53,8 +53,8 @@ certificate_to_trust_anchor_inner(br_x509_trust_anchor *ta,
 		VEC_CLEAR(vdn);
 		return -1;
 	}
-	ta->dn = VEC_TOARRAY(vdn);
-	ta->dn_len = VEC_LEN(vdn);
+	ta->dn.data = VEC_TOARRAY(vdn);
+	ta->dn.len = VEC_LEN(vdn);
 	VEC_CLEAR(vdn);
 	ta->flags = 0;
 	if (br_x509_decoder_isCA(&dc)) {
@@ -76,7 +76,7 @@ certificate_to_trust_anchor_inner(br_x509_trust_anchor *ta,
 		break;
 	default:
 		fprintf(stderr, "ERROR: unsupported public key type in CA\n");
-		xfree(ta->dn);
+		xfree(ta->dn.data);
 		return -1;
 	}
 	return 0;
@@ -99,7 +99,7 @@ certificate_to_trust_anchor(br_x509_certificate *xc)
 void
 free_ta_contents(br_x509_trust_anchor *ta)
 {
-	xfree(ta->dn);
+	xfree(ta->dn.data);
 	switch (ta->pkey.key_type) {
 	case BR_KEYTYPE_RSA:
 		xfree(ta->pkey.key.rsa.n);
@@ -128,24 +128,43 @@ read_trust_anchors(anchor_list *dst, const char *fname)
 
 		if (certificate_to_trust_anchor_inner(&ta, &xcs[u]) < 0) {
 			VEC_CLEAREXT(tas, free_ta_contents);
+			free_certificates(xcs, num);
 			return 0;
 		}
 		VEC_ADD(tas, ta);
 	}
 	VEC_ADDMANY(*dst, &VEC_ELT(tas, 0), num);
 	VEC_CLEAR(tas);
+	free_certificates(xcs, num);
 	return num;
 }
 
+/* see brssl.h */
+int
+get_cert_signer_algo(br_x509_certificate *xc)
+{
+	br_x509_decoder_context dc;
+	int err;
+
+	br_x509_decoder_init(&dc, 0, 0);
+	br_x509_decoder_push(&dc, xc->data, xc->data_len);
+	err = br_x509_decoder_last_error(&dc);
+	if (err != 0) {
+		fprintf(stderr,
+			"ERROR: certificate decoding failed with error %d\n",
+			-err);
+		return 0;
+	}
+	return br_x509_decoder_get_signer_key_type(&dc);
+}
+
 static void
-xwc_start_chain(const br_x509_class **ctx,
-	unsigned expected_key_type, const char *server_name)
+xwc_start_chain(const br_x509_class **ctx, const char *server_name)
 {
 	x509_noanchor_context *xwc;
 
 	xwc = (x509_noanchor_context *)ctx;
-	(*xwc->inner)->start_chain(xwc->inner,
-		expected_key_type, server_name);
+	(*xwc->inner)->start_chain(xwc->inner, server_name);
 }
 
 static void
@@ -190,12 +209,12 @@ xwc_end_chain(const br_x509_class **ctx)
 }
 
 static const br_x509_pkey *
-xwc_get_pkey(const br_x509_class *const *ctx)
+xwc_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
 {
 	x509_noanchor_context *xwc;
 
 	xwc = (x509_noanchor_context *)ctx;
-	return (*xwc->inner)->get_pkey(xwc->inner);
+	return (*xwc->inner)->get_pkey(xwc->inner, usages);
 }
 
 /* see brssl.h */