- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
- Programs and tests were adapted accordingly
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 39d69ac..f5bbe85 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -241,12 +241,12 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.ca_file ) )
- ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
+ ret = x509parse_crtfile( &cacert, opt.ca_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
- strlen( test_ca_crt ), X509_NON_PERMISSIVE );
+ strlen( test_ca_crt ) );
#else
{
ret = 1;
@@ -271,12 +271,12 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) )
- ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
+ ret = x509parse_crtfile( &clicert, opt.crt_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
- strlen( test_cli_crt ), X509_NON_PERMISSIVE );
+ strlen( test_cli_crt ) );
#else
{
ret = 1;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index d24ae00..881a68e 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -250,7 +250,7 @@
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
- strlen( test_srv_crt ), X509_NON_PERMISSIVE );
+ strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
@@ -258,7 +258,7 @@
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
- strlen( test_ca_crt ), X509_NON_PERMISSIVE );
+ strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index eb223b0..2f442c9 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -493,12 +493,12 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.ca_file ) )
- ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
+ ret = x509parse_crtfile( &cacert, opt.ca_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
- strlen( test_ca_crt ), X509_NON_PERMISSIVE );
+ strlen( test_ca_crt ) );
#else
{
ret = 1;
@@ -523,15 +523,15 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) )
- ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
+ ret = x509parse_crtfile( &clicert, opt.crt_file );
else
#endif
#if defined(POLARSSL_CERTS_C)
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
- strlen( test_cli_crt ), X509_NON_PERMISSIVE );
+ strlen( test_cli_crt ) );
#else
{
- ret = 1;
+ ret = -1;
printf("POLARSSL_CERTS_C not defined.");
}
#endif
@@ -551,7 +551,7 @@
strlen( test_cli_key ), NULL, 0 );
#else
{
- ret = 1;
+ ret = -1;
printf("POLARSSL_CERTS_C not defined.");
}
#endif
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index f43e8b4..5ee2f63 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -220,7 +220,7 @@
* server and CA certificates, as well as x509parse_keyfile().
*/
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
- strlen( test_srv_crt ), X509_NON_PERMISSIVE );
+ strlen( test_srv_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
@@ -228,7 +228,7 @@
}
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
- strlen( test_ca_crt ), X509_NON_PERMISSIVE );
+ strlen( test_ca_crt ) );
if( ret != 0 )
{
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );