From 9c91e355da22e680c27dfc7380320c3b00b549d9 Mon Sep 17 00:00:00 2001
From: cameronrich <cameronrich@9a5d90b5-6617-0410-8a86-bb477d3ed2e3>
Date: Mon, 24 Jan 2011 22:49:20 +0000
Subject: [PATCH] Now load PEM cert bundles correctly for verification.

git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@201 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
---
 ssl/asn1.c   | 10 +++++-----
 ssl/loader.c | 12 ++++--------
 ssl/tls1.c   | 19 ++++++-------------
 ssl/x509.c   |  2 +-
 4 files changed, 16 insertions(+), 27 deletions(-)

diff --git a/ssl/asn1.c b/ssl/asn1.c
index d99b0a8b5..b30d89114 100644
--- a/ssl/asn1.c
+++ b/ssl/asn1.c
@@ -433,13 +433,13 @@ end_sig:
  */
 static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
 {
-    int ret = 1;
+    int ret;
 
-    if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match;
+    if (dn1 == NULL && dn2 == NULL)
+        ret = 0;
+    else
+        ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
 
-    ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
-
-err_no_match:
     return ret;
 }
 
diff --git a/ssl/loader.c b/ssl/loader.c
index 96679a566..7bb3c671a 100644
--- a/ssl/loader.c
+++ b/ssl/loader.c
@@ -303,7 +303,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
             if ((start = strstr(where, begins[i])) &&
                     (end = strstr(where, ends[i])))
             {
-                remain -= (int)(end-start);
+                remain -= (int)(end-where);
                 start += strlen(begins[i]);
                 pem_size = (int)(end-start);
 
@@ -362,20 +362,16 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
                     remain--;
                 }
 
+                where = end;
                 break;
             }
         }
 
         ssl_obj_free(ssl_obj);
         ssl_obj = NULL;
-
-        if (i == NUM_PEM_TYPES)
-        {
-            ret = SSL_ERROR_BAD_CERTIFICATE;
-            goto error;
-        }
+        if (start == NULL)
+           break;
     }
-
 error:
     ssl_obj_free(ssl_obj);
     return ret;
diff --git a/ssl/tls1.c b/ssl/tls1.c
index 6bcb2bb21..dc8f4ddb1 100755
--- a/ssl/tls1.c
+++ b/ssl/tls1.c
@@ -416,7 +416,13 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
 
         /* ignore the return code */
         if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
+        {
+#if defined (CONFIG_SSL_FULL_MODE)
+            if (ssl_ctx->options & SSL_DISPLAY_CERTS)
+                x509_print(ca_cert_ctx->cert[i], NULL);
+#endif
             i++;
+        }
 
         len -= offset;
     }
@@ -1808,7 +1814,6 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
             goto error;
         }
 
-        /* DISPLAY_CERT(ssl, *chain); */
         chain = &((*chain)->next);
         offset += cert_size;
     }
@@ -1898,18 +1903,6 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
     TTY_FLUSH();
 }
 
-/**
- * Debugging routine to display X509 certificates.
- */
-void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx)
-{
-    if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
-        return;
-
-    x509_print(x509_ctx, ssl->ssl_ctx->ca_cert_ctx);
-    TTY_FLUSH();
-}
-
 /**
  * Debugging routine to display RSA objects
  */
diff --git a/ssl/x509.c b/ssl/x509.c
index 185fd7591..bea9173d2 100644
--- a/ssl/x509.c
+++ b/ssl/x509.c
@@ -367,7 +367,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
        if (ca_cert_ctx != NULL) 
        {
             /* go thu the CA store */
-           while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
+            while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
             {
                 if (asn1_compare_dn(cert->ca_cert_dn,
                                             ca_cert_ctx->cert[i]->cert_dn) == 0)