- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.

- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules. - Programs and tests were adapted accordingly
2025-07-29 11:41:15 +03:00 · 2011-12-10 21:55:01 +00:00
parent 18d32911c0
commit 69e095cc15
38 changed files with 254 additions and 162 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1376,7 +1376,7 @@ int ssl_parse_certificate( ssl_context *ssl )
    {
        SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
                       sizeof( x509_cert ) ) );
-        return( 1 );
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
    }

    memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
@ -1401,8 +1401,7 @@ int ssl_parse_certificate( ssl_context *ssl )
            return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
        }

-        ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n,
-                             X509_NON_PERMISSIVE );
+        ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
        if( ret != 0 )
        {
            SSL_DEBUG_RET( 1, " x509parse_crt", ret );
@ -1707,7 +1706,7 @@ int ssl_init( ssl_context *ssl )
    if( ssl->in_ctr == NULL )
    {
        SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
-        return( 1 );
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
    }

    ssl->out_ctr = (unsigned char *) malloc( len );
@ -1718,7 +1717,7 @@ int ssl_init( ssl_context *ssl )
    {
        SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
        free( ssl-> in_ctr );
-        return( 1 );
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
    }

    memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );