/**
* gnutls_x509_trust_list_remove_trust_mem:
* @list: The structure of the list
* @cas: A buffer containing a list of CAs (optional)
* @type: The format of the certificates
*
* This function will add the given certificate authorities
* to the trusted list.
*
* Returns: The number of added elements is returned.
*
* Since: 3.1.10
**/
int
gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list,
const gnutls_datum_t * cas,
gnutls_x509_crt_fmt_t type)
{
int ret;
gnutls_x509_crt_t *x509_ca_list = NULL;
unsigned int x509_ncas;
unsigned int r = 0, i;
if (cas != NULL && cas->data != NULL)
{
ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, cas, type, 0);
if (ret < 0)
return gnutls_assert_val(ret);
ret = gnutls_x509_trust_list_remove_cas(list, x509_ca_list, x509_ncas);
for (i=0;i<x509_ncas;i++)
gnutls_x509_crt_deinit(x509_ca_list[i]);
gnutls_free(x509_ca_list);
if (ret < 0)
return gnutls_assert_val(ret);
else
r += ret;
}
return r;
}
static
int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url)
{
gnutls_x509_crt_t *xcrt_list = NULL;
gnutls_pkcs11_obj_t *pcrt_list = NULL;
unsigned int pcrt_list_size = 0, i;
int ret;
ret =
gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size,
url,
GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
0);
if (ret < 0)
return gnutls_assert_val(ret);
if (pcrt_list_size == 0) {
ret = 0;
goto cleanup;
}
xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size);
if (xcrt_list == NULL) {
ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
ret =
gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size,
pcrt_list, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
gnutls_x509_trust_list_remove_cas(list, xcrt_list, pcrt_list_size);
cleanup:
for (i = 0; i < pcrt_list_size; i++) {
gnutls_pkcs11_obj_deinit(pcrt_list[i]);
if (xcrt_list)
gnutls_x509_crt_deinit(xcrt_list[i]);
}
gnutls_free(pcrt_list);
gnutls_free(xcrt_list);
return ret;
}
