static int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; unsigned int pcrt_list_size = 0, i; int ret; ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, url, GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, 0); if (ret < 0) return gnutls_assert_val(ret); if (pcrt_list_size == 0) { ret = 0; goto cleanup; } xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size); if (xcrt_list == NULL) { ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } ret = gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, pcrt_list, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_x509_trust_list_remove_cas(list, xcrt_list, pcrt_list_size); cleanup: for (i = 0; i < pcrt_list_size; i++) { gnutls_pkcs11_obj_deinit(pcrt_list[i]); if (xcrt_list) gnutls_x509_crt_deinit(xcrt_list[i]); } gnutls_free(pcrt_list); gnutls_free(xcrt_list); return ret; }
static int import_pkcs11_url(gnutls_x509_trust_list_t list, const char* ca_file, unsigned int flags) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; unsigned int pcrt_list_size = 0, i; int ret; ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, ca_file, GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED_CA, 0); if (ret < 0) return gnutls_assert_val(ret); if (pcrt_list_size == 0) { ret = 0; goto cleanup; } xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t)*pcrt_list_size); if (xcrt_list == NULL) { ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } ret = gnutls_x509_crt_list_import_pkcs11( xcrt_list, pcrt_list_size, pcrt_list, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_x509_trust_list_add_cas(list, xcrt_list, pcrt_list_size, flags); cleanup: for (i=0;i<pcrt_list_size;i++) gnutls_pkcs11_obj_deinit(pcrt_list[i]); gnutls_free(pcrt_list); gnutls_free(xcrt_list); return ret; }