/** * gnutls_x509_trust_list_remove_trust_mem: * @list: The structure of the list * @cas: A buffer containing a list of CAs (optional) * @type: The format of the certificates * * This function will add the given certificate authorities * to the trusted list. * * Returns: The number of added elements is returned. * * Since: 3.1.10 **/ int gnutls_x509_trust_list_remove_trust_mem(gnutls_x509_trust_list_t list, const gnutls_datum_t * cas, gnutls_x509_crt_fmt_t type) { int ret; gnutls_x509_crt_t *x509_ca_list = NULL; unsigned int x509_ncas; unsigned int r = 0, i; if (cas != NULL && cas->data != NULL) { ret = gnutls_x509_crt_list_import2( &x509_ca_list, &x509_ncas, cas, type, 0); if (ret < 0) return gnutls_assert_val(ret); ret = gnutls_x509_trust_list_remove_cas(list, x509_ca_list, x509_ncas); for (i=0;i<x509_ncas;i++) gnutls_x509_crt_deinit(x509_ca_list[i]); gnutls_free(x509_ca_list); if (ret < 0) return gnutls_assert_val(ret); else r += ret; } return r; }
static int remove_pkcs11_object_url(gnutls_x509_trust_list_t list, const char *url) { gnutls_x509_crt_t *xcrt_list = NULL; gnutls_pkcs11_obj_t *pcrt_list = NULL; unsigned int pcrt_list_size = 0, i; int ret; ret = gnutls_pkcs11_obj_list_import_url2(&pcrt_list, &pcrt_list_size, url, GNUTLS_PKCS11_OBJ_FLAG_CRT|GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED, 0); if (ret < 0) return gnutls_assert_val(ret); if (pcrt_list_size == 0) { ret = 0; goto cleanup; } xcrt_list = gnutls_malloc(sizeof(gnutls_x509_crt_t) * pcrt_list_size); if (xcrt_list == NULL) { ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } ret = gnutls_x509_crt_list_import_pkcs11(xcrt_list, pcrt_list_size, pcrt_list, 0); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_x509_trust_list_remove_cas(list, xcrt_list, pcrt_list_size); cleanup: for (i = 0; i < pcrt_list_size; i++) { gnutls_pkcs11_obj_deinit(pcrt_list[i]); if (xcrt_list) gnutls_x509_crt_deinit(xcrt_list[i]); } gnutls_free(pcrt_list); gnutls_free(xcrt_list); return ret; }