/* This function will convert a der certificate to a format
* (structure) that gnutls can understand and use. Actually the
* important thing on this function is that it extracts the
* certificate's (public key) parameters.
*
* The noext flag is used to complete the handshake even if the
* extensions found in the certificate are unsupported and critical.
* The critical extensions will be catched by the verification functions.
*/
int
_gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
const gnutls_datum_t * derCert,
int flags /* OR of ConvFlags */ )
{
int ret;
gnutls_x509_crt_t cert;
ret = gnutls_x509_crt_init (&cert);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret = gnutls_x509_crt_import (cert, derCert, GNUTLS_X509_FMT_DER);
if (ret < 0)
{
gnutls_assert ();
gnutls_x509_crt_deinit (cert);
return ret;
}
ret = _gnutls_x509_crt_to_gcert (gcert, cert, flags);
gnutls_x509_crt_deinit (cert);
return ret;
}
/* Reads a DER encoded certificate list from memory and stores it to a
* gnutls_cert structure. Returns the number of certificates parsed.
*/
static int
parse_crt_mem (gnutls_cert ** cert_list, unsigned *ncerts,
gnutls_x509_crt_t cert)
{
int i;
int ret;
i = *ncerts + 1;
*cert_list =
(gnutls_cert *) gnutls_realloc_fast (*cert_list,
i * sizeof (gnutls_cert));
if (*cert_list == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
ret = _gnutls_x509_crt_to_gcert (&cert_list[0][i - 1], cert, 0);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
*ncerts = i;
return 1; /* one certificate parsed */
}
