Re: [sr-dev] [kamailio/kamailio] stirshaken: Properly handle intermediary/chain certificates when caching certificates (PR #3175)

4 Jul 2022


      @piotrgregor requested changes on this pull request.
...
@@ -158,6 +157,96 @@ static int get_cert_name_hashed(const char *name, char *buf, int buf_len)
return 0;
 }
+static int stirshaken_handle_cache_to_disk(X509 *x, STACK_OF(X509) *xchain, const char *cert_full_path)
+{
+    int i = 0;
+    int w = 0;
+    FILE *fp = NULL;
+    X509 *xc = NULL;
+
+    if (!x) {
+        LM_ERR("Refusing to save an empty cert\n");
+        return -1;
+    }
Please also check `xchain` for NULL and call `sk_X509_num` only if it's not.
...
@@ -158,6 +157,96 @@ static int get_cert_name_hashed(const char *name, char *buf, int buf_len)
return 0;
 }
+static int stirshaken_handle_cache_to_disk(X509 *x, STACK_OF(X509) *xchain, const char *cert_full_path)
+{
+    int i = 0;
+    int w = 0;
+    FILE *fp = NULL;
+    X509 *xc = NULL;
+
+    if (!x) {
+        LM_ERR("Refusing to save an empty cert\n");
+        return -1;
+    }
+
Please also check `cert_full_path` against NULL pointer or pointer to an empty string.
...

if (fp) fclose(fp);

+    fp = NULL;
+
+    return 0;
+
+fail:
+	if (fp) fclose(fp);
+	return -1;
+}
+
+static int stirshaken_handle_cache_from_disk(stir_shaken_context_t *ss, stir_shaken_cert_t *cert, const char *name)
+{
+    FILE *fp = NULL;
+    X509 *wcert = NULL;
+
+    LM_DBG("Handle cache from disk; %s", name);
Please move it below line 214, after `stir_shaken_zstr` check.
...



+    if (fp) fclose(fp);
+    fp = NULL;
+
+    return 0;
+
+fail:
+	if (fp) fclose(fp);
+	return -1;
+}
+
+static int stirshaken_handle_cache_from_disk(stir_shaken_context_t *ss, stir_shaken_cert_t *cert, const char *name)
+{
+    FILE *fp = NULL;
+    X509 *wcert = NULL;
+
Please check `cert` against NULL.
...

   LM_ERR("Failed to open %s: %s", name, strerror(errno));



+        goto fail;
+    }
+
+    cert->xchain = sk_X509_new_null();
+
+    while ((wcert = PEM_read_X509(fp, NULL, NULL, NULL))) {
+		if (!cert->x) {
+			cert->x = wcert;
+		}
+		else {
+			sk_X509_push(cert->xchain, wcert);
+		}
+	}
+
+	LM_DBG("done reading file, got %d certs and %d chains", cert->x ? 1 : 0, sk_X509_num(cert->xchain));
Let's handle plural/singular form in a log message.
Maybe something like:
```
n = sk_X509_num(cert->xchain));
LM_DBG("done reading file, got %d cert%s and %d chain%s", cert->x ? 1 : 0, cert->x ? "", "s", n == 1 ? "" : "s", n);
```
-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3175#pullrequestreview-1027482224
You are receiving this because you are subscribed to this thread.

Message ID: kamailio/kamailio/pull/3175/review/1027482224@github.com



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [sr-dev] [kamailio/kamailio] stirshaken: Properly handle intermediary/chain certificates when caching certificates (PR #3175)