Re: [PATCH 2/4] pem: Add pem_write_certificate_chain
Hi Andrew,
On 12/16/20 7:32 PM, Andrew Zaborowski wrote:
---
ell/pem-private.h | 5 +++++
ell/pem.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+)
<snip>
diff --git a/ell/pem.c b/ell/pem.c
index 1b995d5..321bc3e 100644
--- a/ell/pem.c
+++ b/ell/pem.c
@@ -45,6 +45,7 @@
#include "cipher.h"
#include "cert-private.h"
#include "missing.h"
+#include "io.h"
Is this really needed?
#include "pem-private.h"
#define PEM_START_BOUNDARY "-----BEGIN "
@@ -364,6 +365,55 @@ LIB_EXPORT struct l_certchain *l_pem_load_certificate_chain(
return pem_list_to_chain(list);
}
+static bool pem_write_one_cert(struct l_cert *cert, void *user_data)
+{
+ int *fd = user_data;
+ const uint8_t *der;
+ size_t der_len;
+ struct iovec iov[3];
+ ssize_t r;
+
+ der = l_cert_get_der_data(cert, &der_len);
+
+ iov[0].iov_base = "-----BEGIN CERTIFICATE-----\n";
+ iov[0].iov_len = strlen(iov[0].iov_base);
+ iov[1].iov_base = l_base64_encode(der, der_len, 64, &iov[1].iov_len);
Is this being leaked?
+ iov[2].iov_base = "\n-----END CERTIFICATE-----\n";
+ iov[2].iov_len = strlen(iov[2].iov_base);
+ r = L_TFR(writev(*fd, iov, 3));
+
+ if (r == (ssize_t) (iov[0].iov_len + iov[1].iov_len + iov[2].iov_len))
+ return false;
+
+ close(*fd);
Maybe the close should be in pem_write_certificate_chain()?
+
+ if (r < 0)
+ *fd = -errno;
+ else
+ *fd = -EIO;
+
+ return true;
+}
+
Regards,
-Denis