[Bug 433437] vfychain ignores the -a option, r=julien.pierre
authornelson%bolyard.com
Tue, 13 May 2008 02:19:27 +0000
changeset 8594 0e5f81972f9821baa7a232b0ad70184a7f57e5f5
parent 8593 0b86f95a811519d5f1fc656bb53d7edcbeb17dbc
child 8595 89d5e449452dff4a6dfa4dd9cf39a84ed622c3d5
push idunknown
push userunknown
push dateunknown
reviewersjulien.pierre
bugs433437
[Bug 433437] vfychain ignores the -a option, r=julien.pierre
security/nss/cmd/vfychain/vfychain.c
--- a/security/nss/cmd/vfychain/vfychain.c
+++ b/security/nss/cmd/vfychain/vfychain.c
@@ -189,27 +189,23 @@ forgetCerts(void)
     }
     if (trustedCertList) {
         CERT_DestroyCertList(trustedCertList);
     }
 }
 
 
 CERTCertificate *
-getCert(const char *name, PRBool isAscii)
+getCert(const char *name, PRBool isAscii, const char * progName)
 {
-    unsigned char * pb;
-    CERTCertificate * cert  = NULL;
-    CERTCertDBHandle *defaultDB = NULL;
+    CERTCertificate * cert;
+    CERTCertDBHandle *defaultDB;
     PRFileDesc*     fd;
-    PRInt32         cc      = -1;
-    PRInt32         total;
-    PRInt32         remaining;
-    SECItem         item;
-    static unsigned char certBuf[RD_BUF_SIZE];
+    SECStatus       rv;
+    SECItem         item        = {0, NULL, 0};
 
     defaultDB = CERT_GetDefaultCertDB();
 
     /* First, let's try to find the cert in existing DB. */
     cert = CERT_FindCertByNicknameOrEmailAddr(defaultDB, name);
     if (cert) {
         return cert;
     }
@@ -218,58 +214,39 @@ getCert(const char *name, PRBool isAscii
      * open a file with such name and get the cert from there.*/
     fd = PR_Open(name, PR_RDONLY, 0777); 
     if (!fd) {
 	PRIntn err = PR_GetError();
     	fprintf(stderr, "open of %s failed, %d = %s\n", 
 	        name, err, SECU_Strerror(err));
 	return cert;
     }
-    /* read until EOF or buffer is full */
-    pb = certBuf;
-    while (0 < (remaining = (sizeof certBuf) - (pb - certBuf))) {
-	cc = PR_Read(fd, pb, remaining);
-	if (cc == 0) 
-	    break;
-	if (cc < 0) {
-	    PRIntn err = PR_GetError();
-	    fprintf(stderr, "read of %s failed, %d = %s\n", 
-	        name, err, SECU_Strerror(err));
-	    break;
-	}
-	/* cc > 0 */
-	pb += cc;
-    }
+
+    rv = SECU_ReadDERFromFile(&item, fd, isAscii);
     PR_Close(fd);
-    if (cc < 0)
-    	return cert;
-    if (!remaining || cc > 0) { /* file was too big. */
-	fprintf(stderr, "cert file %s was too big.\n", name);
+    if (rv != SECSuccess) {
+	fprintf(stderr, "%s: SECU_ReadDERFromFile failed\n", progName);
 	return cert;
     }
-    total = pb - certBuf;
-    if (!total) { /* file was empty */
+
+    if (!item.len) { /* file was empty */
 	fprintf(stderr, "cert file %s was empty.\n", name);
 	return cert;
     }
-    if (isAscii) {
-    	/* convert from Base64 to binary here ... someday */
-    }
-    item.type = siBuffer;
-    item.data = certBuf;
-    item.len  = total;
+
     cert = CERT_NewTempCertificate(defaultDB, &item, 
                                    NULL     /* nickname */, 
                                    PR_FALSE /* isPerm */, 
 				   PR_TRUE  /* copyDER */);
     if (!cert) {
 	PRIntn err = PR_GetError();
 	fprintf(stderr, "couldn't import %s, %d = %s\n",
 	        name, err, SECU_Strerror(err));
     }
+    PORT_Free(item.data);
     return cert;
 }
 
 #define REVCONFIG_ALLOW_CRL "allow-crl"
 #define REVCONFIG_ALLOW_CRL_OCSP "allow-crl-and-ocsp"
 
 PRBool
 isAllowedRevConfig(const char *name)
@@ -367,17 +344,17 @@ breakout:
 
     while (status == PL_OPT_OK) {
 	switch(optstate->option) {
 	default  : Usage(progName);                           break;
 	case 'a' : isAscii  = PR_TRUE;                        break;
 	case 'r' : isAscii  = PR_FALSE;                       break;
 	case 't' : trusted  = PR_TRUE;                       break;
 	case  0  : /* positional parameter */
-	    cert = getCert(optstate->value, isAscii);
+	    cert = getCert(optstate->value, isAscii, progName);
 	    if (!cert) 
 	        goto punt;
 	    rememberCert(cert, trusted);
 	    if (!firstCert)
 	        firstCert = cert;
             trusted = PR_FALSE;
 	}
         status = PL_GetNextOpt(optstate);