Skip to content

Commit

Permalink
sectransp: do verify_cert without memdup for blobs
Browse files Browse the repository at this point in the history 
Since the information is then already stored in memory, this can avoid
an extra set of malloc + free calls.

Closes curl#12679
  • Loading branch information
@bagder
bagder committed Jan 10, 2024
1 parent 24ae4a0 commit dd0f680
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions lib/vtls/sectransp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2370,26 +2370,27 @@ static CURLcode verify_cert(struct Curl_cfilter *cf,
CURLcode result;
unsigned char *certbuf;
size_t buflen;
bool free_certbuf = FALSE;

if(ca_info_blob) {
CURL_TRC_CF(data, cf, "verify_peer, CA from config blob");
certbuf = (unsigned char *)Curl_memdup0(ca_info_blob->data,
buflen = ca_info_blob->len);
if(!certbuf)
return CURLE_OUT_OF_MEMORY;
certbuf = ca_info_blob->data;
buflen = ca_info_blob->len;
}
else if(cafile) {
CURL_TRC_CF(data, cf, "verify_peer, CA from file '%s'", cafile);
if(read_cert(cafile, &certbuf, &buflen) < 0) {
failf(data, "SSL: failed to read or invalid CA certificate");
return CURLE_SSL_CACERT_BADFILE;
}
free_certbuf = TRUE;
}
else
return CURLE_SSL_CACERT_BADFILE;

result = verify_cert_buf(cf, data, certbuf, buflen, ctx);
free(certbuf);
if(free_certbuf)
free(certbuf);
return result;
}

Expand Down

0 comments on commit dd0f680

Please sign in to comment.