Commit 8bd6c0c0 authored by Kishen Maloor's avatar Kishen Maloor

Merge branch 'origin/master' into fargo

Signed-off-by: Kishen Maloor's avatarKishen Maloor <kishen.maloor@intel.com>
parents fd732dcf 1c0713f6
Pipeline #699 passed with stage
in 16 minutes and 22 seconds
......@@ -1556,10 +1556,12 @@ install_trust_anchor(void)
char cert[8192];
size_t cert_len = 0;
PRINT("\nPaste certificate here, then hit <ENTER> and type \"done\": ");
while (cert_len < 4 ||
(cert_len >= 4 && memcmp(&cert[cert_len - 4], "done", 4) != 0)) {
int c = getchar();
int c;
while ((c = getchar()) == '\n' || c == '\r')
;
for (; (cert_len < 4 ||
(cert_len >= 4 && memcmp(&cert[cert_len - 4], "done", 4) != 0));
c = getchar()) {
if (c == EOF) {
PRINT("ERROR processing input.. aborting\n");
return;
......@@ -1568,11 +1570,13 @@ install_trust_anchor(void)
cert_len++;
}
cert_len -= 4;
cert[cert_len - 1] = '\0';
while (cert[cert_len - 1] != '-' && cert_len > 1) {
cert_len--;
}
cert[cert_len] = '\0';
int rootca_credid =
oc_pki_add_mfg_trust_anchor(0, (const unsigned char *)cert, cert_len);
oc_pki_add_mfg_trust_anchor(0, (const unsigned char *)cert, strlen(cert));
if (rootca_credid < 0) {
PRINT("ERROR installing root cert\n");
return;
......
......@@ -46,6 +46,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
mbedtls_x509_crt int_ca;
mbedtls_x509_crt_init(&int_ca);
if (oc_certs_is_PEM((const unsigned char *)cert, cert_size) != 0) {
OC_ERR("provided cert is not in PEM format");
return -1;
}
if (cert[cert_size - 1] != '\0') {
......@@ -54,7 +55,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
ret = mbedtls_x509_crt_parse(&int_ca, (const unsigned char *)cert, c_size);
if (ret < 0) {
OC_ERR("could not parse intermediate cert %d", ret);
OC_ERR("could not parse intermediate cert: %d", ret);
return -1;
}
OC_DBG("parsed intermediate CA cert");
......@@ -68,7 +69,7 @@ pki_add_intermediate_cert(size_t device, int credid, const unsigned char *cert,
oc_string_len(c->publicdata.data) + 1);
if (ret < 0) {
OC_ERR("could not parse existing identity cert that chains to this "
"intermediate cert %d",
"intermediate cert: %d",
ret);
mbedtls_x509_crt_free(&int_ca);
return -1;
......@@ -137,6 +138,7 @@ pki_add_identity_cert(size_t device, const unsigned char *cert,
mbedtls_pk_init(&pkey);
if (oc_certs_is_PEM(cert, cert_size) != 0) {
OC_ERR("provided cert is not in PEM format");
return -1;
}
if (cert[cert_size - 1] != '\0') {
......@@ -268,6 +270,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
/* Parse root cert */
if (oc_certs_is_PEM((const unsigned char *)cert, cert_size) != 0) {
OC_ERR("provided cert is not in PEM format");
return -1;
}
if (cert[cert_size - 1] != '\0') {
......@@ -275,6 +278,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
}
int ret = mbedtls_x509_crt_parse(&cert1, (const unsigned char *)cert, c_size);
if (ret < 0) {
OC_ERR("could not parse the provided trust anchor: %d", ret);
return -1;
}
OC_DBG("parsed the provided trust anchor");
......@@ -291,7 +295,7 @@ pki_add_trust_anchor(size_t device, const unsigned char *cert, size_t cert_size,
&cert2, (const unsigned char *)oc_string(c->publicdata.data),
oc_string_len(c->publicdata.data) + 1);
if (ret < 0) {
OC_ERR("could not parse stored certificate %d", ret);
OC_ERR("could not parse stored certificate: %d", ret);
mbedtls_x509_crt_free(&cert2);
continue;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment