mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB

author Florian Van Heghe <florian.van.heghe@guardsquare.com>

Wed, 1 Dec 2021 11:37:42 +0000 (12:37 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 2 Dec 2021 10:15:05 +0000 (11:15 +0100)
author Florian Van Heghe <florian.van.heghe@guardsquare.com>
Wed, 1 Dec 2021 11:37:42 +0000 (12:37 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 2 Dec 2021 10:15:05 +0000 (11:15 +0100)
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c

index ba5c5d75669fd14ffea29bfeeae2554d4e715864..7f1ff198c1d5ee94e138c177074db67d31ea25de 100644 (file)
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -320,9 +320,14 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
    mbedtls_x509_crt_init(&backend->cacert);
  
    if(ca_info_blob) {
-    const unsigned char *blob_data = (const unsigned char *)ca_info_blob->data;
+    unsigned char *blob_data = (unsigned char *)ca_info_blob->data;
+
+    /* mbedTLS expects the terminating NULL byte to be included in the length
+       of the data */
+    size_t blob_data_len = ca_info_blob->len + 1;
+
      ret = mbedtls_x509_crt_parse(&backend->cacert, blob_data,
-                                 ca_info_blob->len);
+                                 blob_data_len);
  
      if(ret<0) {
        mbedtls_strerror(ret, errorbuf, sizeof(errorbuf));
author	Florian Van Heghe <florian.van.heghe@guardsquare.com>
	Wed, 1 Dec 2021 11:37:42 +0000 (12:37 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 2 Dec 2021 10:15:05 +0000 (11:15 +0100)