Use iterator for CRL (Issue #5532)

[thirdparty/cups.git] / cups / tls-gnutls.c

diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index 4adf4db0b5cb577d6fb84cf0c00114b8e42a64af..0784d58f3b44f6849606c3c493c0d5c1e3bee176 100644 (file)
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -398,8 +398,8 @@ httpCredentialsAreValidForName(
 
     if (result)
     {
-      int              i,              /* Looping var */
-                       count;          /* Number of revoked certificates */
+      gnutls_x509_crl_iter_t iter = NULL;
+                                       /* Iterator */
       unsigned char    cserial[1024],  /* Certificate serial number */
                        rserial[1024];  /* Revoked serial number */
       size_t           cserial_size,   /* Size of cert serial number */
@@ -407,22 +407,24 @@ httpCredentialsAreValidForName(
 
       _cupsMutexLock(&tls_mutex);
 
-      count = gnutls_x509_crl_get_crt_count(tls_crl);
-
-      if (count > 0)
+      if (gnutls_x509_crl_get_crt_count(tls_crl) > 0)
       {
         cserial_size = sizeof(cserial);
         gnutls_x509_crt_get_serial(cert, cserial, &cserial_size);
 
-        for (i = 0; i < count; i ++)
-       {
-         rserial_size = sizeof(rserial);
-          if (!gnutls_x509_crl_get_crt_serial(tls_crl, (unsigned)i, rserial, &rserial_size, NULL) && cserial_size == rserial_size && !memcmp(cserial, rserial, rserial_size))
+       rserial_size = sizeof(rserial);
+
+        while (!gnutls_x509_crl_iter_crt_serial(tls_crl, &iter, rserial, &rserial_size, NULL))
+        {
+          if (cserial_size == rserial_size && !memcmp(cserial, rserial, rserial_size))
          {
            result = 0;
            break;
          }
+
+         rserial_size = sizeof(rserial);
        }
+       gnutls_x509_crl_iter_deinit(iter);
       }
 
       _cupsMutexUnlock(&tls_mutex);