]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Allow a null ca file; i.e., allow setting only CRLs in gnutls_x509_trust_list_add_tru...
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 14 Apr 2014 11:44:21 +0000 (13:44 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Mon, 14 Apr 2014 11:44:32 +0000 (13:44 +0200)
lib/x509/verify-high2.c

index 0065ac7e03fb1070641a4bb83d2708d077ba8e6c..202ed839cadecb791b040d5982450c962b0906c0 100644 (file)
@@ -241,20 +241,22 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list,
        size_t size;
        int ret;
 
+       if (ca_file != NULL) {
 #ifdef ENABLE_PKCS11
-       if (strncmp(ca_file, "pkcs11:", 7) == 0) {
-               list->pkcs11_token = gnutls_strdup(ca_file);
+               if (strncmp(ca_file, "pkcs11:", 7) == 0) {
+                       list->pkcs11_token = gnutls_strdup(ca_file);
 
-               return 0;
-       } else
+                       return 0;
+               } else
 #endif
-       {
-               cas.data = (void *) read_binary_file(ca_file, &size);
-               if (cas.data == NULL) {
-                       gnutls_assert();
-                       return GNUTLS_E_FILE_ERROR;
+               {
+                       cas.data = (void *) read_binary_file(ca_file, &size);
+                       if (cas.data == NULL) {
+                               gnutls_assert();
+                               return GNUTLS_E_FILE_ERROR;
+                       }
+                       cas.size = size;
                }
-               cas.size = size;
        }
 
        if (crl_file) {