jimzah/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2024-11-28 08:02:32 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Ignore certificates with unknown OID (#15539)

Browse Source 
* Ignore certificates with unknown OID

* switch directly after catch
This commit is contained in:
DraagrenKirneh 2023-05-22 16:13:34 +02:00 committed by GitHub
parent 89f622fc68
commit 957f269a42
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/std/crypto/Certificate/Bundle.zig
View File

@ -244,10 +244,16 @@ pub fn parseCert(cb: *Bundle, gpa: Allocator, decoded_start: u32, now_sec: i64)
// the subject name, we pre-parse all of them to make sure and only
// include in the bundle ones that we know will parse. This way we can
// use `catch unreachable` later.
const parsed_cert = try Certificate.parse(.{
const parsed_cert = Certificate.parse(.{
.buffer = cb.bytes.items,
.index = decoded_start,
});
}) catch |err| switch (err) {
error.CertificateHasUnrecognizedObjectId => {
cb.bytes.items.len = decoded_start;
return;
},
else => |e| return e,
};
if (now_sec > parsed_cert.validity.not_after) {
// Ignore expired cert.
cb.bytes.items.len = decoded_start;