Re: [Pan-users] ssl/tls certificate handling?

[Rhialto]

On Fri 26 Feb 2016 at 19:54:22 +0100, Detlef Graef wrote:
> I don't know why the function is called twice.

Again, without looking at further code, this is a common pattern. Some
functions that are supposed to store their output in some given block of
memory tell you if that memory is too small. They do that by somehow
returning to you the size of the memory that would be big enough. It
looks like that is returned here in outsize:

>  gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_PEM, NULL, &outsize);

NULL for no output memory, and at &outsize the required size  gets
stored.

>  char* out = new char[outsize];

Here the required size of memory is allocated

>  gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_PEM, out, &outsize);

and this call is different than the first: it passes the out buffer, and
at outsize there is its size.

For peace of mind I would set outsize to 0 before the first call. Can't
hurt; maybe it even solves the problem.

Now that I've looked at it, the manual for gnutls_x509_crt_export tells
us:

       If the buffer provided is not long enough to hold the output, then
       *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will be
       returned.

I bet that value is -51. Perhaps it needs a few bytes more, so try
adding 1 or 2 or so to outsize immediately after the first call.

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert  -- The Doctor: No, 'eureka' is Greek for
\X/ rhialto/at/xs4all.nl    -- 'this bath is too hot.'

signature.asc
Description: PGP signature