wget-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wget2 | Several OCSP improvements (!513)

From: @rockdaboot
Subject: Re: wget2 | Several OCSP improvements (!513)
Date: Sun, 25 Sep 2022 17:53:18 +0000 


Tim Rühsen started a new discussion on libwget/ssl_openssl.c: 
https://gitlab.com/gnuwget/wget2/-/merge_requests/513#note_1113463368

>       return NULL;
>  }
>  
> +static X509 *find_issuer_cert(const STACK_OF(X509) *certs, const X509 
> *subject, unsigned starting_idx)
> +{
> +     unsigned cert_chain_size;
> +
> +     /* Try with the next cert first */
> +     X509 *candidate = sk_X509_value(certs, starting_idx + 1);
> +     if (!candidate)

Why return here ?
If `starting_idx` is the last index, I'd assume sk_509_value with `starting_idx 
+ 1` always returns NULL.

What if you wrap-around ? This also could remove the code duplications here. 
Like in

```
unsigned cert_chain_size = sk_X509_num(certs);
unsigned next = starting_idx;

// Loop over all certs but certs[starting_idx].
for (unsigned i = 0; i < cert_chain_size - 1; i++) {
  next = (next == cert_chain_size - 1) ? 0 : next + 1;
  candidate = sk_X509_value(certs, i);
  if (candidate && X509_check_issued(candidate, subject) == X509_V_OK)
    return candidate;
}

return NULL;
```

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/merge_requests/513#note_1113463368
You're receiving this email because of your account on gitlab.com.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]