mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
OSSL_STORE 'file:' scheme: Set input structure for certificates and CRLs
When the user expects to load a certificate or a CRL through the OSSL_STORE loading function, the 'file:' implementation sets the corresponding structure names in the internal decoder context. This is especially geared for PEM files, which often contain a mix of objects, and password prompting should be avoided for objects that need them, but aren't what the caller is looking for. Fixes #16224 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16466)
This commit is contained in:
parent
98408852c1
commit
821b3956ec
@ -437,6 +437,31 @@ static int file_setup_decoders(struct file_ctx_st *ctx)
|
||||
goto err;
|
||||
}
|
||||
|
||||
/*
|
||||
* Where applicable, set the outermost structure name.
|
||||
* The goal is to avoid the STORE object types that are
|
||||
* potentially password protected but aren't interesting
|
||||
* for this load.
|
||||
*/
|
||||
switch (ctx->expected_type) {
|
||||
case OSSL_STORE_INFO_CERT:
|
||||
if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
|
||||
"Certificate")) {
|
||||
ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
case OSSL_STORE_INFO_CRL:
|
||||
if (!OSSL_DECODER_CTX_set_input_structure(ctx->_.file.decoderctx,
|
||||
"CertificateList")) {
|
||||
ERR_raise(ERR_LIB_PROV, ERR_R_OSSL_DECODER_LIB);
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
for (to_algo = ossl_any_to_obj_algorithm;
|
||||
to_algo->algorithm_names != NULL;
|
||||
to_algo++) {
|
||||
|
Loading…
Reference in New Issue
Block a user