modsign: Make sign-file determine the format of the X.509 cert
authorDavid Howells <dhowells@redhat.com>
Tue, 14 Jun 2016 12:18:33 +0000 (13:18 +0100)
committerDavid Howells <dhowells@redhat.com>
Tue, 14 Jun 2016 12:18:33 +0000 (13:18 +0100)
commit9552c7aebb8c36912612fddad5b55267c671a303
tree69b853c2003b114914a0db05137bd8cbeeeac7f1
parent965475acca2cbcc1d748a8b6a05f8c7cf57d075a
modsign: Make sign-file determine the format of the X.509 cert

Make sign-file determine the format of the X.509 certificate by reading the
first two bytes and seeing if the first byte is 0x30 and the second
0x81-0x84.  If this is the case, assume it's DER encoded, otherwise assume
it to be PEM encoded.

Without this, it gets awkward to deal with the error messages from
d2i_X509_bio() when we want to call BIO_reset() and then PEM_read_bio() in
case the certificate was PEM encoded rather than X.509 encoded.

Reported-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Ben Hutchings <ben@decadent.org.uk>
cc: David Woodhouse <dwmw2@infradead.org>
cc: Juerg Haefliger <juerg.haefliger@hpe.com>
cc: Ben Hutchings <ben@decadent.org.uk>
scripts/sign-file.c
This page took 0.02392 seconds and 5 git commands to generate.