- } else if (caCertificate != NULL) {
- makeStringBufferOrCleanup(caCertificate, &cred->caCertificate);
+ } else if (!stringEmpty(caCertificate)) {
+ void *blobData;
+ ssize_t blobLength;
+ ssize_t maxLength = ((strlen(caCertificate) + 3) / 4) * 3;
+ if (maxLength < 3) {
+ major = GSS_S_FAILURE;
+ *minor = GSSEAP_BAD_CACERTIFICATE;
+ goto cleanup;
+ }
+ blobData = GSSEAP_MALLOC(maxLength);
+ if (blobData == NULL) {
+ major = GSS_S_FAILURE;
+ *minor = ENOMEM;
+ goto cleanup;
+ }
+
+ blobLength = base64Decode(caCertificate, blobData);
+
+ if (blobLength <= 0) {
+ major = GSS_S_DEFECTIVE_CREDENTIAL;
+ *minor = GSSEAP_BAD_CACERTIFICATE;
+ GSSEAP_FREE(blobData);
+ goto cleanup;
+ }
+ cred->caCertificateBlob.value = blobData;
+ cred->caCertificateBlob.length = blobLength;
+ makeStringBufferOrCleanup("blob://ca-cert", &cred->caCertificate);