MoonshotError *error = NULL;
if (cred->name != GSS_C_NO_NAME) {
- major = gssEapExportName(minor, cred->name, &initiator);
+ major = gssEapDisplayName(minor, cred->name, &initiator, NULL);
if (GSS_ERROR(major))
goto cleanup;
}
if (targetName != GSS_C_NO_NAME) {
- major = gssEapExportName(minor, targetName, &target);
+ major = gssEapDisplayName(minor, targetName, &target, NULL);
if (GSS_ERROR(major))
goto cleanup;
}
goto cleanup;
gss_release_buffer(&tmpMinor, &cred->caCertificate);
+ gss_release_buffer(&tmpMinor, &cred->caCertificateBlob);
gss_release_buffer(&tmpMinor, &cred->subjectNameConstraint);
gss_release_buffer(&tmpMinor, &cred->subjectAltNameConstraint);
cred->caCertificate.length = HASH_PREFIX_LEN + len;
} else if (!stringEmpty(caCertificate)) {
- makeStringBufferOrCleanup(caCertificate, &cred->caCertificate);
+ void *blobData;
+ ssize_t blobLength;
+ ssize_t maxLength = ((strlen(caCertificate) + 3) / 4) * 3;
+ if (maxLength < 3) {
+ major = GSS_S_FAILURE;
+ *minor = GSSEAP_BAD_CACERTIFICATE;
+ goto cleanup;
+ }
+ blobData = GSSEAP_MALLOC(maxLength);
+ if (blobData == NULL) {
+ major = GSS_S_FAILURE;
+ *minor = ENOMEM;
+ goto cleanup;
+ }
+
+ blobLength = base64Decode(caCertificate, blobData);
+
+ if (blobLength <= 0) {
+ major = GSS_S_DEFECTIVE_CREDENTIAL;
+ *minor = GSSEAP_BAD_CACERTIFICATE;
+ GSSEAP_FREE(blobData);
+ goto cleanup;
+ }
+ cred->caCertificateBlob.value = blobData;
+ cred->caCertificateBlob.length = blobLength;
+ makeStringBufferOrCleanup("blob://ca-cert", &cred->caCertificate);
}
if (!stringEmpty(subjectNameConstraint))