Support the certificate chain load for DER format

ruby · May 2, 2020 · ff8572a · ff8572a
1 parent 0651c2f
commit ff8572a
Showing 1 changed file with 27 additions and 5 deletions.
diff --git a/ext/openssl/ossl_x509cert.c b/ext/openssl/ossl_x509cert.c
@@ -724,15 +724,37 @@ ossl_x509_load_chained_cert_from_file(VALUE self, VALUE path)
 
     if (BIO_read_filename(in, StringValueCStr(path)) <= 0)
         ossl_raise(eX509CertError, NULL);
+
+    /* check the certificate format is PEM or DER */
+    if ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)) != NULL) {
+        /* case 1: certificate format is PEM */
+        do {
+            cert = ossl_x509_new(x509);
+            rb_ary_push(ary, cert);
+            X509_free(x509);
+        } while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)) != NULL);
+
+        BIO_free(in);
+        return ary;
+    }
 
-    while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)) != NULL) {
-        cert = ossl_x509_new(x509);
-        rb_ary_push(ary, cert);
-        X509_free(x509);
+    /* certificate format is not PEM */
+    OSSL_BIO_reset(in);
+    if ((x509 = d2i_X509_bio(in, NULL)) != NULL) {
+        /* case 2: certificate format is DER */
+        do {
+            cert = ossl_x509_new(x509);
+            rb_ary_push(ary, cert);
+            X509_free(x509);
+        } while ((x509 = d2i_X509_bio(in, NULL)) != NULL);
+
+        BIO_free(in);
+        return ary;
     }
 
+    /* error: certificate format is not both PEM or DER */
     BIO_free(in);
-    return ary;
+    ossl_raise(eX509CertError, NULL);
 }