granicus.if.org Git - curl/commit

author	Johannes Schindelin <johannes.schindelin@gmx.de>
	Mon, 21 May 2018 22:01:08 +0000 (00:01 +0200)
committer	Jay Satiro <raysatiro@yahoo.com>
	Tue, 22 May 2018 06:29:55 +0000 (02:29 -0400)
commit	aa0f41a5fc1086bd5d6700db6645751176dac935
tree	03a3cfe44f2c056df07c63def8a9056b75e067cb	tree \| snapshot
parent	2ceab09451ba85b1fc85b73dac2269e97f206e1e	commit \| diff

schannel: make CAinfo parsing resilient to CR/LF

OpenSSL has supported --cacert for ages, always accepting LF-only line
endings ("Unix line endings") as well as CR/LF line endings ("Windows
line endings").

When we introduced support for --cacert also with Secure Channel (or in
cURL speak: "WinSSL"), we did not take care to support CR/LF line
endings, too, even if we are much more likely to receive input in that
form when using Windows.

Let's fix that.

Happily, CryptQueryObject(), the function we use to parse the ca-bundle,
accepts CR/LF input already, and the trailing LF before the END
CERTIFICATE marker catches naturally any CR/LF line ending, too. So all
we need to care about is the BEGIN CERTIFICATE marker. We do not
actually need to verify here that the line ending is CR/LF. Just
checking for a CR or an LF is really plenty enough.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/2592