Commit ce8df71d authored by David Woodhouse's avatar David Woodhouse

Document SHA1 buffer requirements more clearly

There's an inconsistency here; openconnect_set_xmlsha1() takes a redundant
'len' arg which serves no purpose except to check that the caller knows
how big a SHA1 is. If it's not 41, we bail.

Next time the soname is getting bumped, I'll add a similar redundant
check to openconnect_get_cert_sha1() too. I should have done that when
it was first converted from an internal function to a public-facing one
in commit 20840ab0. But I didn't, and it's not worth bumping the soname
again right now *just* for that.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 4cbb1ce4
......@@ -132,8 +132,13 @@ struct openconnect_info;
#define OPENCONNECT_X509 void
/* Unless otherwise specified, all functions which set strings will take ownership of those strings
and should free them later in openconnect_vpninfo_free() */
/* Unless otherwise specified, all functions which set strings will
take ownership of those strings and should free them later in
openconnect_vpninfo_free() */
/* The buffer 'buf' must be at least 41 bytes. It will receive a hex string
with trailing NUL, representing the SHA1 fingerprint of the certificate. */
int openconnect_get_cert_sha1(struct openconnect_info *vpninfo,
OPENCONNECT_X509 *cert, char *buf);
char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
......@@ -154,7 +159,9 @@ char *openconnect_get_urlpath (struct openconnect_info *);
void openconnect_set_urlpath (struct openconnect_info *, char *);
/* This function does *not* take ownership of the string; it's copied
into a static buffer in the vpninfo */
into a static buffer in the vpninfo. The size must be 41 bytes,
since that's the size of a 20-byte SHA1 represented as hex with
a trailing NUL. */
void openconnect_set_xmlsha1 (struct openconnect_info *, const char *, int size);
void openconnect_set_cafile (struct openconnect_info *, char *);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment