Commit ce8df71d authored by David Woodhouse's avatar David Woodhouse

Document SHA1 buffer requirements more clearly

There's an inconsistency here; openconnect_set_xmlsha1() takes a redundant
'len' arg which serves no purpose except to check that the caller knows
how big a SHA1 is. If it's not 41, we bail.

Next time the soname is getting bumped, I'll add a similar redundant
check to openconnect_get_cert_sha1() too. I should have done that when
it was first converted from an internal function to a public-facing one
in commit 20840ab0. But I didn't, and it's not worth bumping the soname
again right now *just* for that.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 4cbb1ce4
...@@ -132,8 +132,13 @@ struct openconnect_info; ...@@ -132,8 +132,13 @@ struct openconnect_info;
#define OPENCONNECT_X509 void #define OPENCONNECT_X509 void
/* Unless otherwise specified, all functions which set strings will take ownership of those strings /* Unless otherwise specified, all functions which set strings will
and should free them later in openconnect_vpninfo_free() */ take ownership of those strings and should free them later in
openconnect_vpninfo_free() */
/* The buffer 'buf' must be at least 41 bytes. It will receive a hex string
with trailing NUL, representing the SHA1 fingerprint of the certificate. */
int openconnect_get_cert_sha1(struct openconnect_info *vpninfo, int openconnect_get_cert_sha1(struct openconnect_info *vpninfo,
OPENCONNECT_X509 *cert, char *buf); OPENCONNECT_X509 *cert, char *buf);
char *openconnect_get_cert_details(struct openconnect_info *vpninfo, char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
...@@ -154,7 +159,9 @@ char *openconnect_get_urlpath (struct openconnect_info *); ...@@ -154,7 +159,9 @@ char *openconnect_get_urlpath (struct openconnect_info *);
void openconnect_set_urlpath (struct openconnect_info *, char *); void openconnect_set_urlpath (struct openconnect_info *, char *);
/* This function does *not* take ownership of the string; it's copied /* This function does *not* take ownership of the string; it's copied
into a static buffer in the vpninfo */ into a static buffer in the vpninfo. The size must be 41 bytes,
since that's the size of a 20-byte SHA1 represented as hex with
a trailing NUL. */
void openconnect_set_xmlsha1 (struct openconnect_info *, const char *, int size); void openconnect_set_xmlsha1 (struct openconnect_info *, const char *, int size);
void openconnect_set_cafile (struct openconnect_info *, char *); void openconnect_set_cafile (struct openconnect_info *, char *);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment