[glib-networking] tlscertificate: copy all certificate chain

[Aleix Conchillo Flaqué <aconchillo src gnome org>]

commit 995dbe7cb108215a5733ce6a1b07673fd5741325
Author: Aleix Conchillo Flaqué <aleix oblong com>
Date:   Thu Feb 20 17:47:22 2014 -0800

    tlscertificate: copy all certificate chain
    
    We now copy all the certificate chain into gnutls_retr2_st
    structure. This way the whole chain is sent during the TLS handshaking.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=724708

 tls/gnutls/gtlscertificate-gnutls.c |   47 +++++++++++++++++++++++++---------
 1 files changed, 34 insertions(+), 13 deletions(-)
---
diff --git a/tls/gnutls/gtlscertificate-gnutls.c b/tls/gnutls/gtlscertificate-gnutls.c
index c2786e7..a2b46a8 100644
--- a/tls/gnutls/gtlscertificate-gnutls.c
+++ b/tls/gnutls/gtlscertificate-gnutls.c
@@ -310,7 +310,7 @@ g_tls_certificate_gnutls_verify (GTlsCertificate     *cert,
   gnutls_x509_crt_t *chain;
   GTlsCertificateFlags gtls_flags;
   time_t t, now;
-  
+
   cert_gnutls = G_TLS_CERTIFICATE_GNUTLS (cert);
   for (num_certs = 0; cert_gnutls; cert_gnutls = cert_gnutls->priv->issuer)
     num_certs++;
@@ -370,24 +370,45 @@ g_tls_certificate_gnutls_real_copy (GTlsCertificateGnutls    *gnutls,
                                     const gchar              *interaction_id,
                                     gnutls_retr2_st          *st)
 {
+  GTlsCertificateGnutls *chain;
   gnutls_x509_crt_t cert;
   gnutls_datum_t data;
+  guint num_certs = 0;
   size_t size = 0;
 
-  gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
-                          NULL, &size);
-  data.data = g_malloc (size);
-  data.size = size;
-  gnutls_x509_crt_export (gnutls->priv->cert, GNUTLS_X509_FMT_DER,
-                          data.data, &size);
+  /* We will do this loop twice. It's probably more efficient than
+   * re-allocating memory.
+   */
+  chain = gnutls;
+  while (chain != NULL)
+    {
+      num_certs++;
+      chain = chain->priv->issuer;
+    }
 
-  gnutls_x509_crt_init (&cert);
-  gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
-  g_free (data.data);
+  st->ncerts = 0;
+  st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t) * num_certs);
 
-  st->ncerts = 1;
-  st->cert.x509 = gnutls_malloc (sizeof (gnutls_x509_crt_t));
-  st->cert.x509[0] = cert;
+  /* Now do the actual copy of the whole chain. */
+  chain = gnutls;
+  while (chain != NULL)
+    {
+      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+                              NULL, &size);
+      data.data = g_malloc (size);
+      data.size = size;
+      gnutls_x509_crt_export (chain->priv->cert, GNUTLS_X509_FMT_DER,
+                              data.data, &size);
+
+      gnutls_x509_crt_init (&cert);
+      gnutls_x509_crt_import (cert, &data, GNUTLS_X509_FMT_DER);
+      g_free (data.data);
+
+      st->cert.x509[st->ncerts] = cert;
+      st->ncerts++;
+
+      chain = chain->priv->issuer;
+    }
 
   if (gnutls->priv->key != NULL)
     {