For now I'll just do my own check for "-----BEGIN" as well as a sanity check on the file size, before calling PEM_read_bio_X509().
Phillip On Wed, Apr 14, 2010 at 11:29 PM, Phillip Hellewell <ssh...@gmail.com>wrote: > I've noticed when calling PEM_read_bio_X509() on a bogus file it has to > read *the entire file* before it fails and returns NULL, whereas other > functions like d2i_PKCS7_bio and d2i_PKCS12_bio() fail after reading just a > small amount. > > Can we fix the PEM functions to fail sooner? Why can't they tell after > reading the first line that it doesn't start with "-----BEGIN"? Or after > each line why can't it tell that it's not valid base64 data? > > I'm writing a function that detects the cert type automatically by calling > various OpenSSL read functions like the ones I've mentioned above, and it > can be very slow to return "not a cert" on large non-cert files. > > Thanks, > Phillip >
