- /* fingerprint */
- n = 128;
- gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
- sha1_fingerprint = readable_fingerprint(md, (int)n);
- gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA256, md, &n);
- sha256_fingerprint = readable_fingerprint(md, (int)n);
+ /* fingerprints */
+ n = 0;
+ memset(md, 0, sizeof(md));
+ if ((ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n)) == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ if (n <= sizeof(md))
+ ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA1, md, &n);
+ }
+
+ if (ret != 0)
+ g_warning("failed to obtain SHA1 fingerprint: %d", ret);
+ sha1_fingerprint = readable_fingerprint(md, (int)n); /* all zeroes */
+
+ n = 0;
+ memset(md, 0, sizeof(md));
+ if ((ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA256, md, &n)) == GNUTLS_E_SHORT_MEMORY_BUFFER) {
+ if (n <= sizeof(md))
+ ret = gnutls_x509_crt_get_fingerprint(cert->x509_cert, GNUTLS_DIG_SHA256, md, &n);
+ }
+
+ if (ret != 0)
+ g_warning("failed to obtain SHA256 fingerprint: %d", ret);
+ sha256_fingerprint = readable_fingerprint(md, (int)n); /* all zeroes */