fix bug with unequally sized certs

[org.ibex.crypto.git] / src / org / ibex / net / SSL.java

diff --git a/src/org/ibex/net/SSL.java b/src/org/ibex/net/SSL.java
index 0f15b28..dc1c201 100644 (file)
--- a/src/org/ibex/net/SSL.java
+++ b/src/org/ibex/net/SSL.java
@@ -326,12 +326,18 @@ public class SSL extends Socket {
         byte[] buf = readHandshake();
         if(buf[0] != 11) throw new Exn("expected a Certificate message");
         if((((buf[4]&0xff)<<16)|((buf[5]&0xff)<<8)|((buf[6]&0xff)<<0)) != buf.length-7) throw new Exn("size mismatch in Certificate message");
-        int p = 7;
-        int count = 0;
+        int p;
+        int count;
         
-        for(int i=p;i<buf.length-3;i+=((buf[p+0]&0xff)<<16)|((buf[p+1]&0xff)<<8)|((buf[p+2]&0xff)<<0)) count++;
+        p = 7;
+        count = 0;
+        while(p < buf.length - 3) {
+            p += 3 + ((buf[p+0]&0xff)<<16)|((buf[p+1]&0xff)<<8)|((buf[p+2]&0xff)<<0);
+            count++;
+        }
         if(count == 0) throw new Exn("server didn't provide any certificates");
         X509.Certificate[] certs = new X509.Certificate[count];
+        p = 7;
         count = 0;
         while(p < buf.length) {
             int len = ((buf[p+0]&0xff)<<16)|((buf[p+1]&0xff)<<8)|((buf[p+2]&0xff)<<0);