From c3c836c7671dc4199d41433c4c2ec5641f52b220 Mon Sep 17 00:00:00 2001
From: Johannes Helmold <johannes.helmold@greenbone.net>
Date: Fri, 21 Jul 2023 13:57:28 +0200
Subject: [PATCH] Add: Added check of certificate for TippingPoint SMS alerts.

Now the uploaded certificate for a TippingPoint SMS alert is
checked, if it is a valid X509 certificate in PEM format.
This check takes place before the alert data is saved.
---
 src/manage_sql.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/manage_sql.c b/src/manage_sql.c
index 6c580d94d..1754f6135 100644
--- a/src/manage_sql.c
+++ b/src/manage_sql.c
@@ -7047,7 +7047,16 @@ validate_tippingpoint_data (alert_method_t method, const gchar *name,
 
       if (strcmp (name, "tp_sms_tls_certificate") == 0)
         {
-          // TODO: Check certificate, return 52 on failure
+          // Check certificate, return 52 on failure
+          int ret;
+          gnutls_x509_crt_fmt_t crt_fmt;
+
+          ret = get_certificate_info (*data, strlen(*data), NULL, NULL, NULL,
+                                      NULL, NULL, NULL, NULL, &crt_fmt);
+          if (ret || crt_fmt != GNUTLS_X509_FMT_PEM)
+            {
+              return 52;
+            }
         }
 
       if (strcmp (name, "tp_sms_tls_workaround") == 0)