Fix CA certificate bundle handling in darwinssl. #115
I'm still experiencing a problem where it will treat files that are not DER certificates as if they were DER certificates. For example, if I set --cacert to the Safari binary that comes with OS X, it treats it like it was a certificate file when it isn't. Why does pem_to_der() return 0 if the separator line is not found?
The problem is that SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even if the buffer is non-valid DER or corrupt.
I pushed a commit which adds an extra check via calling SecCertificateCopyPublicKey() to make sure cacert is a valid certificate. It fixes the issue you mention.
Pem_to_der() returns the number of bytes it consumed from the input buffer, so that it can be used to traverse through a bundle. If it can't find a separator it assumes the certificate is not a PEM file.