diff options
author | Stef Walter <stefw@redhat.com> | 2014-09-05 11:29:05 +0200 |
---|---|---|
committer | Stef Walter <stefw@redhat.com> | 2014-09-05 11:29:05 +0200 |
commit | dc55d9d5fc5d904f0bc3c06ba3caf64483b18fa9 (patch) | |
tree | bd8a3c82e7e5ac3b16ebc276534fa0d77a0196fd | |
parent | 677dee1a04058aefe8c7689f88da52afe3b4b4bb (diff) |
trust: Produce a proper message for an invalid stapled extension
Previously we would output a line like this:
p11-kit: 'node != NULL' not true at lookup_extension
-rw-r--r-- | trust/builder.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/trust/builder.c b/trust/builder.c index fd7a662..5f76608 100644 --- a/trust/builder.c +++ b/trust/builder.c @@ -114,6 +114,7 @@ lookup_extension (p11_builder *builder, CK_OBJECT_CLASS klass = CKO_X_CERTIFICATE_EXTENSION; CK_OBJECT_HANDLE obj; CK_ATTRIBUTE *attrs; + CK_ATTRIBUTE *label; void *value; size_t length; node_asn *node; @@ -137,7 +138,15 @@ lookup_extension (p11_builder *builder, value = p11_attrs_find_value (attrs, CKA_VALUE, &length); if (value != NULL) { node = decode_or_get_asn1 (builder, "PKIX1.Extension", value, length); - return_val_if_fail (node != NULL, NULL); + if (node == NULL) { + label = p11_attrs_find_valid (attrs, CKA_LABEL); + if (label == NULL) + label = p11_attrs_find_valid (cert, CKA_LABEL); + p11_message ("%.*s: invalid certificate extension", + label ? (int)label->ulValueLen : 7, + label ? (char *)label->pValue : "unknown"); + return NULL; + } return p11_asn1_read (node, "extnValue", ext_len); } } |