summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stefw@redhat.com>2014-09-05 11:29:05 +0200
committerStef Walter <stefw@redhat.com>2014-09-05 11:29:05 +0200
commitdc55d9d5fc5d904f0bc3c06ba3caf64483b18fa9 (patch)
treebd8a3c82e7e5ac3b16ebc276534fa0d77a0196fd
parent677dee1a04058aefe8c7689f88da52afe3b4b4bb (diff)
trust: Produce a proper message for an invalid stapled extension
Previously we would output a line like this: p11-kit: 'node != NULL' not true at lookup_extension
-rw-r--r--trust/builder.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/trust/builder.c b/trust/builder.c
index fd7a662..5f76608 100644
--- a/trust/builder.c
+++ b/trust/builder.c
@@ -114,6 +114,7 @@ lookup_extension (p11_builder *builder,
CK_OBJECT_CLASS klass = CKO_X_CERTIFICATE_EXTENSION;
CK_OBJECT_HANDLE obj;
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *label;
void *value;
size_t length;
node_asn *node;
@@ -137,7 +138,15 @@ lookup_extension (p11_builder *builder,
value = p11_attrs_find_value (attrs, CKA_VALUE, &length);
if (value != NULL) {
node = decode_or_get_asn1 (builder, "PKIX1.Extension", value, length);
- return_val_if_fail (node != NULL, NULL);
+ if (node == NULL) {
+ label = p11_attrs_find_valid (attrs, CKA_LABEL);
+ if (label == NULL)
+ label = p11_attrs_find_valid (cert, CKA_LABEL);
+ p11_message ("%.*s: invalid certificate extension",
+ label ? (int)label->ulValueLen : 7,
+ label ? (char *)label->pValue : "unknown");
+ return NULL;
+ }
return p11_asn1_read (node, "extnValue", ext_len);
}
}