x509: aki: always print authorityCert info

Always print authorityCertIssuer/SerialNumber. Currently it is output
only if keyIdentifier is not present.

Fixes #991

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

2 files changed, 8 insertions, 3 deletions

diff --git a/lib/x509/output.c b/lib/x509/output.c
index c8b0c66ddb..a41e4963df 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -448,7 +448,9 @@ print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki)
 	err =
 	    gnutls_x509_aki_get_cert_issuer(aki,
 					    0, &alt_type, &san, &other_oid, &serial);
-	if (err < 0) {
+	if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+		return;
+	} else if (err < 0) {
 		addf(str, "error: gnutls_x509_aki_get_cert_issuer: %s\n",
 		     gnutls_strerror(err));
 		return;
@@ -481,10 +483,11 @@ static void print_aki(gnutls_buffer_st * str, gnutls_datum_t *der)
 		goto cleanup;
 	}
 
+	/* Check if an alternative name is there */
+	print_aki_gn_serial(str, aki);
+
 	err = gnutls_x509_aki_get_id(aki, &id);
 	if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
-		/* Check if an alternative name is there */
-		print_aki_gn_serial(str, aki);
 		goto cleanup;
 	} else if (err < 0) {
 		addf(str, "error: gnutls_x509_aki_get_id: %s\n",
diff --git a/tests/cert-tests/data/long-oids.pem b/tests/cert-tests/data/long-oids.pem
index 0306f536b9..15e8b3ed24 100644
--- a/tests/cert-tests/data/long-oids.pem
+++ b/tests/cert-tests/data/long-oids.pem
@@ -36,6 +36,8 @@ X.509 Certificate Information:
 			Key encipherment.
 			Data encipherment.
 		Authority Key Identifier (not critical):
+			directoryName: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US
+			serial: 00a4e7caebbe435dcc
 			caca62860405f0f59b38d22c3c8c650fc6baa53c
 		Subject Key Identifier (not critical):
 			0e8d7b53ba5a9e9244e56458a1db8347053e32d3