diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-12 16:04:49 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-07-13 14:48:08 +0200 |
| commit | a8fe15f9491dac68798283f110d44cf76d9c192c (patch) | |
| tree | 7d0235c065650ecf1297906ed35f214bfa969a2d | |
| parent | c474225a25b5dbda586019a43d0c410853246c44 (diff) | |
| download | gnutls-a8fe15f9491dac68798283f110d44cf76d9c192c.tar.gz | |
x509/output: do not attempt to print the key ID on unknown SPKI algorithms
On unknown algorithms, it is not always possible to parse the SPKI
field. Instead avoid printing errors.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/x509/output.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/lib/x509/output.c b/lib/x509/output.c index 6bcf68275d..93eed2e57e 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1747,12 +1747,12 @@ static void print_keyid(gnutls_buffer_st * str, gnutls_x509_crt_t cert) unsigned char sha1_buffer[MAX_HASH_SIZE]; size_t sha1_size; - print_obj_id(str, "\t", cert, (get_id_func*)gnutls_x509_crt_get_key_id); - err = gnutls_x509_crt_get_pk_algorithm(cert, &bits); if (err < 0) return; + print_obj_id(str, "\t", cert, (get_id_func*)gnutls_x509_crt_get_key_id); + if (err == GNUTLS_PK_EC) { gnutls_ecc_curve_t curve; @@ -1937,10 +1937,7 @@ static void print_oneline(gnutls_buffer_st * str, gnutls_x509_crt_t cert) err = gnutls_x509_crt_get_key_id(cert, GNUTLS_KEYID_USE_SHA256, buffer, &size); - if (err < 0) { - addf(str, "key PIN error (%s)", - gnutls_strerror(err)); - } else { + if (err >= 0) { addf(str, "pin-sha256=\""); _gnutls_buffer_base64print(str, buffer, size); adds(str, "\""); @@ -2626,6 +2623,13 @@ print_crq(gnutls_buffer_st * str, gnutls_x509_crq_t cert, static void print_crq_other(gnutls_buffer_st * str, gnutls_x509_crq_t crq) { + int ret; + + /* on unknown public key algorithms don't print the key ID */ + ret = gnutls_x509_crq_get_pk_algorithm(crq, NULL); + if (ret < 0) + return; + print_obj_id(str, "\t", crq, (get_id_func*)gnutls_x509_crq_get_key_id); } @@ -2686,6 +2690,11 @@ print_pubkey_other(gnutls_buffer_st * str, gnutls_pubkey_t pubkey, print_key_usage2(str, "\t", pubkey->key_usage); } + /* on unknown public key algorithms don't print the key ID */ + ret = gnutls_pubkey_get_pk_algorithm(pubkey, NULL); + if (ret < 0) + return; + print_obj_id(str, "", pubkey, (get_id_func*)gnutls_pubkey_get_key_id); } |