Do not try to parse arbitrary objects as certificates.

1 files changed, 6 insertions, 5 deletions

diff --git a/src/pkcs11.c b/src/pkcs11.c
index 18b96451de..a804fdc068 100644
--- a/src/pkcs11.c
+++ b/src/pkcs11.c
@@ -77,7 +77,7 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
   gnutls_pkcs11_obj_t *crt_list;
   gnutls_x509_crt_t xcrt;
   unsigned int crt_list_size = 0, i;
-  int ret;
+  int ret, otype;
   char *output;
   int attrs;
   unsigned int obj_flags = 0;
@@ -143,9 +143,9 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
 
       fprintf (outfile, "Object %d:\n\tURL: %s\n", i, output);
 
+      otype = gnutls_pkcs11_obj_get_type(crt_list[i]);
       fprintf (outfile, "\tType: %s\n",
-               gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_get_type
-                                            (crt_list[i])));
+               gnutls_pkcs11_type_get_name (otype));
 
       size = sizeof (buf);
       ret =
@@ -171,12 +171,13 @@ pkcs11_list (FILE * outfile, const char *url, int type, unsigned int login,
         }
       fprintf (outfile, "\tID: %s\n\n", buf);
 
-
-
       if (attrs == GNUTLS_PKCS11_OBJ_ATTR_ALL
           || attrs == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
         continue;
 
+      if (otype != GNUTLS_PKCS11_OBJ_X509_CRT)
+        continue;
+
       ret = gnutls_x509_crt_init (&xcrt);
       if (ret < 0)
         {