From 603fb91743ba66b46333d614d2d56d403d6c5a3d Mon Sep 17 00:00:00 2001 From: Dmitry Baryshkov Date: Sun, 17 May 2020 22:01:22 +0300 Subject: x509: aki: always print authorityCert info Always print authorityCertIssuer/SerialNumber. Currently it is output only if keyIdentifier is not present. Fixes #991 Signed-off-by: Dmitry Baryshkov --- lib/x509/output.c | 9 ++++++--- tests/cert-tests/data/long-oids.pem | 2 ++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/x509/output.c b/lib/x509/output.c index c8b0c66ddb..a41e4963df 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -448,7 +448,9 @@ print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki) err = gnutls_x509_aki_get_cert_issuer(aki, 0, &alt_type, &san, &other_oid, &serial); - if (err < 0) { + if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + return; + } else if (err < 0) { addf(str, "error: gnutls_x509_aki_get_cert_issuer: %s\n", gnutls_strerror(err)); return; @@ -481,10 +483,11 @@ static void print_aki(gnutls_buffer_st * str, gnutls_datum_t *der) goto cleanup; } + /* Check if an alternative name is there */ + print_aki_gn_serial(str, aki); + err = gnutls_x509_aki_get_id(aki, &id); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - /* Check if an alternative name is there */ - print_aki_gn_serial(str, aki); goto cleanup; } else if (err < 0) { addf(str, "error: gnutls_x509_aki_get_id: %s\n", diff --git a/tests/cert-tests/data/long-oids.pem b/tests/cert-tests/data/long-oids.pem index 0306f536b9..15e8b3ed24 100644 --- a/tests/cert-tests/data/long-oids.pem +++ b/tests/cert-tests/data/long-oids.pem @@ -36,6 +36,8 @@ X.509 Certificate Information: Key encipherment. Data encipherment. Authority Key Identifier (not critical): + directoryName: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US + serial: 00a4e7caebbe435dcc caca62860405f0f59b38d22c3c8c650fc6baa53c Subject Key Identifier (not critical): 0e8d7b53ba5a9e9244e56458a1db8347053e32d3 -- cgit v1.2.1