diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 10:21:06 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-04 13:48:01 +0200 |
commit | 556465c1039b498d8f47ef7943b6a4df40e199d4 (patch) | |
tree | ab7e9a0bc6a6f3f75ea0cab60507d335bad385e0 /lib/x509 | |
parent | 0416d1f94f36b703de46fa00e465b2bac24063ea (diff) | |
download | gnutls-556465c1039b498d8f47ef7943b6a4df40e199d4.tar.gz |
x509/output: print error on invalid public key parameters on certificate
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/x509')
-rw-r--r-- | lib/x509/key_decode.c | 1 | ||||
-rw-r--r-- | lib/x509/output.c | 53 |
2 files changed, 36 insertions, 18 deletions
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index fa65ba14fe..08d352c6f8 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -424,6 +424,7 @@ int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, ret = _gnutls_x509_read_eddsa_pubkey(der, dersize, params); break; default: +fprintf(stderr, "pk: %d\n", algo); ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); break; } diff --git a/lib/x509/output.c b/lib/x509/output.c index 21373ddb6f..e2bfc21809 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -1434,44 +1434,61 @@ print_crt_sig_params(gnutls_buffer_st * str, gnutls_x509_crt_t crt, return 0; } +static void print_pk_name(gnutls_buffer_st * str, gnutls_x509_crt_t crt) +{ + const char *p; + char *name = get_pk_name(crt, NULL); + if (name == NULL) + p = _("unknown"); + else + p = name; + + addf(str, "\tSubject Public Key Algorithm: %s\n", p); + gnutls_free(name); +} + static int print_crt_pubkey(gnutls_buffer_st * str, gnutls_x509_crt_t crt, gnutls_certificate_print_formats_t format) { - gnutls_pubkey_t pubkey; + gnutls_pubkey_t pubkey = NULL; gnutls_x509_spki_st params; - int ret; + int ret, pk; ret = _gnutls_x509_crt_read_spki_params(crt, ¶ms); if (ret < 0) return ret; + pk = gnutls_x509_crt_get_pk_algorithm(crt, NULL); + if (pk < 0) { + gnutls_assert(); + pk = GNUTLS_PK_UNKNOWN; + } + + if (pk == GNUTLS_PK_UNKNOWN) { + print_pk_name(str, crt); /* print basic info only */ + return 0; + } + ret = gnutls_pubkey_init(&pubkey); if (ret < 0) return ret; ret = gnutls_pubkey_import_x509(pubkey, crt, 0); - if (ret < 0) + if (ret < 0) { + if (ret != GNUTLS_E_UNIMPLEMENTED_FEATURE) + addf(str, "error importing public key: %s\n", gnutls_strerror(ret)); + print_pk_name(str, crt); /* print basic info only */ + ret = 0; goto cleanup; + } print_pubkey(str, _("Subject "), pubkey, ¶ms, format); ret = 0; - cleanup: - gnutls_pubkey_deinit(pubkey); - - if (ret < 0) { /* print only name */ - const char *p; - char *name = get_pk_name(crt, NULL); - if (name == NULL) - p = _("unknown"); - else - p = name; - - addf(str, "\tSubject Public Key Algorithm: %s\n", p); - gnutls_free(name); - ret = 0; - } + cleanup: + if (pubkey) + gnutls_pubkey_deinit(pubkey); return ret; } |