From 5b3dbb3422aeaec19f284624fcea97bc8e0a0d11 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 28 Jun 2016 09:28:37 +0200
Subject: find_cert_cb: minor cleanups in find_cert_cb

---
 lib/pkcs11.c | 56 ++++++++++++++++++++++++++++----------------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index d1f13bb250..50d0621ce9 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -3574,30 +3574,37 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
 				break;
 			}
 
-			a[0].type = CKA_LABEL;
-			a[0].value = label_tmp;
-			a[0].value_len = sizeof(label_tmp);
-
-			a[1].type = CKA_ID;
-			a[1].value = id_tmp;
-			a[1].value_len = sizeof(id_tmp);
-
 			/* data will contain the certificate */
 			rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, CKA_VALUE, &data);
 
-			if (rv == CKR_OK && pkcs11_get_attribute_value
-			    (sinfo->module, sinfo->pks, obj, a,
-			     2) == CKR_OK) {
-				label.data = a[0].value;
-				label.size = a[0].value_len;
-				id.data = a[1].value;
-				id.size = a[1].value_len;
+			if (rv == CKR_OK) {
+				ret = check_found_cert(priv, &data, now);
+				if (ret < 0) {
+					_gnutls_free_datum(&data);
+					continue;
+				}
 
-				found = 1;
-				break;
-			} else {
-				_gnutls_debug_log
-				    ("p11: Skipped cert, missing attrs.\n");
+				a[0].type = CKA_LABEL;
+				a[0].value = label_tmp;
+				a[0].value_len = sizeof(label_tmp);
+
+				a[1].type = CKA_ID;
+				a[1].value = id_tmp;
+				a[1].value_len = sizeof(id_tmp);
+
+				if (pkcs11_get_attribute_value(sinfo->module, sinfo->pks, obj, a, 2) == CKR_OK) {
+					label.data = a[0].value;
+					label.size = a[0].value_len;
+					id.data = a[1].value;
+					id.size = a[1].value_len;
+
+					found = 1;
+					break;
+				} else {
+					_gnutls_free_datum(&data);
+					_gnutls_debug_log
+					    ("p11: Skipped cert, missing attrs.\n");
+				}
 			}
 		}
 
@@ -3605,14 +3612,7 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
 		finalized = 1;
 
 		if (found != 0) {
-			ret = check_found_cert(priv, &data, now);
-			if (ret < 0) {
-				_gnutls_free_datum(&data);
-				found = 0;
-				continue;
-			}
-
-			if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT) {
+			if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT && data.size > 0) {
 				gnutls_datum_t spki;
 				rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, CKA_PUBLIC_KEY_INFO, &spki);
 				if (rv == CKR_OK) {
-- 
cgit v1.2.1