diff options
author | Nalin Dahyabhai <nalin@redhat.com> | 2012-10-09 13:41:46 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-10-15 11:41:10 -0400 |
commit | 3a747275b650a003ae81f0479e1202b10b2ea466 (patch) | |
tree | 06476c86f90f4fd37d48bf79d0d84eceb83d44e4 /src/plugins | |
parent | 15c8543449010af7ca846fbf1efef699b01792e0 (diff) | |
download | krb5-3a747275b650a003ae81f0479e1202b10b2ea466.tar.gz krb5-3a747275b650a003ae81f0479e1202b10b2ea466.tar.xz krb5-3a747275b650a003ae81f0479e1202b10b2ea466.zip |
Sanity-check loading keys and certs from PEM files
Print a debug message if we're unable to locate the matching private key
for a certificate when we've just loaded both of them from PEM files.
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 2f93a86e08..1aa5779cd5 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -2402,6 +2402,7 @@ crypto_load_files(krb5_context context, CERTCertificate *cert; CERTCertList *before, *after; CERTCertListNode *anode, *bnode; + SECKEYPrivateKey *key; CK_ATTRIBUTE attrs[4]; CK_BBOOL cktrue = CK_TRUE, cktrust; CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY, certclass = CKO_CERTIFICATE; @@ -2555,6 +2556,20 @@ crypto_load_files(krb5_context context, if (before != NULL) { CERT_DestroyCertList(before); } + if ((keyfile != NULL) && (obj->cert != NULL)) { + key = PK11_FindPrivateKeyFromCert(slot, obj->cert, + crypto_pwcb_prep(id_cryptoctx, + context)); + if (key == NULL) { + pkiDebug("%s: no key private found for \"%s\"(%s), " + "even though we just loaded that key?\n", + __FUNCTION__, + obj->cert->nickname ? + obj->cert->nickname : "(no name)", + certfile); + } else + SECKEY_DestroyPrivateKey(req_cryptoctx->client_dh_privkey); + } } /* If we succeeded to this point, or more likely didn't do anything |