Don't ask empty responder questions in PKINIT

When putting together the set of identity prompts for a responder
challenge, if we don't need a PIN or password of some kind, don't ask
an empty question.

[ghudson@mit.edu: squashed commits, modified commit message, merged
PKCS11 test with current Python script]

1 files changed, 4 insertions, 4 deletions

diff --git a/src/tests/responder.c b/src/tests/responder.c
index 57106ffc12..13623d8324 100644
--- a/src/tests/responder.c
+++ b/src/tests/responder.c
@@ -100,11 +100,11 @@ responder(krb5_context ctx, void *rawdata, krb5_responder_context rctx)
             *value++ = '\0';
         /* Read the challenge. */
         challenge = krb5_responder_get_challenge(ctx, rctx, key);
-        if (challenge == NULL)
-            challenge = "";
-        /* See if the expected challenge looks like JSON-encoded data. */
         err = k5_json_decode(value, &decoded1);
-        if (err != 0) {
+        /* Check for "no challenge". */
+        if (challenge == NULL && *value == '\0') {
+            fprintf(stderr, "OK: (no challenge) == (no challenge)\n");
+        } else if (err != 0) {
             /* It's not JSON, so assume we're just after a string compare. */
             if (strcmp(challenge, value) == 0) {
                 fprintf(stderr, "OK: \"%s\" == \"%s\"\n", challenge, value);