diff options
| author | Nalin Dahyabhai <nalin@redhat.com> | 2013-01-14 13:57:54 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-05-10 16:03:29 -0400 |
| commit | 2a39ca97af97ddd508262eab33e5a0fa6abc4b00 (patch) | |
| tree | ffb5d9a0a43a46f0125e715a835cbee197394215 /src/plugins | |
| parent | 1e8ec647b9c3ee20298245fb7958fe6fbeb81619 (diff) | |
| download | krb5-2a39ca97af97ddd508262eab33e5a0fa6abc4b00.tar.gz krb5-2a39ca97af97ddd508262eab33e5a0fa6abc4b00.tar.xz krb5-2a39ca97af97ddd508262eab33e5a0fa6abc4b00.zip | |
Don't fail if a candidate certificate has no SANs
When we're doing certificate matching and we're asked for the list of
SAN values for a certifiate, and it contains none, don't return an
error, as that will eventually cause the module to just return an error.
Instead, just return an empty list of SAN values so that processing will
continue on to check if other certificates match.
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 8 |
1 files changed, 2 insertions, 6 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 26901986b..1aae6147f 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -3161,12 +3161,8 @@ crypto_cert_get_matching_data(krb5_context context, md->ku_bits = cert_get_ku_bits(context, cert_handle->cert); md->eku_bits = cert_get_eku_bits(context, cert_handle->cert, PR_FALSE); if (cert_retrieve_cert_sans(context, cert_handle->cert, - &md->sans, &md->sans, NULL) != 0) { - free(md->subject_dn); - free(md->issuer_dn); - free(md); - return ENOMEM; - } + &md->sans, &md->sans, NULL) != 0) + md->sans = NULL; *ret_data = md; return 0; } |