From bef9d11d4d7b8c1159858d46e9ab03e9398582b7 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Wed, 20 Oct 2010 21:37:27 -0400
Subject: [PATCH 062/150] - tweak cert selection a bit more

---
 src/plugins/preauth/pkinit/pkinit_crypto_nss.c |   30 ++++++++++++++++++++---
 1 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index f44f430..839762e 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -57,7 +57,7 @@
 #define CONFIGDIR "/home/nalin/projects/krb5/pkinit/src/plugins/preauth/pkinit" /* FIXME */
 #define NSS_CMSContentInfo_SetDontStream(a, b) (SECSuccess) /* FIXME */
 
-#define DEBUG_DER "/usr/lib64/nss/unsupported-tools/derdump"
+/* #define DEBUG_DER "/usr/lib64/nss/unsupported-tools/derdump" */
 
 /* Forward declarations. */
 static krb5_error_code cert_retrieve_cert_sans(krb5_context context,
@@ -485,6 +485,22 @@ get_oid_from_tag(SECOidTag tag)
 	}
 }
 
+#ifdef DEBUG
+static void
+hexdump(unsigned char *data, unsigned int length)
+{
+	unsigned int i;
+	for (i = 0; i < length; i++) {
+		fprintf(stderr, " %02x", data[i]);
+		if ((i % 20) == 19) {
+			fprintf(stderr, "\n");
+		}
+	}
+	if ((i > 0) && ((i % 20) != 0)) {
+		fprintf(stderr, "\n");
+	}
+}
+#endif
 #ifdef DEBUG_DER
 static void
 derdump(unsigned char *data, unsigned int length)
@@ -1269,7 +1285,9 @@ client_process_dh(krb5_context context,
 		PORT_FreeArena(pool, PR_TRUE);
 		return ENOMEM;
 	}
-
+#ifdef DEBUG
+	hexdump(bits->data, bits->len);
+#endif
 	PK11_FreeSymKey(sym);
 	PK11_FreeSlot(slot);
 	SECKEY_DestroyPublicKey(pub);
@@ -1441,7 +1459,9 @@ server_process_dh(krb5_context context,
 		PORT_FreeArena(pool, PR_TRUE);
 		return ENOMEM;
 	}
-
+#ifdef DEBUG
+	hexdump(bits->data, bits->len);
+#endif
 	PK11_FreeSymKey(sym);
 	SECKEY_DestroyPrivateKey(priv);
 	SECKEY_DestroyPublicKey(pub);
@@ -2112,14 +2132,16 @@ crypto_cert_select_default(krb5_context context,
 					    (memcmp(c->data, KRB5_TGS_NAME,
 					    	    KRB5_TGS_NAME_SIZE) == 0)) {
 						cert = node->cert;
-						pkiDebug("%s: selecting KDC "
+						pkiDebug("%s: selecting %s "
 							 "certificate \"%s\"\n",
 							 __FUNCTION__,
+							 KRB5_TGS_NAME,
 							 cert->subjectName);
 					}
 					krb5_free_principal(context, sans[i]);
 				}
 				free(sans);
+				sans = NULL;
 			}
 			if (cert != NULL) {
 				break;
-- 
1.7.6.4