Browse code
Copy cert name for debug prints; fail better
Fail better if calling crtmgr_add fails when adding an
embedded certificate bc it matched a whitelist entry
Andrew authored on 2019/02/14 07:19:47Showing 1 changed files
| ... | ... |
@@ -1615,6 +1615,10 @@ static cl_error_t asn1_parse_mscat(struct cl_engine *engine, fmap_t *map, size_t |
| 1615 | 1615 |
if (NULL != (crt = crtmgr_whitelist_lookup(cmgr, x509, 1))) {
|
| 1616 | 1616 |
cli_crt *tmp = x509->next; |
| 1617 | 1617 |
cli_dbgmsg("asn1_parse_mscat: Directly whitelisting embedded cert based on %s\n", (crt->name ? crt->name : "(no name)"));
|
| 1618 |
+ if (cli_debug_flag && crt->name) {
|
|
| 1619 |
+ // Copy the name from the CRB entry for printing below |
|
| 1620 |
+ x509->name = strdup(crt->name); |
|
| 1621 |
+ } |
|
| 1618 | 1622 |
if (crtmgr_add(cmgr, x509)) {
|
| 1619 | 1623 |
cli_dbgmsg("asn1_parse_mscat: adding x509 cert to crtmgr failed\n");
|
| 1620 | 1624 |
break; |
| ... | ... |
@@ -1626,6 +1630,10 @@ static cl_error_t asn1_parse_mscat(struct cl_engine *engine, fmap_t *map, size_t |
| 1626 | 1626 |
|
| 1627 | 1627 |
x509 = x509->next; |
| 1628 | 1628 |
} |
| 1629 |
+ if (x509) {
|
|
| 1630 |
+ crtmgr_free(&newcerts); |
|
| 1631 |
+ break; |
|
| 1632 |
+ } |
|
| 1629 | 1633 |
x509 = newcerts.crts; |
| 1630 | 1634 |
|
| 1631 | 1635 |
/* Now look for cases where embedded certs can be trusted |