Fail better if calling crtmgr_add fails when adding an
embedded certificate bc it matched a whitelist entry
... | ... |
@@ -1615,6 +1615,10 @@ static cl_error_t asn1_parse_mscat(struct cl_engine *engine, fmap_t *map, size_t |
1615 | 1615 |
if (NULL != (crt = crtmgr_whitelist_lookup(cmgr, x509, 1))) { |
1616 | 1616 |
cli_crt *tmp = x509->next; |
1617 | 1617 |
cli_dbgmsg("asn1_parse_mscat: Directly whitelisting embedded cert based on %s\n", (crt->name ? crt->name : "(no name)")); |
1618 |
+ if (cli_debug_flag && crt->name) { |
|
1619 |
+ // Copy the name from the CRB entry for printing below |
|
1620 |
+ x509->name = strdup(crt->name); |
|
1621 |
+ } |
|
1618 | 1622 |
if (crtmgr_add(cmgr, x509)) { |
1619 | 1623 |
cli_dbgmsg("asn1_parse_mscat: adding x509 cert to crtmgr failed\n"); |
1620 | 1624 |
break; |
... | ... |
@@ -1626,6 +1630,10 @@ static cl_error_t asn1_parse_mscat(struct cl_engine *engine, fmap_t *map, size_t |
1626 | 1626 |
|
1627 | 1627 |
x509 = x509->next; |
1628 | 1628 |
} |
1629 |
+ if (x509) { |
|
1630 |
+ crtmgr_free(&newcerts); |
|
1631 |
+ break; |
|
1632 |
+ } |
|
1629 | 1633 |
x509 = newcerts.crts; |
1630 | 1634 |
|
1631 | 1635 |
/* Now look for cases where embedded certs can be trusted |