From: Nalin Dahyabhai Date: Tue, 9 Oct 2012 17:41:46 +0000 (-0400) Subject: Sanity-check loading keys and certs from PEM files X-Git-Tag: krb5-1.11-alpha1~82 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a747275b650a003ae81f0479e1202b10b2ea466;p=thirdparty%2Fkrb5.git Sanity-check loading keys and certs from PEM files Print a debug message if we're unable to locate the matching private key for a certificate when we've just loaded both of them from PEM files. --- diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 2f93a86e08..1aa5779cd5 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -2402,6 +2402,7 @@ crypto_load_files(krb5_context context, CERTCertificate *cert; CERTCertList *before, *after; CERTCertListNode *anode, *bnode; + SECKEYPrivateKey *key; CK_ATTRIBUTE attrs[4]; CK_BBOOL cktrue = CK_TRUE, cktrust; CK_OBJECT_CLASS keyclass = CKO_PRIVATE_KEY, certclass = CKO_CERTIFICATE; @@ -2555,6 +2556,20 @@ crypto_load_files(krb5_context context, if (before != NULL) { CERT_DestroyCertList(before); } + if ((keyfile != NULL) && (obj->cert != NULL)) { + key = PK11_FindPrivateKeyFromCert(slot, obj->cert, + crypto_pwcb_prep(id_cryptoctx, + context)); + if (key == NULL) { + pkiDebug("%s: no key private found for \"%s\"(%s), " + "even though we just loaded that key?\n", + __FUNCTION__, + obj->cert->nickname ? + obj->cert->nickname : "(no name)", + certfile); + } else + SECKEY_DestroyPrivateKey(req_cryptoctx->client_dh_privkey); + } } /* If we succeeded to this point, or more likely didn't do anything