diff options
Diffstat (limited to 'src/irmd/oap')
| -rw-r--r-- | src/irmd/oap/auth.c | 10 | ||||
| -rw-r--r-- | src/irmd/oap/auth.h | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/src/irmd/oap/auth.c b/src/irmd/oap/auth.c index ebe1949b..60bd5f97 100644 --- a/src/irmd/oap/auth.c +++ b/src/irmd/oap/auth.c @@ -266,9 +266,13 @@ int oap_auth_peer(char * name, goto fail_pin; } - if (crypt_get_crt_name(crt, name) < 0) { - log_warn_id(id, "Failed to extract name from certificate."); - name[0] = '\0'; + ret = crypt_get_crt_name(crt, name); + if (ret < 0) { + if (ret == -ENAME) + log_err_id(id, "Certificate CN too long."); + else + log_err_id(id, "No name in certificate."); + goto fail_pin; } if (pin != NULL) diff --git a/src/irmd/oap/auth.h b/src/irmd/oap/auth.h index be8d2cae..4a350120 100644 --- a/src/irmd/oap/auth.h +++ b/src/irmd/oap/auth.h @@ -29,7 +29,7 @@ int oap_check_hdr(const struct oap_hdr * hdr); -/* name is updated with the peer's certificate name if available */ +/* name is set to the peer crt CN, "" if no crt was presented */ int oap_auth_peer(char * name, const struct sec_config * cfg, const struct oap_hdr * local_hdr, |
