summaryrefslogtreecommitdiff
path: root/src/irmd/oap
diff options
context:
space:
mode:
Diffstat (limited to 'src/irmd/oap')
-rw-r--r--src/irmd/oap/auth.c10
-rw-r--r--src/irmd/oap/auth.h2
2 files changed, 8 insertions, 4 deletions
diff --git a/src/irmd/oap/auth.c b/src/irmd/oap/auth.c
index ebe1949b..60bd5f97 100644
--- a/src/irmd/oap/auth.c
+++ b/src/irmd/oap/auth.c
@@ -266,9 +266,13 @@ int oap_auth_peer(char * name,
goto fail_pin;
}
- if (crypt_get_crt_name(crt, name) < 0) {
- log_warn_id(id, "Failed to extract name from certificate.");
- name[0] = '\0';
+ ret = crypt_get_crt_name(crt, name);
+ if (ret < 0) {
+ if (ret == -ENAME)
+ log_err_id(id, "Certificate CN too long.");
+ else
+ log_err_id(id, "No name in certificate.");
+ goto fail_pin;
}
if (pin != NULL)
diff --git a/src/irmd/oap/auth.h b/src/irmd/oap/auth.h
index be8d2cae..4a350120 100644
--- a/src/irmd/oap/auth.h
+++ b/src/irmd/oap/auth.h
@@ -29,7 +29,7 @@
int oap_check_hdr(const struct oap_hdr * hdr);
-/* name is updated with the peer's certificate name if available */
+/* name is set to the peer crt CN, "" if no crt was presented */
int oap_auth_peer(char * name,
const struct sec_config * cfg,
const struct oap_hdr * local_hdr,