diff options
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 4f29510..a3afbc5 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -2102,18 +2102,10 @@ cms_signeddata_verify(krb5_context context, goto cleanup; out = BIO_new(BIO_s_mem()); if (CMS_verify(cms, NULL, store, NULL, out, flags) == 0) { - unsigned long err = ERR_peek_last_error(); - switch(ERR_GET_REASON(err)) { - case RSA_R_DIGEST_NOT_ALLOWED: - case CMS_R_UNKNOWN_DIGEST_ALGORITHM: - case CMS_R_NO_MATCHING_DIGEST: - case CMS_R_NO_MATCHING_SIGNATURE: - retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED; - break; - case CMS_R_VERIFICATION_FAILURE: - default: + if (ERR_peek_last_error() == CMS_R_VERIFICATION_FAILURE) retval = KRB5KDC_ERR_INVALID_SIG; - } + else + retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED; (void)oerr(context, retval, _("Failed to verify CMS message")); goto cleanup; } |