|
 |
045b60 |
From b37b8b0979a665fba897bb251d4b206c29936320 Mon Sep 17 00:00:00 2001
|
|
|
045b60 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
045b60 |
Date: Fri, 11 Jun 2021 11:06:48 -0400
|
|
|
045b60 |
Subject: [PATCH] Don't report a spurious error if no SCEP pkiMessage is ready
|
|
|
045b60 |
yet
|
|
|
045b60 |
|
|
|
045b60 |
On a brand new request in the state op_pkcsreq there will be no
|
|
|
045b60 |
pkiMessage to send yet because there is no CSR yet.
|
|
|
045b60 |
|
|
|
045b60 |
It correctly detects this state but also displays the message:
|
|
|
045b60 |
|
|
|
045b60 |
Error reading request. Expected PKCS7 data containing a
|
|
|
045b60 |
PKCSReq pkiMessage, got nothing.
|
|
|
045b60 |
|
|
|
045b60 |
This is confusing if the request eventually succeeds.
|
|
|
045b60 |
|
|
|
045b60 |
It really only needs to report this if it is passed in a file name
|
|
|
045b60 |
to read the message from, otherwise silently return
|
|
|
045b60 |
CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES.
|
|
|
045b60 |
|
|
|
045b60 |
The same issue existed in the op_get_cert_initial state.
|
|
|
045b60 |
|
|
|
045b60 |
https://bugzilla.redhat.com/show_bug.cgi?id=1253009
|
|
|
045b60 |
---
|
|
|
045b60 |
src/scep.c | 20 ++++++++++++--------
|
|
|
045b60 |
1 file changed, 12 insertions(+), 8 deletions(-)
|
|
|
045b60 |
|
|
|
045b60 |
diff --git a/src/scep.c b/src/scep.c
|
|
|
045b60 |
index bf181bf..09bdb28 100644
|
|
|
045b60 |
--- a/src/scep.c
|
|
|
045b60 |
+++ b/src/scep.c
|
|
|
045b60 |
@@ -375,12 +375,14 @@ main(int argc, const char **argv)
|
|
|
045b60 |
if ((message == NULL) || (strlen(message) == 0)) {
|
|
|
045b60 |
if (poptPeekArg(pctx) != NULL) {
|
|
|
045b60 |
message = cm_submit_u_from_file(poptGetArg(pctx));
|
|
|
045b60 |
+ if ((message == NULL) || (strlen(message) == 0)) {
|
|
|
045b60 |
+ printf(_("Error reading request. Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
|
|
|
045b60 |
+ return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
045b60 |
+ }
|
|
|
045b60 |
+ } else {
|
|
|
045b60 |
+ return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
045b60 |
}
|
|
|
045b60 |
}
|
|
|
045b60 |
- if ((message == NULL) || (strlen(message) == 0)) {
|
|
|
045b60 |
- printf(_("Error reading request, expected PKCS7 data.\n"));
|
|
|
045b60 |
- return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
045b60 |
- }
|
|
|
045b60 |
/* First step: read capabilities for our use. */
|
|
|
045b60 |
params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
045b60 |
}
|
|
|
045b60 |
@@ -394,12 +396,14 @@ main(int argc, const char **argv)
|
|
|
045b60 |
if ((message == NULL) || (strlen(message) == 0)) {
|
|
|
045b60 |
if (poptPeekArg(pctx) != NULL) {
|
|
|
045b60 |
message = cm_submit_u_from_file(poptGetArg(pctx));
|
|
|
045b60 |
+ if ((message == NULL) || (strlen(message) == 0)) {
|
|
|
045b60 |
+ printf(_("Error reading request. Expected PKCS7 data containing a GetInitialCert pkiMessage, got nothing.\n"));
|
|
|
045b60 |
+ return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
045b60 |
+ }
|
|
|
045b60 |
+ } else {
|
|
|
045b60 |
+ return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
045b60 |
}
|
|
|
045b60 |
}
|
|
|
045b60 |
- if ((message == NULL) || (strlen(message) == 0)) {
|
|
|
045b60 |
- printf(_("Error reading request, expected PKCS7 data.\n"));
|
|
|
045b60 |
- return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
045b60 |
- }
|
|
|
045b60 |
/* First step: read capabilities for our use. */
|
|
|
045b60 |
params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
045b60 |
}
|
|
|
045b60 |
--
|
|
|
045b60 |
2.26.3
|
|
|
045b60 |
|