When we can't open the given path as certificate, we try reading it
as a public key. Clarify the error message accordingly and add a
comment about this.
Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
---
scripts/keytoc.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/scripts/keytoc.c b/scripts/keytoc.c
index aa36ba02e1..6c5ff9403d 100644
--- a/scripts/keytoc.c
+++ b/scripts/keytoc.c
@@ -57,7 +57,7 @@ static int pem_get_pub_key(const char *path, EVP_PKEY **pkey)
*pkey = NULL;
f = fopen(path, "r");
if (!f) {
- fprintf(stderr, "Couldn't open certificate: '%s': %s\n",
+ fprintf(stderr, "Couldn't open certificate '%s': %s\n",
path, strerror(errno));
return -EACCES;
}
@@ -65,10 +65,11 @@ static int pem_get_pub_key(const char *path, EVP_PKEY **pkey)
/* Read the certificate */
cert = NULL;
if (!PEM_read_X509(f, &cert, NULL, NULL)) {
+ /* Can't open certificate, maybe it's a pubkey */
rewind(f);
key = PEM_read_PUBKEY(f, NULL, NULL, NULL);
if (!key) {
- openssl_error("Couldn't read certificate");
+ openssl_error("Couldn't read certificate/pubkey %s\n", path);
ret = -EINVAL;
goto err_cert;
}
@@ -76,7 +77,7 @@ static int pem_get_pub_key(const char *path, EVP_PKEY **pkey)
/* Get the public key from the certificate. */
key = X509_get_pubkey(cert);
if (!key) {
- openssl_error("Couldn't read public key\n");
+ openssl_error("Couldn't read public key from certificate\n");
ret = -EINVAL;
goto err_pubkey;
}
--
2.39.2
