hx509: Show query expression parse errors

This commit is contained in:
Nicolas Williams
2019-11-07 21:47:54 -06:00
parent a40d4056bd
commit 4500a14f95
3 changed files with 22 additions and 6 deletions

View File

@@ -2979,12 +2979,21 @@ hx509_query_match_expr(hx509_context context, hx509_query *q, const char *expr)
if (expr == NULL) {
q->match &= ~HX509_QUERY_MATCH_EXPR;
} else {
q->expr = _hx509_expr_parse(expr);
if (q->expr)
q->match |= HX509_QUERY_MATCH_EXPR;
return 0;
}
q->expr = _hx509_expr_parse(expr);
if (q->expr == NULL) {
const char *reason = _hx509_expr_parse_error();
hx509_set_error_string(context, 0, EINVAL,
"Invalid certificate query match expression: "
"%s (%s)", expr,
reason ? reason : "syntax error");
return EINVAL;
}
q->match |= HX509_QUERY_MATCH_EXPR;
return 0;
}

View File

@@ -2873,9 +2873,9 @@ acert(struct acert_options *opt, int argc, char **argv)
hx509_query *q = NULL;
if (opt->expr_string) {
if ((ret = hx509_query_alloc(context, &q)))
if ((ret = hx509_query_alloc(context, &q)) ||
(ret = hx509_query_match_expr(context, q, opt->expr_string)))
hx509_err(context, 1, ret, "Could not initialize query");
hx509_query_match_expr(context, q, opt->expr_string);
if ((ret = hx509_certs_find(context, certs, q, &cert)) || !cert)
hx509_err(context, 1, ret, "No matching certificate");
ret = acert1(opt, -1, cert, &matched);

View File

@@ -204,6 +204,7 @@ _hx509_expr_free(struct hx_expr *expr)
free(expr);
}
/* XXX Horrible, no good cause not thread-safe */
HX509_LIB_FUNCTION struct hx_expr * HX509_LIB_CALL
_hx509_expr_parse(const char *buf)
{
@@ -222,6 +223,12 @@ _hx509_expr_parse(const char *buf)
return _hx509_expr_input.expr;
}
const char *
_hx509_expr_parse_error(void)
{
return _hx509_expr_input.error;
}
void
_hx509_sel_yyerror (const char *s)
{