From 49ff682fff78ab2716b45ccf13e5d0d7faff1add Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 15 Dec 2008 04:28:43 +0000
Subject: [PATCH] better error messages

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24179 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 70786aa1a..3dadfbb01 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -411,7 +411,7 @@ _kdc_pk_rd_padata(krb5_context context,
 	free_PA_PK_AS_REQ_Win2k(&r);
 	if (ret) {
 	    krb5_set_error_message(context, ret,
-				   "Can't decode PK-AS-REQ: %d", ret);
+				   "Can't unwrap ContentInfo(win): %d", ret);
 	    goto out;
 	}
 
@@ -1650,10 +1650,17 @@ _kdc_pk_initialize(krb5_context context,
 	hx509_query_free(kdc_identity->hx509ctx, q);
 	if (ret == 0) {
 	    if (hx509_cert_check_eku(kdc_identity->hx509ctx, cert,
-				     oid_id_pkkdcekuoid(), 0))
-		krb5_warnx(context, "WARNING Found KDC certificate "
+				     oid_id_pkkdcekuoid(), 0)) {
+		hx509_name name;
+		char *str;
+		ret = hx509_cert_get_subject(cert, &name);
+		hx509_name_to_string(name, &str);
+		krb5_warnx(context, "WARNING Found KDC certificate (%s)"
 			   "is missing the PK-INIT KDC EKU, this is bad for "
-			   "interoperability.");
+			   "interoperability.", str);
+		hx509_name_free(&name);
+		free(str);
+	    }
 	    hx509_cert_free(cert);
 	} else
 	    krb5_warnx(context, "PKINIT: failed to find a signing "