From cfb2185a489f37814f5e2a61fbd76d8f1f5efc76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 26 Nov 2006 17:53:57 +0000
Subject: [PATCH] Sprinkle more error strings.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19129 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/cms.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c
index c2085aedb..ac46b8487 100644
--- a/lib/hx509/cms.c
+++ b/lib/hx509/cms.c
@@ -264,7 +264,7 @@ hx509_cms_unenvelope(hx509_context context,
     heim_octet_string *params, params_data;
     heim_octet_string ivec;
     size_t size;
-    int ret, i, findflags = 0;
+    int ret, i, matched = 0, findflags = 0;
 
 
     memset(&key, 0, sizeof(key));
@@ -319,7 +319,10 @@ hx509_cms_unenvelope(hx509_context context,
 	if (ret)
 	    continue;
 
-	ret = _hx509_cert_private_decrypt(&ri->encryptedKey, 
+	matched = 1; /* found a matching certificate, let decrypt */
+
+	ret = _hx509_cert_private_decrypt(context,
+					  &ri->encryptedKey, 
 					  &ri->keyEncryptionAlgorithm.algorithm,
 					  cert, &key);
 
@@ -329,11 +332,17 @@ hx509_cms_unenvelope(hx509_context context,
 	cert = NULL;
 	ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
 	if (ret2 == 0) {
-	    hx509_set_error_string(context, 0, ret,
+	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
 				   "Failed to decrypt with %s", str);
 	    free(str);
-	} else
-	    hx509_clear_error_string(context);
+	}
+    }
+    
+    if (!matched) {
+	ret = HX509_CMS_NO_RECIPIENT_CERTIFICATE;
+	hx509_set_error_string(context, 0, ret,
+			       "No private key matched any certificate");
+	goto out;
     }
     
     if (cert == NULL) {