From e6f8e55360c53e1340505ca50c10d2a09fb5868d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sat, 29 Nov 2008 19:34:11 +0000
Subject: [PATCH] better language in error, make nounce more random

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24052 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/pkinit.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c
index de5e90a68..b10bc7d38 100644
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -139,7 +139,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
     struct certfind cf[3] = {
 	{ "PKINIT EKU" },
 	{ "MS EKU" },
-	{ "no" }
+	{ "any (or no)" }
     };
     int i, ret;
 
@@ -159,7 +159,7 @@ find_cert(krb5_context context, struct krb5_pk_identity *id,
 	if (ret == 0)
 	    break;
 	pk_copy_error(context, id->hx509ctx, ret,
-		      "Failed cert for finding %s OID", cf[i].type);
+		      "Failed finding certificate with %s OID", cf[i].type);
     }
     return ret;
 }
@@ -385,7 +385,7 @@ build_auth_pack(krb5_context context,
 		krb5_clear_error_message(context);
 		return ret;
 	    }
-	    memset(a->clientDHNonce->data, 0, a->clientDHNonce->length);
+	    RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length);
 	    ret = krb5_copy_data(context, a->clientDHNonce,
 				 &ctx->clientDHNonce);
 	    if (ret)