From 40d499ac1aa46d2e293c04cbf1c3f16d02039d95 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Sun, 27 Jul 2014 02:33:35 +0200
Subject: [PATCH] better error messages when certificate username limit is
 reached

---
 src/worker-auth.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/worker-auth.c b/src/worker-auth.c
index 6b8e117f..f8e5aaa2 100644
--- a/src/worker-auth.c
+++ b/src/worker-auth.c
@@ -393,8 +393,12 @@ int get_cert_names(worker_st * ws, const gnutls_datum_t * raw)
 		ret = gnutls_x509_crt_get_dn(crt, ws->cert_username, &size);
 	}
 	if (ret < 0) {
-		oclog(ws, LOG_ERR, "cannot obtain user from certificate DN: %s",
-		      gnutls_strerror(ret));
+		if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+			oclog(ws, LOG_ERR, "certificate's username exceed the maximum buffer size (%u)",
+			      (unsigned)sizeof(ws->cert_username));
+		else
+			oclog(ws, LOG_ERR, "cannot obtain user from certificate DN: %s",
+			      gnutls_strerror(ret));
 		goto fail;
 	}
 
@@ -761,8 +765,12 @@ int get_cert_info(worker_st * ws)
 
 	ret = get_cert_names(ws, cert);
 	if (ret < 0) {
-		oclog(ws, LOG_ERR, "cannot get username (%s) from certificate",
-		      ws->config->cert_user_oid);
+		if (ws->config->cert_user_oid == NULL) {
+			oclog(ws, LOG_ERR, "cannot read username from certificate; no cert-user-oid is set");
+		} else {
+			oclog(ws, LOG_ERR, "cannot read username (%s) from certificate",
+			      ws->config->cert_user_oid);
+		}
 		return -1;
 	}