pkcs7: Use better error codes Remove an unnecessary debug print (whoops). Use new error code for when the x509 is expired. When there are no signers return invalid certificate. Signed-off-by: Nick Child <nick.child@ibm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Nick Child <nick.child@ibm.com>

commit: 3951a4f3ada028d08e50d32ab837f0a226afd0b0 [log] [tgz]
author: Nick Child <nick.child@ibm.com> Mon Oct 31 09:17:15 2022 -0500
committer: Nick Child <nick.child@ibm.com> Mon Oct 31 09:38:42 2022 -0500
tree: 834e0f50196150ebde216249c2513a2063dbf523
parent: 5f39767495331edc29417c52e55f06a0ab665d41 [diff] [blame]
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 7976a0b..ca0170a 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c

@@ -630,15 +630,14 @@
 
     if( pkcs7->signed_data.no_of_signers == 0 )
     {
-        ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+        ret = MBEDTLS_ERR_PKCS7_INVALID_CERT;
         goto out;
     }
 
     if( mbedtls_x509_time_is_past( &cert->valid_to ) ||
         mbedtls_x509_time_is_future( &cert->valid_from ))
     {
-        printf("EXPRED\n");
-        ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
+        ret = MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID;
         goto out;
     }
commit	3951a4f3ada028d08e50d32ab837f0a226afd0b0	[log] [tgz]
author	Nick Child <nick.child@ibm.com>	Mon Oct 31 09:17:15 2022 -0500
committer	Nick Child <nick.child@ibm.com>	Mon Oct 31 09:38:42 2022 -0500
tree	834e0f50196150ebde216249c2513a2063dbf523
parent	5f39767495331edc29417c52e55f06a0ab665d41 [diff] [blame]