Distinguish out of memory from insufficient creds

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>

diff --git a/gnutls.c b/gnutls.c
index df30b73073d4c56133431f3232430388a9a7d17d..111f3746ec10046230093758307bc09ae7339df1 100644 (file)
--- a/gnutls.c
+++ b/gnutls.c
@@ -624,9 +624,17 @@ static int assign_privkey(struct openconnect_info *vpninfo,
                          unsigned int nr_certs)
 {
        gnutls_pcert_st *pcerts = calloc(nr_certs, sizeof(*pcerts));
-       int i, err;
+       unsigned int i;
+       int err;
 
-       if (!pcerts)
+       /**
+        * Added check for nr_certs > 0 to allow the caller to
+        * distinguish between out of memory (signaled by
+        * GNUTLS_E_MEMORY_ERROR) and when either pkey == NULL or
+        * nr_certs == 0. In these cases, GNUTLS_E_INSUFFICIENT_CREDENTIALS
+        * is signaled.
+        */
+       if (nr_certs > 0 && pcerts == NULL)
                return GNUTLS_E_MEMORY_ERROR;
 
        for (i = 0 ; i < nr_certs; i++) {