gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not
match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be
parsed for some other reason, rather than GSS_S_FAILURE in both cases
&ct, NULL);
if (ret) {
der_free_oid(&o);
- return GSS_S_FAILURE;
+ return GSS_S_DEFECTIVE_TOKEN;
}
if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) {
der_free_oid(&ct.thisMech);
} else {
free_GSSAPIContextToken(&ct);
- status = GSS_S_FAILURE;
+ status = GSS_S_BAD_MECH;
}
der_free_oid(&o);