From 82afb8c0af29ffcd77a886004941ca19149d0c38 Mon Sep 17 00:00:00 2001
From: James Zhang <yzhangad@google.com>
Date: Fri, 11 Oct 2024 16:24:22 -0700
Subject: [PATCH] Use fido_cred_verify_self when the authenticator does not
 return an x5c

---
 examples/cred.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/examples/cred.c b/examples/cred.c
index 5a2a27fd..35639c71 100644
--- a/examples/cred.c
+++ b/examples/cred.c
@@ -106,9 +106,13 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr,
 	if (r != FIDO_OK)
 		errx(1, "fido_cred_set_attstmt: %s (0x%x)", fido_strerr(r), r);
 
-	r = fido_cred_verify(cred);
-	if (r != FIDO_OK)
-		errx(1, "fido_cred_verify: %s (0x%x)", fido_strerr(r), r);
+	if (fido_cred_x5c_ptr(cred) == NULL) {
+		if ((r = fido_cred_verify_self(cred)) != FIDO_OK)
+			errx(1, "fido_cred_verify_self: %s (0x%x)", fido_strerr(r), r);
+	} else {
+		if ((r = fido_cred_verify(cred)) != FIDO_OK)
+			errx(1, "fido_cred_verify: %s (0x%x)", fido_strerr(r), r);
+	}
 
 out:
 	if (key_out != NULL) {