From 84476fff1452ae9c00b2ecd94e5a351227494789 Mon Sep 17 00:00:00 2001
From: Dave Dykstra <2129743+DrDaveD@users.noreply.github.com>
Date: Wed, 6 Sep 2023 17:19:08 -0500
Subject: [PATCH] allow authority key identifier to be NULL, as seen on EL9
 with CILogon client cert

---
 src/sslutils/proxy.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c
index 8bb1b6cb..3e873c33 100644
--- a/src/sslutils/proxy.c
+++ b/src/sslutils/proxy.c
@@ -366,13 +366,10 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning,
       ex11 = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid");
     }
 
-    if (!ex11) {
-      PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT);
-      goto err;
+    if (ex11) {
+      if (!SET_EXT(ex11))
+        goto err;
     }
-          
-    if (!SET_EXT(ex11))
-      goto err;
   }
 
   /* class_add extension */