Improved detection of bad/invalid signer keys.

2025-07-03 22:56:33 +02:00 · 2009-08-06 20:12:00 +00:00 · 2009-08-06 20:12:00 +00:00 · 019601191a
commit 019601191a
parent f27bdef888
13 changed files with 122 additions and 63 deletions
--- a/sm/sign.c
+++ b/sm/sign.c
@ -372,6 +372,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
      if (!cert)
        {
          log_error ("no default signer found\n");
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                         get_inv_recpsgnr_code (GPG_ERR_NO_SECKEY), NULL);
          rc = gpg_error (GPG_ERR_GENERAL);
          goto leave;
        }
@ -382,7 +384,15 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
      if (!rc)
        rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
      if (rc)
-        goto leave;
+        {
+          char *tmpfpr;
+
+          tmpfpr = gpgsm_get_fingerprint_hexstring (cert, 0);
+          gpgsm_status2 (ctrl, STATUS_INV_SGNR, 
+                         get_inv_recpsgnr_code (rc), tmpfpr, NULL);
+          xfree (tmpfpr);
+          goto leave;
+        }

      /* That one is fine - create signerlist. */
      signerlist = xtrycalloc (1, sizeof *signerlist);