1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpgsm: Cache the non-existence of the policy file.

* sm/certchain.c (check_cert_policy): Add simple static cache.
--

It is quite common that a policy file does not exist.  Thus we can
avoid the overhead of trying to open it over and over again just to
assert that it does not exists.
This commit is contained in:
Werner Koch 2023-05-03 17:39:37 +02:00
parent 625bd92410
commit 2a1e933dd7
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -307,6 +307,7 @@ allowed_ca (ctrl_t ctrl,
static int static int
check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist) check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
{ {
static int no_policy_file;
gpg_error_t err; gpg_error_t err;
char *policies; char *policies;
estream_t fp; estream_t fp;
@ -341,12 +342,24 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
return 0; return 0;
} }
if (no_policy_file)
{
/* Avoid trying to open the policy file if we already know that
* it does not exist. */
fp = NULL;
gpg_err_set_errno (ENOENT);
}
else
fp = es_fopen (opt.policy_file, "r"); fp = es_fopen (opt.policy_file, "r");
if (!fp) if (!fp)
{ {
if (opt.verbose || errno != ENOENT) if ((opt.verbose || errno != ENOENT) && !no_policy_file)
log_info (_("failed to open '%s': %s\n"), log_info (_("failed to open '%s': %s\n"),
opt.policy_file, strerror (errno)); opt.policy_file, strerror (errno));
if (errno == ENOENT)
no_policy_file = 1;
xfree (policies); xfree (policies);
/* With no critical policies this is only a warning */ /* With no critical policies this is only a warning */
if (!any_critical) if (!any_critical)
@ -361,6 +374,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
return gpg_error (GPG_ERR_NO_POLICY_MATCH); return gpg_error (GPG_ERR_NO_POLICY_MATCH);
} }
/* FIXME: Cache the policy file content. */
for (;;) for (;;)
{ {
int c; int c;