mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
better reporting of bad DNs
This commit is contained in:
parent
640d5a8c53
commit
4954c5f1c3
@ -1,3 +1,7 @@
|
||||
2006-07-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* configure.ac: Test for ksba_dn_teststr.
|
||||
|
||||
2006-06-30 Werner Koch <wk@g10code.com>
|
||||
|
||||
* keyserver/: New. Taken from 1.4.4
|
||||
|
4
TODO
4
TODO
@ -13,10 +13,6 @@ We should always use valid S-Exp and not just parts.
|
||||
might want to have an agent context for each service request
|
||||
(i.e. Assuan context).
|
||||
|
||||
* sm/certreqgen.c
|
||||
** Improve error reporting
|
||||
** Do some basic checks on the supplied DNs
|
||||
|
||||
* sm/certchain.c
|
||||
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
|
||||
** Try to keep certificate references somewhere
|
||||
|
@ -512,6 +512,11 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION",
|
||||
# libksba is our X.509 support library
|
||||
#
|
||||
AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
|
||||
# fixme: Remove the following test and require newer libksba instead.
|
||||
_ksba_save_libs=$LIBS
|
||||
LIBS=$KSBA_LIBS
|
||||
AC_CHECK_FUNCS(ksba_dn_teststr)
|
||||
LIBS=$_ksba_save_libs
|
||||
|
||||
#
|
||||
# libusb allows us to use the integrated CCID smartcard reader driver.
|
||||
|
@ -1,3 +1,8 @@
|
||||
2006-07-03 Werner Koch <wk@g10code.com>
|
||||
|
||||
* certreqgen.c (proc_parameters): Print the component label of a
|
||||
faulty DN.
|
||||
|
||||
2006-06-26 Werner Koch <wk@g10code.com>
|
||||
|
||||
* certdump.c (gpgsm_cert_log_name): New.
|
||||
|
@ -441,6 +441,7 @@ static int
|
||||
proc_parameters (ctrl_t ctrl,
|
||||
struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
|
||||
{
|
||||
gpg_error_t err;
|
||||
struct para_data_s *r;
|
||||
const char *s;
|
||||
int i;
|
||||
@ -450,8 +451,9 @@ proc_parameters (ctrl_t ctrl,
|
||||
int rc;
|
||||
ksba_sexp_t public;
|
||||
int seq;
|
||||
size_t erroff, errlen;
|
||||
|
||||
/* check that we have all required parameters */
|
||||
/* Check that we have all required parameters; */
|
||||
assert (get_parameter (para, pKEYTYPE, 0));
|
||||
|
||||
/* We can only use RSA for now. There is a with pkcs-10 on how to
|
||||
@ -483,17 +485,31 @@ proc_parameters (ctrl_t ctrl,
|
||||
if (parse_parameter_usage (para, pKEYUSAGE))
|
||||
return gpg_error (GPG_ERR_INV_PARAMETER);
|
||||
|
||||
/* check that there is a subject name and that this DN fits our
|
||||
requirements */
|
||||
/* Check that there is a subject name and that this DN fits our
|
||||
requirements. */
|
||||
if (!(s=get_parameter_value (para, pNAMEDN, 0)))
|
||||
{
|
||||
r = get_parameter (para, pKEYTYPE, 0);
|
||||
r = get_parameter (para, pNAMEDN, 0);
|
||||
log_error (_("line %d: no subject name given\n"), r->lnr);
|
||||
return gpg_error (GPG_ERR_INV_PARAMETER);
|
||||
}
|
||||
/* fixme check s */
|
||||
#if HAVE_KSBA_DN_TESTSTR
|
||||
err = ksba_dn_teststr (s, 0, &erroff, &errlen);
|
||||
if (err)
|
||||
{
|
||||
r = get_parameter (para, pNAMEDN, 0);
|
||||
if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME)
|
||||
log_error (_("line %d: invalid subject name label `%.*s'\n"),
|
||||
r->lnr, (int)errlen, s+erroff);
|
||||
else
|
||||
log_error (_("line %d: invalid subject name `%s' at pos %d\n"),
|
||||
r->lnr, s, erroff);
|
||||
|
||||
/* check that the optional email address is okay */
|
||||
return gpg_error (GPG_ERR_INV_PARAMETER);
|
||||
}
|
||||
#endif /*HAVE_KSBA_DN_TESTSTR*/
|
||||
|
||||
/* Check that the optional email address is okay. */
|
||||
for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
|
||||
{
|
||||
if (has_invalid_email_chars (s)
|
||||
|
Loading…
x
Reference in New Issue
Block a user