mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
sm: Avoid confusing diagnostic for the default key.
* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all callers. (gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p. Change all callers. * sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling gpgsm_cert_use_sign_p -- GnuPG-bug-id: 4535 Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
b6289af973
commit
521e7d4644
@ -48,7 +48,7 @@ static const char oid_kp_ocspSigning[] = "1.3.6.1.5.5.7.3.9";
|
||||
debugging). MODE 4 is for certificate signing, MODE for COSP
|
||||
response signing. */
|
||||
static int
|
||||
cert_usage_p (ksba_cert_t cert, int mode)
|
||||
cert_usage_p (ksba_cert_t cert, int mode, int silent)
|
||||
{
|
||||
gpg_error_t err;
|
||||
unsigned int use;
|
||||
@ -118,7 +118,7 @@ cert_usage_p (ksba_cert_t cert, int mode)
|
||||
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
|
||||
{
|
||||
err = 0;
|
||||
if (opt.verbose && mode < 2)
|
||||
if (opt.verbose && mode < 2 && !silent)
|
||||
log_info (_("no key usage specified - assuming all usages\n"));
|
||||
use = ~0;
|
||||
}
|
||||
@ -139,8 +139,9 @@ cert_usage_p (ksba_cert_t cert, int mode)
|
||||
{
|
||||
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
|
||||
return 0;
|
||||
log_info (_("certificate should not have "
|
||||
"been used for certification\n"));
|
||||
if (!silent)
|
||||
log_info (_("certificate should not have "
|
||||
"been used for certification\n"));
|
||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||
}
|
||||
|
||||
@ -151,8 +152,9 @@ cert_usage_p (ksba_cert_t cert, int mode)
|
||||
|| (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
|
||||
|KSBA_KEYUSAGE_CRL_SIGN))))
|
||||
return 0;
|
||||
log_info (_("certificate should not have "
|
||||
"been used for OCSP response signing\n"));
|
||||
if (!silent)
|
||||
log_info (_("certificate should not have "
|
||||
"been used for OCSP response signing\n"));
|
||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||
}
|
||||
|
||||
@ -162,19 +164,22 @@ cert_usage_p (ksba_cert_t cert, int mode)
|
||||
)
|
||||
return 0;
|
||||
|
||||
log_info (mode==3? _("certificate should not have been used for encryption\n"):
|
||||
mode==2? _("certificate should not have been used for signing\n"):
|
||||
mode==1? _("certificate is not usable for encryption\n"):
|
||||
_("certificate is not usable for signing\n"));
|
||||
if (!silent)
|
||||
log_info
|
||||
(mode==3? _("certificate should not have been used for encryption\n"):
|
||||
mode==2? _("certificate should not have been used for signing\n"):
|
||||
mode==1? _("certificate is not usable for encryption\n"):
|
||||
/**/ _("certificate is not usable for signing\n"));
|
||||
|
||||
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
|
||||
}
|
||||
|
||||
|
||||
/* Return 0 if the cert is usable for signing */
|
||||
int
|
||||
gpgsm_cert_use_sign_p (ksba_cert_t cert)
|
||||
gpgsm_cert_use_sign_p (ksba_cert_t cert, int silent)
|
||||
{
|
||||
return cert_usage_p (cert, 0);
|
||||
return cert_usage_p (cert, 0, silent);
|
||||
}
|
||||
|
||||
|
||||
@ -182,31 +187,31 @@ gpgsm_cert_use_sign_p (ksba_cert_t cert)
|
||||
int
|
||||
gpgsm_cert_use_encrypt_p (ksba_cert_t cert)
|
||||
{
|
||||
return cert_usage_p (cert, 1);
|
||||
return cert_usage_p (cert, 1, 0);
|
||||
}
|
||||
|
||||
int
|
||||
gpgsm_cert_use_verify_p (ksba_cert_t cert)
|
||||
{
|
||||
return cert_usage_p (cert, 2);
|
||||
return cert_usage_p (cert, 2, 0);
|
||||
}
|
||||
|
||||
int
|
||||
gpgsm_cert_use_decrypt_p (ksba_cert_t cert)
|
||||
{
|
||||
return cert_usage_p (cert, 3);
|
||||
return cert_usage_p (cert, 3, 0);
|
||||
}
|
||||
|
||||
int
|
||||
gpgsm_cert_use_cert_p (ksba_cert_t cert)
|
||||
{
|
||||
return cert_usage_p (cert, 4);
|
||||
return cert_usage_p (cert, 4, 0);
|
||||
}
|
||||
|
||||
int
|
||||
gpgsm_cert_use_ocsp_p (ksba_cert_t cert)
|
||||
{
|
||||
return cert_usage_p (cert, 5);
|
||||
return cert_usage_p (cert, 5, 0);
|
||||
}
|
||||
|
||||
|
||||
@ -341,7 +346,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
|
||||
first_subject = ksba_cert_get_subject (cert, 0);
|
||||
first_issuer = ksba_cert_get_issuer (cert, 0);
|
||||
}
|
||||
rc = secret? gpgsm_cert_use_sign_p (cert)
|
||||
rc = secret? gpgsm_cert_use_sign_p (cert, 0)
|
||||
: gpgsm_cert_use_encrypt_p (cert);
|
||||
if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE)
|
||||
{
|
||||
@ -403,8 +408,8 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
|
||||
first_issuer,
|
||||
cert2)
|
||||
&& ((gpg_err_code (
|
||||
secret? gpgsm_cert_use_sign_p (cert2)
|
||||
: gpgsm_cert_use_encrypt_p (cert2)
|
||||
secret? gpgsm_cert_use_sign_p (cert2,0)
|
||||
: gpgsm_cert_use_encrypt_p (cert2)
|
||||
)
|
||||
) == GPG_ERR_WRONG_KEY_USAGE));
|
||||
if (tmp)
|
||||
|
@ -337,7 +337,7 @@ int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert,
|
||||
int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert);
|
||||
|
||||
/*-- certlist.c --*/
|
||||
int gpgsm_cert_use_sign_p (ksba_cert_t cert);
|
||||
int gpgsm_cert_use_sign_p (ksba_cert_t cert, int silent);
|
||||
int gpgsm_cert_use_encrypt_p (ksba_cert_t cert);
|
||||
int gpgsm_cert_use_verify_p (ksba_cert_t cert);
|
||||
int gpgsm_cert_use_decrypt_p (ksba_cert_t cert);
|
||||
|
@ -161,7 +161,7 @@ gpgsm_get_default_cert (ctrl_t ctrl, ksba_cert_t *r_cert)
|
||||
return rc;
|
||||
}
|
||||
|
||||
if (!gpgsm_cert_use_sign_p (cert))
|
||||
if (!gpgsm_cert_use_sign_p (cert, 1))
|
||||
{
|
||||
p = gpgsm_get_keygrip_hexstring (cert);
|
||||
if (p)
|
||||
@ -504,7 +504,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
||||
|
||||
/* Although we don't check for ambiguous specification we will
|
||||
check that the signer's certificate is usable and valid. */
|
||||
rc = gpgsm_cert_use_sign_p (cert);
|
||||
rc = gpgsm_cert_use_sign_p (cert, 0);
|
||||
if (!rc)
|
||||
rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
|
||||
if (rc)
|
||||
@ -613,7 +613,7 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist,
|
||||
/* Gather certificates of signers and store them in the CMS object. */
|
||||
for (cl=signerlist; cl; cl = cl->next)
|
||||
{
|
||||
rc = gpgsm_cert_use_sign_p (cl->cert);
|
||||
rc = gpgsm_cert_use_sign_p (cl->cert, 0);
|
||||
if (rc)
|
||||
goto leave;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user