From 5e1a844ae9b6730b4b8a2c9178ea9bc121560c28 Mon Sep 17 00:00:00 2001 From: Andre Heinecke Date: Wed, 24 Jun 2015 18:55:24 +0200 Subject: [PATCH] sm: Fix cert storage for ephemeral certs * sm/keydb.c (keydb_store_cert): Clear ephemeral flag for existing certs if store should not be ephemeral. -- Previously keydb_store_cert would ignore ephemeral certificates when asked to store a non ephemeral certificate and insert it again without the flags. This resulted in duplicated certificates in the keybox. GnuPG-bug-id: 1921 Signed-off-by: Andre Heinecke --- sm/keydb.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/sm/keydb.c b/sm/keydb.c index 974625dbc..b3363c4cc 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -1110,8 +1110,9 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed) return gpg_error (GPG_ERR_ENOMEM);; } - if (ephemeral) - keydb_set_ephemeral (kh, 1); + /* Set the ephemeral flag so that the search looks at all + records. */ + keydb_set_ephemeral (kh, 1); rc = lock_all (kh); if (rc) @@ -1125,6 +1126,19 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed) { if (existed) *existed = 1; + if (!ephemeral) + { + /* Remove ephemeral flags from existing certificate to "store" + it permanently. */ + rc = keydb_set_cert_flags (cert, 1, KEYBOX_FLAG_BLOB, 0, + KEYBOX_FLAG_BLOB_EPHEMERAL, 0); + if (rc) + { + log_error ("clearing ephemeral flag failed: %s\n", + gpg_strerror (rc)); + return rc; + } + } return 0; /* okay */ } log_error (_("problem looking for existing certificate: %s\n"), @@ -1132,6 +1146,10 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed) return rc; } + /* Reset the ephemeral flag if not requested. */ + if (!ephemeral) + keydb_set_ephemeral (kh, 0); + rc = keydb_locate_writable (kh, 0); if (rc) {