1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00

sm: Fix cert storage for ephemeral certs

* sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
existing certs if store should not be ephemeral.

--

Previously keydb_store_cert would ignore ephemeral certificates
when asked to store a non ephemeral certificate and insert
it again without the flags. This resulted in duplicated
certificates in the keybox.

GnuPG-bug-id: 1921
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
This commit is contained in:
Andre Heinecke 2015-06-24 18:55:24 +02:00 committed by Werner Koch
parent 54a0ed3d9b
commit 5e1a844ae9
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -1110,8 +1110,9 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
return gpg_error (GPG_ERR_ENOMEM);; return gpg_error (GPG_ERR_ENOMEM);;
} }
if (ephemeral) /* Set the ephemeral flag so that the search looks at all
keydb_set_ephemeral (kh, 1); records. */
keydb_set_ephemeral (kh, 1);
rc = lock_all (kh); rc = lock_all (kh);
if (rc) if (rc)
@ -1125,6 +1126,19 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
{ {
if (existed) if (existed)
*existed = 1; *existed = 1;
if (!ephemeral)
{
/* Remove ephemeral flags from existing certificate to "store"
it permanently. */
rc = keydb_set_cert_flags (cert, 1, KEYBOX_FLAG_BLOB, 0,
KEYBOX_FLAG_BLOB_EPHEMERAL, 0);
if (rc)
{
log_error ("clearing ephemeral flag failed: %s\n",
gpg_strerror (rc));
return rc;
}
}
return 0; /* okay */ return 0; /* okay */
} }
log_error (_("problem looking for existing certificate: %s\n"), log_error (_("problem looking for existing certificate: %s\n"),
@ -1132,6 +1146,10 @@ keydb_store_cert (ksba_cert_t cert, int ephemeral, int *existed)
return rc; return rc;
} }
/* Reset the ephemeral flag if not requested. */
if (!ephemeral)
keydb_set_ephemeral (kh, 0);
rc = keydb_locate_writable (kh, 0); rc = keydb_locate_writable (kh, 0);
if (rc) if (rc)
{ {