security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

gpgsm: Cache the non-existence of the policy file.

Browse Source 
* sm/certchain.c (check_cert_policy): Add simple static cache.
--

It is quite common that a policy file does not exist.  Thus we can
avoid the overhead of trying to open it over and over again just to
assert that it does not exists.
This commit is contained in:
Werner Koch 2023-05-03 17:39:37 +02:00
parent 0fe99d69f0
commit 68613a6a9d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
sm/certchain.c
View File

@ -307,6 +307,7 @@ allowed_ca (ctrl_t ctrl,
static int
check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
{
static int no_policy_file;
gpg_error_t err;
char *policies;
estream_t fp;
@ -341,12 +342,24 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
return 0;
}
if (no_policy_file)
{
/* Avoid trying to open the policy file if we already know that
* it does not exist. */
fp = NULL;
gpg_err_set_errno (ENOENT);
}
else
fp = es_fopen (opt.policy_file, "r");
if (!fp)
{
if (opt.verbose || errno != ENOENT)
if ((opt.verbose || errno != ENOENT) && !no_policy_file)
log_info (_("failed to open '%s': %s\n"),
opt.policy_file, strerror (errno));
if (errno == ENOENT)
no_policy_file = 1;
xfree (policies);
/* With no critical policies this is only a warning */
if (!any_critical)
@ -361,6 +374,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
}
/* FIXME: Cache the policy file content. */
for (;;)
{
int c;