mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-17 14:07:03 +01:00
gpgsm: Cache the non-existence of the policy file.
* sm/certchain.c (check_cert_policy): Add simple static cache. -- It is quite common that a policy file does not exist. Thus we can avoid the overhead of trying to open it over and over again just to assert that it does not exists.
This commit is contained in:
parent
0fe99d69f0
commit
68613a6a9d
@ -307,6 +307,7 @@ allowed_ca (ctrl_t ctrl,
|
||||
static int
|
||||
check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
|
||||
{
|
||||
static int no_policy_file;
|
||||
gpg_error_t err;
|
||||
char *policies;
|
||||
estream_t fp;
|
||||
@ -341,12 +342,24 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
|
||||
return 0;
|
||||
}
|
||||
|
||||
fp = es_fopen (opt.policy_file, "r");
|
||||
if (no_policy_file)
|
||||
{
|
||||
/* Avoid trying to open the policy file if we already know that
|
||||
* it does not exist. */
|
||||
fp = NULL;
|
||||
gpg_err_set_errno (ENOENT);
|
||||
}
|
||||
else
|
||||
fp = es_fopen (opt.policy_file, "r");
|
||||
if (!fp)
|
||||
{
|
||||
if (opt.verbose || errno != ENOENT)
|
||||
if ((opt.verbose || errno != ENOENT) && !no_policy_file)
|
||||
log_info (_("failed to open '%s': %s\n"),
|
||||
opt.policy_file, strerror (errno));
|
||||
|
||||
if (errno == ENOENT)
|
||||
no_policy_file = 1;
|
||||
|
||||
xfree (policies);
|
||||
/* With no critical policies this is only a warning */
|
||||
if (!any_critical)
|
||||
@ -361,6 +374,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
|
||||
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
|
||||
}
|
||||
|
||||
/* FIXME: Cache the policy file content. */
|
||||
|
||||
for (;;)
|
||||
{
|
||||
int c;
|
||||
|
Loading…
x
Reference in New Issue
Block a user