From 6fe61392895b27bc42b19d940d4d8b2b48b8c07c Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 30 Jan 2004 09:47:28 +0000
Subject: [PATCH] (check_cert_policy): Fixed read error checking.
 (check_cert_policy): With no critical policies issue only a warning if the
 policy file does not exists.

---
 sm/ChangeLog   |  4 ++++
 sm/certchain.c | 18 ++++++++++++------
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/sm/ChangeLog b/sm/ChangeLog
index a94da4eb9..2a584e079 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,5 +1,9 @@
 2004-01-30  Werner Koch  <wk@gnupg.org>
 
+	* certchain.c (check_cert_policy): Fixed read error checking.
+	(check_cert_policy): With no critical policies issue only a
+	warning if the policy file does not exists.
+
 	* sign.c (add_certificate_list): Decrement N for the first cert.
 
 2004-01-29  Werner Koch  <wk@gnupg.org>
diff --git a/sm/certchain.c b/sm/certchain.c
index 64be1aed8..a48dbd737 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -127,6 +127,13 @@ check_cert_policy (ksba_cert_t cert)
       log_error ("failed to open `%s': %s\n",
                  opt.policy_file, strerror (errno));
       xfree (policies);
+      /* With no critical policies this is only a warning */
+      if (!any_critical)
+        {
+          log_info (_("note: certificate policy not allowed\n"));
+          return 0;
+        }
+      log_error (_("certificate policy not allowed\n"));
       return gpg_error (GPG_ERR_NO_POLICY_MATCH);
     }
 
@@ -141,13 +148,13 @@ check_cert_policy (ksba_cert_t cert)
         {
           if (!fgets (line, DIM(line)-1, fp) )
             {
-              gpg_error_t tmperr;
+              gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
 
               xfree (policies);
               if (feof (fp))
                 {
                   fclose (fp);
-                  /* with no critical policies this is only a warning */
+                  /* With no critical policies this is only a warning */
                   if (!any_critical)
                     {
                       log_info (_("note: certificate policy not allowed\n"));
@@ -156,7 +163,6 @@ check_cert_policy (ksba_cert_t cert)
                   log_error (_("certificate policy not allowed\n"));
                   return gpg_error (GPG_ERR_NO_POLICY_MATCH);
                 }
-              tmperr = gpg_error (gpg_err_code_from_errno (errno));
               fclose (fp);
               return tmperr;
             }
@@ -193,10 +199,10 @@ check_cert_policy (ksba_cert_t cert)
       for (haystack=policies; (p=strstr (haystack, allowed)); haystack = p+1)
         {
           if ( !(p == policies || p[-1] == '\n') )
-            continue; /* does not match the begin of a line */
+            continue; /* Does not match the begin of a line. */
           if (p[strlen (allowed)] != ':')
-            continue; /* the length does not match */
-          /* Yep - it does match so return okay */
+            continue; /* The length does not match. */
+          /* Yep - it does match so return okay. */
           fclose (fp);
           xfree (policies);
           return 0;