(check_cert_policy): Fixed read error checking.

(check_cert_policy): With no critical policies issue only a warning if the policy file does not exists.
2025-07-02 22:46:30 +02:00 · 2004-01-30 09:47:28 +00:00 · 2004-01-30 09:47:28 +00:00 · 6fe6139289
commit 6fe6139289
parent fec4dc4c99
2 changed files with 16 additions and 6 deletions
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -127,6 +127,13 @@ check_cert_policy (ksba_cert_t cert)
      log_error ("failed to open `%s': %s\n",
                 opt.policy_file, strerror (errno));
      xfree (policies);
+      /* With no critical policies this is only a warning */
+      if (!any_critical)
+        {
+          log_info (_("note: certificate policy not allowed\n"));
+          return 0;
+        }
+      log_error (_("certificate policy not allowed\n"));
      return gpg_error (GPG_ERR_NO_POLICY_MATCH);
    }

@ -141,13 +148,13 @@ check_cert_policy (ksba_cert_t cert)
        {
          if (!fgets (line, DIM(line)-1, fp) )
            {
-              gpg_error_t tmperr;
+              gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));

              xfree (policies);
              if (feof (fp))
                {
                  fclose (fp);
-                  /* with no critical policies this is only a warning */
+                  /* With no critical policies this is only a warning */
                  if (!any_critical)
                    {
                      log_info (_("note: certificate policy not allowed\n"));
@ -156,7 +163,6 @@ check_cert_policy (ksba_cert_t cert)
                  log_error (_("certificate policy not allowed\n"));
                  return gpg_error (GPG_ERR_NO_POLICY_MATCH);
                }
-              tmperr = gpg_error (gpg_err_code_from_errno (errno));
              fclose (fp);
              return tmperr;
            }
@ -193,10 +199,10 @@ check_cert_policy (ksba_cert_t cert)
      for (haystack=policies; (p=strstr (haystack, allowed)); haystack = p+1)
        {
          if ( !(p == policies || p[-1] == '\n') )
-            continue; /* does not match the begin of a line */
+            continue; /* Does not match the begin of a line. */
          if (p[strlen (allowed)] != ':')
-            continue; /* the length does not match */
-          /* Yep - it does match so return okay */
+            continue; /* The length does not match. */
+          /* Yep - it does match so return okay. */
          fclose (fp);
          xfree (policies);
          return 0;