mirror of git://git.gnupg.org/gnupg.git
(check_cert_policy): Fixed read error checking.
(check_cert_policy): With no critical policies issue only a warning if the policy file does not exists.
This commit is contained in:
parent
fec4dc4c99
commit
6fe6139289
|
@ -1,5 +1,9 @@
|
||||||
2004-01-30 Werner Koch <wk@gnupg.org>
|
2004-01-30 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* certchain.c (check_cert_policy): Fixed read error checking.
|
||||||
|
(check_cert_policy): With no critical policies issue only a
|
||||||
|
warning if the policy file does not exists.
|
||||||
|
|
||||||
* sign.c (add_certificate_list): Decrement N for the first cert.
|
* sign.c (add_certificate_list): Decrement N for the first cert.
|
||||||
|
|
||||||
2004-01-29 Werner Koch <wk@gnupg.org>
|
2004-01-29 Werner Koch <wk@gnupg.org>
|
||||||
|
|
|
@ -127,6 +127,13 @@ check_cert_policy (ksba_cert_t cert)
|
||||||
log_error ("failed to open `%s': %s\n",
|
log_error ("failed to open `%s': %s\n",
|
||||||
opt.policy_file, strerror (errno));
|
opt.policy_file, strerror (errno));
|
||||||
xfree (policies);
|
xfree (policies);
|
||||||
|
/* With no critical policies this is only a warning */
|
||||||
|
if (!any_critical)
|
||||||
|
{
|
||||||
|
log_info (_("note: certificate policy not allowed\n"));
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
log_error (_("certificate policy not allowed\n"));
|
||||||
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
|
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,13 +148,13 @@ check_cert_policy (ksba_cert_t cert)
|
||||||
{
|
{
|
||||||
if (!fgets (line, DIM(line)-1, fp) )
|
if (!fgets (line, DIM(line)-1, fp) )
|
||||||
{
|
{
|
||||||
gpg_error_t tmperr;
|
gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno));
|
||||||
|
|
||||||
xfree (policies);
|
xfree (policies);
|
||||||
if (feof (fp))
|
if (feof (fp))
|
||||||
{
|
{
|
||||||
fclose (fp);
|
fclose (fp);
|
||||||
/* with no critical policies this is only a warning */
|
/* With no critical policies this is only a warning */
|
||||||
if (!any_critical)
|
if (!any_critical)
|
||||||
{
|
{
|
||||||
log_info (_("note: certificate policy not allowed\n"));
|
log_info (_("note: certificate policy not allowed\n"));
|
||||||
|
@ -156,7 +163,6 @@ check_cert_policy (ksba_cert_t cert)
|
||||||
log_error (_("certificate policy not allowed\n"));
|
log_error (_("certificate policy not allowed\n"));
|
||||||
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
|
return gpg_error (GPG_ERR_NO_POLICY_MATCH);
|
||||||
}
|
}
|
||||||
tmperr = gpg_error (gpg_err_code_from_errno (errno));
|
|
||||||
fclose (fp);
|
fclose (fp);
|
||||||
return tmperr;
|
return tmperr;
|
||||||
}
|
}
|
||||||
|
@ -193,10 +199,10 @@ check_cert_policy (ksba_cert_t cert)
|
||||||
for (haystack=policies; (p=strstr (haystack, allowed)); haystack = p+1)
|
for (haystack=policies; (p=strstr (haystack, allowed)); haystack = p+1)
|
||||||
{
|
{
|
||||||
if ( !(p == policies || p[-1] == '\n') )
|
if ( !(p == policies || p[-1] == '\n') )
|
||||||
continue; /* does not match the begin of a line */
|
continue; /* Does not match the begin of a line. */
|
||||||
if (p[strlen (allowed)] != ':')
|
if (p[strlen (allowed)] != ':')
|
||||||
continue; /* the length does not match */
|
continue; /* The length does not match. */
|
||||||
/* Yep - it does match so return okay */
|
/* Yep - it does match so return okay. */
|
||||||
fclose (fp);
|
fclose (fp);
|
||||||
xfree (policies);
|
xfree (policies);
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in New Issue