mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-21 14:47:03 +01:00
* certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging.
* certchain.c (find_up): Print info when the cert was not found by the autorithyKeyIdentifier.
This commit is contained in:
parent
fb332938d2
commit
8bd507e5a2
@ -1,3 +1,10 @@
|
|||||||
|
2002-09-19 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging.
|
||||||
|
|
||||||
|
* certchain.c (find_up): Print info when the cert was not found
|
||||||
|
by the autorithyKeyIdentifier.
|
||||||
|
|
||||||
2002-09-03 Werner Koch <wk@gnupg.org>
|
2002-09-03 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* gpgsm.c (main): Disable the internal libgcrypt locking.
|
* gpgsm.c (main): Disable the internal libgcrypt locking.
|
||||||
|
@ -237,6 +237,19 @@ find_up (KEYDB_HANDLE kh, KsbaCert cert, const char *issuer)
|
|||||||
keydb_set_ephemeral (kh, old);
|
keydb_set_ephemeral (kh, old);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
/* print a note so that the user does not feel too helpless when
|
||||||
|
an issuer certificate was found and gpgsm prints BAD
|
||||||
|
signature becuase it is not the correct one. */
|
||||||
|
if (rc == -1)
|
||||||
|
{
|
||||||
|
log_info ("issuer certificate (#");
|
||||||
|
gpgsm_dump_serial (authidno);
|
||||||
|
log_printf ("/");
|
||||||
|
gpgsm_dump_string (s);
|
||||||
|
log_printf (") not found\n");
|
||||||
|
}
|
||||||
|
else if (rc)
|
||||||
|
log_error ("failed to find authorityKeyIdentifier: rc=%d\n", rc);
|
||||||
ksba_name_release (authid);
|
ksba_name_release (authid);
|
||||||
xfree (authidno);
|
xfree (authidno);
|
||||||
/* Fixme: don't know how to do dirmngr lookup with serial+issuer. */
|
/* Fixme: don't know how to do dirmngr lookup with serial+issuer. */
|
||||||
@ -267,7 +280,7 @@ find_up (KEYDB_HANDLE kh, KsbaCert cert, const char *issuer)
|
|||||||
log_info (_("looking up issuer at external location\n"));
|
log_info (_("looking up issuer at external location\n"));
|
||||||
/* dirmngr is confused about unknown attributes so has a quick
|
/* dirmngr is confused about unknown attributes so has a quick
|
||||||
and ugly hack we locate the CN and use this and the
|
and ugly hack we locate the CN and use this and the
|
||||||
following. Fixme: we should have far ebtter parsing in the
|
following. Fixme: we should have far better parsing in the
|
||||||
dirmngr. */
|
dirmngr. */
|
||||||
s = strstr (issuer, "CN=");
|
s = strstr (issuer, "CN=");
|
||||||
if (!s || s == issuer || s[-1] != ',')
|
if (!s || s == issuer || s[-1] != ',')
|
||||||
@ -588,7 +601,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
|
|||||||
{
|
{
|
||||||
if (rc == -1)
|
if (rc == -1)
|
||||||
{
|
{
|
||||||
log_info ("issuer certificate (");
|
log_info ("issuer certificate (#/");
|
||||||
gpgsm_dump_string (issuer);
|
gpgsm_dump_string (issuer);
|
||||||
log_printf (") not found\n");
|
log_printf (") not found\n");
|
||||||
}
|
}
|
||||||
@ -735,7 +748,7 @@ gpgsm_basic_cert_check (KsbaCert cert)
|
|||||||
{
|
{
|
||||||
if (rc == -1)
|
if (rc == -1)
|
||||||
{
|
{
|
||||||
log_info ("issuer certificate (");
|
log_info ("issuer certificate (#/");
|
||||||
gpgsm_dump_string (issuer);
|
gpgsm_dump_string (issuer);
|
||||||
log_printf (") not found\n");
|
log_printf (") not found\n");
|
||||||
}
|
}
|
||||||
|
@ -123,6 +123,8 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
|
|||||||
log_error ("md_open failed: %s\n", gcry_strerror (-1));
|
log_error ("md_open failed: %s\n", gcry_strerror (-1));
|
||||||
return GNUPG_General_Error;
|
return GNUPG_General_Error;
|
||||||
}
|
}
|
||||||
|
if (DBG_HASHING)
|
||||||
|
gcry_md_start_debug (md, "hash.cert");
|
||||||
|
|
||||||
rc = ksba_cert_hash (cert, 1, HASH_FNC, md);
|
rc = ksba_cert_hash (cert, 1, HASH_FNC, md);
|
||||||
if (rc)
|
if (rc)
|
||||||
@ -142,6 +144,15 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
|
|||||||
ksba_free (p);
|
ksba_free (p);
|
||||||
return GNUPG_Bug;
|
return GNUPG_Bug;
|
||||||
}
|
}
|
||||||
|
if (DBG_X509)
|
||||||
|
{
|
||||||
|
int j;
|
||||||
|
log_debug ("signature value:");
|
||||||
|
for (j=0; j < n; j++)
|
||||||
|
log_printf (" %02X", p[j]);
|
||||||
|
log_printf ("\n");
|
||||||
|
}
|
||||||
|
|
||||||
rc = gcry_sexp_sscan ( &s_sig, NULL, p, n);
|
rc = gcry_sexp_sscan ( &s_sig, NULL, p, n);
|
||||||
ksba_free (p);
|
ksba_free (p);
|
||||||
if (rc)
|
if (rc)
|
||||||
@ -185,6 +196,7 @@ gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert)
|
|||||||
BUG ();
|
BUG ();
|
||||||
gcry_mpi_release (frame);
|
gcry_mpi_release (frame);
|
||||||
|
|
||||||
|
|
||||||
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
|
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
|
||||||
if (DBG_CRYPTO)
|
if (DBG_CRYPTO)
|
||||||
log_debug ("gcry_pk_verify: %s\n", gcry_strerror (rc));
|
log_debug ("gcry_pk_verify: %s\n", gcry_strerror (rc));
|
||||||
|
Loading…
x
Reference in New Issue
Block a user