Return a more specific error code for missing issuer certificates

2025-02-06 17:23:03 +01:00 · 2010-09-16 14:32:38 +00:00 · 2010-09-16 14:32:38 +00:00 · 9b230eadc8
commit 9b230eadc8
parent 96380221ca
8 changed files with 35 additions and 9 deletions
--- a/common/ChangeLog
+++ b/common/ChangeLog
@ -1,3 +1,8 @@
+2010-09-16  Werner Koch  <wk@g10code.com>
+
+	* util.h: Add GPG_ERR_MISSING_ISSUER_CERT.
+	* status.c (get_inv_recpsgnr_code): Ditto.
+
 2010-05-03  Werner Koch  <wk@g10code.com>

 	* asshelp.c (lock_agent_spawning, unlock_agent_spawning): New.
--- a/common/status.c
+++ b/common/status.c
@ -58,6 +58,7 @@ get_inv_recpsgnr_code (gpg_error_t err)

    case GPG_ERR_NOT_TRUSTED:     errstr = "10"; break;
    case GPG_ERR_MISSING_CERT:    errstr = "11"; break;
+    case GPG_ERR_MISSING_ISSUER_CERT: errstr = "12"; break;
    default:                      errstr = "0"; break;
    }

--- a/common/util.h
+++ b/common/util.h
@ -29,6 +29,9 @@
 #ifndef GPG_ERR_NOT_ENABLED
 #define GPG_ERR_NOT_ENABLED 179
 #endif
+#ifndef GPG_ERR_MISSING_ISSUER_CERT
+#define GPG_ERR_MISSING_ISSUER_CERT 185
+#endif

 /* Hash function used with libksba. */
 #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,13 @@
+2010-09-16  Werner Koch  <wk@g10code.com>
+
+	* certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
+	(do_validate_chain): Ditto.
+	(gpgsm_basic_cert_check): Ditto.
+	* call-agent.c (learn_cb): Take care of new
+	GPG_ERR_MISSING_ISSUER_CERT.
+	* import.c (check_and_store): Ditto.
+	(check_and_store): Ditto.
+
 2010-05-12  Werner Koch  <wk@g10code.com>

 	* Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -879,7 +879,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
     because we can assume that the --learn-card command has been used
     on purpose.  */
  rc = gpgsm_basic_cert_check (parm->ctrl, cert);
-  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT)
+  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
+      && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
    log_error ("invalid certificate: %s\n", gpg_strerror (rc));
  else
    {
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -789,7 +789,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
         print an error here.  */
      if (rc != -1 && opt.verbose > 1)
        log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-      rc = gpg_error (GPG_ERR_MISSING_CERT);
+      rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
      goto leave;
    }

@ -1496,7 +1496,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
            }
          else
            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-          rc = gpg_error (GPG_ERR_MISSING_CERT);
+          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
          goto leave;
        }

@ -1897,7 +1897,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
            }
          else
            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-          rc = gpg_error (GPG_ERR_MISSING_CERT);
+          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
          goto leave;
        }
      
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -288,7 +288,7 @@ static ARGPARSE_OPTS opts[] = {

  ARGPARSE_s_s (oAuditLog, "audit-log", 
                N_("|FILE|write an audit log to FILE")),
-  ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""),
+  ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
  ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
  ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
  ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),
--- a/sm/import.c
+++ b/sm/import.c
@ -178,7 +178,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
  if (!rc && ctrl->with_validation)
    rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
  if (!rc || (!ctrl->with_validation
-              && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
+              && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
+                  || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
    {
      int existed;

@ -237,9 +238,14 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
      log_error (_("basic certificate checks failed - not imported\n"));
      if (stats)
        stats->not_imported++;
-      print_import_problem (ctrl, cert,
-                            gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
-                            gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
+      /* We keep the test for GPG_ERR_MISSING_CERT only in case
+         GPG_ERR_MISSING_CERT has been used instead of the newer
+         GPG_ERR_MISSING_ISSUER_CERT.  */
+      print_import_problem 
+        (ctrl, cert,
+         gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
+         gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
+         gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
    }
 }