security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Return a more specific error code for missing issuer certificates

Browse Source
This commit is contained in:
Werner Koch 2010-09-16 14:32:38 +00:00
parent 96380221ca
commit 9b230eadc8
8 changed files with 35 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/ChangeLog
View File

@ -1,3 +1,8 @@
2010-09-16 Werner Koch <wk@g10code.com>
* util.h: Add GPG_ERR_MISSING_ISSUER_CERT.
* status.c (get_inv_recpsgnr_code): Ditto.
2010-05-03 Werner Koch <wk@g10code.com> 2010-05-03 Werner Koch <wk@g10code.com>
* asshelp.c (lock_agent_spawning, unlock_agent_spawning): New. * asshelp.c (lock_agent_spawning, unlock_agent_spawning): New.

1
common/status.c
View File

@ -58,6 +58,7 @@ get_inv_recpsgnr_code (gpg_error_t err)
case GPG_ERR_NOT_TRUSTED: errstr = "10"; break; case GPG_ERR_NOT_TRUSTED: errstr = "10"; break;
case GPG_ERR_MISSING_CERT: errstr = "11"; break; case GPG_ERR_MISSING_CERT: errstr = "11"; break;
case GPG_ERR_MISSING_ISSUER_CERT: errstr = "12"; break;
default: errstr = "0"; break; default: errstr = "0"; break;
} }

3
common/util.h
View File

@ -29,6 +29,9 @@
#ifndef GPG_ERR_NOT_ENABLED #ifndef GPG_ERR_NOT_ENABLED
#define GPG_ERR_NOT_ENABLED 179 #define GPG_ERR_NOT_ENABLED 179
#endif #endif
#ifndef GPG_ERR_MISSING_ISSUER_CERT
#define GPG_ERR_MISSING_ISSUER_CERT 185
#endif
/* Hash function used with libksba. */ /* Hash function used with libksba. */
#define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)

10
sm/ChangeLog
View File

@ -1,3 +1,13 @@
2010-09-16 Werner Koch <wk@g10code.com>
* certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
(do_validate_chain): Ditto.
(gpgsm_basic_cert_check): Ditto.
* call-agent.c (learn_cb): Take care of new
GPG_ERR_MISSING_ISSUER_CERT.
* import.c (check_and_store): Ditto.
(check_and_store): Ditto.
2010-05-12 Werner Koch <wk@g10code.com> 2010-05-12 Werner Koch <wk@g10code.com>
* Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for * Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for

3
sm/call-agent.c
View File

@ -879,7 +879,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
because we can assume that the --learn-card command has been used because we can assume that the --learn-card command has been used
on purpose. */ on purpose. */
rc = gpgsm_basic_cert_check (parm->ctrl, cert); rc = gpgsm_basic_cert_check (parm->ctrl, cert);
if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT) if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
&& gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
log_error ("invalid certificate: %s\n", gpg_strerror (rc)); log_error ("invalid certificate: %s\n", gpg_strerror (rc));
else else
{ {

6
sm/certchain.c
View File

@ -789,7 +789,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
print an error here. */ print an error here. */
if (rc != -1 && opt.verbose > 1) if (rc != -1 && opt.verbose > 1)
log_error ("failed to find issuer's certificate: rc=%d\n", rc); log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = gpg_error (GPG_ERR_MISSING_CERT); rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
goto leave; goto leave;
} }
@ -1496,7 +1496,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
} }
else else
log_error ("failed to find issuer's certificate: rc=%d\n", rc); log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = gpg_error (GPG_ERR_MISSING_CERT); rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
goto leave; goto leave;
} }
@ -1897,7 +1897,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
} }
else else
log_error ("failed to find issuer's certificate: rc=%d\n", rc); log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = gpg_error (GPG_ERR_MISSING_CERT); rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
goto leave; goto leave;
} }

2
sm/gpgsm.c
View File

@ -288,7 +288,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oAuditLog, "audit-log", ARGPARSE_s_s (oAuditLog, "audit-log",
N_("|FILE|write an audit log to FILE")), N_("|FILE|write an audit log to FILE")),
ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""), ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")), ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")), ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),

14
sm/import.c
View File

@ -178,7 +178,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
if (!rc && ctrl->with_validation) if (!rc && ctrl->with_validation)
rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL); rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
if (!rc || (!ctrl->with_validation if (!rc || (!ctrl->with_validation
&& gpg_err_code (rc) == GPG_ERR_MISSING_CERT) ) && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
|| gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
{ {
int existed; int existed;
@ -237,9 +238,14 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
log_error (_("basic certificate checks failed - not imported\n")); log_error (_("basic certificate checks failed - not imported\n"));
if (stats) if (stats)
stats->not_imported++; stats->not_imported++;
print_import_problem (ctrl, cert, /* We keep the test for GPG_ERR_MISSING_CERT only in case
gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 : GPG_ERR_MISSING_CERT has been used instead of the newer
gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0); GPG_ERR_MISSING_ISSUER_CERT. */
print_import_problem
(ctrl, cert,
gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
} }
} }