* certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.

* certdump.c (gpgsm_dump_string): New. (print_dn): Replaced by above.
2025-01-21 14:47:03 +01:00 · 2002-01-23 13:40:38 +00:00 · 2002-01-23 13:40:38 +00:00 · d9a4ccf94e
commit d9a4ccf94e
parent e92ad49697
5 changed files with 75 additions and 15 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,9 @@
+2002-01-23  Werner Koch  <wk@gnupg.org>
+
+	* certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
+	* certdump.c (gpgsm_dump_string): New.
+	(print_dn): Replaced by above.
+
 2002-01-22  Werner Koch  <wk@gnupg.org>

 	* certpath.c (unknown_criticals): New.
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -38,7 +38,9 @@ static int
 unknown_criticals (KsbaCert cert)
 {
  static const char *known[] = {
+    "2.5.29.15", /* keyUsage */
    "2.5.29.19", /* basic Constraints */
+    "2.5.29.32", /* certificatePolicies */
    NULL
  };
  int rc = 0, i, idx, crit;
@ -232,7 +234,14 @@ gpgsm_validate_path (KsbaCert cert)
      rc = keydb_search_subject (kh, issuer);
      if (rc)
        {
-          log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+          if (rc == -1)
+            {
+              log_info ("issuer certificate (");
+              gpgsm_dump_string (issuer);
+              log_printf (") not found\n");
+            }
+          else
+            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
          rc = GNUPG_Missing_Certificate;
          goto leave;
        }
@ -340,7 +349,14 @@ gpgsm_basic_cert_check (KsbaCert cert)
      rc = keydb_search_subject (kh, issuer);
      if (rc)
        {
-          log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+          if (rc == -1)
+            {
+              log_info ("issuer certificate (");
+              gpgsm_dump_string (issuer);
+              log_printf (") not found\n");
+            }
+          else
+            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
          rc = GNUPG_Missing_Certificate;
          goto leave;
        }
--- a/sm/certdump.c
+++ b/sm/certdump.c
@ -82,13 +82,30 @@ gpgsm_dump_time (time_t t)
 }


-static void
-print_dn (char *p)
+void
+gpgsm_dump_string (const char *string)
 {
-  if (!p)
-    log_printf ("error");
+
+  if (!string)
+    log_printf ("[error]");
  else
-    log_printf ("`%s'", p);
+    {
+      const unsigned char *s;
+
+      for (s=string; *s; s++)
+        {
+          if (*s < ' ' || (*s >= 0x7f && *s <= 0xa0))
+            break;
+        }
+      if (!*s && *string != '[')
+        log_printf ("%s", string);
+      else
+        {
+          log_printf ( "[ ");
+          log_printhex (NULL, string, strlen (string));
+          log_printf ( " ]");
+        }
+    }
 }


@ -104,7 +121,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
  if (cert)
    {
      sexp = ksba_cert_get_serial (cert);
-      log_debug ("  serial: ");
+      log_debug ("     serial: ");
      gpgsm_dump_serial (sexp);
      ksba_free (sexp);
      log_printf ("\n");
@ -114,19 +131,19 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
      gpgsm_dump_time (t);
      log_printf ("\n");
      t = ksba_cert_get_validity (cert, 1);
-      log_debug ("  notAfter: ");
+      log_debug ("   notAfter: ");
      gpgsm_dump_time (t);
      log_printf ("\n");

      dn = ksba_cert_get_issuer (cert, 0);
-      log_debug ("  issuer: ");
-      print_dn (dn);
+      log_debug ("     issuer: ");
+      gpgsm_dump_string (dn);
      ksba_free (dn);
      log_printf ("\n");
    
      dn = ksba_cert_get_subject (cert, 0);
-      log_debug ("  subject: ");
-      print_dn (dn);
+      log_debug ("    subject: ");
+      gpgsm_dump_string (dn);
      ksba_free (dn);
      log_printf ("\n");

@ -140,3 +157,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
 }


+
+
+
+
--- a/sm/certpath.c
+++ b/sm/certpath.c
@ -38,7 +38,9 @@ static int
 unknown_criticals (KsbaCert cert)
 {
  static const char *known[] = {
+    "2.5.29.15", /* keyUsage */
    "2.5.29.19", /* basic Constraints */
+    "2.5.29.32", /* certificatePolicies */
    NULL
  };
  int rc = 0, i, idx, crit;
@ -232,7 +234,14 @@ gpgsm_validate_path (KsbaCert cert)
      rc = keydb_search_subject (kh, issuer);
      if (rc)
        {
-          log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+          if (rc == -1)
+            {
+              log_info ("issuer certificate (");
+              gpgsm_dump_string (issuer);
+              log_printf (") not found\n");
+            }
+          else
+            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
          rc = GNUPG_Missing_Certificate;
          goto leave;
        }
@ -340,7 +349,14 @@ gpgsm_basic_cert_check (KsbaCert cert)
      rc = keydb_search_subject (kh, issuer);
      if (rc)
        {
-          log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+          if (rc == -1)
+            {
+              log_info ("issuer certificate (");
+              gpgsm_dump_string (issuer);
+              log_printf (") not found\n");
+            }
+          else
+            log_error ("failed to find issuer's certificate: rc=%d\n", rc);
          rc = GNUPG_Missing_Certificate;
          goto leave;
        }
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -146,6 +146,7 @@ void gpgsm_destroy_writer (Base64Context ctx);
 void gpgsm_dump_cert (const char *text, KsbaCert cert);
 void gpgsm_dump_serial (KsbaConstSexp p);
 void gpgsm_dump_time (time_t t);
+void gpgsm_dump_string (const char *string);

 /*-- certcheck.c --*/
 int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert);