From d9a4ccf94eabaca0981e0da9064160852fa31c02 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 23 Jan 2002 13:40:38 +0000 Subject: [PATCH] * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer. * certdump.c (gpgsm_dump_string): New. (print_dn): Replaced by above. --- sm/ChangeLog | 6 ++++++ sm/certchain.c | 20 ++++++++++++++++++-- sm/certdump.c | 43 ++++++++++++++++++++++++++++++++----------- sm/certpath.c | 20 ++++++++++++++++++-- sm/gpgsm.h | 1 + 5 files changed, 75 insertions(+), 15 deletions(-) diff --git a/sm/ChangeLog b/sm/ChangeLog index 8c4dd2b8a..a893fdff9 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,9 @@ +2002-01-23 Werner Koch + + * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer. + * certdump.c (gpgsm_dump_string): New. + (print_dn): Replaced by above. + 2002-01-22 Werner Koch * certpath.c (unknown_criticals): New. diff --git a/sm/certchain.c b/sm/certchain.c index f155cfb2d..9ef862643 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -38,7 +38,9 @@ static int unknown_criticals (KsbaCert cert) { static const char *known[] = { + "2.5.29.15", /* keyUsage */ "2.5.29.19", /* basic Constraints */ + "2.5.29.32", /* certificatePolicies */ NULL }; int rc = 0, i, idx, crit; @@ -232,7 +234,14 @@ gpgsm_validate_path (KsbaCert cert) rc = keydb_search_subject (kh, issuer); if (rc) { - log_error ("failed to find issuer's certificate: rc=%d\n", rc); + if (rc == -1) + { + log_info ("issuer certificate ("); + gpgsm_dump_string (issuer); + log_printf (") not found\n"); + } + else + log_error ("failed to find issuer's certificate: rc=%d\n", rc); rc = GNUPG_Missing_Certificate; goto leave; } @@ -340,7 +349,14 @@ gpgsm_basic_cert_check (KsbaCert cert) rc = keydb_search_subject (kh, issuer); if (rc) { - log_error ("failed to find issuer's certificate: rc=%d\n", rc); + if (rc == -1) + { + log_info ("issuer certificate ("); + gpgsm_dump_string (issuer); + log_printf (") not found\n"); + } + else + log_error ("failed to find issuer's certificate: rc=%d\n", rc); rc = GNUPG_Missing_Certificate; goto leave; } diff --git a/sm/certdump.c b/sm/certdump.c index eb8264578..4d5e6bf7f 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -82,13 +82,30 @@ gpgsm_dump_time (time_t t) } -static void -print_dn (char *p) +void +gpgsm_dump_string (const char *string) { - if (!p) - log_printf ("error"); + + if (!string) + log_printf ("[error]"); else - log_printf ("`%s'", p); + { + const unsigned char *s; + + for (s=string; *s; s++) + { + if (*s < ' ' || (*s >= 0x7f && *s <= 0xa0)) + break; + } + if (!*s && *string != '[') + log_printf ("%s", string); + else + { + log_printf ( "[ "); + log_printhex (NULL, string, strlen (string)); + log_printf ( " ]"); + } + } } @@ -104,7 +121,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert) if (cert) { sexp = ksba_cert_get_serial (cert); - log_debug (" serial: "); + log_debug (" serial: "); gpgsm_dump_serial (sexp); ksba_free (sexp); log_printf ("\n"); @@ -114,19 +131,19 @@ gpgsm_dump_cert (const char *text, KsbaCert cert) gpgsm_dump_time (t); log_printf ("\n"); t = ksba_cert_get_validity (cert, 1); - log_debug (" notAfter: "); + log_debug (" notAfter: "); gpgsm_dump_time (t); log_printf ("\n"); dn = ksba_cert_get_issuer (cert, 0); - log_debug (" issuer: "); - print_dn (dn); + log_debug (" issuer: "); + gpgsm_dump_string (dn); ksba_free (dn); log_printf ("\n"); dn = ksba_cert_get_subject (cert, 0); - log_debug (" subject: "); - print_dn (dn); + log_debug (" subject: "); + gpgsm_dump_string (dn); ksba_free (dn); log_printf ("\n"); @@ -140,3 +157,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert) } + + + + diff --git a/sm/certpath.c b/sm/certpath.c index f155cfb2d..9ef862643 100644 --- a/sm/certpath.c +++ b/sm/certpath.c @@ -38,7 +38,9 @@ static int unknown_criticals (KsbaCert cert) { static const char *known[] = { + "2.5.29.15", /* keyUsage */ "2.5.29.19", /* basic Constraints */ + "2.5.29.32", /* certificatePolicies */ NULL }; int rc = 0, i, idx, crit; @@ -232,7 +234,14 @@ gpgsm_validate_path (KsbaCert cert) rc = keydb_search_subject (kh, issuer); if (rc) { - log_error ("failed to find issuer's certificate: rc=%d\n", rc); + if (rc == -1) + { + log_info ("issuer certificate ("); + gpgsm_dump_string (issuer); + log_printf (") not found\n"); + } + else + log_error ("failed to find issuer's certificate: rc=%d\n", rc); rc = GNUPG_Missing_Certificate; goto leave; } @@ -340,7 +349,14 @@ gpgsm_basic_cert_check (KsbaCert cert) rc = keydb_search_subject (kh, issuer); if (rc) { - log_error ("failed to find issuer's certificate: rc=%d\n", rc); + if (rc == -1) + { + log_info ("issuer certificate ("); + gpgsm_dump_string (issuer); + log_printf (") not found\n"); + } + else + log_error ("failed to find issuer's certificate: rc=%d\n", rc); rc = GNUPG_Missing_Certificate; goto leave; } diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 43755a9d0..4d7e55880 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -146,6 +146,7 @@ void gpgsm_destroy_writer (Base64Context ctx); void gpgsm_dump_cert (const char *text, KsbaCert cert); void gpgsm_dump_serial (KsbaConstSexp p); void gpgsm_dump_time (time_t t); +void gpgsm_dump_string (const char *string); /*-- certcheck.c --*/ int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert);