security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-01 16:33:02 +01:00
Code Activity

* certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.

Browse Source 
* certdump.c (gpgsm_dump_string): New.
(print_dn): Replaced by above.
This commit is contained in:
Werner Koch 2002-01-23 13:40:38 +00:00
parent e92ad49697
commit d9a4ccf94e
5 changed files with 75 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sm/ChangeLog
View File

@ -1,3 +1,9 @@
2002-01-23 Werner Koch <wk@gnupg.org>
* certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
* certdump.c (gpgsm_dump_string): New.
(print_dn): Replaced by above.
2002-01-22 Werner Koch <wk@gnupg.org> 2002-01-22 Werner Koch <wk@gnupg.org>
* certpath.c (unknown_criticals): New. * certpath.c (unknown_criticals): New.

20
sm/certchain.c
View File

@ -38,7 +38,9 @@ static int
unknown_criticals (KsbaCert cert) unknown_criticals (KsbaCert cert)
{ {
static const char *known[] = { static const char *known[] = {
"2.5.29.15", /* keyUsage */
"2.5.29.19", /* basic Constraints */ "2.5.29.19", /* basic Constraints */
"2.5.29.32", /* certificatePolicies */
NULL NULL
}; };
int rc = 0, i, idx, crit; int rc = 0, i, idx, crit;
@ -232,7 +234,14 @@ gpgsm_validate_path (KsbaCert cert)
rc = keydb_search_subject (kh, issuer); rc = keydb_search_subject (kh, issuer);
if (rc) if (rc)
{ {
log_error ("failed to find issuer's certificate: rc=%d\n", rc); if (rc == -1)
{
log_info ("issuer certificate (");
gpgsm_dump_string (issuer);
log_printf (") not found\n");
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate; rc = GNUPG_Missing_Certificate;
goto leave; goto leave;
} }
@ -340,7 +349,14 @@ gpgsm_basic_cert_check (KsbaCert cert)
rc = keydb_search_subject (kh, issuer); rc = keydb_search_subject (kh, issuer);
if (rc) if (rc)
{ {
log_error ("failed to find issuer's certificate: rc=%d\n", rc); if (rc == -1)
{
log_info ("issuer certificate (");
gpgsm_dump_string (issuer);
log_printf (") not found\n");
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate; rc = GNUPG_Missing_Certificate;
goto leave; goto leave;
} }

43
sm/certdump.c
View File

@ -82,13 +82,30 @@ gpgsm_dump_time (time_t t)
} }
static void void
print_dn (char *p) gpgsm_dump_string (const char *string)
{ {
if (!p)
log_printf ("error"); if (!string)
log_printf ("[error]");
else else
log_printf ("`%s'", p); {
const unsigned char *s;
for (s=string; *s; s++)
{
if (*s < ' ' || (*s >= 0x7f && *s <= 0xa0))
break;
}
if (!*s && *string != '[')
log_printf ("%s", string);
else
{
log_printf ( "[ ");
log_printhex (NULL, string, strlen (string));
log_printf ( " ]");
}
}
} }
@ -104,7 +121,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
if (cert) if (cert)
{ {
sexp = ksba_cert_get_serial (cert); sexp = ksba_cert_get_serial (cert);
log_debug (" serial: "); log_debug (" serial: ");
gpgsm_dump_serial (sexp); gpgsm_dump_serial (sexp);
ksba_free (sexp); ksba_free (sexp);
log_printf ("\n"); log_printf ("\n");
@ -114,19 +131,19 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
gpgsm_dump_time (t); gpgsm_dump_time (t);
log_printf ("\n"); log_printf ("\n");
t = ksba_cert_get_validity (cert, 1); t = ksba_cert_get_validity (cert, 1);
log_debug (" notAfter: "); log_debug (" notAfter: ");
gpgsm_dump_time (t); gpgsm_dump_time (t);
log_printf ("\n"); log_printf ("\n");
dn = ksba_cert_get_issuer (cert, 0); dn = ksba_cert_get_issuer (cert, 0);
log_debug (" issuer: "); log_debug (" issuer: ");
print_dn (dn); gpgsm_dump_string (dn);
ksba_free (dn); ksba_free (dn);
log_printf ("\n"); log_printf ("\n");
dn = ksba_cert_get_subject (cert, 0); dn = ksba_cert_get_subject (cert, 0);
log_debug (" subject: "); log_debug (" subject: ");
print_dn (dn); gpgsm_dump_string (dn);
ksba_free (dn); ksba_free (dn);
log_printf ("\n"); log_printf ("\n");
@ -140,3 +157,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
} }

20
sm/certpath.c
View File

@ -38,7 +38,9 @@ static int
unknown_criticals (KsbaCert cert) unknown_criticals (KsbaCert cert)
{ {
static const char *known[] = { static const char *known[] = {
"2.5.29.15", /* keyUsage */
"2.5.29.19", /* basic Constraints */ "2.5.29.19", /* basic Constraints */
"2.5.29.32", /* certificatePolicies */
NULL NULL
}; };
int rc = 0, i, idx, crit; int rc = 0, i, idx, crit;
@ -232,7 +234,14 @@ gpgsm_validate_path (KsbaCert cert)
rc = keydb_search_subject (kh, issuer); rc = keydb_search_subject (kh, issuer);
if (rc) if (rc)
{ {
log_error ("failed to find issuer's certificate: rc=%d\n", rc); if (rc == -1)
{
log_info ("issuer certificate (");
gpgsm_dump_string (issuer);
log_printf (") not found\n");
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate; rc = GNUPG_Missing_Certificate;
goto leave; goto leave;
} }
@ -340,7 +349,14 @@ gpgsm_basic_cert_check (KsbaCert cert)
rc = keydb_search_subject (kh, issuer); rc = keydb_search_subject (kh, issuer);
if (rc) if (rc)
{ {
log_error ("failed to find issuer's certificate: rc=%d\n", rc); if (rc == -1)
{
log_info ("issuer certificate (");
gpgsm_dump_string (issuer);
log_printf (") not found\n");
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
rc = GNUPG_Missing_Certificate; rc = GNUPG_Missing_Certificate;
goto leave; goto leave;
} }

1
sm/gpgsm.h
View File

@ -146,6 +146,7 @@ void gpgsm_destroy_writer (Base64Context ctx);
void gpgsm_dump_cert (const char *text, KsbaCert cert); void gpgsm_dump_cert (const char *text, KsbaCert cert);
void gpgsm_dump_serial (KsbaConstSexp p); void gpgsm_dump_serial (KsbaConstSexp p);
void gpgsm_dump_time (time_t t); void gpgsm_dump_time (time_t t);
void gpgsm_dump_string (const char *string);
/*-- certcheck.c --*/ /*-- certcheck.c --*/
int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert); int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert);