1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-22 14:57:02 +01:00

gpg: Emit STATUS_FAILURE for --require-compliance errors

* g10/misc.c (compliance_failure): Do not fallback to CO_GNUPG.  Print
compliance failure error and status for CO_DE_VS.
* g10/mainproc.c (proc_encrypted): Call compliance_failure in the
require-compliance error case.
* g10/encrypt.c (check_encryption_compliance): Ditto.
This commit is contained in:
Werner Koch 2022-08-31 15:27:59 +02:00
parent e1169e8f8a
commit e05fb5ca37
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 9 additions and 10 deletions

View File

@ -567,10 +567,8 @@ check_encryption_compliance (DEK *dek, pk_list_t pk_list)
&& opt.compliance == CO_DE_VS
&& !compliant)
{
log_error (_("operation forced to fail due to"
" unfulfilled compliance rules\n"));
compliance_failure ();
err = gpg_error (GPG_ERR_FORBIDDEN);
g10_errors_seen = 1;
goto leave;
}

View File

@ -944,9 +944,7 @@ proc_encrypted (CTX c, PACKET *pkt)
&& opt.compliance == CO_DE_VS
&& compliance_de_vs != (4|2|1))
{
log_error (_("operation forced to fail due to"
" unfulfilled compliance rules\n"));
g10_errors_seen = 1;
compliance_failure ();
}
}
@ -2625,8 +2623,7 @@ check_sig_and_print (CTX c, kbnode_t node)
else if (opt.flags.require_compliance
&& opt.compliance == CO_DE_VS)
{
log_error (_("operation forced to fail due to"
" unfulfilled compliance rules\n"));
compliance_failure ();
if (!rc)
rc = gpg_error (GPG_ERR_FORBIDDEN);
}

View File

@ -1405,8 +1405,12 @@ compliance_failure(void)
break;
case CO_DE_VS:
ver="DE-VS applications";
break;
/* For de-vs we do not allow any kind of fallback. */
write_status_failure ("compliance-check", gpg_error (GPG_ERR_FORBIDDEN));
log_error (_("operation forced to fail due to"
" unfulfilled compliance rules\n"));
g10_errors_seen = 1;
return;
}
log_info(_("this message may not be usable by %s\n"),ver);