dirmngr: Remove use of hardcoded numbers in validate.

* dirmngr/validate.c (enum cert_usage_modes): New. (cert_usage_p): Change type of arg MODE. Use enums instead of hardwired values. Use a switch instead of tricky bit tests. (cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust. * dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage. (cert_use_cert_p): Rename to check_cert_use_cert. (cert_use_ocsp_p): Rename to check_cert_use_ocsp. (cert_use_crl_p): Rename to check_cert_use_crl. * dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New. (VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New. -- A function with a "_p" suffix return 0 for a True just looks weird. We now use names which better indicate that an error code is returned. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2017-02-17 14:19:15 +01:00 · 2017-02-17 14:19:15 +01:00 · ed99af030d
commit ed99af030d
parent dea4b3c742
2 changed files with 77 additions and 45 deletions
--- a/dirmngr/validate.h
+++ b/dirmngr/validate.h
@ -25,13 +25,27 @@
 enum {
  /* Simple certificate validation mode. */
  VALIDATE_MODE_CERT = 0,
+
+  /* Same as MODE_CERT but using the system provided root
+   * certificates.  */
+  VALIDATE_MODE_CERT_SYSTRUST,
+
+  /* Same as MODE_CERT but uses a provided list of certificates.  */
+  VALIDATE_MODE_TLS,
+
+  /* Same as MODE_TLS but using the system provided root
+   * certificates.  */
+  VALIDATE_MODE_TLS_SYSTRUST,
+
  /* Standard CRL issuer certificate validation; i.e. CRLs are not
     considered for CRL issuer certificates. */
-  VALIDATE_MODE_CRL = 1,
+  VALIDATE_MODE_CRL,
+
  /* Full CRL validation. */
-  VALIDATE_MODE_CRL_RECURSIVE = 2,
+  VALIDATE_MODE_CRL_RECURSIVE,
+
  /* Validation as used for OCSP. */
-  VALIDATE_MODE_OCSP = 3
+  VALIDATE_MODE_OCSP
 };


@ -42,14 +56,14 @@ gpg_error_t validate_cert_chain (ctrl_t ctrl,
                                 int mode, char **r_trust_anchor);

 /* Return 0 if the certificate CERT is usable for certification.  */
-gpg_error_t cert_use_cert_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_cert (ksba_cert_t cert);

 /* Return 0 if the certificate CERT is usable for signing OCSP
   responses.  */
-gpg_error_t cert_use_ocsp_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_ocsp (ksba_cert_t cert);

 /* Return 0 if the certificate CERT is usable for signing CRLs. */
-gpg_error_t cert_use_crl_p (ksba_cert_t cert);
+gpg_error_t check_cert_use_crl (ksba_cert_t cert);


 #endif /*VALIDATE_H*/