* gpgsm.c, gpgsm.h: New option --debug-no-path-validation.

* certpath.c (gpgsm_validate_path): Use it here instead of the
debug flag hack.

* certpath.c (check_cert_policy): Return No_Policy_Match if the
policy file could not be opened.

5 files changed, 18 insertions, 5 deletions

diff --git a/sm/ChangeLog b/sm/ChangeLog
index b612c1da8..237365847 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,12 @@
+2002-06-24  Werner Koch  <[email protected]>
+
+	* gpgsm.c, gpgsm.h: New option --debug-no-path-validation.
+	* certpath.c (gpgsm_validate_path): Use it here instead of the
+	debug flag hack.
+
+	* certpath.c (check_cert_policy): Return No_Policy_Match if the
+	policy file could not be opened.
+
 2002-06-20  Werner Koch  <[email protected]>
 
 	* certlist.c (gpgsm_add_to_certlist): Fixed locating of a
diff --git a/sm/certchain.c b/sm/certchain.c
index 01696fc27..5cae1ea75 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -127,7 +127,7 @@ check_cert_policy (KsbaCert cert)
       log_error ("failed to open `%s': %s\n",
                  opt.policy_file, strerror (errno));
       xfree (policies);
-      return GNUPG_Configuration_Error;
+      return GNUPG_No_Policy_Match;
     }
 
   for (;;) 
@@ -326,7 +326,7 @@ gpgsm_validate_path (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
   if (r_exptime)
     *r_exptime = 0;
 
-  if ((opt.debug & 4096))
+  if (opt.no_path_validation)
     {
       log_info ("WARNING: bypassing path validation\n");
       return 0;
diff --git a/sm/certpath.c b/sm/certpath.c
index 01696fc27..5cae1ea75 100644
--- a/sm/certpath.c
+++ b/sm/certpath.c
@@ -127,7 +127,7 @@ check_cert_policy (KsbaCert cert)
       log_error ("failed to open `%s': %s\n",
                  opt.policy_file, strerror (errno));
       xfree (policies);
-      return GNUPG_Configuration_Error;
+      return GNUPG_No_Policy_Match;
     }
 
   for (;;) 
@@ -326,7 +326,7 @@ gpgsm_validate_path (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
   if (r_exptime)
     *r_exptime = 0;
 
-  if ((opt.debug & 4096))
+  if (opt.no_path_validation)
     {
       log_info ("WARNING: bypassing path validation\n");
       return 0;
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index 385648cb4..9fe3205cb 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -82,6 +82,7 @@ enum cmd_and_opt_values {
   oDebug,
   oDebugAll,
   oDebugWait,
+  oDebugNoPathValidation,
   oLogFile,
 
   oEnableSpecialFilenames,
@@ -302,6 +303,7 @@ static ARGPARSE_OPTS opts[] = {
     { oDebug, "debug"     ,4|16, "@"},
     { oDebugAll, "debug-all" ,0, "@"},
     { oDebugWait, "debug-wait" ,1, "@"},
+    { oDebugNoPathValidation, "debug-no-path-validation" ,1, "@"},
     { oStatusFD, "status-fd" ,1, N_("|FD|write status info to this FD") },
     { aDummy, "no-comment", 0,   "@"},
     { aDummy, "completes-needed", 1, "@"},
@@ -844,6 +846,8 @@ main ( int argc, char **argv)
         case oDebug: opt.debug |= pargs.r.ret_ulong; break;
         case oDebugAll: opt.debug = ~0; break;
         case oDebugWait: debug_wait = pargs.r.ret_int; break;
+        case oDebugNoPathValidation: opt.no_path_validation = 1; break;
+
 
         case oStatusFD: ctrl.status_fd = pargs.r.ret_int; break;
         case oLoggerFD: log_set_fd (pargs.r.ret_int ); break;
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index a3cf903d3..b4f7ebe5c 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -78,7 +78,7 @@ struct {
 
   char *policy_file;        /* full pathname of policy file */
   int no_policy_check;      /* ignore certificate policies */
-
+  int no_path_validation;   /* Bypass all cert path validity tests */
 } opt;