gpgsm: Cache the non-existence of the policy file.

* sm/certchain.c (check_cert_policy): Add simple static cache.
--

It is quite common that a policy file does not exist.  Thus we can
avoid the overhead of trying to open it over and over again just to
assert that it does not exists.

1 files changed, 17 insertions, 2 deletions

diff --git a/sm/certchain.c b/sm/certchain.c
index 7b5d17d40..52244f10e 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -306,6 +306,7 @@ allowed_ca (ctrl_t ctrl,
 static int
 check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
 {
+  static int no_policy_file;
   gpg_error_t err;
   char *policies;
   estream_t fp;
@@ -340,12 +341,24 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
       return 0;
     }
 
-  fp = es_fopen (opt.policy_file, "r");
+  if (no_policy_file)
+    {
+      /* Avoid trying to open the policy file if we already know that
+       * it does not exist.  */
+      fp = NULL;
+      gpg_err_set_errno (ENOENT);
+    }
+  else
+    fp = es_fopen (opt.policy_file, "r");
   if (!fp)
     {
-      if (opt.verbose || errno != ENOENT)
+      if ((opt.verbose || errno != ENOENT) && !no_policy_file)
         log_info (_("failed to open '%s': %s\n"),
                   opt.policy_file, strerror (errno));
+
+      if (errno == ENOENT)
+        no_policy_file = 1;
+
       xfree (policies);
       /* With no critical policies this is only a warning */
       if (!any_critical)
@@ -360,6 +373,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
       return gpg_error (GPG_ERR_NO_POLICY_MATCH);
     }
 
+  /* FIXME: Cache the policy file content.  */
+
   for (;;)
     {
       int c;