Print status of CRL checks in the audit log.

author: Werner Koch <[email protected]> 2009-07-23 15:18:58 +0000
committer: Werner Koch <[email protected]> 2009-07-23 15:18:58 +0000
commit: 830dae2873be093abe745f42424a5713e270f957 (patch)
tree: 84c8f23197440d6349a75087787884bfac07bdd6 /sm
parent: Make use of the card's extended capabilities. (diff)
download: gnupg-830dae2873be093abe745f42424a5713e270f957.tar.gz
gnupg-830dae2873be093abe745f42424a5713e270f957.zip
2 files changed, 11 insertions, 1 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog
index 954f88ea5..b50703e4b 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,7 @@
+2009-07-23  Werner Koch  <[email protected]>
+
+	* certchain.c (is_cert_still_valid): Emit AUDIT_CRL_CHECK.
+
 2009-07-07  Werner Koch  <[email protected]>
 
 	* server.c (command_has_option): New.
diff --git a/sm/certchain.c b/sm/certchain.c
index ddf4ece8f..e9a1aadfa 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -889,11 +889,17 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
   gpg_error_t err;
 
   if (opt.no_crl_check && !ctrl->use_ocsp)
-    return 0;
+    {
+      audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, 
+                    gpg_error (GPG_ERR_NOT_ENABLED));
+      return 0;
+    }
 
   err = gpgsm_dirmngr_isvalid (ctrl,
                                subject_cert, issuer_cert, 
                                force_ocsp? 2 : !!ctrl->use_ocsp);
+  audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
+
   if (err)
     {
       if (!lm)
author	Werner Koch <[email protected]>	2009-07-23 15:18:58 +0000
committer	Werner Koch <[email protected]>	2009-07-23 15:18:58 +0000
commit	830dae2873be093abe745f42424a5713e270f957 (patch)
tree	84c8f23197440d6349a75087787884bfac07bdd6 /sm
parent	Make use of the card's extended capabilities. (diff)
download	gnupg-830dae2873be093abe745f42424a5713e270f957.tar.gz gnupg-830dae2873be093abe745f42424a5713e270f957.zip