3 files changed, 24 insertions, 3 deletions

diff --git a/sm/certchain.c b/sm/certchain.c
index 7b782190b..84dbed696 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -307,6 +307,7 @@ allowed_ca (ctrl_t ctrl,
 static int
 check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
 {
+  static int no_policy_file;
   gpg_error_t err;
   char *policies;
   estream_t fp;
@@ -341,12 +342,24 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
       return 0;
     }
 
-  fp = es_fopen (opt.policy_file, "r");
+  if (no_policy_file)
+    {
+      /* Avoid trying to open the policy file if we already know that
+       * it does not exist.  */
+      fp = NULL;
+      gpg_err_set_errno (ENOENT);
+    }
+  else
+    fp = es_fopen (opt.policy_file, "r");
   if (!fp)
     {
-      if (opt.verbose || errno != ENOENT)
+      if ((opt.verbose || errno != ENOENT) && !no_policy_file)
         log_info (_("failed to open '%s': %s\n"),
                   opt.policy_file, strerror (errno));
+
+      if (errno == ENOENT)
+        no_policy_file = 1;
+
       xfree (policies);
       /* With no critical policies this is only a warning */
       if (!any_critical)
@@ -361,6 +374,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, estream_t fplist)
       return gpg_error (GPG_ERR_NO_POLICY_MATCH);
     }
 
+  /* FIXME: Cache the policy file content.  */
+
   for (;;)
     {
       int c;
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index aeb6ad7a9..55173f8a2 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -213,6 +213,7 @@ enum cmd_and_opt_values {
   oKeyboxdProgram,
   oRequireCompliance,
   oCompatibilityFlags,
+  oKbxBufferSize,
   oNoAutostart
  };
 
@@ -447,6 +448,7 @@ static gpgrt_opt_t opts[] = {
   ARGPARSE_s_s (oXauthority, "xauthority", "@"),
   ARGPARSE_s_s (oChUid, "chuid", "@"),
   ARGPARSE_s_s (oCompatibilityFlags, "compatibility-flags", "@"),
+  ARGPARSE_p_u (oKbxBufferSize,  "kbx-buffer-size", "@"),
 
   ARGPARSE_header (NULL, ""),  /* Stop the header group.  */
 
@@ -1492,6 +1494,10 @@ main ( int argc, char **argv)
 
         case oRequireCompliance: opt.require_compliance = 1;  break;
 
+        case oKbxBufferSize:
+          keybox_set_buffersize (pargs.r.ret_ulong, 0);
+          break;
+
         default:
           if (configname)
             pargs.err = ARGPARSE_PRINT_WARNING;
diff --git a/sm/keydb.c b/sm/keydb.c
index a12dba19f..38737c96a 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -693,7 +693,7 @@ keydb_release (KEYDB_HANDLE hd)
           switch (hd->active[i].type)
             {
             case KEYDB_RESOURCE_TYPE_NONE:
-          break;
+              break;
             case KEYDB_RESOURCE_TYPE_KEYBOX:
               keybox_release (hd->active[i].u.kr);
               break;