From 830dae2873be093abe745f42424a5713e270f957 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 23 Jul 2009 15:18:58 +0000
Subject: Print status of CRL checks in the audit log.

---
 sm/ChangeLog   | 4 ++++
 sm/certchain.c | 8 +++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'sm')

diff --git a/sm/ChangeLog b/sm/ChangeLog
index 954f88ea5..b50703e4b 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,7 @@
+2009-07-23  Werner Koch  <wk@g10code.com>
+
+	* certchain.c (is_cert_still_valid): Emit AUDIT_CRL_CHECK.
+
 2009-07-07  Werner Koch  <wk@g10code.com>
 
 	* server.c (command_has_option): New.
diff --git a/sm/certchain.c b/sm/certchain.c
index ddf4ece8f..e9a1aadfa 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -889,11 +889,17 @@ is_cert_still_valid (ctrl_t ctrl, int force_ocsp, int lm, estream_t fp,
   gpg_error_t err;
 
   if (opt.no_crl_check && !ctrl->use_ocsp)
-    return 0;
+    {
+      audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, 
+                    gpg_error (GPG_ERR_NOT_ENABLED));
+      return 0;
+    }
 
   err = gpgsm_dirmngr_isvalid (ctrl,
                                subject_cert, issuer_cert, 
                                force_ocsp? 2 : !!ctrl->use_ocsp);
+  audit_log_ok (ctrl->audit, AUDIT_CRL_CHECK, err);
+
   if (err)
     {
       if (!lm)
-- 
cgit v1.2.3