diff options
| author | Werner Koch <[email protected]> | 2004-01-30 09:47:28 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2004-01-30 09:47:28 +0000 |
| commit | 6fe61392895b27bc42b19d940d4d8b2b48b8c07c (patch) | |
| tree | ad016ff303dcffd386e534f5798a1e75dbe61e03 | |
| parent | * configure.ac: Require libksba 0.9.3 due to another bug fix there. (diff) | |
| download | gnupg-6fe61392895b27bc42b19d940d4d8b2b48b8c07c.tar.gz gnupg-6fe61392895b27bc42b19d940d4d8b2b48b8c07c.zip | |
(check_cert_policy): Fixed read error checking.V1-9-4
(check_cert_policy): With no critical policies issue only a
warning if the policy file does not exists.
Diffstat (limited to '')
| -rw-r--r-- | sm/ChangeLog | 4 | ||||
| -rw-r--r-- | sm/certchain.c | 18 |
2 files changed, 16 insertions, 6 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog index a94da4eb9..2a584e079 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,5 +1,9 @@ 2004-01-30 Werner Koch <[email protected]> + * certchain.c (check_cert_policy): Fixed read error checking. + (check_cert_policy): With no critical policies issue only a + warning if the policy file does not exists. + * sign.c (add_certificate_list): Decrement N for the first cert. 2004-01-29 Werner Koch <[email protected]> diff --git a/sm/certchain.c b/sm/certchain.c index 64be1aed8..a48dbd737 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -127,6 +127,13 @@ check_cert_policy (ksba_cert_t cert) log_error ("failed to open `%s': %s\n", opt.policy_file, strerror (errno)); xfree (policies); + /* With no critical policies this is only a warning */ + if (!any_critical) + { + log_info (_("note: certificate policy not allowed\n")); + return 0; + } + log_error (_("certificate policy not allowed\n")); return gpg_error (GPG_ERR_NO_POLICY_MATCH); } @@ -141,13 +148,13 @@ check_cert_policy (ksba_cert_t cert) { if (!fgets (line, DIM(line)-1, fp) ) { - gpg_error_t tmperr; + gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); xfree (policies); if (feof (fp)) { fclose (fp); - /* with no critical policies this is only a warning */ + /* With no critical policies this is only a warning */ if (!any_critical) { log_info (_("note: certificate policy not allowed\n")); @@ -156,7 +163,6 @@ check_cert_policy (ksba_cert_t cert) log_error (_("certificate policy not allowed\n")); return gpg_error (GPG_ERR_NO_POLICY_MATCH); } - tmperr = gpg_error (gpg_err_code_from_errno (errno)); fclose (fp); return tmperr; } @@ -193,10 +199,10 @@ check_cert_policy (ksba_cert_t cert) for (haystack=policies; (p=strstr (haystack, allowed)); haystack = p+1) { if ( !(p == policies || p[-1] == '\n') ) - continue; /* does not match the begin of a line */ + continue; /* Does not match the begin of a line. */ if (p[strlen (allowed)] != ':') - continue; /* the length does not match */ - /* Yep - it does match so return okay */ + continue; /* The length does not match. */ + /* Yep - it does match so return okay. */ fclose (fp); xfree (policies); return 0; |