diff options
| author | Daniel Kahn Gillmor <[email protected]> | 2016-10-27 22:30:57 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-11-17 14:29:35 +0000 |
| commit | c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c (patch) | |
| tree | b848f775a60bc78bc7948db5791e6a98927e2669 | |
| parent | doc: Typo fixes. (diff) | |
| download | gnupg-c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c.tar.gz gnupg-c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c.zip | |
dirmngr: Register hkp-cacert even if the file doesn't exist yet
* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
an argument for hkp-cacert into an absolute filename, terminate
completely.
* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
immediately accessible, but register it anyway.
--
Without this changeset, the condition of the filesystem when dirmngr
is initialized will have an effect on later activities of dirmngr.
For example, if a file identified by a hkp-cacert directive doesn't
exist when dirmngr starts, dirmngr will behave as though it simply
didn't have the hkp-cacert directive set at all, even if the file
should appear later.
dirmngr currently behaves differently if no hkp-cacert directives have
been set then it does when at least one hkp-cacert directive has been
set. For example, its choice of CA cert for
hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file
has been registered. That behavior shouldn't additionally depend on
the state of the filesystem at the time of dirmngr launch.
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
| -rw-r--r-- | dirmngr/dirmngr.c | 12 | ||||
| -rw-r--r-- | dirmngr/http.c | 5 |
2 files changed, 8 insertions, 9 deletions
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 9d4fb1474..f5dce811f 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -611,15 +611,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) { char *tmpname; - /* Do tilde expansion and print a warning if the file can't be - accessed. */ - tmpname = make_absfilename_try (pargs->r.ret_str, NULL); - if (!tmpname || access (tmpname, F_OK)) - log_info (_("can't access '%s': %s\n"), - tmpname? tmpname : pargs->r.ret_str, - gpg_strerror (gpg_error_from_syserror())); - else - http_register_tls_ca (tmpname); + /* Do tilde expansion and make path absolute. */ + tmpname = make_absfilename (pargs->r.ret_str, NULL); + http_register_tls_ca (tmpname); xfree (tmpname); } break; diff --git a/dirmngr/http.c b/dirmngr/http.c index b74a9ef9a..90682fa46 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -495,6 +495,11 @@ http_register_tls_ca (const char *fname) } else { + /* Warn if we can't access right now, but register it anyway in + case it becomes accessible later */ + if (access (fname, F_OK)) + log_info (_("can't access '%s': %s\n"), fname, + gpg_strerror (gpg_error_from_syserror())); sl = add_to_strlist (&tls_ca_certlist, fname); if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem")) sl->flags = 1; |