gpgsm: Simplify the expiration check.

* sm/certlist.c (gpgsm_add_to_certlist): Remove the on-demand setting of the current time.
author: Werner Koch <[email protected]> 2025-03-18 11:21:57 +0000
committer: Werner Koch <[email protected]> 2025-03-18 11:21:57 +0000
commit: 2869de63b5229a686f3788c28e3e44a3be5f892f (patch)
tree: 28992a72e94437b181baf723d7dd31744b60d092
parent: gpgsm: Fix error message if all selected certificates are expired. (diff)
download: gnupg-2869de63b5229a686f3788c28e3e44a3be5f892f.tar.gz
gnupg-2869de63b5229a686f3788c28e3e44a3be5f892f.zip
1 files changed, 8 insertions, 18 deletions
diff --git a/sm/certlist.c b/sm/certlist.c
index 5057637ad..95040e220 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -337,9 +337,10 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
   KEYDB_SEARCH_DESC desc;
   KEYDB_HANDLE kh = NULL;
   ksba_cert_t cert = NULL;
-  ksba_isotime_t current_time = {0, };
-  ksba_isotime_t exp_time = {0, };
-  int current_time_loaded = 0;
+  ksba_isotime_t current_time;
+  ksba_isotime_t exp_time = {0};
+
+  gnupg_get_isotime (current_time);
 
   rc = classify_user_id (name, &desc, 0);
   if (!rc)
@@ -370,15 +371,9 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
               rc = secret? gpgsm_cert_use_sign_p (cert, 0)
                          : gpgsm_cert_use_encrypt_p (cert);
               if (!rc)
-                {
-                  if (!current_time_loaded)
-                    {
-                      gnupg_get_isotime (current_time);
-                      current_time_loaded = 1;
-                    }
-                  rc = check_validity_period_cm (current_time, current_time,
-                                                 cert, exp_time, 0, NULL, 0, 0);
-                }
+                rc = check_validity_period_cm (current_time, current_time,
+                                               cert, exp_time, 0, NULL, 0, 0);
+
               if (gpg_err_code (rc) == GPG_ERR_WRONG_KEY_USAGE)
                 {
                   /* There might be another certificate with the
@@ -443,12 +438,6 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
                     {
                       gpg_err_code_t tmp;
 
-                      if (!current_time_loaded)
-                        {
-                          gnupg_get_isotime (current_time);
-                          current_time_loaded = 1;
-                        }
-
                       if (same_subject_issuer (first_subject,
                                                first_issuer,
                                                cert2))
@@ -620,6 +609,7 @@ gpgsm_find_cert (ctrl_t ctrl,
               ksba_isotime_t notbefore = "";
               const unsigned char *image = NULL;
               size_t length = 0;
+
               if (allow_ambiguous)
                 {
                   /* We want to return the newest certificate */
author	Werner Koch <[email protected]>	2025-03-18 11:21:57 +0000
committer	Werner Koch <[email protected]>	2025-03-18 11:21:57 +0000
commit	2869de63b5229a686f3788c28e3e44a3be5f892f (patch)
tree	28992a72e94437b181baf723d7dd31744b60d092
parent	gpgsm: Fix error message if all selected certificates are expired. (diff)
download	gnupg-2869de63b5229a686f3788c28e3e44a3be5f892f.tar.gz gnupg-2869de63b5229a686f3788c28e3e44a3be5f892f.zip