diff options
| author | Werner Koch <[email protected]> | 2002-05-03 20:18:54 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2002-05-03 20:18:54 +0000 |
| commit | a64b3686b4b176dcb8514e79fc7d622f66649c36 (patch) | |
| tree | 791abf096826287989987c4b1337f49efbfb0b5b /sm/certpath.c | |
| parent | Debug message cleanups. (diff) | |
| download | gnupg-a64b3686b4b176dcb8514e79fc7d622f66649c36.tar.gz gnupg-a64b3686b4b176dcb8514e79fc7d622f66649c36.zip | |
* certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
all callers.
* verify.c (gpgsm_verify): Tweaked usage of log_debug and
log_error. Return EXPSIG status and add expiretime to VALIDSIG.
Diffstat (limited to 'sm/certpath.c')
| -rw-r--r-- | sm/certpath.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/sm/certpath.c b/sm/certpath.c index 978d1f755..1283ce46d 100644 --- a/sm/certpath.c +++ b/sm/certpath.c @@ -305,8 +305,10 @@ gpgsm_is_root_cert (KsbaCert cert) } +/* Validate a path and optionally return the nearest expiration time + in R_EXPTIME */ int -gpgsm_validate_path (KsbaCert cert) +gpgsm_validate_path (KsbaCert cert, time_t *r_exptime) { int rc = 0, depth = 0, maxdepth; char *issuer = NULL; @@ -314,14 +316,17 @@ gpgsm_validate_path (KsbaCert cert) KEYDB_HANDLE kh = keydb_new (0); KsbaCert subject_cert = NULL, issuer_cert = NULL; time_t current_time = time (NULL); + time_t exptime = 0; + + if (r_exptime) + *r_exptime = 0; if ((opt.debug & 4096)) { log_info ("WARNING: bypassing path validation\n"); return 0; } - - + if (!kh) { log_error (_("failed to allocated keyDB handle\n")); @@ -361,7 +366,15 @@ gpgsm_validate_path (KsbaCert cert) goto leave; } - if (current_time < not_before) + if (not_after) + { + if (!exptime) + exptime = not_after; + else if (not_after < exptime) + exptime = not_after; + } + + if (not_before && current_time < not_before) { log_error ("certificate to young; valid from "); gpgsm_dump_time (not_before); @@ -369,7 +382,7 @@ gpgsm_validate_path (KsbaCert cert) rc = GNUPG_Certificate_Too_Young; goto leave; } - if (current_time > not_after) + if (not_after && current_time > not_after) { log_error ("certificate has expired at "); gpgsm_dump_time (not_after); @@ -526,7 +539,8 @@ gpgsm_validate_path (KsbaCert cert) } } - log_info ("certificate is good\n"); + if (opt.verbose) + log_info ("certificate is good\n"); keydb_search_reset (kh); subject_cert = issuer_cert; @@ -539,6 +553,8 @@ gpgsm_validate_path (KsbaCert cert) log_info ("CRLs not checked due to --disable-crl-checks option\n"); leave: + if (r_exptime) + *r_exptime = exptime; xfree (issuer); keydb_release (kh); ksba_cert_release (issuer_cert); |