GNUPG-1-9-BRANCH gnupg/sm (ChangeLog Makefile.am certchain.c)

cvs user wk cvs at cvs.gnupg.org
Thu Apr 21 08:59:42 CEST 2005 

    Date: Thursday, April 21, 2005 @ 09:16:41
  Author: wk
    Path: /cvs/gnupg/gnupg/sm
     Tag: GNUPG-1-9-BRANCH

Modified: ChangeLog Makefile.am certchain.c

(gpgsm_validate_chain): Check revocations even for
expired certificates.  This is required because on signature
verification an expired key is fine whereas a revoked one is not.


-------------+
 ChangeLog   |   16 ++++++++++++++++
 Makefile.am |    3 ++-
 certchain.c |    9 +++------
 3 files changed, 21 insertions(+), 7 deletions(-)


Index: gnupg/sm/ChangeLog
diff -u gnupg/sm/ChangeLog:1.101.2.92 gnupg/sm/ChangeLog:1.101.2.93
--- gnupg/sm/ChangeLog:1.101.2.92	Mon Apr 18 12:44:45 2005
+++ gnupg/sm/ChangeLog	Thu Apr 21 09:16:41 2005
@@ -1,3 +1,19 @@
+2005-04-21  Werner Koch  <wk at g10code.com>
+
+	* certchain.c (gpgsm_validate_chain): Check revocations even for
+	expired certificates.  This is required because on signature
+	verification an expired key is fine whereas a revoked one is not.
+
+2005-04-20  Werner Koch  <wk at g10code.com>
+
+	* Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks.
+
+2005-04-19  Werner Koch  <wk at g10code.com>
+
+	* certchain.c (check_cert_policy): Print the diagnostic for a open
+	failure of policies.txt only in verbose mode or when it is not
+	ENOENT.
+
 2005-04-17  Werner Koch  <wk at g10code.com>
 
 	* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
Index: gnupg/sm/Makefile.am
diff -u gnupg/sm/Makefile.am:1.27.2.5 gnupg/sm/Makefile.am:1.27.2.6
--- gnupg/sm/Makefile.am:1.27.2.5	Thu Mar  3 11:15:07 2005
+++ gnupg/sm/Makefile.am	Thu Apr 21 09:16:41 2005
@@ -21,7 +21,8 @@
 
 bin_PROGRAMS = gpgsm
 
-AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS)
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS) \
+            $(PTH_CFLAGS)
 
 AM_CPPFLAGS = -I$(top_srcdir)/common -I$(top_srcdir)/intl 
 include $(top_srcdir)/am/cmacros.am
Index: gnupg/sm/certchain.c
diff -u gnupg/sm/certchain.c:1.32.2.22 gnupg/sm/certchain.c:1.32.2.23
--- gnupg/sm/certchain.c:1.32.2.22	Mon Apr 18 12:44:45 2005
+++ gnupg/sm/certchain.c	Thu Apr 21 09:16:41 2005
@@ -175,8 +175,9 @@
   fp = fopen (opt.policy_file, "r");
   if (!fp)
     {
-      log_error ("failed to open `%s': %s\n",
-                 opt.policy_file, strerror (errno));
+      if (opt.verbose || errno != ENOENT)
+        log_info (_("failed to open `%s': %s\n"),
+                  opt.policy_file, strerror (errno));
       xfree (policies);
       /* With no critical policies this is only a warning */
       if (!any_critical)
@@ -816,8 +817,6 @@
           /* Check for revocations etc. */
           if ((flags & 1))
             rc = 0;
-          else if (any_expired)
-            ; /* Don't bother to run the expensive CRL check then. */
           else
             rc = is_cert_still_valid (ctrl, lm, fp,
                                       subject_cert, subject_cert,
@@ -953,8 +952,6 @@
       /* Check for revocations etc. */
       if ((flags & 1))
         rc = 0;
-      else if (any_expired)
-        ; /* Don't bother to run the expensive CRL check then. */
       else
         rc = is_cert_still_valid (ctrl, lm, fp,
                                   subject_cert, issuer_cert,

More information about the Gnupg-commits mailing list