[svn] GnuPG - r4188 - in branches/GNUPG-1-9-BRANCH: . sm

svn author wk cvs at cvs.gnupg.org
Mon Jul 3 15:26:19 CEST 2006 

Author: wk
Date: 2006-07-03 15:26:19 +0200 (Mon, 03 Jul 2006)
New Revision: 4188

Modified:
   branches/GNUPG-1-9-BRANCH/ChangeLog
   branches/GNUPG-1-9-BRANCH/TODO
   branches/GNUPG-1-9-BRANCH/configure.ac
   branches/GNUPG-1-9-BRANCH/sm/ChangeLog
   branches/GNUPG-1-9-BRANCH/sm/certreqgen.c
Log:
better reporting of bad DNs


Modified: branches/GNUPG-1-9-BRANCH/ChangeLog
===================================================================
--- branches/GNUPG-1-9-BRANCH/ChangeLog	2006-07-03 11:39:09 UTC (rev 4187)
+++ branches/GNUPG-1-9-BRANCH/ChangeLog	2006-07-03 13:26:19 UTC (rev 4188)
@@ -1,3 +1,7 @@
+2006-07-03  Werner Koch  <wk at g10code.com>
+
+	* configure.ac: Test for ksba_dn_teststr. 
+
 2006-06-30  Werner Koch  <wk at g10code.com>
 
 	* keyserver/: New.  Taken from 1.4.4

Modified: branches/GNUPG-1-9-BRANCH/TODO
===================================================================
--- branches/GNUPG-1-9-BRANCH/TODO	2006-07-03 11:39:09 UTC (rev 4187)
+++ branches/GNUPG-1-9-BRANCH/TODO	2006-07-03 13:26:19 UTC (rev 4188)
@@ -13,10 +13,6 @@
 might want to have an agent context for each service request
 (i.e. Assuan context).
 
-* sm/certreqgen.c
-** Improve error reporting
-** Do some basic checks on the supplied DNs
-
 * sm/certchain.c
 ** When a certificate chain was sucessfully verified, make ephemeral certs used  in this chain permanent.
 ** Try to keep certificate references somewhere

Modified: branches/GNUPG-1-9-BRANCH/configure.ac
===================================================================
--- branches/GNUPG-1-9-BRANCH/configure.ac	2006-07-03 11:39:09 UTC (rev 4187)
+++ branches/GNUPG-1-9-BRANCH/configure.ac	2006-07-03 13:26:19 UTC (rev 4188)
@@ -512,6 +512,11 @@
 # libksba is our X.509 support library
 #
 AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
+# fixme: Remove the following test and require newer libksba instead.
+_ksba_save_libs=$LIBS
+LIBS=$KSBA_LIBS
+AC_CHECK_FUNCS(ksba_dn_teststr)
+LIBS=$_ksba_save_libs
 
 #
 # libusb allows us to use the integrated CCID smartcard reader driver.

Modified: branches/GNUPG-1-9-BRANCH/sm/ChangeLog
===================================================================
--- branches/GNUPG-1-9-BRANCH/sm/ChangeLog	2006-07-03 11:39:09 UTC (rev 4187)
+++ branches/GNUPG-1-9-BRANCH/sm/ChangeLog	2006-07-03 13:26:19 UTC (rev 4188)
@@ -1,3 +1,8 @@
+2006-07-03  Werner Koch  <wk at g10code.com>
+
+	* certreqgen.c (proc_parameters): Print the component label of a
+	faulty DN.
+
 2006-06-26  Werner Koch  <wk at g10code.com>
 
 	* certdump.c (gpgsm_cert_log_name): New.

Modified: branches/GNUPG-1-9-BRANCH/sm/certreqgen.c
===================================================================
--- branches/GNUPG-1-9-BRANCH/sm/certreqgen.c	2006-07-03 11:39:09 UTC (rev 4187)
+++ branches/GNUPG-1-9-BRANCH/sm/certreqgen.c	2006-07-03 13:26:19 UTC (rev 4188)
@@ -441,6 +441,7 @@
 proc_parameters (ctrl_t ctrl,
                  struct para_data_s *para, struct reqgen_ctrl_s *outctrl)
 {
+  gpg_error_t err;
   struct para_data_s *r;
   const char *s;
   int i;
@@ -450,8 +451,9 @@
   int rc;
   ksba_sexp_t public;
   int seq;
-  
-  /* check that we have all required parameters */
+  size_t erroff, errlen;
+
+  /* Check that we have all required parameters; */
   assert (get_parameter (para, pKEYTYPE, 0));
 
   /* We can only use RSA for now.  There is a with pkcs-10 on how to
@@ -483,17 +485,31 @@
   if (parse_parameter_usage (para, pKEYUSAGE))
     return gpg_error (GPG_ERR_INV_PARAMETER);
 
-  /* check that there is a subject name and that this DN fits our
-     requirements */
+  /* Check that there is a subject name and that this DN fits our
+     requirements. */
   if (!(s=get_parameter_value (para, pNAMEDN, 0)))
     {
-      r = get_parameter (para, pKEYTYPE, 0);
+      r = get_parameter (para, pNAMEDN, 0);
       log_error (_("line %d: no subject name given\n"), r->lnr);
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
-  /* fixme check s */
+#if HAVE_KSBA_DN_TESTSTR
+  err = ksba_dn_teststr (s, 0, &erroff, &errlen);
+  if (err)
+    {
+      r = get_parameter (para, pNAMEDN, 0);
+      if (gpg_err_code (err) == GPG_ERR_UNKNOWN_NAME)
+        log_error (_("line %d: invalid subject name label `%.*s'\n"),
+                   r->lnr, (int)errlen, s+erroff);
+      else
+        log_error (_("line %d: invalid subject name `%s' at pos %d\n"),
+                   r->lnr, s, erroff);
 
-  /* check that the optional email address is okay */
+      return gpg_error (GPG_ERR_INV_PARAMETER);
+    }
+#endif /*HAVE_KSBA_DN_TESTSTR*/
+
+  /* Check that the optional email address is okay. */
   for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)
     { 
       if (has_invalid_email_chars (s)

More information about the Gnupg-commits mailing list