[svn] dirmngr - r294 - in trunk: . src
svn author wk
cvs at cvs.gnupg.org
Thu Feb 21 19:45:12 CET 2008
Author: wk
Date: 2008-02-21 19:45:11 +0100 (Thu, 21 Feb 2008)
New Revision: 294
Modified:
trunk/ChangeLog
trunk/NEWS
trunk/TODO
trunk/configure.ac
trunk/src/ChangeLog
trunk/src/crlcache.c
trunk/src/exechelp.c
trunk/src/validate.c
Log:
Minot Code cleanup.
Better cert chain construction.
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/ChangeLog 2008-02-21 18:45:11 UTC (rev 294)
@@ -1,3 +1,12 @@
+2008-02-21 Werner Koch <wk at g10code.com>
+
+ * configure.ac: Check for gcry_md_debug.
+
+2008-02-13 Werner Koch <wk at g10code.com>
+
+ * configure.ac: Add back checks for funopen and funopencookie
+ because the logging code in jnlib/ still makes use of them.
+
2007-12-17 Werner Koch <wk at g10code.com>
* configure.ac: Test for ldap_start_tls_sA.
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/src/ChangeLog 2008-02-21 18:45:11 UTC (rev 294)
@@ -1,3 +1,15 @@
+2008-02-21 Werner Koch <wk at g10code.com>
+
+ * validate.c (check_cert_sig) [HAVE_GCRY_MD_DEBUG]: Use new debug
+ function if available.
+
+ * crlcache.c (abort_sig_check): Mark unused arg.
+
+ * exechelp.c (dirmngr_release_process) [!W32]: Mark unsed arg.
+
+ * validate.c (is_root_cert): New. Taken from GnuPG.
+ (validate_cert_chain): Use it in place of the simple DN compare.
+
2008-02-15 Marcus Brinkmann <marcus at g10code.de>
* dirmngr.c (main): Reinitialize assuan log stream if necessary.
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/NEWS 2008-02-21 18:45:11 UTC (rev 294)
@@ -8,6 +8,9 @@
* Port to Windows completed.
+ * Improved certificate chain construction.
+
+
Noteworthy changes in version 1.0.1 (2007-08-16)
------------------------------------------------
Modified: trunk/TODO
===================================================================
--- trunk/TODO 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/TODO 2008-02-21 18:45:11 UTC (rev 294)
@@ -25,7 +25,7 @@
* Test OCSP responder redirection.
We need to figure out an OCSP responder actually using redirection.
-* Restrict validtroot certificates
+* Restrict valid root certificates
For some purposes (e.g. Poldi) it might make sense to allow the
caller to restrict what root certificates are to be used for the
chain validation.
@@ -35,3 +35,6 @@
When hashing debugging is enabled, we leak file handles for the
dbgmd crl files. May be a bug in gcrypt.
+* When requiring libgcrypt 1.4:
+** Remove the configure check for gcry_md_debug
+
Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/configure.ac 2008-02-21 18:45:11 UTC (rev 294)
@@ -1,6 +1,6 @@
# configure.ac - for DirMngr
# Copyright (C) 2002 Klarälvdalens Datakonsult AB
-# Copyright (C) 2003, 2004, 2005, 2006, 2007 g10 Code GmbH
+# Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 g10 Code GmbH
#
# This file is part of DirMngr.
#
@@ -343,6 +343,7 @@
AC_CHECK_FUNCS([memicmp stpcpy strsep strlwr strtoul memmove stricmp strtol])
AC_CHECK_FUNCS([memrchr isascii timegm getrusage setrlimit stat setlocale])
AC_CHECK_FUNCS([flockfile funlockfile])
+AC_CHECK_FUNCS([funopen fopencookie])
# end jnlib checks
AC_CHECK_FUNCS([gmtime_r])
@@ -356,6 +357,15 @@
AC_CHECK_FUNCS([canonicalize_file_name])
+# Temporary check until we require libgcrypt 1.4.
+_save_cppflags="$CPPFLAGS"
+CPPFLAGS="$CPPFLAGS $LIBGCRYPT_CFLAGS"
+_save_ldflags="$LDFLAGS"
+LDFLAGS="$LIBGCRYPT_LIBS $LDFLAGS"
+AC_CHECK_FUNCS([gcry_md_debug])
+CPPFLAGS="${_save_cppflags}"
+LDFLAGS="${_save_ldflags}"
+
#
# Stuff which goes at the bottom of config.h.
#
Modified: trunk/src/crlcache.c
===================================================================
--- trunk/src/crlcache.c 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/src/crlcache.c 2008-02-21 18:45:11 UTC (rev 294)
@@ -1544,6 +1544,7 @@
static void
abort_sig_check (ksba_crl_t crl, gcry_md_hd_t md)
{
+ (void)crl;
gcry_md_close (md);
}
Modified: trunk/src/exechelp.c
===================================================================
--- trunk/src/exechelp.c 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/src/exechelp.c 2008-02-21 18:45:11 UTC (rev 294)
@@ -526,6 +526,8 @@
{
#ifdef HAVE_W32_SYSTEM
CloseHandle (pid_to_handle (pid));
+#else
+ (void)pid;
#endif
return 0;
}
Modified: trunk/src/validate.c
===================================================================
--- trunk/src/validate.c 2008-02-15 18:35:05 UTC (rev 293)
+++ trunk/src/validate.c 2008-02-21 18:45:11 UTC (rev 294)
@@ -1,5 +1,5 @@
/* validate.c - Validate a certificate chain.
- * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2003, 2004, 2008 Free Software Foundation, Inc.
* Copyright (C) 2004, 2006, 2008 g10 Code GmbH
*
* This file is part of DirMngr.
@@ -267,7 +267,75 @@
}
+/* Check whether CERT is a root certificate. ISSUERDN and SUBJECTDN
+ are the DNs already extracted by the caller from CERT. Returns
+ True if this is the case. */
+static int
+is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn)
+{
+ gpg_error_t err;
+ int result = 0;
+ ksba_sexp_t serialno;
+ ksba_sexp_t ak_keyid;
+ ksba_name_t ak_name;
+ ksba_sexp_t ak_sn;
+ const char *ak_name_str;
+ ksba_sexp_t subj_keyid = NULL;
+ if (!issuerdn || !subjectdn)
+ return 0; /* No. */
+
+ if (strcmp (issuerdn, subjectdn))
+ return 0; /* No. */
+
+ err = ksba_cert_get_auth_key_id (cert, &ak_keyid, &ak_name, &ak_sn);
+ if (err)
+ {
+ if (gpg_err_code (err) == GPG_ERR_NO_DATA)
+ return 1; /* Yes. Without a authorityKeyIdentifier this needs
+ to be the Root certifcate (our trust anchor). */
+ log_error ("error getting authorityKeyIdentifier: %s\n",
+ gpg_strerror (err));
+ return 0; /* Well, it is broken anyway. Return No. */
+ }
+
+ serialno = ksba_cert_get_serial (cert);
+ if (!serialno)
+ {
+ log_error ("error getting serialno: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+
+ /* Check whether the auth name's matches the issuer name+sn. If
+ that is the case this is a root certificate. */
+ ak_name_str = ksba_name_enum (ak_name, 0);
+ if (ak_name_str
+ && !strcmp (ak_name_str, issuerdn)
+ && !cmp_simple_canon_sexp (ak_sn, serialno))
+ {
+ result = 1; /* Right, CERT is self-signed. */
+ goto leave;
+ }
+
+ /* Similar for the ak_keyid. */
+ if (ak_keyid && !ksba_cert_get_subj_key_id (cert, NULL, &subj_keyid)
+ && !cmp_simple_canon_sexp (ak_keyid, subj_keyid))
+ {
+ result = 1; /* Right, CERT is self-signed. */
+ goto leave;
+ }
+
+
+ leave:
+ ksba_free (subj_keyid);
+ ksba_free (ak_keyid);
+ ksba_name_release (ak_name);
+ ksba_free (ak_sn);
+ ksba_free (serialno);
+ return result;
+}
+
+
/* Validate the certificate CHAIN up to the trust anchor. Optionally
return the closest expiration time in R_EXPTIME (this is useful for
caching issues). MODE is one of the VALIDATE_MODE_* constants. */
@@ -433,8 +501,9 @@
goto leave;
/* Is this a self-signed certificate? */
- if (subject && !strcmp (issuer, subject))
- { /* Yes. */
+ if (is_root_cert ( subject_cert, issuer, subject))
+ {
+ /* Yes, this is our trust anchor. */
if (check_cert_sig (subject_cert, subject_cert) )
{
log_error (_("selfsigned certificate has a BAD signature"));
@@ -780,7 +849,13 @@
return err;
}
if (DBG_HASHING)
- gcry_md_start_debug (md, "hash.cert");
+ {
+#ifdef HAVE_GCRY_MD_DEBUG
+ gcry_md_debug (md, "hash.cert");
+#else
+ gcry_md_start_debug (md, "hash.cert");
+#endif
+ }
err = ksba_cert_hash (cert, 1, HASH_FNC, md);
if (err)
{
More information about the Gnupg-commits
mailing list