[svn] GnuPG - r5420 - in branches/STABLE-BRANCH-2-0: common sm
svn author wk
cvs at cvs.gnupg.org
Thu Sep 16 16:32:39 CEST 2010
Author: wk
Date: 2010-09-16 16:32:38 +0200 (Thu, 16 Sep 2010)
New Revision: 5420
Modified:
branches/STABLE-BRANCH-2-0/common/ChangeLog
branches/STABLE-BRANCH-2-0/common/status.c
branches/STABLE-BRANCH-2-0/common/util.h
branches/STABLE-BRANCH-2-0/sm/ChangeLog
branches/STABLE-BRANCH-2-0/sm/call-agent.c
branches/STABLE-BRANCH-2-0/sm/certchain.c
branches/STABLE-BRANCH-2-0/sm/gpgsm.c
branches/STABLE-BRANCH-2-0/sm/import.c
Log:
Return a more specific error code for missing issuer certificates
Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-2-0/common/ChangeLog 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/common/ChangeLog 2010-09-16 14:32:38 UTC (rev 5420)
@@ -1,3 +1,8 @@
+2010-09-16 Werner Koch <wk at g10code.com>
+
+ * util.h: Add GPG_ERR_MISSING_ISSUER_CERT.
+ * status.c (get_inv_recpsgnr_code): Ditto.
+
2010-05-03 Werner Koch <wk at g10code.com>
* asshelp.c (lock_agent_spawning, unlock_agent_spawning): New.
Modified: branches/STABLE-BRANCH-2-0/sm/ChangeLog
===================================================================
--- branches/STABLE-BRANCH-2-0/sm/ChangeLog 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/sm/ChangeLog 2010-09-16 14:32:38 UTC (rev 5420)
@@ -1,3 +1,13 @@
+2010-09-16 Werner Koch <wk at g10code.com>
+
+ * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
+ (do_validate_chain): Ditto.
+ (gpgsm_basic_cert_check): Ditto.
+ * call-agent.c (learn_cb): Take care of new
+ GPG_ERR_MISSING_ISSUER_CERT.
+ * import.c (check_and_store): Ditto.
+ (check_and_store): Ditto.
+
2010-05-12 Werner Koch <wk at g10code.com>
* Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for
Modified: branches/STABLE-BRANCH-2-0/common/status.c
===================================================================
--- branches/STABLE-BRANCH-2-0/common/status.c 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/common/status.c 2010-09-16 14:32:38 UTC (rev 5420)
@@ -58,6 +58,7 @@
case GPG_ERR_NOT_TRUSTED: errstr = "10"; break;
case GPG_ERR_MISSING_CERT: errstr = "11"; break;
+ case GPG_ERR_MISSING_ISSUER_CERT: errstr = "12"; break;
default: errstr = "0"; break;
}
Modified: branches/STABLE-BRANCH-2-0/common/util.h
===================================================================
--- branches/STABLE-BRANCH-2-0/common/util.h 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/common/util.h 2010-09-16 14:32:38 UTC (rev 5420)
@@ -29,6 +29,9 @@
#ifndef GPG_ERR_NOT_ENABLED
#define GPG_ERR_NOT_ENABLED 179
#endif
+#ifndef GPG_ERR_MISSING_ISSUER_CERT
+#define GPG_ERR_MISSING_ISSUER_CERT 185
+#endif
/* Hash function used with libksba. */
#define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write)
Modified: branches/STABLE-BRANCH-2-0/sm/call-agent.c
===================================================================
--- branches/STABLE-BRANCH-2-0/sm/call-agent.c 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/sm/call-agent.c 2010-09-16 14:32:38 UTC (rev 5420)
@@ -879,7 +879,8 @@
because we can assume that the --learn-card command has been used
on purpose. */
rc = gpgsm_basic_cert_check (parm->ctrl, cert);
- if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT)
+ if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
+ && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
log_error ("invalid certificate: %s\n", gpg_strerror (rc));
else
{
Modified: branches/STABLE-BRANCH-2-0/sm/certchain.c
===================================================================
--- branches/STABLE-BRANCH-2-0/sm/certchain.c 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/sm/certchain.c 2010-09-16 14:32:38 UTC (rev 5420)
@@ -789,7 +789,7 @@
print an error here. */
if (rc != -1 && opt.verbose > 1)
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
- rc = gpg_error (GPG_ERR_MISSING_CERT);
+ rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
goto leave;
}
@@ -1496,7 +1496,7 @@
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
- rc = gpg_error (GPG_ERR_MISSING_CERT);
+ rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
goto leave;
}
@@ -1897,7 +1897,7 @@
}
else
log_error ("failed to find issuer's certificate: rc=%d\n", rc);
- rc = gpg_error (GPG_ERR_MISSING_CERT);
+ rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
goto leave;
}
Modified: branches/STABLE-BRANCH-2-0/sm/gpgsm.c
===================================================================
--- branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2010-09-16 14:32:38 UTC (rev 5420)
@@ -288,7 +288,7 @@
ARGPARSE_s_s (oAuditLog, "audit-log",
N_("|FILE|write an audit log to FILE")),
- ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""),
+ ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),
Modified: branches/STABLE-BRANCH-2-0/sm/import.c
===================================================================
--- branches/STABLE-BRANCH-2-0/sm/import.c 2010-09-16 11:45:25 UTC (rev 5419)
+++ branches/STABLE-BRANCH-2-0/sm/import.c 2010-09-16 14:32:38 UTC (rev 5420)
@@ -178,7 +178,8 @@
if (!rc && ctrl->with_validation)
rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
if (!rc || (!ctrl->with_validation
- && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
+ && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
+ || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
{
int existed;
@@ -237,9 +238,14 @@
log_error (_("basic certificate checks failed - not imported\n"));
if (stats)
stats->not_imported++;
- print_import_problem (ctrl, cert,
- gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
- gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
+ /* We keep the test for GPG_ERR_MISSING_CERT only in case
+ GPG_ERR_MISSING_CERT has been used instead of the newer
+ GPG_ERR_MISSING_ISSUER_CERT. */
+ print_import_problem
+ (ctrl, cert,
+ gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
+ gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
+ gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0);
}
}
More information about the Gnupg-commits
mailing list