gpgsm OCSP question (key usage checking for
response verification)
Daiki Ueno
ueno at unixuser.org
Thu May 18 09:55:54 CEST 2006
>>>>> In <87iro3dbqa.fsf at wheatstone.g10code.de>
>>>>> Werner Koch <wk at gnupg.org> wrote:
> Daiki Ueno <ueno at unixuser.org> writes:
> > I stepped through the execution using GDB, in line 149 use == 0xffffffff
> > (== ~0) and have_ocsp_signing == 1. Now, my question is, why doesn't it
> > accept the value ~0 for the variable use? use is corresponding to the
> With use == 0xffffffff (assuming 32 bit unsigned int) this evaluates to
> if ( 0 && (have_ocsp_signing
> || (0xffffffff & (KSBA_KEYUSAGE_KEY_CERT_SIGN
> |KSBA_KEYUSAGE_CRL_SIGN))))
> return 0;
> Thus you won't get to the return.
Yes, I know that :-)
I think that use == 0xfffffff is valid condition, so I would like to
know why use != ~0 is necessary here.
use is set as
err = ksba_cert_get_key_usage (cert, &use);
if (gpg_err_code (err) == GPG_ERR_NO_DATA)
{
err = 0;
if (opt.verbose && mode < 2)
log_info (_("no key usage specified - assuming all usages\n"));
use = ~0;
}
Thus,, use == ~0 indicates cert is usable for all usages.
Regards,
--
Daiki Ueno
More information about the Gnupg-devel
mailing list