diff options
author | Werner Koch <wk@gnupg.org> | 2005-04-21 09:16:41 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2005-04-21 09:16:41 +0200 |
commit | 314c234e7d1320bcd13e5130c3d7074b19979e46 (patch) | |
tree | 7362abce81e9b5c3477bb1d8d7a7e264ca93ff2c /sm | |
parent | . (diff) | |
download | gnupg2-314c234e7d1320bcd13e5130c3d7074b19979e46.tar.xz gnupg2-314c234e7d1320bcd13e5130c3d7074b19979e46.zip |
(gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature
verification an expired key is fine whereas a revoked one is not.
Diffstat (limited to 'sm')
-rw-r--r-- | sm/ChangeLog | 16 | ||||
-rw-r--r-- | sm/Makefile.am | 3 | ||||
-rw-r--r-- | sm/certchain.c | 9 |
3 files changed, 21 insertions, 7 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog index 7b67407ad..b209b9d4b 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,19 @@ +2005-04-21 Werner Koch <wk@g10code.com> + + * certchain.c (gpgsm_validate_chain): Check revocations even for + expired certificates. This is required because on signature + verification an expired key is fine whereas a revoked one is not. + +2005-04-20 Werner Koch <wk@g10code.com> + + * Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks. + +2005-04-19 Werner Koch <wk@g10code.com> + + * certchain.c (check_cert_policy): Print the diagnostic for a open + failure of policies.txt only in verbose mode or when it is not + ENOENT. + 2005-04-17 Werner Koch <wk@g10code.com> * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI. diff --git a/sm/Makefile.am b/sm/Makefile.am index d4f972527..f1a116ab5 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -21,7 +21,8 @@ bin_PROGRAMS = gpgsm -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS) +AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS) \ + $(PTH_CFLAGS) AM_CPPFLAGS = -I$(top_srcdir)/common -I$(top_srcdir)/intl include $(top_srcdir)/am/cmacros.am diff --git a/sm/certchain.c b/sm/certchain.c index a5fdbc622..2e491f590 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -175,8 +175,9 @@ check_cert_policy (ksba_cert_t cert, int listmode, FILE *fplist) fp = fopen (opt.policy_file, "r"); if (!fp) { - log_error ("failed to open `%s': %s\n", - opt.policy_file, strerror (errno)); + if (opt.verbose || errno != ENOENT) + log_info (_("failed to open `%s': %s\n"), + opt.policy_file, strerror (errno)); xfree (policies); /* With no critical policies this is only a warning */ if (!any_critical) @@ -816,8 +817,6 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, /* Check for revocations etc. */ if ((flags & 1)) rc = 0; - else if (any_expired) - ; /* Don't bother to run the expensive CRL check then. */ else rc = is_cert_still_valid (ctrl, lm, fp, subject_cert, subject_cert, @@ -953,8 +952,6 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, /* Check for revocations etc. */ if ((flags & 1)) rc = 0; - else if (any_expired) - ; /* Don't bother to run the expensive CRL check then. */ else rc = is_cert_still_valid (ctrl, lm, fp, subject_cert, issuer_cert, |