[PATCH gnupg 4/4] Fix error message if all selected certificates are expired.
Ramón García
ramon.garcia.f at gmail.com
Sun Feb 16 23:09:24 CET 2025
If all selected certificates are expired, don't mislead the user
saying that no certificate was found. Instead, return the error
of the first certificate selected.
* sm/certlist.c: if one expired certificate was found, don't return
no certificate found, return instead the expiration error
---
sm/certlist.c | 40 ++++++++++++++++++++++++++--------------
1 file changed, 26 insertions(+), 14 deletions(-)
diff --git a/sm/certlist.c b/sm/certlist.c
index c868d378b..a82ad442c 100644
--- a/sm/certlist.c
+++ b/sm/certlist.c
@@ -352,6 +352,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char
*name, int secret,
int wrong_usage = 0;
char *first_subject = NULL;
char *first_issuer = NULL;
+ int expired = 0;
get_next:
rc = keydb_search (ctrl, kh, &desc, 1);
@@ -399,6 +400,8 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char
*name, int secret,
}
else if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED ||
gpg_err_code (rc) == GPG_ERR_CERT_TOO_YOUNG)
{
+ if (!expired)
+ expired = rc;
ksba_cert_release (cert);
cert = NULL;
log_info (_("looking for another certificate\n"));
@@ -408,6 +411,9 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char
*name, int secret,
/* We want the error code from the first match in this case. */
if (rc && wrong_usage)
rc = wrong_usage;
+ else if (rc && expired) {
+ rc = expired;
+ }
if (!rc)
{
@@ -442,20 +448,26 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char
*name, int secret,
gnupg_get_isotime (current_time);
current_time_loaded = 1;
}
- int tmp = (same_subject_issuer (first_subject,
- first_issuer,
- cert2)
- && (((gpg_err_code (
- secret ?
- gpgsm_cert_use_sign_p (cert2, 0) :
- gpgsm_cert_use_encrypt_p (cert2)))
- == GPG_ERR_WRONG_KEY_USAGE)
- || gpg_err_code (
- check_validity_period_cm (current_time,
-
current_time, cert,
-
exp_time, 0, NULL,
- 0, 1))
- == GPG_ERR_CERT_EXPIRED));
+ int tmp;
+ if (same_subject_issuer (first_subject,
+ first_issuer,
+ cert2))
+ {
+ tmp = ((gpg_err_code (
+ secret ?
+ gpgsm_cert_use_sign_p (cert2, 0) :
+ gpgsm_cert_use_encrypt_p (cert2)))
+ == GPG_ERR_WRONG_KEY_USAGE);
+ if (!tmp) {
+ int err_validity_period =
gpg_err_code(check_validity_period_cm (current_time,
+
current_time, cert,
+
exp_time, 0, NULL,
+ 0, 1));
+ tmp = err_validity_period ==
GPG_ERR_CERT_EXPIRED || err_validity_period == GPG_ERR_CERT_TOO_YOUNG;
+ }
+ }
+ else
+ tmp = 0;
if (tmp)
gpgsm_add_cert_to_certlist (ctrl, cert2,
&dup_certs, 0);
else
--
2.43.0
More information about the Gnupg-devel
mailing list