Add better error code for missing certificates.
authorWerner Koch <wk@gnupg.org>
Thu, 16 Sep 2010 14:49:31 +0000 (14:49 +0000)
committerWerner Koch <wk@gnupg.org>
Thu, 16 Sep 2010 14:49:31 +0000 (14:49 +0000)
ChangeLog
Makefile.am
packages/packages.current
patches/gnupg2-2.0.16/05-err-codes.patch [new file with mode: 0755]

index 45cf679..578d8c6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-09-16  Werner Koch  <wk@g10code.com>
+
+       * patches/gnupg2-2.0.16/05-err-codes.patch: New.
+
 2010-09-14  Emanuel Schuetze <emanuel@intevation.de>
 
        * src/inst-gpg4win.nsi: Install README.en.txt for ar, es, fr, ru, pt 
index f3c2458..b335e0b 100644 (file)
@@ -63,6 +63,7 @@ EXTRA_DIST = autogen.sh README.SVN ONEWS \
        patches/gnupg2-2.0.16/02-gpgtar.patch \
         patches/gnupg2-2.0.16/03-kbx-realloc.patch \
        patches/gnupg2-2.0.16/04-gpgtar-2.patch \
+       patches/gnupg2-2.0.16/05-err-codes.patch \
        patches/dirmngr-1.0.3/01-ldaphttp.patch \
        patches/gpgol-0.9.91/01-gpgme.patch \
         patches/gpa-0.9.0/01-title-prop.patch \
index ae0b754..73b0748 100644 (file)
@@ -322,8 +322,8 @@ chk  ae1b992721198b93198aa36eb7a3a7d074417f47
 #
 server ftp://ftp.gnupg.org/gcrypt
 
-file libgpg-error/libgpg-error-1.9.tar.bz2
-chk 6836579e42320b057a2372bbcd0325130fe2561e
+#file libgpg-error/libgpg-error-1.9.tar.bz2
+#chk 6836579e42320b057a2372bbcd0325130fe2561e
 
 file libksba/libksba-1.0.8.tar.bz2
 chk  268e424e94e62abb51eeca9c66d886dbee8455ab
@@ -353,6 +353,8 @@ server ftp://ftp.g10code.com/g10code/scratch
 file gpgme-1.3.1-svn1460.tar.bz2
 chk  a309ae1880c84bf7d76fea7186b3247ee70b1693
 
+file libgpg-error-1.10-svn249.tar.bz2
+chk  71c16e8475dc3a75ac58f2b80eae6ec2a2a7e4a1
 
 #
 #  GnuPG utilities
diff --git a/patches/gnupg2-2.0.16/05-err-codes.patch b/patches/gnupg2-2.0.16/05-err-codes.patch
new file mode 100755 (executable)
index 0000000..5811e1e
--- /dev/null
@@ -0,0 +1,130 @@
+#! /bin/sh
+patch -p0 -f $* < $0
+exit $?
+
+
+[sm/]
+2010-09-16  Werner Koch  <wk@g10code.com>
+
+       * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
+       (do_validate_chain): Ditto.
+       (gpgsm_basic_cert_check): Ditto.
+       * call-agent.c (learn_cb): Take care of new
+       GPG_ERR_MISSING_ISSUER_CERT.
+       * import.c (check_and_store): Ditto.
+       (check_and_store): Ditto.
+
+[common/]
+2010-09-16  Werner Koch  <wk@g10code.com>
+
+       * util.h: Add GPG_ERR_MISSING_ISSUER_CERT.
+       * status.c (get_inv_recpsgnr_code): Ditto.
+
+
+
+Index: sm/certchain.c
+===================================================================
+--- sm/certchain.c     (revision 5418)
++++ sm/certchain.c     (working copy)
+@@ -789,7 +789,7 @@
+          print an error here.  */
+       if (rc != -1 && opt.verbose > 1)
+         log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+-      rc = gpg_error (GPG_ERR_MISSING_CERT);
++      rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
+       goto leave;
+     }
+@@ -1496,7 +1496,7 @@
+             }
+           else
+             log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+-          rc = gpg_error (GPG_ERR_MISSING_CERT);
++          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
+           goto leave;
+         }
+@@ -1897,7 +1897,7 @@
+             }
+           else
+             log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+-          rc = gpg_error (GPG_ERR_MISSING_CERT);
++          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
+           goto leave;
+         }
+       
+Index: sm/call-agent.c
+===================================================================
+--- sm/call-agent.c    (revision 5418)
++++ sm/call-agent.c    (working copy)
+@@ -887,7 +887,8 @@
+      because we can assume that the --learn-card command has been used
+      on purpose.  */
+   rc = gpgsm_basic_cert_check (parm->ctrl, cert);
+-  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT)
++  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
++      && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
+     log_error ("invalid certificate: %s\n", gpg_strerror (rc));
+   else
+     {
+Index: sm/import.c
+===================================================================
+--- sm/import.c        (revision 5418)
++++ sm/import.c        (working copy)
+@@ -194,7 +194,8 @@
+   if (!rc && ctrl->with_validation)
+     rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
+   if (!rc || (!ctrl->with_validation
+-              && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
++              && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
++                  || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
+     {
+       int existed;
+@@ -253,9 +254,14 @@
+       log_error (_("basic certificate checks failed - not imported\n"));
+       if (stats)
+         stats->not_imported++;
+-      print_import_problem (ctrl, cert,
+-                            gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
+-                            gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
++      /* We keep the test for GPG_ERR_MISSING_CERT only in case
++         GPG_ERR_MISSING_CERT has been used instead of the newer
++         GPG_ERR_MISSING_ISSUER_CERT.  */
++      print_import_problem 
++        (ctrl, cert,
++         gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
++         gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
++         gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
+     }
+ }
+
+Index: common/util.h
+===================================================================
+--- common/util.h      (revision 5418)
++++ common/util.h      (working copy)
+@@ -33,6 +33,9 @@
+ #ifndef GPG_ERR_NOT_INITIALIZED
+ #define GPG_ERR_NOT_INITIALIZED 184
+ #endif
++#ifndef GPG_ERR_MISSING_ISSUER_CERT
++#define GPG_ERR_MISSING_ISSUER_CERT 185
++#endif
+ /* Hash function used with libksba. */
+       * homedir.c (gnupg_bindir) [W32CE]: Change to bin/.
+Index: common/status.c
+===================================================================
+--- common/status.c    (revision 5418)
++++ common/status.c    (working copy)
+@@ -58,6 +58,7 @@
+     case GPG_ERR_NOT_TRUSTED:     errstr = "10"; break;
+     case GPG_ERR_MISSING_CERT:    errstr = "11"; break;
++    case GPG_ERR_MISSING_ISSUER_CERT: errstr = "12"; break;
+     default:                      errstr = "0"; break;
+     }