[Pkg-gnupg-commit] [gnupg2] 272/292: dirmngr: Register hkp-cacert even if the file doesn't exist yet
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 21 06:31:51 UTC 2016
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch master
in repository gnupg2.
commit c4e02a3b7ad6ee1da6bfc439921378bdbd5c029c
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Thu Oct 27 18:30:57 2016 -0400
dirmngr: Register hkp-cacert even if the file doesn't exist yet
* dirmngr/dirmngr.c (parse_readable_options): If we're unable to turn
an argument for hkp-cacert into an absolute filename, terminate
completely.
* dirmngr/http.c (http_register_tls_ca): Show a warning if file is not
immediately accessible, but register it anyway.
--
Without this changeset, the condition of the filesystem when dirmngr
is initialized will have an effect on later activities of dirmngr.
For example, if a file identified by a hkp-cacert directive doesn't
exist when dirmngr starts, dirmngr will behave as though it simply
didn't have the hkp-cacert directive set at all, even if the file
should appear later.
dirmngr currently behaves differently if no hkp-cacert directives have
been set then it does when at least one hkp-cacert directive has been
set. For example, its choice of CA cert for
hkps://hkps.pool.sks-keyservers.net depends on whether a TLS CA file
has been registered. That behavior shouldn't additionally depend on
the state of the filesystem at the time of dirmngr launch.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
---
dirmngr/dirmngr.c | 12 +++---------
dirmngr/http.c | 5 +++++
2 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 9d4fb14..f5dce81 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -611,15 +611,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
{
char *tmpname;
- /* Do tilde expansion and print a warning if the file can't be
- accessed. */
- tmpname = make_absfilename_try (pargs->r.ret_str, NULL);
- if (!tmpname || access (tmpname, F_OK))
- log_info (_("can't access '%s': %s\n"),
- tmpname? tmpname : pargs->r.ret_str,
- gpg_strerror (gpg_error_from_syserror()));
- else
- http_register_tls_ca (tmpname);
+ /* Do tilde expansion and make path absolute. */
+ tmpname = make_absfilename (pargs->r.ret_str, NULL);
+ http_register_tls_ca (tmpname);
xfree (tmpname);
}
break;
diff --git a/dirmngr/http.c b/dirmngr/http.c
index b74a9ef..90682fa 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -495,6 +495,11 @@ http_register_tls_ca (const char *fname)
}
else
{
+ /* Warn if we can't access right now, but register it anyway in
+ case it becomes accessible later */
+ if (access (fname, F_OK))
+ log_info (_("can't access '%s': %s\n"), fname,
+ gpg_strerror (gpg_error_from_syserror()));
sl = add_to_strlist (&tls_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list