summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/config.cc18
-rw-r--r--src/lib/config.h10
2 files changed, 21 insertions, 7 deletions
diff --git a/src/lib/config.cc b/src/lib/config.cc
index 9b0cc5f97..9754e1695 100644
--- a/src/lib/config.cc
+++ b/src/lib/config.cc
@@ -69,7 +69,7 @@ Config* Config::_instance = 0;
int const Config::_current_version = 3;
boost::signals2::signal<void ()> Config::FailedToLoad;
boost::signals2::signal<void (string)> Config::Warning;
-boost::signals2::signal<bool (void)> Config::BadSignerChain;
+boost::signals2::signal<bool (Config::BadSignerChainReason)> Config::BadSignerChain;
/** Construct default configuration */
Config::Config ()
@@ -452,15 +452,23 @@ try
}
}
- bool bad_signer_chain = false;
+ BadSignerChainReason reason = BAD_SIGNER_CHAIN_NONE;
BOOST_FOREACH (dcp::Certificate const & i, _signer_chain->unordered()) {
if (i.has_utf8_strings()) {
- bad_signer_chain = true;
+ reason = static_cast<BadSignerChainReason>(reason | BAD_SIGNER_CHAIN_HAS_UTF8_STRINGS);
+ }
+ struct tm not_before = i.not_before();
+ struct tm not_after = i.not_after();
+ if ((not_after.tm_year - not_before.tm_year) > 15) {
+ /* We don't know why (or precise details) but it seems like certificate validity of >10
+ * years causes problems with some projection systems (#2174 and others).
+ */
+ reason = static_cast<BadSignerChainReason>(reason | BAD_SIGNER_CHAIN_VALIDITY_TOO_LONG);
}
}
- if (bad_signer_chain) {
- optional<bool> const remake = BadSignerChain();
+ if (reason) {
+ optional<bool> const remake = BadSignerChain(reason);
if (remake && *remake) {
_signer_chain = create_certificate_chain ();
}
diff --git a/src/lib/config.h b/src/lib/config.h
index 8cc25d737..f9d669371 100644
--- a/src/lib/config.h
+++ b/src/lib/config.h
@@ -372,10 +372,11 @@ public:
NAG_DKDM_CONFIG,
NAG_ENCRYPTED_METADATA,
NAG_ALTER_DECRYPTION_CHAIN,
- NAG_BAD_SIGNER_CHAIN,
+ NAG_BAD_SIGNER_CHAIN_UTF8_STRINGS,
/* Not really a nag but it's the same idea */
NAG_INITIAL_SETUP,
NAG_IMPORT_DECRYPTION_CHAIN,
+ NAG_BAD_SIGNER_CHAIN_VALIDITY_TOO_LONG,
NAG_COUNT
};
@@ -1074,7 +1075,12 @@ public:
/** Emitted if there is a bad certificate in the signer chain. Handler can call
* true to ask Config to re-create the chain.
*/
- static boost::signals2::signal<bool (void)> BadSignerChain;
+ enum BadSignerChainReason {
+ BAD_SIGNER_CHAIN_NONE = 0x0,
+ BAD_SIGNER_CHAIN_HAS_UTF8_STRINGS = 0x1,
+ BAD_SIGNER_CHAIN_VALIDITY_TOO_LONG = 0x2,
+ };
+ static boost::signals2::signal<bool (BadSignerChainReason)> BadSignerChain;
void write () const;
void write_config () const;
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-05 20:07:17 +0000