* server.c (option_handler): Allow to use -2 for "send all certs

except the root cert". * sign.c (add_certificate_list): Implement it here. * certpath.c (gpgsm_is_root_cert): New.
2002-02-25 18:18:40 +00:00 · 2002-02-25 18:18:40 +00:00 · 04f49d973b
parent 2a2d713359
commit 04f49d973b
9 changed files with 69 additions and 6 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,10 @@
+2002-02-25  Werner Koch  <wk@gnupg.org>
+
+	* server.c (option_handler): Allow to use -2 for "send all certs
+	except the root cert".
+	* sign.c (add_certificate_list): Implement it here.
+	* certpath.c (gpgsm_is_root_cert): New.
+
 2002-02-19  Werner Koch  <wk@gnupg.org>

 	* certpath.c (check_cert_policy): New.
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -253,6 +253,24 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
  return rc;
 }

+
+/* Check whether the CERT is a root certificate.  Returns True if this
+   is the case. */
+int
+gpgsm_is_root_cert (KsbaCert cert)
+{
+  char *issuer;
+  char *subject;
+  int yes;
+
+  issuer = ksba_cert_get_issuer (cert, 0);
+  subject = ksba_cert_get_subject (cert, 0);
+  yes = (issuer && subject && !strcmp (issuer, subject));
+  xfree (issuer);
+  xfree (subject);
+  return yes;
+}
+

 int
 gpgsm_validate_path (KsbaCert cert)
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -263,3 +263,4 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
 }


+
--- a/sm/certpath.c
+++ b/sm/certpath.c
@ -253,6 +253,24 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
  return rc;
 }

+
+/* Check whether the CERT is a root certificate.  Returns True if this
+   is the case. */
+int
+gpgsm_is_root_cert (KsbaCert cert)
+{
+  char *issuer;
+  char *subject;
+  int yes;
+
+  issuer = ksba_cert_get_issuer (cert, 0);
+  subject = ksba_cert_get_subject (cert, 0);
+  yes = (issuer && subject && !strcmp (issuer, subject));
+  xfree (issuer);
+  xfree (subject);
+  return yes;
+}
+

 int
 gpgsm_validate_path (KsbaCert cert)
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -1239,7 +1239,7 @@ gpgsm_exit (int rc)
 void
 gpgsm_init_default_ctrl (struct server_control_s *ctrl)
 {
-  ctrl->include_certs = 1;
+  ctrl->include_certs = 1;  /* only include the signer's cert */
 }


--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -170,10 +170,11 @@ int gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,

 /*-- certpath.c --*/
 int gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next);
+int gpgsm_is_root_cert (KsbaCert cert);
 int gpgsm_validate_path (KsbaCert cert);
 int gpgsm_basic_cert_check (KsbaCert cert);

-/*-- cetrlist.c --*/
+/*-- certlist.c --*/
 int gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr);
 void gpgsm_release_certlist (CERTLIST list);
 int gpgsm_find_cert (const char *name, KsbaCert *r_cert);
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -232,6 +232,8 @@ gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
  const char *lastresname, *resname;
  int have_secret;

+#warning there is no key selection yet
+  /* We must take care of qouting here */
  hd = keydb_new (0);
  if (!hd)
    rc = GNUPG_General_Error;
--- a/sm/server.c
+++ b/sm/server.c
@ -73,7 +73,7 @@ option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value)
  if (!strcmp (key, "include-certs"))
    {
      int i = *value? atoi (value) : -1;
-      if (ctrl->include_certs < -1)
+      if (ctrl->include_certs < -2)
        return ASSUAN_Parameter_Error;
      ctrl->include_certs = i;
    }
@ -369,6 +369,10 @@ cmd_message (ASSUAN_CONTEXT ctx, char *line)
  return 0;
 }

+
+/* Note that the line contains a space separated list of pappern where
+   each pappern is percent escaped and spacesmay be replaced by
+   '+'. */
 static int 
 cmd_listkeys (ASSUAN_CONTEXT ctx, char *line)
 {
--- a/sm/sign.c
+++ b/sm/sign.c
@ -103,7 +103,7 @@ get_default_signer (void)
 }


-/* Depending on the options in CTRL add the certifcate CERT as well as
+/* Depending on the options in CTRL add the certificate CERT as well as
   other certificate up in the chain to the Root-CA to the CMS
   object. */
 static int 
@ -113,22 +113,34 @@ add_certificate_list (CTRL ctrl, KsbaCMS cms, KsbaCert cert)
  int rc = 0;
  KsbaCert next = NULL;
  int n;
+  int not_root = 0;

  ksba_cert_ref (cert);

  n = ctrl->include_certs;
+  if (n == -2)
+    {
+      not_root = 1;
+      n = -1;
+    }
  if (n < 0 || n > 50)
    n = 50; /* We better apply an upper bound */

  if (n)
    {
-      err = ksba_cms_add_cert (cms, cert);
+      if (not_root && gpgsm_is_root_cert (cert))
+        err = 0;
+      else
+        err = ksba_cms_add_cert (cms, cert);
      if (err)
        goto ksba_failure;
    }
  while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) )
    {
-      err = ksba_cms_add_cert (cms, next);
+      if (not_root && gpgsm_is_root_cert (next))
+        err = 0;
+      else
+        err = ksba_cms_add_cert (cms, next);
      ksba_cert_release (cert);
      cert = next; next = NULL;
      if (err)
				`@ -263,3 +263,4 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,`
				`}`