mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
* server.c (option_handler): Allow to use -2 for "send all certs
except the root cert". * sign.c (add_certificate_list): Implement it here. * certpath.c (gpgsm_is_root_cert): New.
This commit is contained in:
parent
2a2d713359
commit
04f49d973b
@ -1,3 +1,10 @@
|
|||||||
|
2002-02-25 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* server.c (option_handler): Allow to use -2 for "send all certs
|
||||||
|
except the root cert".
|
||||||
|
* sign.c (add_certificate_list): Implement it here.
|
||||||
|
* certpath.c (gpgsm_is_root_cert): New.
|
||||||
|
|
||||||
2002-02-19 Werner Koch <wk@gnupg.org>
|
2002-02-19 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* certpath.c (check_cert_policy): New.
|
* certpath.c (check_cert_policy): New.
|
||||||
|
@ -253,6 +253,24 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Check whether the CERT is a root certificate. Returns True if this
|
||||||
|
is the case. */
|
||||||
|
int
|
||||||
|
gpgsm_is_root_cert (KsbaCert cert)
|
||||||
|
{
|
||||||
|
char *issuer;
|
||||||
|
char *subject;
|
||||||
|
int yes;
|
||||||
|
|
||||||
|
issuer = ksba_cert_get_issuer (cert, 0);
|
||||||
|
subject = ksba_cert_get_subject (cert, 0);
|
||||||
|
yes = (issuer && subject && !strcmp (issuer, subject));
|
||||||
|
xfree (issuer);
|
||||||
|
xfree (subject);
|
||||||
|
return yes;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
gpgsm_validate_path (KsbaCert cert)
|
gpgsm_validate_path (KsbaCert cert)
|
||||||
|
@ -263,3 +263,4 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -253,6 +253,24 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
|
|||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Check whether the CERT is a root certificate. Returns True if this
|
||||||
|
is the case. */
|
||||||
|
int
|
||||||
|
gpgsm_is_root_cert (KsbaCert cert)
|
||||||
|
{
|
||||||
|
char *issuer;
|
||||||
|
char *subject;
|
||||||
|
int yes;
|
||||||
|
|
||||||
|
issuer = ksba_cert_get_issuer (cert, 0);
|
||||||
|
subject = ksba_cert_get_subject (cert, 0);
|
||||||
|
yes = (issuer && subject && !strcmp (issuer, subject));
|
||||||
|
xfree (issuer);
|
||||||
|
xfree (subject);
|
||||||
|
return yes;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
gpgsm_validate_path (KsbaCert cert)
|
gpgsm_validate_path (KsbaCert cert)
|
||||||
|
@ -1239,7 +1239,7 @@ gpgsm_exit (int rc)
|
|||||||
void
|
void
|
||||||
gpgsm_init_default_ctrl (struct server_control_s *ctrl)
|
gpgsm_init_default_ctrl (struct server_control_s *ctrl)
|
||||||
{
|
{
|
||||||
ctrl->include_certs = 1;
|
ctrl->include_certs = 1; /* only include the signer's cert */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -170,10 +170,11 @@ int gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
|
|||||||
|
|
||||||
/*-- certpath.c --*/
|
/*-- certpath.c --*/
|
||||||
int gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next);
|
int gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next);
|
||||||
|
int gpgsm_is_root_cert (KsbaCert cert);
|
||||||
int gpgsm_validate_path (KsbaCert cert);
|
int gpgsm_validate_path (KsbaCert cert);
|
||||||
int gpgsm_basic_cert_check (KsbaCert cert);
|
int gpgsm_basic_cert_check (KsbaCert cert);
|
||||||
|
|
||||||
/*-- cetrlist.c --*/
|
/*-- certlist.c --*/
|
||||||
int gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr);
|
int gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr);
|
||||||
void gpgsm_release_certlist (CERTLIST list);
|
void gpgsm_release_certlist (CERTLIST list);
|
||||||
int gpgsm_find_cert (const char *name, KsbaCert *r_cert);
|
int gpgsm_find_cert (const char *name, KsbaCert *r_cert);
|
||||||
|
@ -232,6 +232,8 @@ gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
|
|||||||
const char *lastresname, *resname;
|
const char *lastresname, *resname;
|
||||||
int have_secret;
|
int have_secret;
|
||||||
|
|
||||||
|
#warning there is no key selection yet
|
||||||
|
/* We must take care of qouting here */
|
||||||
hd = keydb_new (0);
|
hd = keydb_new (0);
|
||||||
if (!hd)
|
if (!hd)
|
||||||
rc = GNUPG_General_Error;
|
rc = GNUPG_General_Error;
|
||||||
|
@ -73,7 +73,7 @@ option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value)
|
|||||||
if (!strcmp (key, "include-certs"))
|
if (!strcmp (key, "include-certs"))
|
||||||
{
|
{
|
||||||
int i = *value? atoi (value) : -1;
|
int i = *value? atoi (value) : -1;
|
||||||
if (ctrl->include_certs < -1)
|
if (ctrl->include_certs < -2)
|
||||||
return ASSUAN_Parameter_Error;
|
return ASSUAN_Parameter_Error;
|
||||||
ctrl->include_certs = i;
|
ctrl->include_certs = i;
|
||||||
}
|
}
|
||||||
@ -369,6 +369,10 @@ cmd_message (ASSUAN_CONTEXT ctx, char *line)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Note that the line contains a space separated list of pappern where
|
||||||
|
each pappern is percent escaped and spacesmay be replaced by
|
||||||
|
'+'. */
|
||||||
static int
|
static int
|
||||||
cmd_listkeys (ASSUAN_CONTEXT ctx, char *line)
|
cmd_listkeys (ASSUAN_CONTEXT ctx, char *line)
|
||||||
{
|
{
|
||||||
|
14
sm/sign.c
14
sm/sign.c
@ -103,7 +103,7 @@ get_default_signer (void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Depending on the options in CTRL add the certifcate CERT as well as
|
/* Depending on the options in CTRL add the certificate CERT as well as
|
||||||
other certificate up in the chain to the Root-CA to the CMS
|
other certificate up in the chain to the Root-CA to the CMS
|
||||||
object. */
|
object. */
|
||||||
static int
|
static int
|
||||||
@ -113,21 +113,33 @@ add_certificate_list (CTRL ctrl, KsbaCMS cms, KsbaCert cert)
|
|||||||
int rc = 0;
|
int rc = 0;
|
||||||
KsbaCert next = NULL;
|
KsbaCert next = NULL;
|
||||||
int n;
|
int n;
|
||||||
|
int not_root = 0;
|
||||||
|
|
||||||
ksba_cert_ref (cert);
|
ksba_cert_ref (cert);
|
||||||
|
|
||||||
n = ctrl->include_certs;
|
n = ctrl->include_certs;
|
||||||
|
if (n == -2)
|
||||||
|
{
|
||||||
|
not_root = 1;
|
||||||
|
n = -1;
|
||||||
|
}
|
||||||
if (n < 0 || n > 50)
|
if (n < 0 || n > 50)
|
||||||
n = 50; /* We better apply an upper bound */
|
n = 50; /* We better apply an upper bound */
|
||||||
|
|
||||||
if (n)
|
if (n)
|
||||||
{
|
{
|
||||||
|
if (not_root && gpgsm_is_root_cert (cert))
|
||||||
|
err = 0;
|
||||||
|
else
|
||||||
err = ksba_cms_add_cert (cms, cert);
|
err = ksba_cms_add_cert (cms, cert);
|
||||||
if (err)
|
if (err)
|
||||||
goto ksba_failure;
|
goto ksba_failure;
|
||||||
}
|
}
|
||||||
while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) )
|
while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) )
|
||||||
{
|
{
|
||||||
|
if (not_root && gpgsm_is_root_cert (next))
|
||||||
|
err = 0;
|
||||||
|
else
|
||||||
err = ksba_cms_add_cert (cms, next);
|
err = ksba_cms_add_cert (cms, next);
|
||||||
ksba_cert_release (cert);
|
ksba_cert_release (cert);
|
||||||
cert = next; next = NULL;
|
cert = next; next = NULL;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user