1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-31 11:41:32 +01:00

* server.c (option_handler): Allow to use -2 for "send all certs

except the root cert".
* sign.c (add_certificate_list): Implement it here.
* certpath.c (gpgsm_is_root_cert): New.
This commit is contained in:
Werner Koch 2002-02-25 18:18:40 +00:00
parent 2a2d713359
commit 04f49d973b
9 changed files with 69 additions and 6 deletions

View File

@ -1,3 +1,10 @@
2002-02-25 Werner Koch <wk@gnupg.org>
* server.c (option_handler): Allow to use -2 for "send all certs
except the root cert".
* sign.c (add_certificate_list): Implement it here.
* certpath.c (gpgsm_is_root_cert): New.
2002-02-19 Werner Koch <wk@gnupg.org> 2002-02-19 Werner Koch <wk@gnupg.org>
* certpath.c (check_cert_policy): New. * certpath.c (check_cert_policy): New.

View File

@ -253,6 +253,24 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
return rc; return rc;
} }
/* Check whether the CERT is a root certificate. Returns True if this
is the case. */
int
gpgsm_is_root_cert (KsbaCert cert)
{
char *issuer;
char *subject;
int yes;
issuer = ksba_cert_get_issuer (cert, 0);
subject = ksba_cert_get_subject (cert, 0);
yes = (issuer && subject && !strcmp (issuer, subject));
xfree (issuer);
xfree (subject);
return yes;
}
int int
gpgsm_validate_path (KsbaCert cert) gpgsm_validate_path (KsbaCert cert)

View File

@ -263,3 +263,4 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
} }

View File

@ -253,6 +253,24 @@ gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
return rc; return rc;
} }
/* Check whether the CERT is a root certificate. Returns True if this
is the case. */
int
gpgsm_is_root_cert (KsbaCert cert)
{
char *issuer;
char *subject;
int yes;
issuer = ksba_cert_get_issuer (cert, 0);
subject = ksba_cert_get_subject (cert, 0);
yes = (issuer && subject && !strcmp (issuer, subject));
xfree (issuer);
xfree (subject);
return yes;
}
int int
gpgsm_validate_path (KsbaCert cert) gpgsm_validate_path (KsbaCert cert)

View File

@ -1239,7 +1239,7 @@ gpgsm_exit (int rc)
void void
gpgsm_init_default_ctrl (struct server_control_s *ctrl) gpgsm_init_default_ctrl (struct server_control_s *ctrl)
{ {
ctrl->include_certs = 1; ctrl->include_certs = 1; /* only include the signer's cert */
} }

View File

@ -170,10 +170,11 @@ int gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
/*-- certpath.c --*/ /*-- certpath.c --*/
int gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next); int gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next);
int gpgsm_is_root_cert (KsbaCert cert);
int gpgsm_validate_path (KsbaCert cert); int gpgsm_validate_path (KsbaCert cert);
int gpgsm_basic_cert_check (KsbaCert cert); int gpgsm_basic_cert_check (KsbaCert cert);
/*-- cetrlist.c --*/ /*-- certlist.c --*/
int gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr); int gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr);
void gpgsm_release_certlist (CERTLIST list); void gpgsm_release_certlist (CERTLIST list);
int gpgsm_find_cert (const char *name, KsbaCert *r_cert); int gpgsm_find_cert (const char *name, KsbaCert *r_cert);

View File

@ -232,6 +232,8 @@ gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
const char *lastresname, *resname; const char *lastresname, *resname;
int have_secret; int have_secret;
#warning there is no key selection yet
/* We must take care of qouting here */
hd = keydb_new (0); hd = keydb_new (0);
if (!hd) if (!hd)
rc = GNUPG_General_Error; rc = GNUPG_General_Error;

View File

@ -73,7 +73,7 @@ option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value)
if (!strcmp (key, "include-certs")) if (!strcmp (key, "include-certs"))
{ {
int i = *value? atoi (value) : -1; int i = *value? atoi (value) : -1;
if (ctrl->include_certs < -1) if (ctrl->include_certs < -2)
return ASSUAN_Parameter_Error; return ASSUAN_Parameter_Error;
ctrl->include_certs = i; ctrl->include_certs = i;
} }
@ -369,6 +369,10 @@ cmd_message (ASSUAN_CONTEXT ctx, char *line)
return 0; return 0;
} }
/* Note that the line contains a space separated list of pappern where
each pappern is percent escaped and spacesmay be replaced by
'+'. */
static int static int
cmd_listkeys (ASSUAN_CONTEXT ctx, char *line) cmd_listkeys (ASSUAN_CONTEXT ctx, char *line)
{ {

View File

@ -103,7 +103,7 @@ get_default_signer (void)
} }
/* Depending on the options in CTRL add the certifcate CERT as well as /* Depending on the options in CTRL add the certificate CERT as well as
other certificate up in the chain to the Root-CA to the CMS other certificate up in the chain to the Root-CA to the CMS
object. */ object. */
static int static int
@ -113,22 +113,34 @@ add_certificate_list (CTRL ctrl, KsbaCMS cms, KsbaCert cert)
int rc = 0; int rc = 0;
KsbaCert next = NULL; KsbaCert next = NULL;
int n; int n;
int not_root = 0;
ksba_cert_ref (cert); ksba_cert_ref (cert);
n = ctrl->include_certs; n = ctrl->include_certs;
if (n == -2)
{
not_root = 1;
n = -1;
}
if (n < 0 || n > 50) if (n < 0 || n > 50)
n = 50; /* We better apply an upper bound */ n = 50; /* We better apply an upper bound */
if (n) if (n)
{ {
err = ksba_cms_add_cert (cms, cert); if (not_root && gpgsm_is_root_cert (cert))
err = 0;
else
err = ksba_cms_add_cert (cms, cert);
if (err) if (err)
goto ksba_failure; goto ksba_failure;
} }
while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) ) while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) )
{ {
err = ksba_cms_add_cert (cms, next); if (not_root && gpgsm_is_root_cert (next))
err = 0;
else
err = ksba_cms_add_cert (cms, next);
ksba_cert_release (cert); ksba_cert_release (cert);
cert = next; next = NULL; cert = next; next = NULL;
if (err) if (err)