diff --git a/common/gettime.h b/common/gettime.h index 73f188634..4f7199f92 100644 --- a/common/gettime.h +++ b/common/gettime.h @@ -38,6 +38,11 @@ the KSBA type ksba_isotime_t. */ typedef char gnupg_isotime_t[16]; +/* Constant string of 16-byte, which is compatible to the type + gnupg_iso_time_t. */ +#define GNUPG_ISOTIME_NONE \ + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + time_t gnupg_get_time (void); struct tm *gnupg_gmtime (const time_t *timep, struct tm *result); void gnupg_get_isotime (gnupg_isotime_t timebuf); diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 709f31720..9675d0404 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -572,7 +572,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, { /* Note the no_dirmngr flag: This avoids checking this certificate over and over again. */ - rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL, + rc = gpgsm_validate_chain (ctrl, rspcert, GNUPG_ISOTIME_NONE, + NULL, 0, NULL, VALIDATE_FLAG_NO_DIRMNGR, NULL); if (rc) { diff --git a/sm/certlist.c b/sm/certlist.c index 61125acba..5ce74586c 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -444,7 +444,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, } } if (!rc) - rc = gpgsm_validate_chain (ctrl, cert, "", NULL, + rc = gpgsm_validate_chain (ctrl, cert, GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL); if (!rc) { diff --git a/sm/import.c b/sm/import.c index d506913d0..5a193ef52 100644 --- a/sm/import.c +++ b/sm/import.c @@ -191,7 +191,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats, */ rc = gpgsm_basic_cert_check (ctrl, cert); if (!rc && ctrl->with_validation) - rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL); + rc = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL); if (!rc || (!ctrl->with_validation && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT))) diff --git a/sm/keylist.c b/sm/keylist.c index 8907628f8..404eca176 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -455,7 +455,8 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, char *kludge_uid; if (ctrl->with_validation) - valerr = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, NULL, 0, NULL); + valerr = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 1, NULL, 0, NULL); else valerr = 0; @@ -1180,7 +1181,8 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd, if (with_validation) { - err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL); + err = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); if (!err) es_fprintf (fp, " [certificate is good]\n"); else @@ -1429,7 +1431,8 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, size_t buflen; char buffer[1]; - err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL); + err = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 1, fp, 0, NULL); tmperr = ksba_cert_get_user_data (cert, "is_qualified", &buffer, sizeof (buffer), &buflen); if (!tmperr && buflen) diff --git a/sm/sign.c b/sm/sign.c index 46c71f040..943589f5c 100644 --- a/sm/sign.c +++ b/sm/sign.c @@ -504,7 +504,8 @@ gpgsm_sign (ctrl_t ctrl, certlist_t signerlist, check that the signer's certificate is usable and valid. */ rc = gpgsm_cert_use_sign_p (cert, 0); if (!rc) - rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL); + rc = gpgsm_validate_chain (ctrl, cert, + GNUPG_ISOTIME_NONE, NULL, 0, NULL, 0, NULL); if (rc) { char *tmpfpr;