* import.c (check_and_store): Do a full validation if

--with-validation is set. * certchain.c (gpgsm_basic_cert_check): Print more detailed error messages. * certcheck.c (do_encode_md): Partly support DSA. Add new arg PKALGO. Changed all callers to pass it. (pk_algo_from_sexp): New. tests/pkits: New directory
2025-07-03 22:56:33 +02:00 · 2004-08-17 15:26:22 +00:00 · 2004-08-17 15:26:22 +00:00 · 066352a6a5
commit 066352a6a5
parent f5799d0170
24 changed files with 1157 additions and 97 deletions
--- a/sm/import.c
+++ b/sm/import.c
@ -172,13 +172,19 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth)

  /* Some basic checks, but don't care about missing certificates;
     this is so that we are able to import entire certificate chains
-     w/o requirening a special order (i.e. root-CA first).  This used
+     w/o requiring a special order (i.e. root-CA first).  This used
     to be different but because gpgsm_verify even imports
     certificates without any checks, it doesn't matter much and the
     code gets much cleaner.  A housekeeping function to remove
-     certificates w/o an anchor would be nice, though. */
+     certificates w/o an anchor would be nice, though. 
+     
+     Optionally we do a full validation in addition to the basic test.
+  */
  rc = gpgsm_basic_cert_check (cert);
-  if (!rc || gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
+  if (!rc && ctrl->with_validation)
+    rc = gpgsm_validate_chain (ctrl, cert, NULL, 0, NULL, 0);
+  if (!rc || (!ctrl->with-validation
+              && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
    {
      int existed;

@ -527,14 +533,25 @@ popen_protect_tool (const char *pgmname,

      setup_pinentry_env ();

-      execlp (pgmname, arg0,
-              "--homedir", opt.homedir,
-              "--p12-import",
-              "--store", 
-              "--no-fail-on-exist",
-              "--enable-status-msg",
-              "--",
-              NULL);
+      if (opt.fixed_passphrase)
+        execlp (pgmname, arg0,
+                "--homedir", opt.homedir,
+                "--p12-import",
+                "--store", 
+                "--no-fail-on-exist",
+                "--enable-status-msg",
+                "--passphrase", opt.fixed_passphrase,
+                "--",
+                NULL);
+      else
+        execlp (pgmname, arg0,
+                "--homedir", opt.homedir,
+                "--p12-import",
+                "--store", 
+                "--no-fail-on-exist",
+                "--enable-status-msg",
+                "--",
+                NULL);
      /* No way to print anything, as we have closed all streams. */
      _exit (31);
    }