dirmngr: Add options --tls and --systrust to the VALIDATE cmd.

* dirmngr/certcache.h (certlist_s, certlist_t): New. * dirmngr/certcache.c (read_certlist_from_stream): New. (release_certlist): New. * dirmngr/server.c (MAX_CERTLIST_LENGTH): New. (cmd_validate): Add options --tls and --systrust. Implement them using a kludge for now. * dirmngr/validate.c (validate_cert_chain): Support systrust checking. Add kludge to disable the CRL checking for tls mode. -- This can now be used to test a list of certificates as returned by TLS. Put the certs PEM encoded into a a file certlist.pem with the target certificate being the first. Then run gpg-connect-agent --dirmngr \ '/definqfile CERTLIST wiki-gnupg-chain.pem' \ 'validate --systrust --tls' /bye CRLS check has been disabled becuase we can't yet pass the systrust flag to the CRL checking code. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2017-02-17 16:39:48 +01:00 · 2017-02-17 16:39:48 +01:00 · 070211eb99
commit 070211eb99
parent ed99af030d
5 changed files with 198 additions and 26 deletions
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@ -155,7 +155,8 @@ struct
 #define DBG_NETWORK (opt.debug & DBG_NETWORK_VALUE)
 #define DBG_LOOKUP  (opt.debug & DBG_LOOKUP_VALUE)

-/* A simple list of certificate references. */
+/* A simple list of certificate references.  FIXME: Better use
+   certlist_t also for references (Store NULL at .cert) */
 struct cert_ref_s
 {
  struct cert_ref_s *next;
@ -163,6 +164,7 @@ struct cert_ref_s
 };
 typedef struct cert_ref_s *cert_ref_t;

+
 /* Forward references; access only through server.c.  */
 struct server_local_s;