security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

* gpgsm.c (main): Disable core dumps.

Browse source 
* sign.c (add_certificate_list): New.
(gpgsm_sign): Add the certificates to the CMS object.
* certpath.c (gpgsm_walk_cert_chain): New.
* gpgsm.h (server_control_s): Add included_certs.
* gpgsm.c: Add option --include-certs.
(gpgsm_init_default_ctrl): New.
(main): Call it.
* server.c (gpgsm_server): Ditto.
(option_handler): Support --include-certs.
This commit is contained in:
Werner Koch 2002-01-25 16:41:13 +00:00
parent ecb785ac44
commit 151deac0df
7 changed files with 235 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

56
sm/sign.c
View file

@ -103,6 +103,49 @@ get_default_signer (void)
}
/* Depending on the options in CTRL add the certifcate CERT as well as
other certificate up in the chain to the Root-CA to the CMS
object. */
static int
add_certificate_list (CTRL ctrl, KsbaCMS cms, KsbaCert cert)
{
KsbaError err;
int rc = 0;
KsbaCert next = NULL;
int n;
ksba_cert_ref (cert);
n = ctrl->include_certs;
if (n < 0 || n > 50)
n = 50; /* We better apply an upper bound */
if (n)
{
err = ksba_cms_add_cert (cms, cert);
if (err)
goto ksba_failure;
}
while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) )
{
err = ksba_cms_add_cert (cms, next);
ksba_cert_release (cert);
cert = next; next = NULL;
if (err)
goto ksba_failure;
}
ksba_cert_release (cert);
return rc == -1? 0: rc;
ksba_failure:
ksba_cert_release (cert);
log_error ("ksba_cms_add_cert failed: %s\n", ksba_strerror (err));
return map_ksba_err (err);
}
/* Perform a sign operation.
@ -192,16 +235,19 @@ gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp)
err = ksba_cms_add_signer (cms, cert);
if (err)
{
log_debug ("ksba_cms_add_signer failed: %s\n", ksba_strerror (err));
log_error ("ksba_cms_add_signer failed: %s\n", ksba_strerror (err));
rc = map_ksba_err (err);
goto leave;
}
rc = add_certificate_list (ctrl, cms, cert);
if (rc)
{
log_error ("failed to store list of certificates: %s\n",
gnupg_strerror(rc));
goto leave;
}
ksba_cert_release (cert); cert = NULL;
/* fixme: We might want to include a list of certificate which are
put as info into the signed data object - maybe we should add a
flag to ksba_cms_add_signer to decider whether this cert should
be send along with the signature */
/* Set the hash algorithm we are going to use */
err = ksba_cms_add_digest_algo (cms, "1.3.14.3.2.26" /*SHA-1*/);