sm: Fix dirmngr loadcrl for intermediate certs

* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED. (inq_certificate): Distinguish unsupported inquiry error. -- When loading a CRL through "gpgsm --call-dirmngr loadcrl foo" dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which previously resulted in an error. (cherry picked from commit 6b36c16f77) That commit was from the 2.2 branch and we forgot to forward port it.
2018-10-23 12:46:38 +02:00 · 2018-10-23 12:46:38 +02:00 · 1952a0e5e4
parent 9de180c6d2
commit 1952a0e5e4
1 changed files with 26 additions and 2 deletions
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@ -362,7 +362,7 @@ inq_certificate (void *opaque, const char *line)
    }
  else
    {
-      log_error ("unsupported inquiry '%s'\n", line);
+      log_error ("unsupported certificate inquiry '%s'\n", line);
      return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
    }

@ -1035,9 +1035,33 @@ run_command_inq_cb (void *opaque, const char *line)
      line = s;
      log_info ("dirmngr: %s\n", line);
    }
+  else if ((s = has_leading_keyword (line, "ISTRUSTED")))
+    {
+      /* The server is asking us whether the certificate is a trusted
+         root certificate.  */
+      char fpr[41];
+      struct rootca_flags_s rootca_flags;
+      int n;
+
+      line = s;
+
+      for (s=line,n=0; hexdigitp (s); s++, n++)
+        ;
+      if (*s || n != 40)
+        return gpg_error (GPG_ERR_ASS_PARAMETER);
+      for (s=line, n=0; n < 40; s++, n++)
+        fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
+      fpr[n] = 0;
+
+      if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
+        rc = assuan_send_data (parm->ctx, "1", 1);
+      else
+        rc = 0;
+      return rc;
+    }
  else
    {
-      log_error ("unsupported inquiry '%s'\n", line);
+      log_error ("unsupported command inquiry '%s'\n", line);
      rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
    }