security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

gpgsm: Support SENDCERT_SKI for --call-dirmngr

Browse Source 
* sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI.

* dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with
the unknown OID nortice.
This commit is contained in:
Werner Koch 2023-06-19 14:05:22 +02:00
parent ff81ded48d
commit 24a9c77f36
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
2 changed files with 37 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
dirmngr/crlcache.c
View File

@ -2361,6 +2361,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
|| !strcmp (oid, oidstr_crlNumber) ) || !strcmp (oid, oidstr_crlNumber) )
continue; continue;
log_error (_("unknown critical CRL extension %s\n"), oid); log_error (_("unknown critical CRL extension %s\n"), oid);
log_info ("(CRL='%s')\n", url);
if (!err2) if (!err2)
err2 = gpg_error (GPG_ERR_INV_CRL); err2 = gpg_error (GPG_ERR_INV_CRL);
invalidate_crl |= 2; invalidate_crl |= 2;

45
sm/call-dirmngr.c
View File

@ -940,16 +940,17 @@ static gpg_error_t
run_command_inq_cb (void *opaque, const char *line) run_command_inq_cb (void *opaque, const char *line)
{ {
struct run_command_parm_s *parm = opaque; struct run_command_parm_s *parm = opaque;
gpg_error_t err;
const char *s; const char *s;
int rc = 0; int rc = 0;
ksba_cert_t cert = NULL;
ksba_sexp_t ski = NULL;
const unsigned char *der;
size_t derlen, n;
if ((s = has_leading_keyword (line, "SENDCERT"))) if ((s = has_leading_keyword (line, "SENDCERT")))
{ /* send the given certificate */ {
int err; /* Send the given certificate. */
ksba_cert_t cert;
const unsigned char *der;
size_t derlen;
line = s; line = s;
if (!*line) if (!*line)
return gpg_error (GPG_ERR_ASS_PARAMETER); return gpg_error (GPG_ERR_ASS_PARAMETER);
@ -968,11 +969,36 @@ run_command_inq_cb (void *opaque, const char *line)
rc = gpg_error (GPG_ERR_INV_CERT_OBJ); rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
else else
rc = assuan_send_data (parm->ctx, der, derlen); rc = assuan_send_data (parm->ctx, der, derlen);
ksba_cert_release (cert); }
}
else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
{
/* Send a certificate where a sourceKeyIdentifier is included. */
line = s;
ski = make_simple_sexp_from_hexstr (line, &n);
line += n;
while (*line == ' ')
line++;
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
if (err)
{
log_error ("certificate not found: %s\n", gpg_strerror (err));
rc = gpg_error (GPG_ERR_NOT_FOUND);
}
else
{
der = ksba_cert_get_image (cert, &derlen);
if (!der)
rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
else
rc = assuan_send_data (parm->ctx, der, derlen);
} }
} }
else if ((s = has_leading_keyword (line, "PRINTINFO"))) else if ((s = has_leading_keyword (line, "PRINTINFO")))
{ /* Simply show the message given in the argument. */ {
/* Simply show the message given in the argument. */
line = s; line = s;
log_info ("dirmngr: %s\n", line); log_info ("dirmngr: %s\n", line);
} }
@ -982,7 +1008,6 @@ run_command_inq_cb (void *opaque, const char *line)
root certificate. */ root certificate. */
char fpr[41]; char fpr[41];
struct rootca_flags_s rootca_flags; struct rootca_flags_s rootca_flags;
int n;
line = s; line = s;
@ -1006,6 +1031,8 @@ run_command_inq_cb (void *opaque, const char *line)
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
} }
ksba_cert_release (cert);
xfree (ski);
return rc; return rc;
} }