mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-18 14:17:03 +01:00
(gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not.
This commit is contained in:
parent
526ed521a7
commit
314c234e7d
16
sm/ChangeLog
16
sm/ChangeLog
@ -1,3 +1,19 @@
|
|||||||
|
2005-04-21 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* certchain.c (gpgsm_validate_chain): Check revocations even for
|
||||||
|
expired certificates. This is required because on signature
|
||||||
|
verification an expired key is fine whereas a revoked one is not.
|
||||||
|
|
||||||
|
2005-04-20 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks.
|
||||||
|
|
||||||
|
2005-04-19 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
|
* certchain.c (check_cert_policy): Print the diagnostic for a open
|
||||||
|
failure of policies.txt only in verbose mode or when it is not
|
||||||
|
ENOENT.
|
||||||
|
|
||||||
2005-04-17 Werner Koch <wk@g10code.com>
|
2005-04-17 Werner Koch <wk@g10code.com>
|
||||||
|
|
||||||
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
|
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
|
||||||
|
@ -21,7 +21,8 @@
|
|||||||
|
|
||||||
bin_PROGRAMS = gpgsm
|
bin_PROGRAMS = gpgsm
|
||||||
|
|
||||||
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS)
|
AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS) \
|
||||||
|
$(PTH_CFLAGS)
|
||||||
|
|
||||||
AM_CPPFLAGS = -I$(top_srcdir)/common -I$(top_srcdir)/intl
|
AM_CPPFLAGS = -I$(top_srcdir)/common -I$(top_srcdir)/intl
|
||||||
include $(top_srcdir)/am/cmacros.am
|
include $(top_srcdir)/am/cmacros.am
|
||||||
|
@ -175,7 +175,8 @@ check_cert_policy (ksba_cert_t cert, int listmode, FILE *fplist)
|
|||||||
fp = fopen (opt.policy_file, "r");
|
fp = fopen (opt.policy_file, "r");
|
||||||
if (!fp)
|
if (!fp)
|
||||||
{
|
{
|
||||||
log_error ("failed to open `%s': %s\n",
|
if (opt.verbose || errno != ENOENT)
|
||||||
|
log_info (_("failed to open `%s': %s\n"),
|
||||||
opt.policy_file, strerror (errno));
|
opt.policy_file, strerror (errno));
|
||||||
xfree (policies);
|
xfree (policies);
|
||||||
/* With no critical policies this is only a warning */
|
/* With no critical policies this is only a warning */
|
||||||
@ -816,8 +817,6 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
|
|||||||
/* Check for revocations etc. */
|
/* Check for revocations etc. */
|
||||||
if ((flags & 1))
|
if ((flags & 1))
|
||||||
rc = 0;
|
rc = 0;
|
||||||
else if (any_expired)
|
|
||||||
; /* Don't bother to run the expensive CRL check then. */
|
|
||||||
else
|
else
|
||||||
rc = is_cert_still_valid (ctrl, lm, fp,
|
rc = is_cert_still_valid (ctrl, lm, fp,
|
||||||
subject_cert, subject_cert,
|
subject_cert, subject_cert,
|
||||||
@ -953,8 +952,6 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
|
|||||||
/* Check for revocations etc. */
|
/* Check for revocations etc. */
|
||||||
if ((flags & 1))
|
if ((flags & 1))
|
||||||
rc = 0;
|
rc = 0;
|
||||||
else if (any_expired)
|
|
||||||
; /* Don't bother to run the expensive CRL check then. */
|
|
||||||
else
|
else
|
||||||
rc = is_cert_still_valid (ctrl, lm, fp,
|
rc = is_cert_still_valid (ctrl, lm, fp,
|
||||||
subject_cert, issuer_cert,
|
subject_cert, issuer_cert,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user