1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-31 11:41:32 +01:00

* import.c (check_and_store): Import certificates even with

missing issuer's cert.  Fixed an "depending on the verbose
setting" bug.
This commit is contained in:
Werner Koch 2004-02-03 16:27:51 +00:00
parent 31de2267ec
commit 336e415f5b
2 changed files with 17 additions and 4 deletions

View File

@ -1,5 +1,9 @@
2004-02-02 Werner Koch <wk@gnupg.org> 2004-02-02 Werner Koch <wk@gnupg.org>
* import.c (check_and_store): Import certificates even with
missing issuer's cert. Fixed an "depending on the verbose
setting" bug.
* certchain.c (gpgsm_validate_chain): Mark revoked certs in the * certchain.c (gpgsm_validate_chain): Mark revoked certs in the
keybox. keybox.

View File

@ -130,8 +130,15 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth)
return; return;
} }
/* Some basic checks, but don't care about missing certificates;
this is so that we are able to import entire certificate chains
w/o requirening a special order (i.e. root-CA first). This used
to be different but becuase gpgsm_verify even imports
certificates without any checks, it doesn't matter much and the
code gets much cleaner. A housekeeping function to remove
certificates w/o an anchor would be nice, though. */
rc = gpgsm_basic_cert_check (cert); rc = gpgsm_basic_cert_check (cert);
if (!rc) if (!rc || gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
{ {
int existed; int existed;
@ -161,9 +168,11 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth)
else else
log_info ("certificate imported\n"); log_info ("certificate imported\n");
} }
/* Now lets walk up the chain and import all certificates up /* Now lets walk up the chain and import all certificates up
the chain.*/ the chain. This is required in case we already stored
else if (!gpgsm_walk_cert_chain (cert, &next)) parent certificates in the ephemeral keybox. */
if (!gpgsm_walk_cert_chain (cert, &next))
{ {
check_and_store (ctrl, stats, next, depth+1); check_and_store (ctrl, stats, next, depth+1);
ksba_cert_release (next); ksba_cert_release (next);
@ -205,7 +214,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd)
{ {
rc = gpg_error (gpg_err_code_from_errno (errno)); rc = gpg_error (gpg_err_code_from_errno (errno));
log_error ("fdopen() failed: %s\n", strerror (errno)); log_error ("fdopen() failed: %s\n", strerror (errno));
goto leave; q goto leave;
} }
rc = gpgsm_create_reader (&b64reader, ctrl, fp, &reader); rc = gpgsm_create_reader (&b64reader, ctrl, fp, &reader);