security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

* gpgsm.c: New option --with-md5-fingerprint.

Browse source 
* keylist.c (list_cert_std): Print MD5 fpr.

* gpgsm.c: New options --with-validation.
* server.c (option_handler): New option "with-validation".
* keylist.c (list_cert_std, list_internal_keys): New args CTRL and
WITH_VALIDATION. Changed callers to set it.
(list_external_cb, list_external_keys): Pass CTRL to the callback.
(list_cert_colon): Add arg CTRL.  Check validation if requested.
* certchain.c (unknown_criticals, allowed_ca, check_cert_policy)
(gpgsm_validate_chain): New args LISTMODE and FP.
(do_list): New helper for info output.
(find_up): New arg FIND_NEXT.
(gpgsm_validate_chain): After a bad signature try again with other
CA certificates.

* import.c (print_imported_status): New arg NEW_CERT. Print
additional STATUS_IMPORT_OK becuase that is what gpgme expects.
(check_and_store): Always call above function after import.
* server.c (get_status_string): Added STATUS_IMPORT_OK.
This commit is contained in:
Werner Koch 2004-02-17 15:05:04 +00:00
parent a5fc1f40c3
commit 45a817bf4a
11 changed files with 315 additions and 153 deletions
Download patch file Download diff file Expand all files Collapse all files

20
sm/import.c
View file

@ -57,12 +57,17 @@ static gpg_error_t parse_p12 (ksba_reader_t reader, FILE **retfp);
static void
print_imported_status (CTRL ctrl, ksba_cert_t cert)
print_imported_status (CTRL ctrl, ksba_cert_t cert, int new_cert)
{
char *fpr;
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, "[X.509]", NULL);
if (new_cert)
gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, "[X.509]", NULL);
gpgsm_status2 (ctrl, STATUS_IMPORT_OK,
new_cert? "1":"0", fpr, NULL);
xfree (fpr);
}
@ -146,7 +151,7 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth)
/* Some basic checks, but don't care about missing certificates;
this is so that we are able to import entire certificate chains
w/o requirening a special order (i.e. root-CA first). This used
to be different but becuase gpgsm_verify even imports
to be different but because gpgsm_verify even imports
certificates without any checks, it doesn't matter much and the
code gets much cleaner. A housekeeping function to remove
certificates w/o an anchor would be nice, though. */
@ -161,11 +166,14 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth)
if (!existed)
{
print_imported_status (ctrl, cert);
print_imported_status (ctrl, cert, 1);
stats->imported++;
}
else
stats->unchanged++;
{
print_imported_status (ctrl, cert, 0);
stats->unchanged++;
}
if (opt.verbose > 1 && existed)
{