security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

dirmngr: New Assuan option "http-crl".

Browse source 
* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
* dirmngr/server.c (option_handler): New option "http-crl"
* dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
* dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

* dirmngr/t-http.c (main): New option --no-crl.
--

This new option can be used to enable CRL checks on a per session
base.  The default is not to use CRLs for https connections.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-02-21 09:37:07 +01:00
parent 39c7450381
commit 493c142e58
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
9 changed files with 34 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

4
dirmngr/http-ntbtls.c
View file

@ -78,8 +78,8 @@ gnupg_http_tls_verify_cb (void *opaque,
if ((http_flags & HTTP_FLAG_TRUST_SYS))
validate_flags |= VALIDATE_FLAG_SYSTRUST;
/* FIXME: For now we don't use CRLs. */
validate_flags |= VALIDATE_FLAG_NOCRLCHECK;
if ((http_flags & HTTP_FLAG_NO_CRL))
validate_flags |= VALIDATE_FLAG_NOCRLCHECK;
err = validate_cert_chain (ctrl, hostcert, NULL, validate_flags, NULL);