From 4dc09bc5e7f349948a0bb68bdacfdbbc221a2b45 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 26 Jan 2024 13:14:14 +0100
Subject: [PATCH] dirmngr: For CRL issuer verification trust the system's root
 CA.

* dirmngr/crlcache.c (crl_parse_insert): Add
VALIDATE_FLAG_TRUST_SYSTEM.
--

GnuPG-bug-id: 6963
---
 dirmngr/crlcache.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index ac673a8d5..d3fe5c272 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -2086,6 +2086,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
 
             err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
                                        (VALIDATE_FLAG_TRUST_CONFIG
+                                        | VALIDATE_FLAG_TRUST_SYSTEM
                                         | VALIDATE_FLAG_CRL
                                         | VALIDATE_FLAG_RECURSIVE),
                                        r_trust_anchor);