security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpgsm: Improve cert lookup callback from dirmngr.

Browse source 
* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg.  Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.
--

The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL.  In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.

This _may_ also fix
GnuPG-bug-id: 4436
This commit is contained in:
Werner Koch 2023-02-26 19:11:27 +01:00
parent 1952a0e5e4
commit 5d96aab27d
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
sm/call-dirmngr.c
View file

@ -386,8 +386,8 @@ inq_certificate (void *opaque, const char *line)
int err;
ksba_cert_t cert;
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert, 1);
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
if (err)
{
log_error ("certificate not found: %s\n", gpg_strerror (err));
@ -1014,7 +1014,8 @@ run_command_inq_cb (void *opaque, const char *line)
if (!*line)
return gpg_error (GPG_ERR_ASS_PARAMETER);
err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert, 1);
err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert,
FIND_CERT_ALLOW_AMBIG);
if (err)
{
log_error ("certificate not found: %s\n", gpg_strerror (err));