security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpgsm: Improve cert lookup callback from dirmngr.

Browse source 
* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg.  Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.
--

The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL.  In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.

This _may_ also fix
GnuPG-bug-id: 4436
This commit is contained in:
Werner Koch 2023-02-26 19:11:27 +01:00
parent 1952a0e5e4
commit 5d96aab27d
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
sm/certlist.c
View file

@ -508,11 +508,12 @@ gpgsm_release_certlist (certlist_t list)
int
gpgsm_find_cert (ctrl_t ctrl,
const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert,
int allow_ambiguous)
unsigned int flags)
{
int rc;
KEYDB_SEARCH_DESC desc;
KEYDB_HANDLE kh = NULL;
int allow_ambiguous = (flags & FIND_CERT_ALLOW_AMBIG);
*r_cert = NULL;
rc = classify_user_id (name, &desc, 0);
@ -523,6 +524,9 @@ gpgsm_find_cert (ctrl_t ctrl,
rc = gpg_error (GPG_ERR_ENOMEM);
else
{
if ((flags & FIND_CERT_WITH_EPHEM))
keydb_set_ephemeral (kh, 1);
nextone:
rc = keydb_search (ctrl, kh, &desc, 1);
if (!rc)