security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* certpath.c (gpgsm_validate_path): Ask the agent to add the 

certificate into the trusted list.
* call-agent.c (gpgsm_agent_marktrusted): New.
This commit is contained in:
Werner Koch 2002-02-18 20:47:29 +00:00
parent 49b3340e0f
commit 5dac4711f9
4 changed files with 77 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sm/ChangeLog
View File

@ -1,3 +1,9 @@
2002-02-18 Werner Koch <wk@gnupg.org>
* certpath.c (gpgsm_validate_path): Ask the agent to add the
certificate into the trusted list.
* call-agent.c (gpgsm_agent_marktrusted): New.
2002-02-07 Werner Koch <wk@gnupg.org>
* certlist.c (gpgsm_add_to_certlist): Check that the specified

38
sm/call-agent.c
View File

@ -461,8 +461,43 @@ gpgsm_agent_istrusted (KsbaCert cert)
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
return map_assuan_err (rc);
}
/* Ask the agent to mark CERT as a trusted Root-CA one */
int
gpgsm_agent_marktrusted (KsbaCert cert)
{
int rc;
char *fpr, *dn;
char line[ASSUAN_LINELENGTH];
rc = start_agent ();
if (rc)
return rc;
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
if (!fpr)
{
log_error ("error getting the fingerprint\n");
return seterr (General_Error);
}
dn = ksba_cert_get_issuer (cert, 0);
if (!dn)
{
xfree (fpr);
return seterr (General_Error);
}
snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
line[DIM(line)-1] = 0;
ksba_free (dn);
xfree (fpr);
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
return map_assuan_err (rc);
}
/* Ask the agent whether the a corresponding secret key is available
for the given keygrip */
int
@ -484,3 +519,4 @@ gpgsm_agent_havekey (const char *hexkeygrip)
rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
return map_assuan_err (rc);
}

24
sm/certchain.c
View File

@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
;
else if (rc == GNUPG_Not_Trusted)
{
int rc2;
char *fpr = gpgsm_get_fingerprint_string (subject_cert,
GCRY_MD_SHA1);
log_error (_("root certificate is not marked trusted\n"));
log_info (_("root certificate is not marked trusted\n"));
log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
xfree (fpr);
/* fixme: print a note while we have not yet the code to
ask whether the cert should be entered into the trust
list */
gpgsm_dump_cert ("issuer", subject_cert);
log_info ("after checking the fingerprint, you may want "
"to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
rc2 = gpgsm_agent_marktrusted (subject_cert);
if (!rc2)
{
log_info (_("root certificate has now"
" been marked as trusted\n"));
rc = 0;
}
else
{
gpgsm_dump_cert ("issuer", subject_cert);
log_info ("after checking the fingerprint, you may want "
"to enter it manually into "
"\"~/.gnupg-test/trustlist.txt\"\n");
}
}
else
{

24
sm/certpath.c
View File

@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
;
else if (rc == GNUPG_Not_Trusted)
{
int rc2;
char *fpr = gpgsm_get_fingerprint_string (subject_cert,
GCRY_MD_SHA1);
log_error (_("root certificate is not marked trusted\n"));
log_info (_("root certificate is not marked trusted\n"));
log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
xfree (fpr);
/* fixme: print a note while we have not yet the code to
ask whether the cert should be entered into the trust
list */
gpgsm_dump_cert ("issuer", subject_cert);
log_info ("after checking the fingerprint, you may want "
"to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
rc2 = gpgsm_agent_marktrusted (subject_cert);
if (!rc2)
{
log_info (_("root certificate has now"
" been marked as trusted\n"));
rc = 0;
}
else
{
gpgsm_dump_cert ("issuer", subject_cert);
log_info ("after checking the fingerprint, you may want "
"to enter it manually into "
"\"~/.gnupg-test/trustlist.txt\"\n");
}
}
else
{