* certpath.c (gpgsm_validate_path): Ask the agent to add the

certificate into the trusted list. * call-agent.c (gpgsm_agent_marktrusted): New.
2025-07-03 22:56:33 +02:00 · 2002-02-18 20:47:29 +00:00 · 2002-02-18 20:47:29 +00:00 · 5dac4711f9
commit 5dac4711f9
parent 49b3340e0f
4 changed files with 77 additions and 15 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,9 @@
 2002-02-18  Werner Koch  <wk@gnupg.org>
 	* certpath.c (gpgsm_validate_path): Ask the agent to add the
 	certificate into the trusted list.
 	* call-agent.c (gpgsm_agent_marktrusted): New.
 2002-02-07  Werner Koch  <wk@gnupg.org>
 	* certlist.c (gpgsm_add_to_certlist): Check that the specified
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -461,8 +461,43 @@ gpgsm_agent_istrusted (KsbaCert cert)
  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
  return map_assuan_err (rc);
 }
 /* Ask the agent to mark CERT as a trusted Root-CA one */
 int
 gpgsm_agent_marktrusted (KsbaCert cert)
 {
  int rc;
  char *fpr, *dn;
  char line[ASSUAN_LINELENGTH];
  rc = start_agent ();
  if (rc)
    return rc;
  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
  if (!fpr)
    {
      log_error ("error getting the fingerprint\n");
      return seterr (General_Error);
    }
  dn = ksba_cert_get_issuer (cert, 0);
  if (!dn)
    {
      xfree (fpr);
      return seterr (General_Error);
    }
  snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
  line[DIM(line)-1] = 0;
  ksba_free (dn);
  xfree (fpr);
  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
  return map_assuan_err (rc);
 }
 /* Ask the agent whether the a corresponding secret key is available
   for the given keygrip */
 int
@ -484,3 +519,4 @@ gpgsm_agent_havekey (const char *hexkeygrip)
  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
  return map_assuan_err (rc);
 }
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
            ;
          else if (rc == GNUPG_Not_Trusted)
            {
              int rc2;
              char *fpr = gpgsm_get_fingerprint_string (subject_cert,
                                                        GCRY_MD_SHA1);
-              log_error (_("root certificate is not marked trusted\n"));
+              log_info (_("root certificate is not marked trusted\n"));
              log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
              xfree (fpr);
-              /* fixme: print a note while we have not yet the code to
+              rc2 = gpgsm_agent_marktrusted (subject_cert);
-                 ask whether the cert should be entered into the trust
+              if (!rc2)
-                 list */
+                {
-              gpgsm_dump_cert ("issuer", subject_cert);
+                  log_info (_("root certificate has now"
-              log_info ("after checking the fingerprint, you may want "
+                              " been marked as trusted\n"));
-                        "to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
+                  rc = 0;
                }
              else 
                {
                  gpgsm_dump_cert ("issuer", subject_cert);
                  log_info ("after checking the fingerprint, you may want "
                            "to enter it manually into "
                            "\"~/.gnupg-test/trustlist.txt\"\n");
                }
            }
          else 
            {
--- a/sm/certpath.c
+++ b/sm/certpath.c
@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
            ;
          else if (rc == GNUPG_Not_Trusted)
            {
              int rc2;
              char *fpr = gpgsm_get_fingerprint_string (subject_cert,
                                                        GCRY_MD_SHA1);
-              log_error (_("root certificate is not marked trusted\n"));
+              log_info (_("root certificate is not marked trusted\n"));
              log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
              xfree (fpr);
-              /* fixme: print a note while we have not yet the code to
+              rc2 = gpgsm_agent_marktrusted (subject_cert);
-                 ask whether the cert should be entered into the trust
+              if (!rc2)
-                 list */
+                {
-              gpgsm_dump_cert ("issuer", subject_cert);
+                  log_info (_("root certificate has now"
-              log_info ("after checking the fingerprint, you may want "
+                              " been marked as trusted\n"));
-                        "to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
+                  rc = 0;
                }
              else 
                {
                  gpgsm_dump_cert ("issuer", subject_cert);
                  log_info ("after checking the fingerprint, you may want "
                            "to enter it manually into "
                            "\"~/.gnupg-test/trustlist.txt\"\n");
                }
            }
          else 
            {