security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

sm: Fix dirmngr loadcrl for intermediate certs 

* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
(inq_certificate): Distinguish unsupported inquiry error.

--
When loading a CRL through "gpgsm --call-dirmngr loadcrl foo"
dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which
previously resulted in an error.
This commit is contained in:
Andre Heinecke 2018-10-23 12:46:38 +02:00
parent a2bd4a64e5
commit 6b36c16f77
No known key found for this signature in database
GPG Key ID: 2978E9D40CBABA5C
1 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
sm/call-dirmngr.c
View File

@ -390,7 +390,7 @@ inq_certificate (void *opaque, const char *line)
}
else
{
log_error ("unsupported inquiry '%s'\n", line);
log_error ("unsupported certificate inquiry '%s'\n", line);
return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
@ -950,9 +950,33 @@ run_command_inq_cb (void *opaque, const char *line)
line = s;
log_info ("dirmngr: %s\n", line);
}
else if ((s = has_leading_keyword (line, "ISTRUSTED")))
{
/* The server is asking us whether the certificate is a trusted
root certificate. */
char fpr[41];
struct rootca_flags_s rootca_flags;
int n;
line = s;
for (s=line,n=0; hexdigitp (s); s++, n++)
;
if (*s || n != 40)
return gpg_error (GPG_ERR_ASS_PARAMETER);
for (s=line, n=0; n < 40; s++, n++)
fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
fpr[n] = 0;
if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
rc = assuan_send_data (parm->ctx, "1", 1);
else
rc = 0;
return rc;
}
else
{
log_error ("unsupported inquiry '%s'\n", line);
log_error ("unsupported command inquiry '%s'\n", line);
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}