security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

dirmngr: Load all system provided certificates.

Browse source 
* configure.ac: Add option --default-trust-store.
(DEFAULT_TRUST_STORE_FILE): New ac_define.
* dirmngr/certcache.c: Include ksba-io-support.h.
(total_trusted_certificates, total_system_trusted_certificates): New.
(put_cert): Manage the new counters.
(cert_cache_deinit): Reset them.
(cert_cache_print_stats): Print them.
(is_trusted_cert): Add arg WITH_SYSTRUST.  Change all callers to pass
false.
(load_certs_from_file): New.
(load_certs_from_system): New.
(cert_cache_init): Load system certificates.
--

Note that this code does not yet allow to load the system certificates
on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-02-16 18:58:27 +01:00
parent 09d71de4d4
commit 9a1a5ca0bc
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 164 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

7
dirmngr/certcache.h
View file

@ -41,9 +41,10 @@ gpg_error_t cache_cert (ksba_cert_t cert);
gpg_error_t cache_cert_silent (ksba_cert_t cert, void *fpr_buffer);
/* Return 0 if the certificate is a trusted certificate. Returns
GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
case of systems errors. */
gpg_error_t is_trusted_cert (ksba_cert_t cert);
* GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
* case of systems errors. If WITH_SYSTRUST is set also system
* provided certificates are considered trusted. */
gpg_error_t is_trusted_cert (ksba_cert_t cert, int with_systrust);
/* Return a certificate object for the given fingerprint. FPR is