mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-21 14:47:03 +01:00
agent: Add trustlist flag "de-vs".
* agent/trustlist.c (struct trustitem_s): Add field de_vs. (read_one_trustfile): Parse it. (istrusted_internal): Emit TRUSTLISTFLAG status line. * sm/gpgsm.h (struct rootca_flags_s): Add field de_vs. * sm/call-agent.c (istrusted_status_cb): Detect the flags. * sm/sign.c (write_detached_signature): Remove unused vars. -- Right now this flag has no effect; we first need to specify the exact behaviour. GnuPG-bug-id: 5079
This commit is contained in:
parent
8996b0b655
commit
a5360ae4c7
@ -45,6 +45,7 @@ struct trustitem_s
|
|||||||
constraints. */
|
constraints. */
|
||||||
int cm:1; /* Use chain model for validation. */
|
int cm:1; /* Use chain model for validation. */
|
||||||
int qual:1; /* Root CA for qualified signatures. */
|
int qual:1; /* Root CA for qualified signatures. */
|
||||||
|
int de_vs:1; /* Root CA for de-vs compliant PKI. */
|
||||||
} flags;
|
} flags;
|
||||||
unsigned char fpr[20]; /* The binary fingerprint. */
|
unsigned char fpr[20]; /* The binary fingerprint. */
|
||||||
};
|
};
|
||||||
@ -324,6 +325,8 @@ read_one_trustfile (const char *fname, int systrust,
|
|||||||
ti->flags.cm = 1;
|
ti->flags.cm = 1;
|
||||||
else if (n == 4 && !memcmp (p, "qual", 4) && systrust)
|
else if (n == 4 && !memcmp (p, "qual", 4) && systrust)
|
||||||
ti->flags.qual = 1;
|
ti->flags.qual = 1;
|
||||||
|
else if (n == 4 && !memcmp (p, "de-vs", 4) && systrust)
|
||||||
|
ti->flags.de_vs = 1;
|
||||||
else
|
else
|
||||||
log_error ("flag '%.*s' in '%s', line %d ignored\n",
|
log_error ("flag '%.*s' in '%s', line %d ignored\n",
|
||||||
n, p, fname, lnr);
|
n, p, fname, lnr);
|
||||||
@ -476,7 +479,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
|
|||||||
in a locked state. */
|
in a locked state. */
|
||||||
if (already_locked)
|
if (already_locked)
|
||||||
;
|
;
|
||||||
else if (ti->flags.relax || ti->flags.cm || ti->flags.qual)
|
else if (ti->flags.relax || ti->flags.cm || ti->flags.qual
|
||||||
|
|| ti->flags.de_vs)
|
||||||
{
|
{
|
||||||
unlock_trusttable ();
|
unlock_trusttable ();
|
||||||
locked = 0;
|
locked = 0;
|
||||||
@ -487,6 +491,8 @@ istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled,
|
|||||||
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "cm", NULL);
|
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "cm", NULL);
|
||||||
if (!err && ti->flags.qual)
|
if (!err && ti->flags.qual)
|
||||||
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "qual",NULL);
|
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "qual",NULL);
|
||||||
|
if (!err && ti->flags.de_vs)
|
||||||
|
err = agent_write_status (ctrl,"TRUSTLISTFLAG", "de-vs",NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!err)
|
if (!err)
|
||||||
|
@ -813,6 +813,11 @@ This flag has an effect only if used in the global list. This is now
|
|||||||
the preferred way to mark such CA; the old way of having a separate
|
the preferred way to mark such CA; the old way of having a separate
|
||||||
file @file{qualified.txt} is still supported.
|
file @file{qualified.txt} is still supported.
|
||||||
|
|
||||||
|
@item de-vs
|
||||||
|
The CA is part of an approved PKI for the German classification level
|
||||||
|
VS-NfD. It is only valid in the global trustlist. As of now this is
|
||||||
|
used only for documentation purpose.
|
||||||
|
|
||||||
@end table
|
@end table
|
||||||
|
|
||||||
|
|
||||||
|
@ -890,6 +890,8 @@ istrusted_status_cb (void *opaque, const char *line)
|
|||||||
flags->chain_model = 1;
|
flags->chain_model = 1;
|
||||||
else if (has_leading_keyword (line, "qual"))
|
else if (has_leading_keyword (line, "qual"))
|
||||||
flags->qualified = 1;
|
flags->qualified = 1;
|
||||||
|
else if (has_leading_keyword (line, "de-vs"))
|
||||||
|
flags->de_vs = 1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -295,6 +295,7 @@ struct rootca_flags_s
|
|||||||
unsigned int relax:1; /* Relax checking of root certificates. */
|
unsigned int relax:1; /* Relax checking of root certificates. */
|
||||||
unsigned int chain_model:1; /* Root requires the use of the chain model. */
|
unsigned int chain_model:1; /* Root requires the use of the chain model. */
|
||||||
unsigned int qualified:1; /* Root CA used for qualfied signatures. */
|
unsigned int qualified:1; /* Root CA used for qualfied signatures. */
|
||||||
|
unsigned int de_vs:1; /* Root CA is de-vs compliant. */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -433,8 +433,8 @@ write_detached_signature (ctrl_t ctrl, const void *blob, size_t bloblen,
|
|||||||
estream_t out_fp)
|
estream_t out_fp)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
const unsigned char *p, *psave;
|
const unsigned char *p;
|
||||||
size_t n, nsave, objlen, objlensave, hdrlen;
|
size_t n, objlen, hdrlen;
|
||||||
int class, tag, cons, ndef;
|
int class, tag, cons, ndef;
|
||||||
const unsigned char *p_ctoid, *p_version, *p_algoset, *p_dataoid;
|
const unsigned char *p_ctoid, *p_version, *p_algoset, *p_dataoid;
|
||||||
size_t n_ctoid, n_version, n_algoset, n_dataoid;
|
size_t n_ctoid, n_version, n_algoset, n_dataoid;
|
||||||
@ -445,6 +445,8 @@ write_detached_signature (ctrl_t ctrl, const void *blob, size_t bloblen,
|
|||||||
unsigned char *finalder = NULL;
|
unsigned char *finalder = NULL;
|
||||||
size_t finalderlen;
|
size_t finalderlen;
|
||||||
|
|
||||||
|
(void)ctrl;
|
||||||
|
|
||||||
p = blob;
|
p = blob;
|
||||||
n = bloblen;
|
n = bloblen;
|
||||||
if ((err=parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen)))
|
if ((err=parse_ber_header (&p,&n,&class,&tag,&cons,&ndef,&objlen,&hdrlen)))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user