* import.c (gpgsm_import): Just do a basic cert check before

storing it. * certpath.c (gpgsm_basic_cert_check): New. * keydb.c (keydb_store_cert): New. * import.c (store_cert): Removed and change all caller to use the new function. * verify.c (store_cert): Ditto. * certlist.c (gpgsm_add_to_certlist): Validate the path * certpath.c (gpgsm_validate_path): Check the trust list. * call-agent.c (gpgsm_agent_istrusted): New.
2025-07-02 22:46:30 +02:00 · 2002-01-15 13:02:47 +00:00 · 2002-01-15 13:02:47 +00:00 · a9979e26a5
commit a9979e26a5
parent 9dd0040085
11 changed files with 352 additions and 80 deletions
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@ -182,7 +182,8 @@ start_agent (void)
      return seterr (Not_Implemented);
    }

-  log_debug ("connection to agent established\n");
+  if (DBG_AGENT)
+    log_debug ("connection to agent established\n");
  return 0;
 }

@ -400,5 +401,31 @@ gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
  return 0;
 }

+
+/* Ask the agent whether the certificate is in the list of trusted
+   keys */
+int
+gpgsm_agent_istrusted (KsbaCert cert)
+{
+  int rc;
+  char *fpr;
+  char line[ASSUAN_LINELENGTH];

+  rc = start_agent ();
+  if (rc)
+    return rc;

+  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+  if (!fpr)
+    {
+      log_error ("error getting the fingerprint\n");
+      return seterr (General_Error);
+    }
+
+  snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
+  line[DIM(line)-1] = 0;
+  xfree (fpr);
+
+  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
+  return map_assuan_err (rc);
+}