* import.c (gpgsm_import): Just do a basic cert check before

storing it. * certpath.c (gpgsm_basic_cert_check): New. * keydb.c (keydb_store_cert): New. * import.c (store_cert): Removed and change all caller to use the new function. * verify.c (store_cert): Ditto. * certlist.c (gpgsm_add_to_certlist): Validate the path * certpath.c (gpgsm_validate_path): Check the trust list. * call-agent.c (gpgsm_agent_istrusted): New.
2025-07-02 22:46:30 +02:00 · 2002-01-15 13:02:47 +00:00 · 2002-01-15 13:02:47 +00:00 · a9979e26a5
commit a9979e26a5
parent 9dd0040085
11 changed files with 352 additions and 80 deletions
--- a/sm/certlist.c
+++ b/sm/certlist.c
@ -33,7 +33,8 @@
 #include "gpgsm.h"
 #include "keydb.h"

-
+/* add a certificate to a list of certificate and make sure that it is
+   a valid certificate */
 int
 gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr)
 {
@ -54,6 +55,8 @@ gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr)
          rc = keydb_search (kh, &desc, 1);
          if (!rc)
            rc = keydb_get_cert (kh, &cert);
+          if (!rc)
+            rc = gpgsm_validate_path (cert);
          if (!rc)
            {
              CERTLIST cl = xtrycalloc (1, sizeof *cl);
@ -87,7 +90,8 @@ gpgsm_release_certlist (CERTLIST list)
 }


-/* Like gpgsm_add_to_certlist, but lookonly for one certificate */
+/* Like gpgsm_add_to_certlist, but look only for one certificate.  No
+   path validation is done */
 int
 gpgsm_find_cert (const char *name, KsbaCert *r_cert)
 {