security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: New option --ignore-crl-extensions.

Browse source 
* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--

This option is is useful for debugging problems with new CRL
extensions.  It is similar to --ignore-cert-extension.

GnuPG-bug-id: 6545
This commit is contained in:
Werner Koch 2023-06-19 14:25:47 +02:00
parent 701a8b30f0
commit b1ecc8353a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 30 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
dirmngr/crlcache.c
View file

@ -2356,10 +2356,19 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
for (idx=0; !(err=ksba_crl_get_extension (crl, idx, &oid, &critical,
NULL, NULL)); idx++)
{
strlist_t sl;
if (!critical
|| !strcmp (oid, oidstr_authorityKeyIdentifier)
|| !strcmp (oid, oidstr_crlNumber) )
continue;
for (sl=opt.ignored_crl_extensions;
sl && strcmp (sl->d, oid); sl = sl->next)
;
if (sl)
continue; /* Is in ignored list. */
log_error (_("unknown critical CRL extension %s\n"), oid);
log_info ("(CRL='%s')\n", url);
if (!err2)