security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: New option --ignore-crl-extensions.

Browse source 
* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--

This option is is useful for debugging problems with new CRL
extensions.  It is similar to --ignore-cert-extension.

GnuPG-bug-id: 6545
This commit is contained in:
Werner Koch 2023-06-19 14:25:47 +02:00
parent 701a8b30f0
commit b1ecc8353a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
4 changed files with 30 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
doc/dirmngr.texi
View file

@ -598,6 +598,15 @@ won't be rejected due to an unknown critical extension. Use this
option with care because extensions are usually flagged as critical
for a reason.
@item --ignore-crl-extension @var{oid}
@opindex ignore-crl-extension
Add @var{oid} to the list of ignored CRL extensions. The @var{oid} is
expected to be in dotted decimal form. Critical flagged CRL
extensions matching one of the OIDs in the list are treated as if they
are actually handled and thus the certificate won't be rejected due to
an unknown critical extension. Use this option with care because
extensions are usually flagged as critical for a reason.
@item --ignore-cert @var{fpr}|@var{file}
@opindex ignore-cert
Entirely ignore certificates with the fingerprint @var{fpr}. As an