security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

dirmngr: Distinguish between "no crl" and "crl not trusted".

Browse source 
* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status.  Improve
diagnostics.
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.
--

This avoids repeated loading of CRLs in case of untrusted root
certificates.
This commit is contained in:
Werner Koch 2023-03-09 18:28:39 +01:00
parent 65288fc52f
commit b52a0e244a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
8 changed files with 33 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

1
dirmngr/crlcache.h
View file

@ -27,6 +27,7 @@ typedef enum
CRL_CACHE_VALID = 0,
CRL_CACHE_INVALID,
CRL_CACHE_DONTKNOW,
CRL_CACHE_NOTTRUSTED,
CRL_CACHE_CANTUSE
}
crl_cache_result_t;