security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

dirmngr: Distinguish between "no crl" and "crl not trusted".

Browse source 
* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status.  Improve
diagnostics.
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.
--

This avoids repeated loading of CRLs in case of untrusted root
certificates.
This commit is contained in:
Werner Koch 2023-03-09 18:28:39 +01:00
parent 65288fc52f
commit b52a0e244a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
8 changed files with 33 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

1
sm/call-dirmngr.c
View file

@ -521,6 +521,7 @@ isvalid_status_cb (void *opaque, const char *line)
GPG_ERR_CERTIFICATE_REVOKED
GPG_ERR_NO_CRL_KNOWN
GPG_ERR_INV_CRL_OBJ
GPG_ERR_CRL_TOO_OLD
Values for USE_OCSP: