security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

* gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.

Browse source 
(gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
* certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
proceed accordingly.
This commit is contained in:
Werner Koch 2003-12-01 10:54:30 +00:00
parent 7134af9fdb
commit c68eaa4b6b
6 changed files with 59 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
sm/certchain.c
View file

@ -517,11 +517,13 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, ksba_isotime_t r_exptime)
goto leave;
}
if (!opt.no_crl_check)
if (!opt.no_crl_check || ctrl->use_ocsp)
{
rc = gpgsm_dirmngr_isvalid (subject_cert);
rc = gpgsm_dirmngr_isvalid (subject_cert, ctrl->use_ocsp);
if (rc)
{
/* Fixme: We should change the wording because we may
have used OCSP. */
switch (gpg_err_code (rc))
{
case GPG_ERR_CERT_REVOKED:
@ -677,7 +679,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, ksba_isotime_t r_exptime)
if (opt.no_policy_check)
log_info ("policies not checked due to --disable-policy-checks option\n");
if (opt.no_crl_check)
if (opt.no_crl_check && !ctrl->use_ocsp)
log_info ("CRLs not checked due to --disable-crl-checks option\n");
if (!rc)