mirror of
git://git.gnupg.org/gnupg.git
synced 2025-02-21 19:48:05 +01:00
dirmngr: Load --hkp-cacert values into the certificate cache.
* dirmngr/dirmngr.c (hkp_cacert_filenames): New var. (parse_rereadable_options): Store filenames from --hkp-cacert in the new var. (main, dirmngr_sighup_action): Pass that var to cert_cache_init. * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load those certs. (load_certs_from_file): Use autodetect so that PEM and DER encodings are possible. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
9741aa24d9
commit
d1625a9a82
@ -471,7 +471,8 @@ load_certs_from_file (const char *fname, unsigned int trustclasses,
|
||||
}
|
||||
|
||||
err = gnupg_ksba_create_reader (&ioctx,
|
||||
(GNUPG_KSBA_IO_PEM | GNUPG_KSBA_IO_MULTIPEM),
|
||||
(GNUPG_KSBA_IO_AUTODETECT
|
||||
| GNUPG_KSBA_IO_MULTIPEM),
|
||||
fp, &reader);
|
||||
if (err)
|
||||
{
|
||||
@ -686,9 +687,10 @@ load_certs_from_system (void)
|
||||
|
||||
/* Initialize the certificate cache if not yet done. */
|
||||
void
|
||||
cert_cache_init (void)
|
||||
cert_cache_init (strlist_t hkp_cacerts)
|
||||
{
|
||||
char *fname;
|
||||
strlist_t sl;
|
||||
|
||||
if (initialization_done)
|
||||
return;
|
||||
@ -707,6 +709,10 @@ cert_cache_init (void)
|
||||
load_certs_from_dir (fname, 0);
|
||||
xfree (fname);
|
||||
|
||||
for (sl = hkp_cacerts; sl; sl = sl->next)
|
||||
load_certs_from_file (sl->d, CERTTRUST_CLASS_HKP, 0);
|
||||
|
||||
|
||||
fname = make_filename_try (gnupg_datadir (),
|
||||
"sks-keyservers.netCA.pem", NULL);
|
||||
if (fname)
|
||||
|
@ -31,7 +31,7 @@ enum {
|
||||
|
||||
|
||||
/* First time initialization of the certificate cache. */
|
||||
void cert_cache_init (void);
|
||||
void cert_cache_init (strlist_t hkp_cacerts);
|
||||
|
||||
/* Deinitialize the certificate cache. */
|
||||
void cert_cache_deinit (int full);
|
||||
|
@ -319,6 +319,10 @@ static int active_connections;
|
||||
* thread to run background network tasks. */
|
||||
static int network_activity_seen;
|
||||
|
||||
/* A list of filenames registred with --hkp-cacert. */
|
||||
static strlist_t hkp_cacert_filenames;
|
||||
|
||||
|
||||
/* The timer tick used for housekeeping stuff. */
|
||||
#define TIMERTICK_INTERVAL (60)
|
||||
|
||||
@ -586,6 +590,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||||
}
|
||||
FREE_STRLIST (opt.ignored_cert_extensions);
|
||||
http_register_tls_ca (NULL);
|
||||
FREE_STRLIST (hkp_cacert_filenames);
|
||||
FREE_STRLIST (opt.keyserver);
|
||||
/* Note: We do not allow resetting of TOR_MODE_FORCE at runtime. */
|
||||
if (tor_mode != TOR_MODE_FORCE)
|
||||
@ -653,11 +658,14 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
|
||||
|
||||
case oHkpCaCert:
|
||||
{
|
||||
/* We need to register the filenames with gnutls (http.c) and
|
||||
* also for our own cert cache. */
|
||||
char *tmpname;
|
||||
|
||||
/* Do tilde expansion and make path absolute. */
|
||||
tmpname = make_absfilename (pargs->r.ret_str, NULL);
|
||||
http_register_tls_ca (tmpname);
|
||||
add_to_strlist (&hkp_cacert_filenames, pargs->r.ret_str);
|
||||
xfree (tmpname);
|
||||
}
|
||||
break;
|
||||
@ -1069,7 +1077,7 @@ main (int argc, char **argv)
|
||||
|
||||
|
||||
thread_init ();
|
||||
cert_cache_init ();
|
||||
cert_cache_init (hkp_cacert_filenames);
|
||||
crl_cache_init ();
|
||||
http_register_netactivity_cb (netactivity_action);
|
||||
start_command_handler (ASSUAN_INVALID_FD);
|
||||
@ -1104,7 +1112,7 @@ main (int argc, char **argv)
|
||||
log_set_prefix (NULL, 0);
|
||||
|
||||
thread_init ();
|
||||
cert_cache_init ();
|
||||
cert_cache_init (hkp_cacert_filenames);
|
||||
crl_cache_init ();
|
||||
http_register_netactivity_cb (netactivity_action);
|
||||
handle_connections (3);
|
||||
@ -1311,7 +1319,7 @@ main (int argc, char **argv)
|
||||
#endif
|
||||
|
||||
thread_init ();
|
||||
cert_cache_init ();
|
||||
cert_cache_init (hkp_cacert_filenames);
|
||||
crl_cache_init ();
|
||||
http_register_netactivity_cb (netactivity_action);
|
||||
handle_connections (fd);
|
||||
@ -1333,7 +1341,7 @@ main (int argc, char **argv)
|
||||
dirmngr_init_default_ctrl (&ctrlbuf);
|
||||
|
||||
thread_init ();
|
||||
cert_cache_init ();
|
||||
cert_cache_init (hkp_cacert_filenames);
|
||||
crl_cache_init ();
|
||||
if (!argc)
|
||||
rc = crl_cache_load (&ctrlbuf, NULL);
|
||||
@ -1356,7 +1364,7 @@ main (int argc, char **argv)
|
||||
dirmngr_init_default_ctrl (&ctrlbuf);
|
||||
|
||||
thread_init ();
|
||||
cert_cache_init ();
|
||||
cert_cache_init (hkp_cacert_filenames);
|
||||
crl_cache_init ();
|
||||
rc = crl_fetch (&ctrlbuf, argv[0], &reader);
|
||||
if (rc)
|
||||
@ -1769,7 +1777,7 @@ dirmngr_sighup_action (void)
|
||||
reread_configuration ();
|
||||
cert_cache_deinit (0);
|
||||
crl_cache_deinit ();
|
||||
cert_cache_init ();
|
||||
cert_cache_init (hkp_cacert_filenames);
|
||||
crl_cache_init ();
|
||||
reload_dns_stuff (0);
|
||||
ks_hkp_reload ();
|
||||
|
Loading…
x
Reference in New Issue
Block a user