1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpgsm: Improve cert lookup callback from dirmngr.

* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg.  Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.
--

The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL.  In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.

This _may_ also fix
GnuPG-bug-id: 4436
This commit is contained in:
Werner Koch 2023-02-26 19:11:27 +01:00
parent 332098a0f7
commit ffc2522855
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
3 changed files with 13 additions and 5 deletions

View File

@ -415,8 +415,8 @@ inq_certificate (void *opaque, const char *line)
int err; int err;
ksba_cert_t cert; ksba_cert_t cert;
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
err = gpgsm_find_cert (parm->ctrl, line, ski, &cert, 1); FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
if (err) if (err)
{ {
log_error ("certificate not found: %s\n", gpg_strerror (err)); log_error ("certificate not found: %s\n", gpg_strerror (err));
@ -954,7 +954,8 @@ run_command_inq_cb (void *opaque, const char *line)
if (!*line) if (!*line)
return gpg_error (GPG_ERR_ASS_PARAMETER); return gpg_error (GPG_ERR_ASS_PARAMETER);
err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert, 1); err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert,
FIND_CERT_ALLOW_AMBIG);
if (err) if (err)
{ {
log_error ("certificate not found: %s\n", gpg_strerror (err)); log_error ("certificate not found: %s\n", gpg_strerror (err));

View File

@ -514,11 +514,12 @@ gpgsm_release_certlist (certlist_t list)
int int
gpgsm_find_cert (ctrl_t ctrl, gpgsm_find_cert (ctrl_t ctrl,
const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert, const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert,
int allow_ambiguous) unsigned int flags)
{ {
int rc; int rc;
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
KEYDB_HANDLE kh = NULL; KEYDB_HANDLE kh = NULL;
int allow_ambiguous = (flags & FIND_CERT_ALLOW_AMBIG);
*r_cert = NULL; *r_cert = NULL;
rc = classify_user_id (name, &desc, 0); rc = classify_user_id (name, &desc, 0);
@ -529,6 +530,9 @@ gpgsm_find_cert (ctrl_t ctrl,
rc = gpg_error (GPG_ERR_ENOMEM); rc = gpg_error (GPG_ERR_ENOMEM);
else else
{ {
if ((flags & FIND_CERT_WITH_EPHEM))
keydb_set_ephemeral (kh, 1);
nextone: nextone:
rc = keydb_search (ctrl, kh, &desc, 1); rc = keydb_search (ctrl, kh, &desc, 1);
if (!rc) if (!rc)

View File

@ -359,8 +359,11 @@ int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
certlist_t *listaddr, int is_encrypt_to); certlist_t *listaddr, int is_encrypt_to);
void gpgsm_release_certlist (certlist_t list); void gpgsm_release_certlist (certlist_t list);
#define FIND_CERT_ALLOW_AMBIG 1
#define FIND_CERT_WITH_EPHEM 2
int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid, int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid,
ksba_cert_t *r_cert, int allow_ambiguous); ksba_cert_t *r_cert, unsigned int flags);
/*-- keylist.c --*/ /*-- keylist.c --*/
gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names, gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names,