1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Werner Koch 8c167febc0
sm: Add special case for expired intermediate certificates.
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--

See the code for a description of the problem. Tested using the certs
from the bug report and various command lines

  gpgsm --faked-system-time=XXXX --disable-crl-checks \
         -ea -v --debug x509  -r 0x95599828

with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired

The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.

GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d246f317c04862cacfefc899c98da182ee2805a5)
2019-12-06 20:32:57 +01:00
..
2017-03-07 20:25:54 +09:00
2019-02-28 11:00:31 +01:00
2019-08-12 10:42:34 +09:00
2017-03-07 20:25:54 +09:00
2017-03-07 20:25:54 +09:00
2017-04-28 10:06:33 +09:00
2017-11-14 12:26:29 +01:00
2017-03-07 20:25:54 +09:00
2017-04-28 10:06:33 +09:00