mirror of git://git.gnupg.org/gnupg.git
8c167febc0
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--
See the code for a description of the problem. Tested using the certs
from the bug report and various command lines
gpgsm --faked-system-time=XXXX --disable-crl-checks \
-ea -v --debug x509 -r 0x95599828
with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired
The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.
GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| ChangeLog-2011 | ||
| Makefile.am | ||
| call-agent.c | ||
| call-dirmngr.c | ||
| certchain.c | ||
| certcheck.c | ||
| certdump.c | ||
| certlist.c | ||
| certreqgen-ui.c | ||
| certreqgen.c | ||
| decrypt.c | ||
| delete.c | ||
| encrypt.c | ||
| export.c | ||
| fingerprint.c | ||
| gpgsm-w32info.rc | ||
| gpgsm.c | ||
| gpgsm.h | ||
| import.c | ||
| keydb.c | ||
| keydb.h | ||
| keylist.c | ||
| minip12.c | ||
| minip12.h | ||
| misc.c | ||
| passphrase.c | ||
| passphrase.h | ||
| qualified.c | ||
| server.c | ||
| sign.c | ||
| verify.c | ||