diff options
author | Andre Heinecke <aheinecke@intevation.de> | 2018-10-23 12:46:38 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2023-02-24 18:22:13 +0100 |
commit | 1952a0e5e41c5f27cac81ff876eba5373f4cfc5f (patch) | |
tree | d53e80a1121a9183ee609a0ee22017cc7a8e2d29 | |
parent | doc: Minor comment fixes. (diff) | |
download | gnupg2-1952a0e5e41c5f27cac81ff876eba5373f4cfc5f.tar.xz gnupg2-1952a0e5e41c5f27cac81ff876eba5373f4cfc5f.zip |
sm: Fix dirmngr loadcrl for intermediate certs
* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
(inq_certificate): Distinguish unsupported inquiry error.
--
When loading a CRL through "gpgsm --call-dirmngr loadcrl foo"
dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which
previously resulted in an error.
(cherry picked from commit 6b36c16f77722d17f4f317c788701cbc1e9552b2)
That commit was from the 2.2 branch and we forgot to forward port it.
-rw-r--r-- | sm/call-dirmngr.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index cc958ccf8..da3839349 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -362,7 +362,7 @@ inq_certificate (void *opaque, const char *line) } else { - log_error ("unsupported inquiry '%s'\n", line); + log_error ("unsupported certificate inquiry '%s'\n", line); return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); } @@ -1035,9 +1035,33 @@ run_command_inq_cb (void *opaque, const char *line) line = s; log_info ("dirmngr: %s\n", line); } + else if ((s = has_leading_keyword (line, "ISTRUSTED"))) + { + /* The server is asking us whether the certificate is a trusted + root certificate. */ + char fpr[41]; + struct rootca_flags_s rootca_flags; + int n; + + line = s; + + for (s=line,n=0; hexdigitp (s); s++, n++) + ; + if (*s || n != 40) + return gpg_error (GPG_ERR_ASS_PARAMETER); + for (s=line, n=0; n < 40; s++, n++) + fpr[n] = (*s >= 'a')? (*s & 0xdf): *s; + fpr[n] = 0; + + if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags)) + rc = assuan_send_data (parm->ctx, "1", 1); + else + rc = 0; + return rc; + } else { - log_error ("unsupported inquiry '%s'\n", line); + log_error ("unsupported command inquiry '%s'\n", line); rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); } |