summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndre Heinecke <aheinecke@intevation.de>2018-10-23 12:46:38 +0200
committerWerner Koch <wk@gnupg.org>2023-02-24 18:22:13 +0100
commit1952a0e5e41c5f27cac81ff876eba5373f4cfc5f (patch)
treed53e80a1121a9183ee609a0ee22017cc7a8e2d29
parentdoc: Minor comment fixes. (diff)
downloadgnupg2-1952a0e5e41c5f27cac81ff876eba5373f4cfc5f.tar.xz
gnupg2-1952a0e5e41c5f27cac81ff876eba5373f4cfc5f.zip
sm: Fix dirmngr loadcrl for intermediate certs
* sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED. (inq_certificate): Distinguish unsupported inquiry error. -- When loading a CRL through "gpgsm --call-dirmngr loadcrl foo" dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which previously resulted in an error. (cherry picked from commit 6b36c16f77722d17f4f317c788701cbc1e9552b2) That commit was from the 2.2 branch and we forgot to forward port it.
-rw-r--r--sm/call-dirmngr.c28
1 files changed, 26 insertions, 2 deletions
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index cc958ccf8..da3839349 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -362,7 +362,7 @@ inq_certificate (void *opaque, const char *line)
}
else
{
- log_error ("unsupported inquiry '%s'\n", line);
+ log_error ("unsupported certificate inquiry '%s'\n", line);
return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}
@@ -1035,9 +1035,33 @@ run_command_inq_cb (void *opaque, const char *line)
line = s;
log_info ("dirmngr: %s\n", line);
}
+ else if ((s = has_leading_keyword (line, "ISTRUSTED")))
+ {
+ /* The server is asking us whether the certificate is a trusted
+ root certificate. */
+ char fpr[41];
+ struct rootca_flags_s rootca_flags;
+ int n;
+
+ line = s;
+
+ for (s=line,n=0; hexdigitp (s); s++, n++)
+ ;
+ if (*s || n != 40)
+ return gpg_error (GPG_ERR_ASS_PARAMETER);
+ for (s=line, n=0; n < 40; s++, n++)
+ fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
+ fpr[n] = 0;
+
+ if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
+ rc = assuan_send_data (parm->ctx, "1", 1);
+ else
+ rc = 0;
+ return rc;
+ }
else
{
- log_error ("unsupported inquiry '%s'\n", line);
+ log_error ("unsupported command inquiry '%s'\n", line);
rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
}