diff options
| author | Werner Koch <wk@gnupg.org> | 2017-02-17 21:31:33 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-02-17 21:31:33 +0100 |
| commit | f07811ee2c0a8044551e2ec063eda61cff7f6e39 (patch) | |
| tree | 36f07a12fc3c897a4ef2a4bd9d39cc8e01045021 /dirmngr/server.c | |
| parent | dirmngr: Add options --tls and --systrust to the VALIDATE cmd. (diff) | |
| download | gnupg2-f07811ee2c0a8044551e2ec063eda61cff7f6e39.tar.xz gnupg2-f07811ee2c0a8044551e2ec063eda61cff7f6e39.zip | |
dirmngr: Add option --no-crl to the VALIDATE cmd.
* dirmngr/validate.h: Remove enums VALIDATE_MODE_*.
(VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST)
(VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE)
(VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS)
(VALIDATE_FLAG_NOCRLCHECK): New constants.
* dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to
'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge.
* dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for
the validate_cert_chain call.
* dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'dirmngr/server.c')
| -rw-r--r-- | dirmngr/server.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/dirmngr/server.c b/dirmngr/server.c index 05ef439a1..1134ac081 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -1733,7 +1733,7 @@ cmd_cachecert (assuan_context_t ctx, char *line) static const char hlp_validate[] = - "VALIDATE [--systrust] [--tls]\n" + "VALIDATE [--systrust] [--tls] [--no-crl]\n" "\n" "Validate a certificate using the certificate validation function\n" "used internally by dirmngr. This command is only useful for\n" @@ -1753,7 +1753,8 @@ static const char hlp_validate[] = "need to be PEM encoded.\n" "\n" "The option --systrust changes the behaviour to include the system\n" - "provided root certificates as trust anchors."; + "provided root certificates as trust anchors. The option --no-crl\n" + "skips CRL checks"; static gpg_error_t cmd_validate (assuan_context_t ctx, char *line) { @@ -1763,10 +1764,11 @@ cmd_validate (assuan_context_t ctx, char *line) certlist_t certlist = NULL; unsigned char *value = NULL; size_t valuelen; - int systrust_mode, tls_mode; + int systrust_mode, tls_mode, no_crl; systrust_mode = has_option (line, "--systrust"); tls_mode = has_option (line, "--tls"); + no_crl = has_option (line, "--no-crl"); line = skip_options (line); if (tls_mode) @@ -1843,14 +1845,11 @@ cmd_validate (assuan_context_t ctx, char *line) cache_cert (cl->cert); } - - err = validate_cert_chain - (ctrl, cert, NULL, - tls_mode && systrust_mode ? VALIDATE_MODE_TLS_SYSTRUST : - tls_mode ? VALIDATE_MODE_TLS : - /**/ systrust_mode ? VALIDATE_MODE_CERT_SYSTRUST : - /**/ VALIDATE_MODE_CERT, - NULL); + err = validate_cert_chain (ctrl, cert, NULL, + ((tls_mode ? VALIDATE_FLAG_TLS : 0) + | (systrust_mode ? VALIDATE_FLAG_SYSTRUST : 0) + | (no_crl ? VALIDATE_FLAG_NOCRLCHECK : 0)), + NULL); leave: ksba_cert_release (cert); |