dirmngr: For CRL issuer verification trust the system's root CA.

* dirmngr/crlcache.c (crl_parse_insert): Add VALIDATE_FLAG_TRUST_SYSTEM. -- GnuPG-bug-id: 6963
author: Werner Koch <wk@gnupg.org> 2024-01-26 13:14:14 +0100
committer: Werner Koch <wk@gnupg.org> 2024-01-26 13:14:35 +0100
commit: 4dc09bc5e7f349948a0bb68bdacfdbbc221a2b45 (patch)
tree: d6fe3e9ee9b6d33182610c262cbaa99e1ea9e244 /dirmngr
parent: common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR. (diff)
download: gnupg2-4dc09bc5e7f349948a0bb68bdacfdbbc221a2b45.tar.xz
gnupg2-4dc09bc5e7f349948a0bb68bdacfdbbc221a2b45.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c
index ac673a8d5..d3fe5c272 100644
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@@ -2086,6 +2086,7 @@ crl_parse_insert (ctrl_t ctrl, ksba_crl_t crl,
 
             err = validate_cert_chain (ctrl, crlissuer_cert, NULL,
                                        (VALIDATE_FLAG_TRUST_CONFIG
+                                        | VALIDATE_FLAG_TRUST_SYSTEM
                                         | VALIDATE_FLAG_CRL
                                         | VALIDATE_FLAG_RECURSIVE),
                                        r_trust_anchor);
author	Werner Koch <wk@gnupg.org>	2024-01-26 13:14:14 +0100
committer	Werner Koch <wk@gnupg.org>	2024-01-26 13:14:35 +0100
commit	4dc09bc5e7f349948a0bb68bdacfdbbc221a2b45 (patch)
tree	d6fe3e9ee9b6d33182610c262cbaa99e1ea9e244 /dirmngr
parent	common,w32: Fix use of GNUPG_SPAWN_KEEP_STDERR. (diff)
download	gnupg2-4dc09bc5e7f349948a0bb68bdacfdbbc221a2b45.tar.xz gnupg2-4dc09bc5e7f349948a0bb68bdacfdbbc221a2b45.zip