diff options
| author | Werner Koch <wk@gnupg.org> | 2004-02-20 14:46:21 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2004-02-20 14:46:21 +0100 |
| commit | aa0e38982a2d220ecafb6f82b169c1e4897f9e29 (patch) | |
| tree | d4afe59e3bace3e8949c95069d32091f4c1c706b /sm/certchain.c | |
| parent | * protect-tool.c: New options --have-cert and --prompt. (diff) | |
| download | gnupg2-aa0e38982a2d220ecafb6f82b169c1e4897f9e29.tar.xz gnupg2-aa0e38982a2d220ecafb6f82b169c1e4897f9e29.zip | |
* gpgsm.c (main): New option --debug-ignore-expiration.
* certchain.c (gpgsm_validate_chain): Use it here.
* certlist.c (cert_usage_p): Apply extKeyUsage.
Diffstat (limited to 'sm/certchain.c')
| -rw-r--r-- | sm/certchain.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/sm/certchain.c b/sm/certchain.c index bf5582503..2a59c559d 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -66,7 +66,6 @@ do_list (int is_error, int listmode, FILE *fp, const char *format, ...) } - static int unknown_criticals (ksba_cert_t cert, int listmode, FILE *fp) { @@ -74,6 +73,7 @@ unknown_criticals (ksba_cert_t cert, int listmode, FILE *fp) "2.5.29.15", /* keyUsage */ "2.5.29.19", /* basic Constraints */ "2.5.29.32", /* certificatePolicies */ + "2.5.29.37", /* extendedKeyUsage - handled by certlist.c */ NULL }; int rc = 0, i, idx, crit; @@ -548,16 +548,20 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, rc = gpg_error (GPG_ERR_CERT_TOO_YOUNG); goto leave; } - if (not_after && strcmp (current_time, not_after) > 0 ) + if (*not_after && strcmp (current_time, not_after) > 0 ) { - do_list (1, lm, fp, _("certificate has expired")); + do_list (opt.ignore_expiration?0:1, lm, fp, + _("certificate has expired")); if (!lm) { - log_error ("(expired at "); + log_info ("(expired at "); gpgsm_dump_time (not_after); log_printf (")\n"); } - any_expired = 1; + if (opt.ignore_expiration) + log_info ("WARNING: ignoring expiration\n"); + else + any_expired = 1; } } |