diff options
| author | Werner Koch <wk@gnupg.org> | 2017-02-21 14:55:04 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2017-02-21 14:55:04 +0100 |
| commit | 831d014550863026dfefa774c961a21bd20c1e48 (patch) | |
| tree | a7ab8eb014de4a48375a4f3242e61aa7bfcef9b2 /sm/keylist.c | |
| parent | dirmngr: Load --hkp-cacert values into the certificate cache. (diff) | |
| download | gnupg2-831d014550863026dfefa774c961a21bd20c1e48.tar.xz gnupg2-831d014550863026dfefa774c961a21bd20c1e48.zip | |
dirmngr: Add special treatment for the standard hkps pool to ntbtls.
* dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove
(VALIDATE_FLAG_EXTRATRUST): Remove
(VALIDATE_FLAG_TRUST_SYSTEM): New.
(VALIDATE_FLAG_TRUST_CONFIG): New.
(VALIDATE_FLAG_TRUST_HKP): New.
(VALIDATE_FLAG_TRUST_HKPSPOOL): New.
(VALIDATE_FLAG_MASK_TRUST): New.
* dirmngr/validate.c (check_header_constants): New.
(validate_cert_chain): Call new function. Simplify call to
is_trusted_cert.
* dirmngr/crlcache.c (crl_parse_insert): Pass
VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain
* dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and
VALIDATE_FLAG_TRUST_CONFIG.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS
context. Set trustclass flags using the new VALIDATE_FLAG_TRUST
values.
* dirmngr/certcache.c (cert_cache_init): Load the standard pool
certificate prior to the --hkp-cacerts.
--
Note that this changes the way the standard cert is used: We require
that it is installed at /usr/share/gnupg and we do not allow to change
it. If this is not desired, the the standard cert can be removed or
replaced by a newer one.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'sm/keylist.c')
0 files changed, 0 insertions, 0 deletions