diff options
Diffstat (limited to 'dirmngr/dirmngr.c')
| -rw-r--r-- | dirmngr/dirmngr.c | 53 |
1 files changed, 49 insertions, 4 deletions
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 36ef873c2..51a586e20 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -143,6 +143,7 @@ enum cmd_and_opt_values { oSocketName, oLDAPWrapperProgram, oHTTPWrapperProgram, + oIgnoreCert, oIgnoreCertExtension, oUseTor, oNoUseTor, @@ -216,6 +217,7 @@ static gpgrt_opt_t opts[] = { N_("|N|do not return more than N items in one query")), ARGPARSE_s_u (oFakedSystemTime, "faked-system-time", "@"), /*(epoch time)*/ ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"), + ARGPARSE_s_s (oIgnoreCert,"ignore-cert", "@"), ARGPARSE_s_s (oIgnoreCertExtension,"ignore-cert-extension", "@"), @@ -419,7 +421,9 @@ static void cleanup (void); #if USE_LDAP static ldap_server_t parse_ldapserver_file (const char* filename, int ienoent); #endif /*USE_LDAP*/ -static fingerprint_list_t parse_ocsp_signer (const char *string); +static fingerprint_list_t parse_fingerprint_item (const char *string, + const char *optionname, + int want_binary); static void netactivity_action (void); static void handle_connections (assuan_fd_t listen_fd); static void gpgconf_versions (void); @@ -667,6 +671,12 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread) xfree (opt.ocsp_signer); opt.ocsp_signer = tmp; } + while (opt.ignored_certs) + { + fingerprint_list_t tmp = opt.ignored_certs->next; + xfree (opt.ignored_certs); + opt.ignored_certs = tmp; + } FREE_STRLIST (opt.ignored_cert_extensions); http_register_tls_ca (NULL); FREE_STRLIST (hkp_cacert_filenames); @@ -732,7 +742,8 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread) case oAllowVersionCheck: opt.allow_version_check = 1; break; case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break; case oOCSPSigner: - opt.ocsp_signer = parse_ocsp_signer (pargs->r.ret_str); + opt.ocsp_signer = parse_fingerprint_item (pargs->r.ret_str, + "--ocsp-signer", 0); break; case oOCSPMaxClockSkew: opt.ocsp_max_clock_skew = pargs->r.ret_int; break; case oOCSPMaxPeriod: opt.ocsp_max_period = pargs->r.ret_int; break; @@ -754,6 +765,24 @@ parse_rereadable_options (gpgrt_argparse_t *pargs, int reread) } break; + case oIgnoreCert: + { + fingerprint_list_t item, r; + item = parse_fingerprint_item (pargs->r.ret_str, "--ignore-cert", 20); + if (item) + { /* Append */ + if (!opt.ignored_certs) + opt.ignored_certs = item; + else + { + for (r = opt.ignored_certs; r->next; r = r->next) + ; + r->next = item; + } + } + } + break; + case oIgnoreCertExtension: add_to_strlist (&opt.ignored_cert_extensions, pargs->r.ret_str); break; @@ -1709,8 +1738,13 @@ parse_ldapserver_file (const char* filename, int ignore_enoent) } #endif /*USE_LDAP*/ + +/* Parse a fingerprint entry as used by --ocsc-signer. OPTIONNAME as + * a description on the options used. WANT_BINARY requests to store a + * binary fingerprint. Returns NULL on error and logs that error. */ static fingerprint_list_t -parse_ocsp_signer (const char *string) +parse_fingerprint_item (const char *string, + const char *optionname, int want_binary) { gpg_error_t err; char *fname; @@ -1735,10 +1769,15 @@ parse_ocsp_signer (const char *string) if (j != 40 || !(spacep (string+i) || !string[i])) { log_error (_("%s:%u: invalid fingerprint detected\n"), - "--ocsp-signer", 0); + optionname, 0); xfree (item); return NULL; } + if (want_binary) + { + item->binlen = 20; + hex2bin (item->hexfpr, item->hexfpr, 20); + } return item; } @@ -1821,6 +1860,12 @@ parse_ocsp_signer (const char *string) log_error (_("%s:%u: invalid fingerprint detected\n"), fname, lnr); errflag = 1; } + else if (want_binary) + { + item->binlen = 20; + hex2bin (item->hexfpr, item->hexfpr, 20); + } + i++; while (spacep (p+i)) i++; |