diff options
| author | Werner Koch <[email protected]> | 2023-02-26 18:11:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-02-26 18:11:27 +0000 |
| commit | ffc25228550f47d363f6d3fbec86ee157115c9f5 (patch) | |
| tree | a4da1e962cacfb37072a0a4e154157db440ad964 | |
| parent | sm: Fix issuer certificate look error due to legacy error code. (diff) | |
| download | gnupg-ffc25228550f47d363f6d3fbec86ee157115c9f5.tar.gz gnupg-ffc25228550f47d363f6d3fbec86ee157115c9f5.zip | |
gpgsm: Improve cert lookup callback from dirmngr.
* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg. Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.
--
The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL. In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.
This _may_ also fix
GnuPG-bug-id: 4436
| -rw-r--r-- | sm/call-dirmngr.c | 7 | ||||
| -rw-r--r-- | sm/certlist.c | 6 | ||||
| -rw-r--r-- | sm/gpgsm.h | 5 |
3 files changed, 13 insertions, 5 deletions
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 1a411f28a..9f137ee3f 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -415,8 +415,8 @@ inq_certificate (void *opaque, const char *line) int err; ksba_cert_t cert; - - err = gpgsm_find_cert (parm->ctrl, line, ski, &cert, 1); + err = gpgsm_find_cert (parm->ctrl, line, ski, &cert, + FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM); if (err) { log_error ("certificate not found: %s\n", gpg_strerror (err)); @@ -954,7 +954,8 @@ run_command_inq_cb (void *opaque, const char *line) if (!*line) return gpg_error (GPG_ERR_ASS_PARAMETER); - err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert, 1); + err = gpgsm_find_cert (parm->ctrl, line, NULL, &cert, + FIND_CERT_ALLOW_AMBIG); if (err) { log_error ("certificate not found: %s\n", gpg_strerror (err)); diff --git a/sm/certlist.c b/sm/certlist.c index 52bf239cc..74dd10887 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -514,11 +514,12 @@ gpgsm_release_certlist (certlist_t list) int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert, - int allow_ambiguous) + unsigned int flags) { int rc; KEYDB_SEARCH_DESC desc; KEYDB_HANDLE kh = NULL; + int allow_ambiguous = (flags & FIND_CERT_ALLOW_AMBIG); *r_cert = NULL; rc = classify_user_id (name, &desc, 0); @@ -529,6 +530,9 @@ gpgsm_find_cert (ctrl_t ctrl, rc = gpg_error (GPG_ERR_ENOMEM); else { + if ((flags & FIND_CERT_WITH_EPHEM)) + keydb_set_ephemeral (kh, 1); + nextone: rc = keydb_search (ctrl, kh, &desc, 1); if (!rc) diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 0735fcb22..e1be5ca55 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -359,8 +359,11 @@ int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert, int gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, certlist_t *listaddr, int is_encrypt_to); void gpgsm_release_certlist (certlist_t list); + +#define FIND_CERT_ALLOW_AMBIG 1 +#define FIND_CERT_WITH_EPHEM 2 int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid, - ksba_cert_t *r_cert, int allow_ambiguous); + ksba_cert_t *r_cert, unsigned int flags); /*-- keylist.c --*/ gpg_error_t gpgsm_list_keys (ctrl_t ctrl, strlist_t names, |