diff options
| author | Werner Koch <[email protected]> | 2022-08-31 16:11:36 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2022-08-31 16:13:25 +0000 |
| commit | ea34325c54a2746bdc2d667a1c98ab07b051cf75 (patch) | |
| tree | 3f3eb00d767dcd11f0749b4bf172af1d7f32ffd1 | |
| parent | gpg: Add descriptions for --auto-key-import and --include-key-import (diff) | |
| download | gnupg-ea34325c54a2746bdc2d667a1c98ab07b051cf75.tar.gz gnupg-ea34325c54a2746bdc2d667a1c98ab07b051cf75.zip | |
dirmngr: New option --debug-cache-expired-certs.
* dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs:
* dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* dirmngr/certcache.c (put_cert): Handle the option.
| -rw-r--r-- | dirmngr/certcache.c | 5 | ||||
| -rw-r--r-- | dirmngr/dirmngr.c | 9 | ||||
| -rw-r--r-- | dirmngr/dirmngr.h | 3 |
3 files changed, 14 insertions, 3 deletions
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c index 69c27aa9c..570532345 100644 --- a/dirmngr/certcache.c +++ b/dirmngr/certcache.c @@ -271,8 +271,9 @@ put_cert (ksba_cert_t cert, int permanent, unsigned int trustclass, cert_item_t ci; fingerprint_list_t ignored; - if (permanent) - { /* Do a little validation. */ + /* Do not keep expired certificates in the permanent cache. */ + if (permanent && !opt.debug_cache_expired_certs) + { ksba_isotime_t not_after; ksba_isotime_t current_time; diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index fa10c286b..e287194ce 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -107,6 +107,7 @@ enum cmd_and_opt_values { oDebugWait, oDebugLevel, oGnutlsDebug, + oDebugCacheExpiredCerts, oNoGreeting, oNoOptions, oHomedir, @@ -293,8 +294,9 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_header (NULL, N_("Other options")), ARGPARSE_s_n (oForce, "force", N_("force loading of outdated CRLs")), - ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */ + ARGPARSE_s_s (oSocketName, "socket-name", "@"), /* Only for debugging. */ + ARGPARSE_s_n (oDebugCacheExpiredCerts, "debug-cache-expired-certs", "@"), ARGPARSE_header (NULL, ""), /* Stop the header group. */ @@ -706,6 +708,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.connect_quick_timeout = 0; opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT; ldapserver_list_needs_reset = 1; + opt.debug_cache_expired_certs = 0; return 1; } @@ -864,6 +867,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.ldaptimeout = pargs->r.ret_int; break; + case oDebugCacheExpiredCerts: + opt.debug_cache_expired_certs = 0; + break; + default: return 0; /* Not handled. */ } diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 159fab4ad..369102d54 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -130,6 +130,9 @@ struct OID per string. */ strlist_t ignored_cert_extensions; + /* Allow expired certificates in the cache. */ + int debug_cache_expired_certs; + int allow_ocsp; /* Allow using OCSP. */ int max_replies; |