diff options
| author | Werner Koch <[email protected]> | 2021-10-06 08:31:41 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-10-06 08:35:51 +0000 |
| commit | 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d (patch) | |
| tree | 7f9240291d53a3b9155394fcb5d6cc5eca14ecc5 /dirmngr/dirmngr.h | |
| parent | dirmngr: Fix Let's Encrypt certificate chain validation. (diff) | |
| download | gnupg-4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d.tar.gz gnupg-4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d.zip | |
dirmngr: New option --ignore-cert
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--
This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
Diffstat (limited to 'dirmngr/dirmngr.h')
| -rw-r--r-- | dirmngr/dirmngr.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 498a3d7b1..464aeb76e 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -74,6 +74,7 @@ typedef struct fingerprint_list_s *fingerprint_list_t; struct fingerprint_list_s { fingerprint_list_t next; + char binlen; /* If this is not 0 hexfpr actually carries a binary fpr. */ char hexfpr[20+20+1]; }; @@ -119,6 +120,10 @@ struct int ignore_ocsp_service_url; /* Ignore OCSP service URLs as given in the certificate. */ + /* A list of fingerprints of certififcates we should completely + * ignore. These are all stored in binary format. */ + fingerprint_list_t ignored_certs; + /* A list of certificate extension OIDs which are ignored so that one can claim that a critical extension has been handled. One OID per string. */ |