diff options
| author | Werner Koch <[email protected]> | 2009-12-10 13:00:30 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2009-12-10 13:00:30 +0000 |
| commit | a51675fabe3af33cd7a942b71409f6546c3fad1d (patch) | |
| tree | c3ff0a3109823f1889cec207523aa435b1aa5b0b /sm | |
| parent | 2009-12-08 Marcus Brinkmann <[email protected]> (diff) | |
| download | gnupg-a51675fabe3af33cd7a942b71409f6546c3fad1d.tar.gz gnupg-a51675fabe3af33cd7a942b71409f6546c3fad1d.zip | |
Add option --cert-extension.
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/ChangeLog | 6 | ||||
| -rw-r--r-- | sm/certchain.c | 17 | ||||
| -rw-r--r-- | sm/gpgsm.c | 8 | ||||
| -rw-r--r-- | sm/gpgsm.h | 7 |
4 files changed, 35 insertions, 3 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog index bb2b4b37f..5ddec9ca1 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,9 @@ +2009-12-10 Werner Koch <[email protected]> + + * gpgsm.c: Add option --ignore-cert-extension. + * gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS. + * certchain.c (unknown_criticals): Handle ignored extensions, + 2009-12-08 Werner Koch <[email protected]> * keydb.c (keydb_search_kid): Fix code even that it is not used. diff --git a/sm/certchain.c b/sm/certchain.c index e9a1aadfa..37ac9c15d 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -229,6 +229,8 @@ unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp) int rc = 0, i, idx, crit; const char *oid; gpg_error_t err; + int unsupported; + strlist_t sl; for (idx=0; !(err=ksba_cert_get_extension (cert, idx, &oid, &crit, NULL, NULL));idx++) @@ -237,7 +239,20 @@ unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp) continue; for (i=0; known[i] && strcmp (known[i],oid); i++) ; - if (!known[i]) + unsupported = !known[i]; + + /* If this critical extension is not supoported, check the list + of to be ignored extensions to se whether we claim that it is + supported. */ + if (unsupported && opt.ignored_cert_extensions) + { + for (sl=opt.ignored_cert_extensions; + sl && strcmp (sl->d, oid); sl = sl->next) + ; + if (sl) + unsupported = 0; + } + if (unsupported) { do_list (1, listmode, fp, _("critical certificate extension %s is not supported"), diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 834bcce23..94cc23dec 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -176,7 +176,8 @@ enum cmd_and_opt_values { oDisablePubkeyAlgo, oIgnoreTimeConflict, oNoRandomSeedFile, - oNoCommonCertsImport + oNoCommonCertsImport, + oIgnoreCertExtension }; @@ -376,6 +377,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), ARGPARSE_s_n (oNoRandomSeedFile, "no-random-seed-file", "@"), ARGPARSE_s_n (oNoCommonCertsImport, "no-common-certs-import", "@"), + ARGPARSE_s_s (oIgnoreCertExtension, "ignore-cert-extension", "@"), /* Command aliases. */ ARGPARSE_c (aListKeys, "list-key", "@"), @@ -1391,6 +1393,10 @@ main ( int argc, char **argv) } break; + case oIgnoreCertExtension: + add_to_strlist (&opt.ignored_cert_extensions, pargs.r.ret_str); + break; + default: pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index b6c9a763d..c4a261bf2 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -134,8 +134,13 @@ struct runtime. */ struct keyserver_spec *keyserver; -} opt; + /* A list of certificate extension OIDs which are ignored so that + one can claim that a critical extension has been handled. One + OID per string. */ + strlist_t ignored_cert_extensions; + +} opt; /* Debug values and macros. */ #define DBG_X509_VALUE 1 /* debug x.509 data reading/writing */ |