From d1625a9a82b1e5d96bbbf2132c49c53108565ae1 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 21 Feb 2017 13:57:24 +0100 Subject: dirmngr: Load --hkp-cacert values into the certificate cache. * dirmngr/dirmngr.c (hkp_cacert_filenames): New var. (parse_rereadable_options): Store filenames from --hkp-cacert in the new var. (main, dirmngr_sighup_action): Pass that var to cert_cache_init. * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load those certs. (load_certs_from_file): Use autodetect so that PEM and DER encodings are possible. Signed-off-by: Werner Koch --- dirmngr/certcache.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'dirmngr/certcache.c') diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c index 61be57efd..47eea25cc 100644 --- a/dirmngr/certcache.c +++ b/dirmngr/certcache.c @@ -471,7 +471,8 @@ load_certs_from_file (const char *fname, unsigned int trustclasses, } err = gnupg_ksba_create_reader (&ioctx, - (GNUPG_KSBA_IO_PEM | GNUPG_KSBA_IO_MULTIPEM), + (GNUPG_KSBA_IO_AUTODETECT + | GNUPG_KSBA_IO_MULTIPEM), fp, &reader); if (err) { @@ -686,9 +687,10 @@ load_certs_from_system (void) /* Initialize the certificate cache if not yet done. */ void -cert_cache_init (void) +cert_cache_init (strlist_t hkp_cacerts) { char *fname; + strlist_t sl; if (initialization_done) return; @@ -707,6 +709,10 @@ cert_cache_init (void) load_certs_from_dir (fname, 0); xfree (fname); + for (sl = hkp_cacerts; sl; sl = sl->next) + load_certs_from_file (sl->d, CERTTRUST_CLASS_HKP, 0); + + fname = make_filename_try (gnupg_datadir (), "sks-keyservers.netCA.pem", NULL); if (fname) -- cgit v1.2.3