From 493c142e582ff5ef1b5fdfcb9653715ef43e83e9 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 21 Feb 2017 09:37:07 +0100
Subject: dirmngr: New Assuan option "http-crl".

* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag.
* dirmngr/server.c (option_handler): New option "http-crl"
* dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag.
* dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.

* dirmngr/t-http.c (main): New option --no-crl.
--

This new option can be used to enable CRL checks on a per session
base.  The default is not to use CRLs for https connections.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/dirmngr.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'dirmngr/dirmngr.h')

diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 57e3372a0..b0b603f76 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -190,6 +190,8 @@ struct server_control_s
 
   int audit_events;  /* Send audit events to client.  */
   char *http_proxy;  /* The used http_proxy or NULL.  */
+
+  unsigned int http_no_crl:1;  /* Do not check CRLs for https.  */
 };
 
 
-- 
cgit v1.2.3