From b1ecc8353ae37e48b586a315a228bce964253ffe Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 19 Jun 2023 14:25:47 +0200
Subject: dirmngr: New option --ignore-crl-extensions.

* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--

This option is is useful for debugging problems with new CRL
extensions.  It is similar to --ignore-cert-extension.

GnuPG-bug-id: 6545
---
 dirmngr/dirmngr.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'dirmngr/dirmngr.h')

diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index 5571d6181..50c97f140 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -132,6 +132,11 @@ struct
      OID per string.  */
   strlist_t ignored_cert_extensions;
 
+  /* A list of CRL extension OIDs which are ignored so that one can
+   * claim that a critical extension has been handled.  One OID per
+   * string.  */
+  strlist_t ignored_crl_extensions;
+
   /* Allow expired certificates in the cache.  */
   int debug_cache_expired_certs;
 
-- 
cgit v1.2.3