From 890e9849b58e91fb7e0ad8d3b11d19363fca2d8a Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Sat, 26 Feb 2022 17:24:33 +0100
Subject: dirmngr: Support ECDSA for OCSP.

* dirmngr/validate.c (pk_algo_from_sexp): Make public.  Support ECC.
* dirmngr/ocsp.c (check_signature): Remove hash preparation out to ...
(check_signature_core): here.  This changes the arg s_hash to md.
Support ECDSA.
--

The test was done with my qualified signature certificate from the
Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr .
See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf
---
 dirmngr/validate.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'dirmngr/validate.h')

diff --git a/dirmngr/validate.h b/dirmngr/validate.h
index c7082e3d1..5b23cb4de 100644
--- a/dirmngr/validate.h
+++ b/dirmngr/validate.h
@@ -48,6 +48,9 @@
 #define VALIDATE_FLAG_NOCRLCHECK  1024
 
 
+/* Helper to get the public key algo from a public key.  */
+int pk_algo_from_sexp (gcry_sexp_t pkey);
+
 /* Validate the certificate CHAIN up to the trust anchor. Optionally
    return the closest expiration time in R_EXPTIME. */
 gpg_error_t validate_cert_chain (ctrl_t ctrl,
-- 
cgit v1.2.3