From 6af7631e54e42092a04c95b96132201969936b90 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 11 Jan 2002 17:07:51 +0000
Subject: * call-dirmngr.c: New. * certpath.c (gpgsm_validate_path): Check the
 CRL here. * fingerprint.c (gpgsm_get_certid): New. * gpgsm.c: New options
 --dirmngr-program and --disable-crl-checks.

---
 sm/certpath.c | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'sm/certpath.c')

diff --git a/sm/certpath.c b/sm/certpath.c
index 31ddcd8fa..69a9c55fb 100644
--- a/sm/certpath.c
+++ b/sm/certpath.c
@@ -69,6 +69,33 @@ gpgsm_validate_path (KsbaCert cert)
           goto leave;
         }
 
+      if (!opt.no_crl_check)
+        {
+          rc = gpgsm_dirmngr_isvalid (subject_cert);
+          if (rc)
+            {
+              switch (rc)
+                {
+                case GNUPG_Certificate_Revoked:
+                  log_error (_("the certificate has been revoked\n"));
+                  break;
+                case GNUPG_No_CRL_Known:
+                  log_error (_("no CRL found for certificate\n"));
+                  break;
+                case GNUPG_CRL_Too_Old:
+                  log_error (_("the available CRL is too old\n"));
+                  log_info (_("please make sure that the "
+                              "\"dirmngr\" is properly installed\n"));
+                  break;
+                default:
+                  log_error (_("checking the CRL failed: %s\n"),
+                             gnupg_strerror (rc));
+                  break;
+                }
+              goto leave;
+            }
+        }
+
       if (subject && !strcmp (issuer, subject))
         {
           if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
@@ -118,6 +145,10 @@ gpgsm_validate_path (KsbaCert cert)
       subject_cert = issuer_cert;
       issuer_cert = NULL;
     }
+
+  if (opt.no_crl_check)
+    log_info ("CRL was not checked due to --no-crl-cechk option\n");
+
   
  leave:
   xfree (issuer);
-- 
cgit v1.2.3