From 151deac0dfcc712a00844943445cbde7c6b0eb38 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 25 Jan 2002 16:41:13 +0000
Subject: * gpgsm.c (main): Disable core dumps. * sign.c
 (add_certificate_list): New. (gpgsm_sign): Add the certificates to the CMS
 object. * certpath.c (gpgsm_walk_cert_chain): New. * gpgsm.h
 (server_control_s): Add included_certs. * gpgsm.c: Add option
 --include-certs. (gpgsm_init_default_ctrl): New. (main): Call it. * server.c
 (gpgsm_server): Ditto. (option_handler): Support --include-certs.

---
 sm/sign.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 51 insertions(+), 5 deletions(-)

(limited to 'sm/sign.c')

diff --git a/sm/sign.c b/sm/sign.c
index 48ec24a4d..9b23e8536 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -103,6 +103,49 @@ get_default_signer (void)
 }
 
 
+/* Depending on the options in CTRL add the certifcate CERT as well as
+   other certificate up in the chain to the Root-CA to the CMS
+   object. */
+static int 
+add_certificate_list (CTRL ctrl, KsbaCMS cms, KsbaCert cert)
+{
+  KsbaError err;
+  int rc = 0;
+  KsbaCert next = NULL;
+  int n;
+
+  ksba_cert_ref (cert);
+
+  n = ctrl->include_certs;
+  if (n < 0 || n > 50)
+    n = 50; /* We better apply an upper bound */
+
+  if (n)
+    {
+      err = ksba_cms_add_cert (cms, cert);
+      if (err)
+        goto ksba_failure;
+    }
+  while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) )
+    {
+      err = ksba_cms_add_cert (cms, next);
+      ksba_cert_release (cert);
+      cert = next; next = NULL;
+      if (err)
+        goto ksba_failure;
+    }
+  ksba_cert_release (cert);
+
+  return rc == -1? 0: rc;
+
+ ksba_failure:
+  ksba_cert_release (cert);
+  log_error ("ksba_cms_add_cert failed: %s\n", ksba_strerror (err));
+  return map_ksba_err (err);
+}
+
+
+
 
 /* Perform a sign operation.  
 
@@ -192,16 +235,19 @@ gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp)
   err = ksba_cms_add_signer (cms, cert);
   if (err)
     {
-      log_debug ("ksba_cms_add_signer failed: %s\n",  ksba_strerror (err));
+      log_error ("ksba_cms_add_signer failed: %s\n",  ksba_strerror (err));
       rc = map_ksba_err (err);
       goto leave;
     }
+  rc = add_certificate_list (ctrl, cms, cert);
+  if (rc)
+    {
+      log_error ("failed to store list of certificates: %s\n",
+                 gnupg_strerror(rc));
+      goto leave;
+    }
   ksba_cert_release (cert); cert = NULL;
 
-  /* fixme: We might want to include a list of certificate which are
-     put as info into the signed data object - maybe we should add a
-     flag to ksba_cms_add_signer to decider whether this cert should
-     be send along with the signature */
   
   /* Set the hash algorithm we are going to use */
   err = ksba_cms_add_digest_algo (cms, "1.3.14.3.2.26" /*SHA-1*/);
-- 
cgit v1.2.3