diff options
| author | Werner Koch <[email protected]> | 2004-02-03 16:27:51 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2004-02-03 16:27:51 +0000 |
| commit | 336e415f5b09819255c4d52d701575282b6ab5ce (patch) | |
| tree | 975b1ffdffe52efe697e9c44e526e63003d61c56 | |
| parent | * findkey.c (agent_key_from_file): Extra paranoid wipe. (diff) | |
| download | gnupg-336e415f5b09819255c4d52d701575282b6ab5ce.tar.gz gnupg-336e415f5b09819255c4d52d701575282b6ab5ce.zip | |
* import.c (check_and_store): Import certificates even with
missing issuer's cert. Fixed an "depending on the verbose
setting" bug.
Diffstat (limited to '')
| -rw-r--r-- | sm/ChangeLog | 4 | ||||
| -rw-r--r-- | sm/import.c | 17 |
2 files changed, 17 insertions, 4 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog index cde6e8439..7c4483335 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,5 +1,9 @@ 2004-02-02 Werner Koch <[email protected]> + * import.c (check_and_store): Import certificates even with + missing issuer's cert. Fixed an "depending on the verbose + setting" bug. + * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. diff --git a/sm/import.c b/sm/import.c index 2bc6e694f..20413b92c 100644 --- a/sm/import.c +++ b/sm/import.c @@ -130,8 +130,15 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth) return; } + /* Some basic checks, but don't care about missing certificates; + this is so that we are able to import entire certificate chains + w/o requirening a special order (i.e. root-CA first). This used + to be different but becuase gpgsm_verify even imports + certificates without any checks, it doesn't matter much and the + code gets much cleaner. A housekeeping function to remove + certificates w/o an anchor would be nice, though. */ rc = gpgsm_basic_cert_check (cert); - if (!rc) + if (!rc || gpg_err_code (rc) == GPG_ERR_MISSING_CERT) { int existed; @@ -161,9 +168,11 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth) else log_info ("certificate imported\n"); } + /* Now lets walk up the chain and import all certificates up - the chain.*/ - else if (!gpgsm_walk_cert_chain (cert, &next)) + the chain. This is required in case we already stored + parent certificates in the ephemeral keybox. */ + if (!gpgsm_walk_cert_chain (cert, &next)) { check_and_store (ctrl, stats, next, depth+1); ksba_cert_release (next); @@ -205,7 +214,7 @@ import_one (CTRL ctrl, struct stats_s *stats, int in_fd) { rc = gpg_error (gpg_err_code_from_errno (errno)); log_error ("fdopen() failed: %s\n", strerror (errno)); - goto leave; + q goto leave; } rc = gpgsm_create_reader (&b64reader, ctrl, fp, &reader); |