diff options
| author | Werner Koch <[email protected]> | 2023-03-09 17:28:39 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-03-09 17:28:39 +0000 |
| commit | b52a0e244ae18aec4b9c93f90432a551fac95a40 (patch) | |
| tree | db5677d70b5d85de0def204d88d43b4f15a597a0 /common/status.c | |
| parent | keyboxd: Allow import of v0 certificates. (diff) | |
| download | gnupg-b52a0e244ae18aec4b9c93f90432a551fac95a40.tar.gz gnupg-b52a0e244ae18aec4b9c93f90432a551fac95a40.zip | |
dirmngr: Distinguish between "no crl" and "crl not trusted".
* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status. Improve
diagnostics.
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.
--
This avoids repeated loading of CRLs in case of untrusted root
certificates.
Diffstat (limited to 'common/status.c')
| -rw-r--r-- | common/status.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/common/status.c b/common/status.c index b752c12c6..b7dc1de39 100644 --- a/common/status.c +++ b/common/status.c @@ -158,7 +158,8 @@ get_inv_recpsgnr_code (gpg_error_t err) case GPG_ERR_WRONG_KEY_USAGE: errstr = "3"; break; case GPG_ERR_CERT_REVOKED: errstr = "4"; break; case GPG_ERR_CERT_EXPIRED: errstr = "5"; break; - case GPG_ERR_NO_CRL_KNOWN: errstr = "6"; break; + case GPG_ERR_NO_CRL_KNOWN: + case GPG_ERR_INV_CRL_OBJ: errstr = "6"; break; case GPG_ERR_CRL_TOO_OLD: errstr = "7"; break; case GPG_ERR_NO_POLICY_MATCH: errstr = "8"; break; |