diff options
| author | Werner Koch <[email protected]> | 2023-06-19 12:25:47 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-06-19 12:25:47 +0000 |
| commit | b1ecc8353ae37e48b586a315a228bce964253ffe (patch) | |
| tree | eddda39a8d8f84a92d5a6a705a75c81cd70e2eae /dirmngr/crlcache.c | |
| parent | gpgsm: Support SENDCERT_SKI for --call-dirmngr (diff) | |
| download | gnupg-b1ecc8353ae37e48b586a315a228bce964253ffe.tar.gz gnupg-b1ecc8353ae37e48b586a315a228bce964253ffe.zip | |
dirmngr: New option --ignore-crl-extensions.
* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--
This option is is useful for debugging problems with new CRL
extensions. It is similar to --ignore-cert-extension.
GnuPG-bug-id: 6545
Diffstat (limited to 'dirmngr/crlcache.c')
| -rw-r--r-- | dirmngr/crlcache.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 64f4de97f..ac673a8d5 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -2356,10 +2356,19 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader) for (idx=0; !(err=ksba_crl_get_extension (crl, idx, &oid, &critical, NULL, NULL)); idx++) { + strlist_t sl; + if (!critical || !strcmp (oid, oidstr_authorityKeyIdentifier) || !strcmp (oid, oidstr_crlNumber) ) continue; + + for (sl=opt.ignored_crl_extensions; + sl && strcmp (sl->d, oid); sl = sl->next) + ; + if (sl) + continue; /* Is in ignored list. */ + log_error (_("unknown critical CRL extension %s\n"), oid); log_info ("(CRL='%s')\n", url); if (!err2) |