dirmngr: Distinguish between "no crl" and "crl not trusted".

* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New. * dirmngr/crlcache.c (cache_isvalid): Set this status. (crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED. (crl_cache_reload_crl): Move diagnostic to ... * dirmngr/crlfetch.c (crl_fetch): here. * dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED. * dirmngr/validate.c (check_revocations): Handle new status. Improve diagnostics. * common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ. * common/audit.c (proc_type_verify): Ditto. -- This avoids repeated loading of CRLs in case of untrusted root certificates.
author: Werner Koch <[email protected]> 2023-03-09 17:28:39 +0000
committer: Werner Koch <[email protected]> 2023-03-09 17:28:39 +0000
commit: b52a0e244ae18aec4b9c93f90432a551fac95a40 (patch)
tree: db5677d70b5d85de0def204d88d43b4f15a597a0 /dirmngr/crlfetch.c
parent: keyboxd: Allow import of v0 certificates. (diff)
download: gnupg-b52a0e244ae18aec4b9c93f90432a551fac95a40.tar.gz
gnupg-b52a0e244ae18aec4b9c93f90432a551fac95a40.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index a591a2b5a..5b6b648e2 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -175,6 +175,9 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
   if (!url)
     return gpg_error (GPG_ERR_INV_ARG);
 
+  if (opt.verbose)
+    log_info ("fetching CRL from '%s'\n", url);
+
   err = http_parse_uri (&uri, url, 0);
   http_release_parsed_uri (uri);
   if (!err) /* Yes, our HTTP code groks that. */
author	Werner Koch <[email protected]>	2023-03-09 17:28:39 +0000
committer	Werner Koch <[email protected]>	2023-03-09 17:28:39 +0000
commit	b52a0e244ae18aec4b9c93f90432a551fac95a40 (patch)
tree	db5677d70b5d85de0def204d88d43b4f15a597a0 /dirmngr/crlfetch.c
parent	keyboxd: Allow import of v0 certificates. (diff)
download	gnupg-b52a0e244ae18aec4b9c93f90432a551fac95a40.tar.gz gnupg-b52a0e244ae18aec4b9c93f90432a551fac95a40.zip