diff options
| author | Werner Koch <[email protected]> | 2016-08-18 09:23:40 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-08-18 09:23:40 +0000 |
| commit | d83ba4897bf217d1045c58d1b99e52bd31c58812 (patch) | |
| tree | 1eaf4c2976175b8dcedd5d3c3a721c3015fbf68a /dirmngr/validate.c | |
| parent | gpg: New option --sender (diff) | |
| download | gnupg-d83ba4897bf217d1045c58d1b99e52bd31c58812.tar.gz gnupg-d83ba4897bf217d1045c58d1b99e52bd31c58812.zip | |
dirmngr: Remove all system daemon features.
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | dirmngr/validate.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/dirmngr/validate.c b/dirmngr/validate.c index 1a851b6ce..b3dc9d8c6 100644 --- a/dirmngr/validate.c +++ b/dirmngr/validate.c @@ -354,6 +354,10 @@ is_root_cert (ksba_cert_t cert, const char *issuerdn, const char *subjectdn) return the closest expiration time in R_EXPTIME (this is useful for caching issues). MODE is one of the VALIDATE_MODE_* constants. + Note that VALIDATE_MODE_OCSP is not used due to the removal of the + system service in 2.1.15. Instead only the callback to gpgsm to + validate a certificate is used. + If R_TRUST_ANCHOR is not NULL and the validation would fail only because the root certificate is not trusted, the hexified fingerprint of that root certificate is stored at R_TRUST_ANCHOR @@ -382,14 +386,6 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, if (r_trust_anchor) *r_trust_anchor = NULL; - if (!opt.system_daemon) - { - /* For backward compatibility we only do this in daemon mode. */ - log_info (_("running in compatibility mode - " - "certificate chain not checked!\n")); - return 0; /* Okay. */ - } - if (DBG_X509) dump_cert ("subject", cert); |