diff options
| author | Werner Koch <[email protected]> | 2017-02-17 15:39:48 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-02-17 15:41:02 +0000 |
| commit | 070211eb990f5ea41271eba432b6a6b485cef7c7 (patch) | |
| tree | df547fb8197e445666906f4a0ee5f37fda512e9d /dirmngr/validate.h | |
| parent | dirmngr: Remove use of hardcoded numbers in validate. (diff) | |
| download | gnupg-070211eb990f5ea41271eba432b6a6b485cef7c7.tar.gz gnupg-070211eb990f5ea41271eba432b6a6b485cef7c7.zip | |
dirmngr: Add options --tls and --systrust to the VALIDATE cmd.
* dirmngr/certcache.h (certlist_s, certlist_t): New.
* dirmngr/certcache.c (read_certlist_from_stream): New.
(release_certlist): New.
* dirmngr/server.c (MAX_CERTLIST_LENGTH): New.
(cmd_validate): Add options --tls and --systrust. Implement them
using a kludge for now.
* dirmngr/validate.c (validate_cert_chain): Support systrust
checking. Add kludge to disable the CRL checking for tls mode.
--
This can now be used to test a list of certificates as returned by
TLS. Put the certs PEM encoded into a a file certlist.pem with the
target certificate being the first. Then run
gpg-connect-agent --dirmngr \
'/definqfile CERTLIST wiki-gnupg-chain.pem' \
'validate --systrust --tls' /bye
CRLS check has been disabled becuase we can't yet pass the systrust
flag to the CRL checking code.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'dirmngr/validate.h')
0 files changed, 0 insertions, 0 deletions