diff options
| author | Werner Koch <[email protected]> | 2017-02-17 20:31:33 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-02-17 20:31:33 +0000 |
| commit | f07811ee2c0a8044551e2ec063eda61cff7f6e39 (patch) | |
| tree | 36f07a12fc3c897a4ef2a4bd9d39cc8e01045021 /dirmngr/validate.h | |
| parent | dirmngr: Add options --tls and --systrust to the VALIDATE cmd. (diff) | |
| download | gnupg-f07811ee2c0a8044551e2ec063eda61cff7f6e39.tar.gz gnupg-f07811ee2c0a8044551e2ec063eda61cff7f6e39.zip | |
dirmngr: Add option --no-crl to the VALIDATE cmd.
* dirmngr/validate.h: Remove enums VALIDATE_MODE_*.
(VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST)
(VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE)
(VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS)
(VALIDATE_FLAG_NOCRLCHECK): New constants.
* dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to
'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge.
* dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for
the validate_cert_chain call.
* dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'dirmngr/validate.h')
| -rw-r--r-- | dirmngr/validate.h | 37 |
1 files changed, 17 insertions, 20 deletions
diff --git a/dirmngr/validate.h b/dirmngr/validate.h index 376d99d60..b6222b51f 100644 --- a/dirmngr/validate.h +++ b/dirmngr/validate.h @@ -22,38 +22,35 @@ #define VALIDATE_H -enum { - /* Simple certificate validation mode. */ - VALIDATE_MODE_CERT = 0, +/* Make use of the system provided root certificates. */ +#define VALIDATE_FLAG_SYSTRUST 1 - /* Same as MODE_CERT but using the system provided root - * certificates. */ - VALIDATE_MODE_CERT_SYSTRUST, +/* Make use of extra provided root certificates. */ +#define VALIDATE_FLAG_EXTRATRUST 2 - /* Same as MODE_CERT but uses a provided list of certificates. */ - VALIDATE_MODE_TLS, +/* Standard CRL issuer certificate validation; i.e. CRLs are not + * considered for CRL issuer certificates. */ +#define VALIDATE_FLAG_CRL 4 - /* Same as MODE_TLS but using the system provided root - * certificates. */ - VALIDATE_MODE_TLS_SYSTRUST, +/* If this flag is set along with VALIDATE_FLAG_CRL a full CRL + * verification is done. */ +#define VALIDATE_FLAG_RECURSIVE 8 - /* Standard CRL issuer certificate validation; i.e. CRLs are not - considered for CRL issuer certificates. */ - VALIDATE_MODE_CRL, +/* Validation mode as used for OCSP. */ +#define VALIDATE_FLAG_OCSP 16 - /* Full CRL validation. */ - VALIDATE_MODE_CRL_RECURSIVE, +/* Validation mode as used with TLS. */ +#define VALIDATE_FLAG_TLS 32 - /* Validation as used for OCSP. */ - VALIDATE_MODE_OCSP -}; +/* Don't do CRL checks. */ +#define VALIDATE_FLAG_NOCRLCHECK 64 /* Validate the certificate CHAIN up to the trust anchor. Optionally return the closest expiration time in R_EXPTIME. */ gpg_error_t validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, - int mode, char **r_trust_anchor); + unsigned int flags, char **r_trust_anchor); /* Return 0 if the certificate CERT is usable for certification. */ gpg_error_t check_cert_use_cert (ksba_cert_t cert); |