diff options
| author | Werner Koch <[email protected]> | 2003-12-01 10:54:30 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2003-12-01 10:54:30 +0000 |
| commit | c68eaa4b6b7fdbdcb2b03ca8ecd7194ddae4dab8 (patch) | |
| tree | 6e4d942e582284e2689fd4ddbaf5a4c05316b84b /sm/call-dirmngr.c | |
| parent | * scdaemon.c, scdaemon.h: New options --allow-admin and --deny-admin. (diff) | |
| download | gnupg-c68eaa4b6b7fdbdcb2b03ca8ecd7194ddae4dab8.tar.gz gnupg-c68eaa4b6b7fdbdcb2b03ca8ecd7194ddae4dab8.zip | |
* gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
(gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
* certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
proceed accordingly.
Diffstat (limited to 'sm/call-dirmngr.c')
| -rw-r--r-- | sm/call-dirmngr.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index fa7f34f8b..8700145e3 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -288,9 +288,12 @@ inq_certificate (void *opaque, const char *line) GPG_ERR_CERTIFICATE_REVOKED GPG_ERR_NO_CRL_KNOWN GPG_ERR_CRL_TOO_OLD + + With USE_OCSP set to true, the dirmngr is asked to do an OCSP + request first. */ int -gpgsm_dirmngr_isvalid (KsbaCert cert) +gpgsm_dirmngr_isvalid (ksba_cert_t cert, int use_ocsp) { int rc; char *certid; @@ -301,23 +304,35 @@ gpgsm_dirmngr_isvalid (KsbaCert cert) if (rc) return rc; - certid = gpgsm_get_certid (cert); - if (!certid) + if (use_ocsp) { - log_error ("error getting the certificate ID\n"); - return gpg_error (GPG_ERR_GENERAL); + certid = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); + } + else + { + certid = gpgsm_get_certid (cert); + if (!certid) + { + log_error ("error getting the certificate ID\n"); + return gpg_error (GPG_ERR_GENERAL); + } } if (opt.verbose > 1) { char *fpr = gpgsm_get_fingerprint_string (cert, GCRY_MD_SHA1); - log_info ("asking dirmngr about %s\n", fpr); + log_info ("asking dirmngr about %s%s\n", fpr, + use_ocsp? " (using OCSP)":""); xfree (fpr); } parm.ctx = dirmngr_ctx; parm.cert = cert; + /* FIXME: If --disable-crl-checks has been set, we should pass an + option to dirmngr, so that no fallback CRL check is done after an + ocsp check. */ + snprintf (line, DIM(line)-1, "ISVALID %s", certid); line[DIM(line)-1] = 0; xfree (certid); |