diff options
| author | Werner Koch <[email protected]> | 2023-02-26 18:11:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-02-26 18:14:22 +0000 |
| commit | 5d96aab27dcf1b1c826c483e39d7265b89736b53 (patch) | |
| tree | 381520171bb8b13f7aba48c06b2a8b08c6e7e7ec /sm/certlist.c | |
| parent | sm: Fix dirmngr loadcrl for intermediate certs (diff) | |
| download | gnupg-5d96aab27dcf1b1c826c483e39d7265b89736b53.tar.gz gnupg-5d96aab27dcf1b1c826c483e39d7265b89736b53.zip | |
gpgsm: Improve cert lookup callback from dirmngr.
* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg. Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.
--
The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL. In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.
This _may_ also fix
GnuPG-bug-id: 4436
Diffstat (limited to 'sm/certlist.c')
| -rw-r--r-- | sm/certlist.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sm/certlist.c b/sm/certlist.c index b5f9f7874..fdf31a198 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -508,11 +508,12 @@ gpgsm_release_certlist (certlist_t list) int gpgsm_find_cert (ctrl_t ctrl, const char *name, ksba_sexp_t keyid, ksba_cert_t *r_cert, - int allow_ambiguous) + unsigned int flags) { int rc; KEYDB_SEARCH_DESC desc; KEYDB_HANDLE kh = NULL; + int allow_ambiguous = (flags & FIND_CERT_ALLOW_AMBIG); *r_cert = NULL; rc = classify_user_id (name, &desc, 0); @@ -523,6 +524,9 @@ gpgsm_find_cert (ctrl_t ctrl, rc = gpg_error (GPG_ERR_ENOMEM); else { + if ((flags & FIND_CERT_WITH_EPHEM)) + keydb_set_ephemeral (kh, 1); + nextone: rc = keydb_search (ctrl, kh, &desc, 1); if (!rc) |