aboutsummaryrefslogtreecommitdiffstats
path: root/sm/certpath.c
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2002-01-25 16:41:13 +0000
committerWerner Koch <[email protected]>2002-01-25 16:41:13 +0000
commit151deac0dfcc712a00844943445cbde7c6b0eb38 (patch)
treefa0b13b368613ba2ec69d7261377d4e4f54d84a9 /sm/certpath.c
parent* assuan-socket-connect.c (LOGERRORX): and removed typo. (diff)
downloadgnupg-151deac0dfcc712a00844943445cbde7c6b0eb38.tar.gz
gnupg-151deac0dfcc712a00844943445cbde7c6b0eb38.zip
* gpgsm.c (main): Disable core dumps.
* sign.c (add_certificate_list): New. (gpgsm_sign): Add the certificates to the CMS object. * certpath.c (gpgsm_walk_cert_chain): New. * gpgsm.h (server_control_s): Add included_certs. * gpgsm.c: Add option --include-certs. (gpgsm_init_default_ctrl): New. (main): Call it. * server.c (gpgsm_server): Ditto. (option_handler): Support --include-certs.
Diffstat (limited to 'sm/certpath.c')
-rw-r--r--sm/certpath.c61
1 files changed, 61 insertions, 0 deletions
diff --git a/sm/certpath.c b/sm/certpath.c
index 9ef862643..842481bfc 100644
--- a/sm/certpath.c
+++ b/sm/certpath.c
@@ -84,7 +84,68 @@ allowed_ca (KsbaCert cert, int *pathlen)
return 0;
}
+/* Return the next certificate up in the chain starting at START.
+ Returns -1 when there are no more certificates. */
+int
+gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next)
+{
+ int rc = 0;
+ char *issuer = NULL;
+ char *subject = NULL;
+ KEYDB_HANDLE kh = keydb_new (0);
+
+ *r_next = NULL;
+ if (!kh)
+ {
+ log_error (_("failed to allocated keyDB handle\n"));
+ rc = GNUPG_General_Error;
+ goto leave;
+ }
+
+ issuer = ksba_cert_get_issuer (start, 0);
+ subject = ksba_cert_get_subject (start, 0);
+ if (!issuer)
+ {
+ log_error ("no issuer found in certificate\n");
+ rc = GNUPG_Bad_Certificate;
+ goto leave;
+ }
+ if (!subject)
+ {
+ log_error ("no subject found in certificate\n");
+ rc = GNUPG_Bad_Certificate;
+ goto leave;
+ }
+
+ if (!strcmp (issuer, subject))
+ {
+ rc = -1; /* we are at the root */
+ goto leave;
+ }
+
+ rc = keydb_search_subject (kh, issuer);
+ if (rc)
+ {
+ log_error ("failed to find issuer's certificate: rc=%d\n", rc);
+ rc = GNUPG_Missing_Certificate;
+ goto leave;
+ }
+
+ rc = keydb_get_cert (kh, r_next);
+ if (rc)
+ {
+ log_error ("failed to get cert: rc=%d\n", rc);
+ rc = GNUPG_General_Error;
+ }
+
+ leave:
+ xfree (issuer);
+ xfree (subject);
+ keydb_release (kh);
+ return rc;
+}
+
int
gpgsm_validate_path (KsbaCert cert)
{
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-01 11:09:12 +0000