diff options
| author | Werner Koch <[email protected]> | 2005-04-21 09:33:07 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2005-04-21 09:33:07 +0000 |
| commit | 3ff9a743bf6faeb99e8ee6113fe54af4f34cc288 (patch) | |
| tree | 25233f57f101ec9c2a8272575a02087aa08abb8f /sm/gpgsm.c | |
| parent | (gpgsm_validate_chain): Check revocations even for (diff) | |
| download | gnupg-3ff9a743bf6faeb99e8ee6113fe54af4f34cc288.tar.gz gnupg-3ff9a743bf6faeb99e8ee6113fe54af4f34cc288.zip | |
* configure.ac: Do not build gpg by default.
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.
* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature
verification an expired key is fine whereas a revoked one is not.
* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
Diffstat (limited to 'sm/gpgsm.c')
| -rw-r--r-- | sm/gpgsm.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sm/gpgsm.c b/sm/gpgsm.c index dae547702..fb6533030 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -130,6 +130,8 @@ enum cmd_and_opt_values { oDisableCRLChecks, oEnableCRLChecks, + oDisableTrustedCertCRLCheck, + oEnableTrustedCertCRLCheck, oForceCRLRefresh, oDisableOCSP, @@ -285,6 +287,8 @@ static ARGPARSE_OPTS opts[] = { N_("use system's dirmngr if available")}, { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")}, { oEnableCRLChecks, "enable-crl-checks", 0, "@"}, + { oDisableTrustedCertCRLCheck, "disable-trusted-cert-crl-check", 0, "@"}, + { oEnableTrustedCertCRLCheck, "enable-trusted-cert-crl-check", 0, "@"}, { oForceCRLRefresh, "force-crl-refresh", 0, "@"}, { oDisableOCSP, "disable-ocsp", 0, "@" }, @@ -973,6 +977,12 @@ main ( int argc, char **argv) case oEnableCRLChecks: opt.no_crl_check = 0; break; + case oDisableTrustedCertCRLCheck: + opt.no_trusted_cert_crl_check = 1; + break; + case oEnableTrustedCertCRLCheck: + opt.no_trusted_cert_crl_check = 0; + break; case oForceCRLRefresh: opt.force_crl_refresh = 1; break; @@ -1352,6 +1362,8 @@ main ( int argc, char **argv) GC_OPT_FLAG_NONE ); printf ("disable-crl-checks:%lu:\n", GC_OPT_FLAG_NONE ); + printf ("disable-trusted-cert-crl-check:%lu:\n", + GC_OPT_FLAG_NONE ); printf ("enable-ocsp:%lu:\n", GC_OPT_FLAG_NONE ); printf ("include-certs:%lu:1:\n", |