diff options
| author | Ramón García <[email protected]> | 2025-03-18 08:43:26 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2025-03-18 08:43:26 +0000 |
| commit | 4cf83273e84c19d0326c41ac45f6ee3b4526fc23 (patch) | |
| tree | 50bc25d1347154e47fea61e4800b49fd89e6a138 /sm/gpgsm.h | |
| parent | doc: Register DCO for Ramon García F. (diff) | |
| download | gnupg-4cf83273e84c19d0326c41ac45f6ee3b4526fc23.tar.gz gnupg-4cf83273e84c19d0326c41ac45f6ee3b4526fc23.zip | |
gpgsm: select unexpired certificates skipping expired ones
* sm/certchain.c (check_validity_period_cm): Make function global.
* sm/certlist.c (gpgsm_add_to_certlist): If an expired certificate is
found, continue looking for another one.
--
This enables the user to select a certificate by subject, and keep
old expired certificates in the store in case he wishes to decrypt
or verify an old file. This makes renewal of certificate smoother.
Due to a broken patch I had to massage the patch and while doing this
also fixed the indentation and moved a declaration to the begin of a
block. - [email protected]
Diffstat (limited to '')
| -rw-r--r-- | sm/gpgsm.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 4a4bd5ac4..c837cbee3 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -441,6 +441,11 @@ int gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, int listmode, estream_t listfp, unsigned int flags, unsigned int *retflags); +gpg_error_t check_validity_period_cm (ksba_isotime_t current_time, + ksba_isotime_t check_time, + ksba_cert_t subject_cert, + ksba_isotime_t exptime, + int listmode, estream_t listfp, int depth); int gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert); /*-- certlist.c --*/ |