* configure.ac: Do not build gpg by default.

* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check. * certchain.c (gpgsm_validate_chain): Make use of it. * certchain.c (gpgsm_validate_chain): Check revocations even for expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not. * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
author: Werner Koch <[email protected]> 2005-04-21 09:33:07 +0000
committer: Werner Koch <[email protected]> 2005-04-21 09:33:07 +0000
commit: 3ff9a743bf6faeb99e8ee6113fe54af4f34cc288 (patch)
tree: 25233f57f101ec9c2a8272575a02087aa08abb8f /sm/gpgsm.h
parent: (gpgsm_validate_chain): Check revocations even for (diff)
download: gnupg-3ff9a743bf6faeb99e8ee6113fe54af4f34cc288.tar.gz
gnupg-3ff9a743bf6faeb99e8ee6113fe54af4f34cc288.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index aafc4815d..1068e9d5e 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -97,6 +97,7 @@ struct {
   int ignore_time_conflict; /* Ignore certain time conflicts */
 
   int no_crl_check;         /* Don't do a CRL check */
+  int no_trusted_cert_crl_check; /* Don't run a CRL check for trusted certs. */
   int force_crl_refresh;    /* Force refreshing the CRL. */
   int enable_ocsp;          /* Default to use OCSP checks. */
author	Werner Koch <[email protected]>	2005-04-21 09:33:07 +0000
committer	Werner Koch <[email protected]>	2005-04-21 09:33:07 +0000
commit	3ff9a743bf6faeb99e8ee6113fe54af4f34cc288 (patch)
tree	25233f57f101ec9c2a8272575a02087aa08abb8f /sm/gpgsm.h
parent	(gpgsm_validate_chain): Check revocations even for (diff)
download	gnupg-3ff9a743bf6faeb99e8ee6113fe54af4f34cc288.tar.gz gnupg-3ff9a743bf6faeb99e8ee6113fe54af4f34cc288.zip