diff options
| author | Werner Koch <[email protected]> | 2019-12-06 19:12:22 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-12-06 19:25:56 +0000 |
| commit | d246f317c04862cacfefc899c98da182ee2805a5 (patch) | |
| tree | e20b1f8accbd98e6434f44c76b93e5ecb9122762 /sm/gpgsm.h | |
| parent | dirmngr: Tell gpg about WKD looks resulting from a cache. (diff) | |
| download | gnupg-d246f317c04862cacfefc899c98da182ee2805a5.tar.gz gnupg-d246f317c04862cacfefc899c98da182ee2805a5.zip | |
sm: Add special case for expired intermediate certificates.
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--
See the code for a description of the problem. Tested using the certs
from the bug report and various command lines
gpgsm --faked-system-time=XXXX --disable-crl-checks \
-ea -v --debug x509 -r 0x95599828
with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired
The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.
GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'sm/gpgsm.h')
| -rw-r--r-- | sm/gpgsm.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 43793dcdf..7393a80f3 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -228,6 +228,9 @@ struct server_control_s 1 := chain model, 2 := STEED model. */ int offline; /* If true gpgsm won't do any network access. */ + + /* The current time. Used as a helper in certchain.c. */ + ksba_isotime_t current_time; }; |