* import.c (check_and_store): Do a full validation if

--with-validation is set. * certchain.c (gpgsm_basic_cert_check): Print more detailed error messages. * certcheck.c (do_encode_md): Partly support DSA. Add new arg PKALGO. Changed all callers to pass it. (pk_algo_from_sexp): New. tests/pkits: New directory
author: Werner Koch <[email protected]> 2004-08-17 15:26:22 +0000
committer: Werner Koch <[email protected]> 2004-08-17 15:26:22 +0000
commit: 066352a6a555ec60d4a7e117ced0c87e2467fe7e (patch)
tree: 006f724112a198bf31d3f691a9562a52b182d22b /sm/import.c
parent: (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist (diff)
download: gnupg-066352a6a555ec60d4a7e117ced0c87e2467fe7e.tar.gz
gnupg-066352a6a555ec60d4a7e117ced0c87e2467fe7e.zip
1 files changed, 28 insertions, 11 deletions
diff --git a/sm/import.c b/sm/import.c
index c5581eb64..5d3484d92 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -172,13 +172,19 @@ check_and_store (CTRL ctrl, struct stats_s *stats, ksba_cert_t cert, int depth)
 
   /* Some basic checks, but don't care about missing certificates;
      this is so that we are able to import entire certificate chains
-     w/o requirening a special order (i.e. root-CA first).  This used
+     w/o requiring a special order (i.e. root-CA first).  This used
      to be different but because gpgsm_verify even imports
      certificates without any checks, it doesn't matter much and the
      code gets much cleaner.  A housekeeping function to remove
-     certificates w/o an anchor would be nice, though. */
+     certificates w/o an anchor would be nice, though. 
+     
+     Optionally we do a full validation in addition to the basic test.
+  */
   rc = gpgsm_basic_cert_check (cert);
-  if (!rc || gpg_err_code (rc) == GPG_ERR_MISSING_CERT)
+  if (!rc && ctrl->with_validation)
+    rc = gpgsm_validate_chain (ctrl, cert, NULL, 0, NULL, 0);
+  if (!rc || (!ctrl->with-validation
+              && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
     {
       int existed;
 
@@ -527,14 +533,25 @@ popen_protect_tool (const char *pgmname,
 
       setup_pinentry_env ();
 
-      execlp (pgmname, arg0,
-              "--homedir", opt.homedir,
-              "--p12-import",
-              "--store", 
-              "--no-fail-on-exist",
-              "--enable-status-msg",
-              "--",
-              NULL);
+      if (opt.fixed_passphrase)
+        execlp (pgmname, arg0,
+                "--homedir", opt.homedir,
+                "--p12-import",
+                "--store", 
+                "--no-fail-on-exist",
+                "--enable-status-msg",
+                "--passphrase", opt.fixed_passphrase,
+                "--",
+                NULL);
+      else
+        execlp (pgmname, arg0,
+                "--homedir", opt.homedir,
+                "--p12-import",
+                "--store", 
+                "--no-fail-on-exist",
+                "--enable-status-msg",
+                "--",
+                NULL);
       /* No way to print anything, as we have closed all streams. */
       _exit (31);
     }
author	Werner Koch <[email protected]>	2004-08-17 15:26:22 +0000
committer	Werner Koch <[email protected]>	2004-08-17 15:26:22 +0000
commit	066352a6a555ec60d4a7e117ced0c87e2467fe7e (patch)
tree	006f724112a198bf31d3f691a9562a52b182d22b /sm/import.c
parent	(cmd_encrypt): Use DEFAULT_RECPLIST and not recplist (diff)
download	gnupg-066352a6a555ec60d4a7e117ced0c87e2467fe7e.tar.gz gnupg-066352a6a555ec60d4a7e117ced0c87e2467fe7e.zip