aboutsummaryrefslogtreecommitdiffstats
path: root/sm/sign.c
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2005-11-13 19:07:06 +0000
committerWerner Koch <[email protected]>2005-11-13 19:07:06 +0000
commitb9633196f468edca3b41e182b8aa1bea4f46214b (patch)
tree2f9080b25d97d224c4e2b129a3673310ada93d9d /sm/sign.c
parentNEw file qualified.ttx - not yet ready for distribution (diff)
downloadgnupg-b9633196f468edca3b41e182b8aa1bea4f46214b.tar.gz
gnupg-b9633196f468edca3b41e182b8aa1bea4f46214b.zip
Added qualified signature features.
Diffstat (limited to '')
-rw-r--r--sm/sign.c33
1 files changed, 33 insertions, 0 deletions
diff --git a/sm/sign.c b/sm/sign.c
index 3230a0e98..d9a332c9a 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -426,6 +426,35 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
goto leave;
}
}
+
+
+ /* Check whether one of the certificates is qualified. Note that we
+ already validated the certificate and thus the user data stored
+ flag must be available. */
+ for (cl=signerlist; cl; cl = cl->next)
+ {
+ size_t buflen;
+ char buffer[1];
+
+ err = ksba_cert_get_user_data (cl->cert, "is_qualified",
+ &buffer, sizeof (buffer), &buflen);
+ if (err || !buflen)
+ {
+ log_error (_("checking for qualified certificate failed: %s\n"),
+ gpg_strerror (err));
+ rc = err;
+ goto leave;
+ }
+ if (*buffer)
+ {
+ err = gpgsm_qualified_consent (ctrl, cl->cert);
+ if (err)
+ {
+ rc = err;
+ goto leave;
+ }
+ }
+ }
/* Prepare hashing (actually we are figuring out what we have set above)*/
rc = gcry_md_open (&data_md, 0, 0);
@@ -443,6 +472,10 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
if (!algo)
{
log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
+ if (algoid
+ && ( !strcmp (algoid, "1.2.840.113549.1.1.2")
+ ||!strcmp (algoid, "1.2.840.113549.2.2")))
+ log_info (_("(this is the MD2 algorithm)\n"));
rc = gpg_error (GPG_ERR_BUG);
goto leave;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-05 18:33:30 +0000