* gpgsm.c (main): Disable core dumps.

* sign.c (add_certificate_list): New. (gpgsm_sign): Add the certificates to the CMS object. * certpath.c (gpgsm_walk_cert_chain): New. * gpgsm.h (server_control_s): Add included_certs. * gpgsm.c: Add option --include-certs. (gpgsm_init_default_ctrl): New. (main): Call it. * server.c (gpgsm_server): Ditto. (option_handler): Support --include-certs.
author: Werner Koch <[email protected]> 2002-01-25 16:41:13 +0000
committer: Werner Koch <[email protected]> 2002-01-25 16:41:13 +0000
commit: 151deac0dfcc712a00844943445cbde7c6b0eb38 (patch)
tree: fa0b13b368613ba2ec69d7261377d4e4f54d84a9 /sm/sign.c
parent: * assuan-socket-connect.c (LOGERRORX): and removed typo. (diff)
download: gnupg-151deac0dfcc712a00844943445cbde7c6b0eb38.tar.gz
gnupg-151deac0dfcc712a00844943445cbde7c6b0eb38.zip
1 files changed, 51 insertions, 5 deletions
diff --git a/sm/sign.c b/sm/sign.c
index 48ec24a4d..9b23e8536 100644
--- a/sm/sign.c
+++ b/sm/sign.c
@@ -103,6 +103,49 @@ get_default_signer (void)
 }
 
 
+/* Depending on the options in CTRL add the certifcate CERT as well as
+   other certificate up in the chain to the Root-CA to the CMS
+   object. */
+static int 
+add_certificate_list (CTRL ctrl, KsbaCMS cms, KsbaCert cert)
+{
+  KsbaError err;
+  int rc = 0;
+  KsbaCert next = NULL;
+  int n;
+
+  ksba_cert_ref (cert);
+
+  n = ctrl->include_certs;
+  if (n < 0 || n > 50)
+    n = 50; /* We better apply an upper bound */
+
+  if (n)
+    {
+      err = ksba_cms_add_cert (cms, cert);
+      if (err)
+        goto ksba_failure;
+    }
+  while ( n-- && !(rc = gpgsm_walk_cert_chain (cert, &next)) )
+    {
+      err = ksba_cms_add_cert (cms, next);
+      ksba_cert_release (cert);
+      cert = next; next = NULL;
+      if (err)
+        goto ksba_failure;
+    }
+  ksba_cert_release (cert);
+
+  return rc == -1? 0: rc;
+
+ ksba_failure:
+  ksba_cert_release (cert);
+  log_error ("ksba_cms_add_cert failed: %s\n", ksba_strerror (err));
+  return map_ksba_err (err);
+}
+
+
+
 
 /* Perform a sign operation.  
 
@@ -192,16 +235,19 @@ gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp)
   err = ksba_cms_add_signer (cms, cert);
   if (err)
     {
-      log_debug ("ksba_cms_add_signer failed: %s\n",  ksba_strerror (err));
+      log_error ("ksba_cms_add_signer failed: %s\n",  ksba_strerror (err));
       rc = map_ksba_err (err);
       goto leave;
     }
+  rc = add_certificate_list (ctrl, cms, cert);
+  if (rc)
+    {
+      log_error ("failed to store list of certificates: %s\n",
+                 gnupg_strerror(rc));
+      goto leave;
+    }
   ksba_cert_release (cert); cert = NULL;
 
-  /* fixme: We might want to include a list of certificate which are
-     put as info into the signed data object - maybe we should add a
-     flag to ksba_cms_add_signer to decider whether this cert should
-     be send along with the signature */
   
   /* Set the hash algorithm we are going to use */
   err = ksba_cms_add_digest_algo (cms, "1.3.14.3.2.26" /*SHA-1*/);
author	Werner Koch <[email protected]>	2002-01-25 16:41:13 +0000
committer	Werner Koch <[email protected]>	2002-01-25 16:41:13 +0000
commit	151deac0dfcc712a00844943445cbde7c6b0eb38 (patch)
tree	fa0b13b368613ba2ec69d7261377d4e4f54d84a9 /sm/sign.c
parent	* assuan-socket-connect.c (LOGERRORX): and removed typo. (diff)
download	gnupg-151deac0dfcc712a00844943445cbde7c6b0eb38.tar.gz gnupg-151deac0dfcc712a00844943445cbde7c6b0eb38.zip