4 files changed, 77 insertions, 15 deletions

diff --git a/sm/ChangeLog b/sm/ChangeLog
index 1cbacafe5..9f9aaa38f 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,9 @@
+2002-02-18  Werner Koch  <[email protected]>
+
+	* certpath.c (gpgsm_validate_path): Ask the agent to add the
+	certificate into the trusted list.
+	* call-agent.c (gpgsm_agent_marktrusted): New.
+
 2002-02-07  Werner Koch  <[email protected]>
 
 	* certlist.c (gpgsm_add_to_certlist): Check that the specified
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 5b3b6d6d0..54e8facb1 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -461,8 +461,43 @@ gpgsm_agent_istrusted (KsbaCert cert)
   rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
   return map_assuan_err (rc);
 }
-
 
+/* Ask the agent to mark CERT as a trusted Root-CA one */
+int
+gpgsm_agent_marktrusted (KsbaCert cert)
+{
+  int rc;
+  char *fpr, *dn;
+  char line[ASSUAN_LINELENGTH];
+
+  rc = start_agent ();
+  if (rc)
+    return rc;
+
+  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+  if (!fpr)
+    {
+      log_error ("error getting the fingerprint\n");
+      return seterr (General_Error);
+    }
+
+  dn = ksba_cert_get_issuer (cert, 0);
+  if (!dn)
+    {
+      xfree (fpr);
+      return seterr (General_Error);
+    }
+  snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
+  line[DIM(line)-1] = 0;
+  ksba_free (dn);
+  xfree (fpr);
+
+  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
+  return map_assuan_err (rc);
+}
+
+
+
 /* Ask the agent whether the a corresponding secret key is available
    for the given keygrip */
 int
@@ -484,3 +519,4 @@ gpgsm_agent_havekey (const char *hexkeygrip)
   rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
   return map_assuan_err (rc);
 }
+
diff --git a/sm/certchain.c b/sm/certchain.c
index 842481bfc..e76ff6c2f 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
             ;
           else if (rc == GNUPG_Not_Trusted)
             {
+              int rc2;
+
               char *fpr = gpgsm_get_fingerprint_string (subject_cert,
                                                         GCRY_MD_SHA1);
-              log_error (_("root certificate is not marked trusted\n"));
+              log_info (_("root certificate is not marked trusted\n"));
               log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
               xfree (fpr);
-              /* fixme: print a note while we have not yet the code to
-                 ask whether the cert should be entered into the trust
-                 list */
-              gpgsm_dump_cert ("issuer", subject_cert);
-              log_info ("after checking the fingerprint, you may want "
-                        "to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
+              rc2 = gpgsm_agent_marktrusted (subject_cert);
+              if (!rc2)
+                {
+                  log_info (_("root certificate has now"
+                              " been marked as trusted\n"));
+                  rc = 0;
+                }
+              else 
+                {
+                  gpgsm_dump_cert ("issuer", subject_cert);
+                  log_info ("after checking the fingerprint, you may want "
+                            "to enter it manually into "
+                            "\"~/.gnupg-test/trustlist.txt\"\n");
+                }
             }
           else 
             {
diff --git a/sm/certpath.c b/sm/certpath.c
index 842481bfc..e76ff6c2f 100644
--- a/sm/certpath.c
+++ b/sm/certpath.c
@@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
             ;
           else if (rc == GNUPG_Not_Trusted)
             {
+              int rc2;
+
               char *fpr = gpgsm_get_fingerprint_string (subject_cert,
                                                         GCRY_MD_SHA1);
-              log_error (_("root certificate is not marked trusted\n"));
+              log_info (_("root certificate is not marked trusted\n"));
               log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
               xfree (fpr);
-              /* fixme: print a note while we have not yet the code to
-                 ask whether the cert should be entered into the trust
-                 list */
-              gpgsm_dump_cert ("issuer", subject_cert);
-              log_info ("after checking the fingerprint, you may want "
-                        "to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
+              rc2 = gpgsm_agent_marktrusted (subject_cert);
+              if (!rc2)
+                {
+                  log_info (_("root certificate has now"
+                              " been marked as trusted\n"));
+                  rc = 0;
+                }
+              else 
+                {
+                  gpgsm_dump_cert ("issuer", subject_cert);
+                  log_info ("after checking the fingerprint, you may want "
+                            "to enter it manually into "
+                            "\"~/.gnupg-test/trustlist.txt\"\n");
+                }
             }
           else 
             {