aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr/validate.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* dirmngr: Support ECDSA for OCSP.Werner Koch2022-02-271-0/+3
| | | | | | | | | | | | * dirmngr/validate.c (pk_algo_from_sexp): Make public. Support ECC. * dirmngr/ocsp.c (check_signature): Remove hash preparation out to ... (check_signature_core): here. This changes the arg s_hash to md. Support ECDSA. -- The test was done with my qualified signature certificate from the Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr . See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf
* dirmngr: Add special treatment for the standard hkps pool to ntbtls.Werner Koch2017-02-211-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove (VALIDATE_FLAG_EXTRATRUST): Remove (VALIDATE_FLAG_TRUST_SYSTEM): New. (VALIDATE_FLAG_TRUST_CONFIG): New. (VALIDATE_FLAG_TRUST_HKP): New. (VALIDATE_FLAG_TRUST_HKPSPOOL): New. (VALIDATE_FLAG_MASK_TRUST): New. * dirmngr/validate.c (check_header_constants): New. (validate_cert_chain): Call new function. Simplify call to is_trusted_cert. * dirmngr/crlcache.c (crl_parse_insert): Pass VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain * dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and VALIDATE_FLAG_TRUST_CONFIG. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS context. Set trustclass flags using the new VALIDATE_FLAG_TRUST values. * dirmngr/certcache.c (cert_cache_init): Load the standard pool certificate prior to the --hkp-cacerts. -- Note that this changes the way the standard cert is used: We require that it is installed at /usr/share/gnupg and we do not allow to change it. If this is not desired, the the standard cert can be removed or replaced by a newer one. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add option --no-crl to the VALIDATE cmd.Werner Koch2017-02-171-20/+17
| | | | | | | | | | | | | | | * dirmngr/validate.h: Remove enums VALIDATE_MODE_*. (VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST) (VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE) (VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS) (VALIDATE_FLAG_NOCRLCHECK): New constants. * dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to 'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge. * dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for the validate_cert_chain call. * dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Remove use of hardcoded numbers in validate.Werner Koch2017-02-171-6/+20
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/validate.c (enum cert_usage_modes): New. (cert_usage_p): Change type of arg MODE. Use enums instead of hardwired values. Use a switch instead of tricky bit tests. (cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust. * dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage. (cert_use_cert_p): Rename to check_cert_use_cert. (cert_use_ocsp_p): Rename to check_cert_use_ocsp. (cert_use_crl_p): Rename to check_cert_use_crl. * dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New. (VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New. -- A function with a "_p" suffix return 0 for a True just looks weird. We now use names which better indicate that an error code is returned. Signed-off-by: Werner Koch <[email protected]>
* Merged Dirmngr with GnuPG.Werner Koch2010-06-091-0/+55
A few code changes to support dirmngr.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:25:15 +0000