aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr (follow)
Commit message (Collapse)AuthorAgeFilesLines
* dirmngr: More fix for test program.NIIBE Yutaka2017-04-141-0/+4
| | | | | | * dirmngr/t-http.c (main): Care about no TLS. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: More fix for Windows.NIIBE Yutaka2017-04-131-6/+6
| | | | | | | | | * dirmngr/http.c (simple_cookie_read, simple_cookie_write): Only valid with HTTP_USE_NTBTLS. (_my_socket_new): Simply cast to int since it's for debug. (_my_socket_ref, _my_socket_unref): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix http.c for sockaddr_storage.NIIBE Yutaka2017-04-131-6/+7
| | | | | | | dirmngr/http.c (use_socks): Use sockaddr_storage. (my_sock_new_for_addr, connect_server): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix alignment of ADDR.NIIBE Yutaka2017-04-132-16/+19
| | | | | | | | | | | * dirmngr/dns-stuff.h (dns_addrinfo_s): Use struct sockaddr_storage for size and alignment. * dirmngr/dns-stuff.c (resolve_name_libdns): Follow the change. (resolve_dns_name): Use struct sockaddr_storage. (resolve_addr_standard, resolve_dns_addr): Likewise. (resolve_dns_addr): Likewise. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix thread key type.NIIBE Yutaka2017-04-131-1/+1
| | | | | | * dirmngr/dirmngr.c (my_tlskey_current_fd): Use npth_key_t. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: More fix for Windows.NIIBE Yutaka2017-04-131-1/+5
| | | | | | | * dirmngr/dns.c (socket_fd_t, STDCALL): New. (dns_te_initname): Use. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix type of sock.NIIBE Yutaka2017-04-121-1/+1
| | | | | | * dirmngr/http.c (send_request): Use assuan_fd_t for SOCK. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix possible null reference.NIIBE Yutaka2017-04-121-2/+3
| | | | | | * dirmngr/dns.c (dns_error_t dns_trace_fput): Check NULL. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix plus1_ns.NIIBE Yutaka2017-04-121-1/+4
| | | | | | | | | * dirmngr/dns.c (plus1_ns): Fix the initial implementation. -- Fixes-commit: 64904ce627b6b0661acf15b5b70103c4842bb0f3 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix dns-stuff.c in another way.NIIBE Yutaka2017-04-121-3/+2
| | | | | | | | | | * dirmngr/dns-stuff.c (T_CERT): Define our own. -- T_CERT may be defined by another enum type even if the value is same. Signed-off-by: NIIBE Yutaka <[email protected]>
* Revert "dirmngr: Fix dns-stuff.c."NIIBE Yutaka2017-04-121-0/+1
| | | | This reverts commit 1538523156be568046f632d1775eae30ea8bd556.
* dirmngr: Fix dns-stuff.c.NIIBE Yutaka2017-04-121-1/+0
| | | | | | | | | | | * dirmngr/dns-stuff.c: Don't include arpa/nameser.h. -- It is not needed at all. T_CERT may be defined by different type of ns_type. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Use a function to increment network short.NIIBE Yutaka2017-04-121-4/+13
| | | | | | | | | | | | | * dirmngr/dns.c (plus1_ns): New. (dns_p_push): Use it. -- On OpenBSD, htons and ntohs are expanded to GCC's statement expressions where local variable is allowed. Consecutive use of htons and ntohs causes problem of variable name. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix build for Windows.NIIBE Yutaka2017-04-111-1/+1
| | | | | | | * dirmngr/ldap-wrapper-ce.c (outstream_cookie_writer): Use gpgrt_ssize_t. Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: New option --disable-ipv6Werner Koch2017-04-039-6/+37
| | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'. * dirmngr/dirmngr.c (oDisableIPv6): New const. (opts): New option --disable-ipv6. (parse_rereadable_options): Set that option. * dirmngr/dns-stuff.c (opt_disable_ipv6): New var. (set_dns_disable_ipv6): New. (resolve_name_standard): Make use of it. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of OPT.DISABLE_IPV6. * dirmngr/ks-engine-hkp.c (map_host): Ditto. (send_request): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Signed-off-by: Werner Koch <[email protected]>
* dirmngr,w32: Silence the 'certificate already cached' message.Werner Koch2017-04-031-1/+4
| | | | | | | * dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info message. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Handle EIO which is sometimes returned by cookie functions.Werner Koch2017-04-031-0/+1
| | | | | | | | * dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO. -- Suggested-by: Andre Heinecke Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Always print a warning for a missing /etc/hosts.Werner Koch2017-04-031-10/+1
| | | | | | | | | | | | | * dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a missing /etc/hosts. -- My last comment on this was flawed. Windows seems to always have its version of /etc/hosts. Only the en passant fixed bad escaping led me assume that this was the case. Thanks to Andre for complaining about my comment remark. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Do not assume that /etc/hosts exists.Werner Koch2017-04-031-4/+12
| | | | | | | | | | | | * dirmngr/dns-stuff.c (libdns_init): Do not bail out. -- A standard Windows installation does not have a hosts file and thus we can't bail out here. We should also not bail out on a Unix system because /etc/hosts is just one method in nsswitch.conf. Fixes-commit: 88f1505f0613894d5544290a170119eb538921e5 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix error handling.Justus Winter2017-03-211-1/+1
| | | | | | * dirmngr/dns-stuff.c (libdns_init): Convert error before printing it. Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Load the hosts file into libdns.Justus Winter2017-03-211-1/+25
| | | | | | | | | | | | | * dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into libdns. -- Previously, connecting to key servers specified in /etc/hosts was not possible because libdns' hosts structure was initialized, but not filled with the content of the hosts file. GnuPG-bug-id: 2977 Signed-off-by: Justus Winter <[email protected]>
* dirmngr: Ignore warning alerts in the GNUTLS handshake.Werner Koch2017-03-171-1/+7
| | | | | | | | | * dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning alerts. -- GnuPG-bug-id: 2833 Signed-off-by: Werner Koch <[email protected]>
* Remove -I option to common.NIIBE Yutaka2017-03-0718-28/+28
| | | | | | | | | | | | | * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <[email protected]>
* doc: Replace README.maint content.Werner Koch2017-03-071-1/+1
| | | | --
* dirmngr: Fix commit de6d8313Werner Koch2017-03-031-1/+1
| | | | | | | | * dirmngr/http-common.c (get_default_keyserver): Fix assert. -- Fixes-commit: de6d8313f6df32aaa151bee74e1db269ac1e0fed Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Rearrange files to fix de6d831.Werner Koch2017-03-028-31/+81
| | | | | | | | | | | | | | * dirmngr/http-common.c: New. * dirmngr/http-common.h: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add them. (t_http_SOURCES): Add them. (t_ldap_parse_uri_SOURCES): Add them. * dirmngr/misc.c (get_default_keyserver): Move to ... * dirmngr/http-common.c: here. * dirmngr/http.c: Include http-common.h instead of misc.h. * dirmngr/http-ntbtls.c: Ditto. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Let --gpgconf-list return the default keyserver.Werner Koch2017-03-025-5/+37
| | | | | | | | | | | * dirmngr/misc.c (get_default_keyserver): New. * dirmngr/http.c: Include misc.h (http_session_new): Use get_default_keyserver instead of hardwired "hkps.pool.sks-keyservers.net". * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/dirmngr.c (main) <aGPGCongList>: Return default keyserver. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Avoid warnings during non-ntbtls build.Daniel Kahn Gillmor2017-02-261-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/t-http.c (my_http_tls_verify_cb): Avoid warnings when not using ntbtls. -- Without this patch, when building without ntbtls, we see the following warnings during "make check": t-http.c: In function ‘my_http_tls_verify_cb’: t-http.c:141:16: warning: implicit declaration of function ‘ntbtls_x509_get_peer_cert’ [-Wimplicit-function-declaration] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^~~~~~~~~~~~~~~~~~~~~~~~~ t-http.c:141:14: warning: assignment makes pointer from integer without a cast -Wint-conversion] (cert = ntbtls_x509_get_peer_cert (tls_context, idx)); idx++) ^ At top level: t-http.c:123:1: warning: ‘my_http_tls_verify_cb’ defined but not used [-Wunused-function] my_http_tls_verify_cb (void *opaque, ^~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* dirmngr: Add new debug flag "extprog"Werner Koch2017-02-234-4/+14
| | | | | | | | | * dirmngr/dirmngr.h (DBG_EXTPROG_VALUE, DBG_EXTPROG): New macros. * dirmngr/dirmngr.c (debug_flags): Add flag "extprog". (handle_connections): Use a macro instead of -1 for an invalid socket. * dirmngr/loadswdb.c (verify_status_cb): Debug the gpgv call. Signed-off-by: Werner Koch <[email protected]>
* dirmngr,w32: Make https with ntbtls work.Werner Koch2017-02-231-27/+100
| | | | | | | | | | * dirmngr/http.c (simple_cookie_functions): New. (send_request) [HTTP_USE_NTBTLS, W32]: Use es_fopencookie. (cookie_read): Factor some code out to ... (read_server): new. (simple_cookie_read, simple_cookie_write) [W32]: New. Signed-off-by: Werner Koch <[email protected]>
* Fix spelling.Daniel Kahn Gillmor2017-02-211-2/+2
| | | | | | | | | -- Clean up several other misspellings noticed while reviewing Yuri's de-duplication patch. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* Clean up word replication.Yuri Chornoivan2017-02-216-8/+8
| | | | | | | | | -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* dirmngr: Add special treatment for the standard hkps pool to ntbtls.Werner Koch2017-02-217-27/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove (VALIDATE_FLAG_EXTRATRUST): Remove (VALIDATE_FLAG_TRUST_SYSTEM): New. (VALIDATE_FLAG_TRUST_CONFIG): New. (VALIDATE_FLAG_TRUST_HKP): New. (VALIDATE_FLAG_TRUST_HKPSPOOL): New. (VALIDATE_FLAG_MASK_TRUST): New. * dirmngr/validate.c (check_header_constants): New. (validate_cert_chain): Call new function. Simplify call to is_trusted_cert. * dirmngr/crlcache.c (crl_parse_insert): Pass VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain * dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and VALIDATE_FLAG_TRUST_CONFIG. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS context. Set trustclass flags using the new VALIDATE_FLAG_TRUST values. * dirmngr/certcache.c (cert_cache_init): Load the standard pool certificate prior to the --hkp-cacerts. -- Note that this changes the way the standard cert is used: We require that it is installed at /usr/share/gnupg and we do not allow to change it. If this is not desired, the the standard cert can be removed or replaced by a newer one. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Load --hkp-cacert values into the certificate cache.Werner Koch2017-02-213-9/+23
| | | | | | | | | | | | | * dirmngr/dirmngr.c (hkp_cacert_filenames): New var. (parse_rereadable_options): Store filenames from --hkp-cacert in the new var. (main, dirmngr_sighup_action): Pass that var to cert_cache_init. * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load those certs. (load_certs_from_file): Use autodetect so that PEM and DER encodings are possible. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Load "sks-keyservers.netCA.pem" into the cache.Werner Koch2017-02-211-18/+30
| | | | | | | | | | | | * dirmngr/certcache.c (load_certs_from_file): Always build this function. Add args 'trustclasses' and 'no_error'. Pass TRUSTCLASSES to put_cert. (load_certs_from_system): Pass CERTTRUST_CLASS_SYSTEM to load_certs_from_file. (cert_cache_init): Try to load "sks-keyservers.netCA.pem". Don't make function fail in an out-of-core condition. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Implement trust classes for the cert cache.Werner Koch2017-02-213-65/+98
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New. (CERTTRUST_CLASS_CONFIG): New. (CERTTRUST_CLASS_HKP): New. (CERTTRUST_CLASS_HKPSPOOL): New. * dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ... (MAX_NONPERM_CACHED_CERTS): this. (total_extra_certificates): Rename to ... (total_nonperm_certificates): this. (total_config_certificates): Remove. (total_trusted_certificates): Remove. (total_system_trusted_certificates): Remove. (cert_item_s): Remove field 'flags'. Add fields 'permanent' and 'trustclasses'. (clean_cache_slot): Clear new fields. (put_cert): Change for new cert_item_t structure. (load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass' (load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert. (load_certs_from_w32_store): Ditto. (cert_cache_init): Ditto. (cert_cache_print_stats): Rewrite. (is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'. Chnage the test. * dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to is_trusted_cert. (validate_cert_chain): Pass CERTTRUST_CLASS_ values to is_trusted_cert. -- These trust classes make it easier to select certain sets of root certificates. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: New Assuan option "http-crl".Werner Koch2017-02-219-8/+34
| | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add a magic field to the http structs.Werner Koch2017-02-212-1/+34
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.c (HTTP_SESSION_MAGIC): New. (http_session_s): New field 'magic'. (HTTP_CONTEXT_MAGIC): New. (http_context_s): New field 'magic'. (my_ntbtls_verify_cb): Assert MAGIC. (fp_onclose_notification): Ditto. (session_unref): Ditto. Reset MAGIC. (http_session_new): Set MAGIC. (http_open): Ditto. (http_raw_connect): Ditto. (http_close): Assert MAGIC. Reset MAGIC. * dirmngr/t-http.c (my_http_tls_verify_cb): MArk HTTP_FLAGS unused. -- We pass those handles through opaque pointers. The magic numbers will help to detect wrong use. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Setup a log handler for ntbtls.Werner Koch2017-02-201-0/+21
| | | | | | | * dirmngr/dirmngr.c (my_ntbtls_log_handler) [HTTP_USE_NTBTLS]: New. (main) [HTTP_USE_NTBTLS]: Register log handler. Signed-off-by: Werner Koch <[email protected]>
* dirmngr.c: Make http.c build without any TLS support.Werner Koch2017-02-201-3/+4
| | | | | | * dirmngr/http.c (http_session_new): Remove used of tls_prority. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Make t-http.c work again with gnutls - second tryWerner Koch2017-02-201-0/+1
| | | | | | * dirmngr/t-http.c: Always include ksba.h. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Make t-http.c work again with gnutls.Werner Koch2017-02-201-2/+4
| | | | | | | * dirmngr/Makefile.am (t_http_CFLAGS, t_http_LDADD): Add KSBA flags and libs. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: First take on ntbtls cert verification.Werner Koch2017-02-198-93/+233
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/http-ntbtls.c: New. * dirmngr/Makefile.am (dirmngr_SOURCES): Add file. * dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New. (server_conrol_s): Add field 'magic', * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC. (dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef. * dirmngr/http.c (my_ntbtls_verify_cb): New. (http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code. (send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call the verify callback after the handshake. * dirmngr/ks-engine-hkp.c (send_request): Pass gnupg_http_tls_verify_cb to http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (my_http_tls_verify_cb): New. (main): Rename option --gnutls-debug to --tls-debug. (main) [HTTP_USE_NTBTLS]: Create a session. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add per-session verify callback to http.cWerner Koch2017-02-186-23/+58
| | | | | | | | | | | | | | | | | | | * dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Strip the default https port from the Host: header.Werner Koch2017-02-171-1/+1
| | | | | | | | | * dirmngr/http.c (send_request): Strip the default https port. -- GnuPG-bug-id: 2965 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add option --no-crl to the VALIDATE cmd.Werner Koch2017-02-174-53/+41
| | | | | | | | | | | | | | | * dirmngr/validate.h: Remove enums VALIDATE_MODE_*. (VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST) (VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE) (VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS) (VALIDATE_FLAG_NOCRLCHECK): New constants. * dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to 'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge. * dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for the validate_cert_chain call. * dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Add options --tls and --systrust to the VALIDATE cmd.Werner Koch2017-02-175-26/+198
| | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/certcache.h (certlist_s, certlist_t): New. * dirmngr/certcache.c (read_certlist_from_stream): New. (release_certlist): New. * dirmngr/server.c (MAX_CERTLIST_LENGTH): New. (cmd_validate): Add options --tls and --systrust. Implement them using a kludge for now. * dirmngr/validate.c (validate_cert_chain): Support systrust checking. Add kludge to disable the CRL checking for tls mode. -- This can now be used to test a list of certificates as returned by TLS. Put the certs PEM encoded into a a file certlist.pem with the target certificate being the first. Then run gpg-connect-agent --dirmngr \ '/definqfile CERTLIST wiki-gnupg-chain.pem' \ 'validate --systrust --tls' /bye CRLS check has been disabled becuase we can't yet pass the systrust flag to the CRL checking code. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Remove use of hardcoded numbers in validate.Werner Koch2017-02-172-45/+77
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/validate.c (enum cert_usage_modes): New. (cert_usage_p): Change type of arg MODE. Use enums instead of hardwired values. Use a switch instead of tricky bit tests. (cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust. * dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage. (cert_use_cert_p): Rename to check_cert_use_cert. (cert_use_ocsp_p): Rename to check_cert_use_ocsp. (cert_use_crl_p): Rename to check_cert_use_crl. * dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New. (VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New. -- A function with a "_p" suffix return 0 for a True just looks weird. We now use names which better indicate that an error code is returned. Signed-off-by: Werner Koch <[email protected]>
* dirmngr,w32: Load all system provided certificates.Werner Koch2017-02-161-2/+138
| | | | | | | | | | | | | | | | * dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type. (CERTENUMCERTIFICATESINSTORE) [W32]: New type. (CERTCLOSESTORE) [W32]: New type. (load_certs_from_file) [W32]: Do not build. (load_certs_from_w32_store) [W32]: New. (load_certs_from_system) [W32]: Call new function. -- GnuTLS loads the system certificates from the "ROOT" and "CA" store; thus we do the same. On a Visa box you may for example see 21 from "ROOT" and 6 from "CA". Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Load all system provided certificates.Werner Koch2017-02-163-14/+148
| | | | | | | | | | | | | | | | | | | | | * configure.ac: Add option --default-trust-store. (DEFAULT_TRUST_STORE_FILE): New ac_define. * dirmngr/certcache.c: Include ksba-io-support.h. (total_trusted_certificates, total_system_trusted_certificates): New. (put_cert): Manage the new counters. (cert_cache_deinit): Reset them. (cert_cache_print_stats): Print them. (is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass false. (load_certs_from_file): New. (load_certs_from_system): New. (cert_cache_init): Load system certificates. -- Note that this code does not yet allow to load the system certificates on Windows. Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 17:50:34 +0000