diff options
| author | Werner Koch <[email protected]> | 2019-12-06 19:12:22 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-12-06 19:25:56 +0000 |
| commit | d246f317c04862cacfefc899c98da182ee2805a5 (patch) | |
| tree | e20b1f8accbd98e6434f44c76b93e5ecb9122762 /kbx/backend.h | |
| parent | dirmngr: Tell gpg about WKD looks resulting from a cache. (diff) | |
| download | gnupg-d246f317c04862cacfefc899c98da182ee2805a5.tar.gz gnupg-d246f317c04862cacfefc899c98da182ee2805a5.zip | |
sm: Add special case for expired intermediate certificates.
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--
See the code for a description of the problem. Tested using the certs
from the bug report and various command lines
gpgsm --faked-system-time=XXXX --disable-crl-checks \
-ea -v --debug x509 -r 0x95599828
with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired
The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.
GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'kbx/backend.h')
0 files changed, 0 insertions, 0 deletions