diff options
| author | Werner Koch <[email protected]> | 2011-12-07 15:15:15 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2011-12-07 15:15:15 +0000 |
| commit | 8a12a2000d82acfa881e8c18d028290100bf5e43 (patch) | |
| tree | 3e212fdf3888181fa70570580bf7dbed65e3756a /sm/gpgsm.h | |
| parent | Correct punctuation in the ChangeLog summary line. (diff) | |
| download | gnupg-8a12a2000d82acfa881e8c18d028290100bf5e43.tar.gz gnupg-8a12a2000d82acfa881e8c18d028290100bf5e43.zip | |
gpgsm: Add new validation model "steed".
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
Diffstat (limited to 'sm/gpgsm.h')
| -rw-r--r-- | sm/gpgsm.h | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 31cd95150..6c68af746 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -195,7 +195,9 @@ struct server_control_s certificates up the chain (0 = none, 1 = only signer) */ int use_ocsp; /* Set to true if OCSP should be used. */ - int validation_model; /* Set to 1 for the chain model. */ + int validation_model; /* 0 := standard model (shell), + 1 := chain model, + 2 := STEED model. */ }; @@ -307,7 +309,7 @@ int gpgsm_create_cms_signature (ctrl_t ctrl, /* Flags used with gpgsm_validate_chain. */ #define VALIDATE_FLAG_NO_DIRMNGR 1 #define VALIDATE_FLAG_CHAIN_MODEL 2 - +#define VALIDATE_FLAG_STEED 4 int gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next); @@ -326,6 +328,7 @@ int gpgsm_cert_use_verify_p (ksba_cert_t cert); int gpgsm_cert_use_decrypt_p (ksba_cert_t cert); int gpgsm_cert_use_cert_p (ksba_cert_t cert); int gpgsm_cert_use_ocsp_p (ksba_cert_t cert); +int gpgsm_cert_has_well_known_private_key (ksba_cert_t cert); int gpgsm_certs_identical_p (ksba_cert_t cert_a, ksba_cert_t cert_b); int gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert, certlist_t *listaddr, int is_encrypt_to); |