From c61c77b1b2d68a91c409ca2a5a91368f4c84d220 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 7 Apr 2004 17:59:18 +0000 Subject: * gpgsm.c: New option --force-crl-refresh. * call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr. --- sm/call-dirmngr.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'sm/call-dirmngr.c') diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 0e8f67f28..15160dc41 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -149,6 +149,8 @@ start_dirmngr (void) if (dirmngr_ctx) return 0; /* fixme: We need a context for each thread or serialize the access to the dirmngr */ + /* Note: if you change this to multiple connections, you also need + to take care of the implicit option sending caching. */ infostr = force_pipe_server? NULL : getenv ("DIRMNGR_INFO"); if (!infostr || !*infostr) @@ -359,12 +361,14 @@ int gpgsm_dirmngr_isvalid (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp) { + static int did_options; int rc; char *certid; char line[ASSUAN_LINELENGTH]; struct inq_certificate_parm_s parm; struct isvalid_status_parm_s stparm; + rc = start_dirmngr (); if (rc) return rc; @@ -402,6 +406,15 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, option to dirmngr, so that no fallback CRL check is done after an ocsp check. */ + /* It is sufficient to send the options only once because we have + one connection per process only. */ + if (!did_options) + { + if (opt.force_crl_refresh) + assuan_transact (dirmngr_ctx, "OPTION force-crl-refresh=1", + NULL, NULL, NULL, NULL, NULL, NULL); + did_options = 1; + } snprintf (line, DIM(line)-1, "ISVALID %s", certid); line[DIM(line)-1] = 0; xfree (certid); -- cgit