Home GnuPG
Diffusion GnuPG 0662b9444b5b

dirmngr: Reject certificate which is not valid into cache.
0662b9444b5b
Actions

Description

dirmngr: Reject certificate which is not valid into cache.

* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
certificate which is obviously invalid.

With this change, invalid certificates from system won't be registered
into cache. Then, an intermediate certificate which is issued by an
entity certified by such an invalid certificate will be also rejected
with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache,
it helps the validate_cert_chain function work better.

  • GnuPG-bug-id: T6142
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Aug 26 2022, 2:24 AM
Parents
rG6df8608c3ebe: scd: Add npth_unprotect/npth_protect for blocking operations.
Branches
Unknown
Tags
Unknown
Tasks
T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired

Changes (1)

PathSize
dirmngr/

rG0662b9444b5b

View Options

dirmngr/certcache.c

Loading...