dirmngr: Add options --tls and --systrust to the VALIDATE cmd.
* dirmngr/certcache.h (certlist_s, certlist_t): New. * dirmngr/certcache.c (read_certlist_from_stream): New. (release_certlist): New. * dirmngr/server.c (MAX_CERTLIST_LENGTH): New. (cmd_validate): Add options --tls and --systrust. Implement them using a kludge for now. * dirmngr/validate.c (validate_cert_chain): Support systrust checking. Add kludge to disable the CRL checking for tls mode.
This can now be used to test a list of certificates as returned by
TLS. Put the certs PEM encoded into a a file certlist.pem with the
target certificate being the first. Then run
gpg-connect-agent --dirmngr \ '/definqfile CERTLIST wiki-gnupg-chain.pem' \ 'validate --systrust --tls' /bye
CRLS check has been disabled becuase we can't yet pass the systrust
flag to the CRL checking code.
- Signed-off-by: Werner Koch <wk@gnupg.org>