Home GnuPG
Diffusion GnuPG 0b583a555e75

sm: Consider certificates w/o CRL DP as valid.

Description

sm: Consider certificates w/o CRL DP as valid.

* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.

If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks. The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Mar 27 2020, 9:11 PM
Parents
rG4c4999b8185a: scd:openpgp: Allow PKSIGN with keygrip also for OPENPGP.3.
Branches
Unknown
Tags
Unknown