Home GnuPG
Diffusion GnuPG 14ccabe7f82f

dirmngr: Reject certificate which is not valid into cache.

Description

dirmngr: Reject certificate which is not valid into cache.

* dirmngr/certcache.c (put_cert): When PERMANENT, reject the
certificate which is obviously invalid.

With this change, invalid certificates from system won't be registered
into cache. Then, an intermediate certificate which is issued by an
entity certified by such an invalid certificate will be also rejected
with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache,
it helps the validate_cert_chain function work better.

  • GnuPG-bug-id: T6142
  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Aug 26 2022, 2:24 AM
wernerCommitted on Aug 31 2022, 1:47 PM
Parents
rGaa0c942521d8: gpg: Fix assertion failure due to errors in encrypt_filter.
Branches
Unknown
Tags
Unknown
Tasks
T6142: On Windows, gpg 2.3.7 thinks the certificates of major keyservers have expired