Diffusion GnuPG 323a20399d90

dirmngr: New option --ignore-cert
323a20399d90
Actions

Tags

None

Subscribers

None

Description

dirmngr: New option --ignore-cert

* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.

This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d

GnuPG-bug-id: T5639

Details

Provenance

Authored on Oct 6 2021, 10:31 AM

Parents

rG341ab0123a8f: dirmngr: Fix Let's Encrypt certificate chain validation.

Branches

Unknown

Tags

Unknown

Tasks

T5639: dirmngr uses the wrong Let's encrypt chain

Event Timeline

• werner committed rG323a20399d90: dirmngr: New option --ignore-cert (authored by • werner).Oct 6 2021, 11:06 AM

• werner added a task: T5639: dirmngr uses the wrong Let's encrypt chain.Oct 6 2021, 11:58 AM

• werner mentioned this in T5601: Release GnuPG 2.2.32.Oct 6 2021, 9:19 PM

Changes (5)

Path

Size

common/

dirmngr/

doc/

rG323a20399d90

common/convert.c

Loading...

dirmngr/certcache.c

Loading...

dirmngr/dirmngr.c

Loading...

dirmngr/dirmngr.h

Loading...

doc/dirmngr.texi

Loading...