Home GnuPG
Diffusion GnuPG 323a20399d90

dirmngr: New option --ignore-cert

Description

dirmngr: New option --ignore-cert

* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.

This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d

Details

Provenance
wernerAuthored on Oct 6 2021, 10:31 AM
Parents
rG341ab0123a8f: dirmngr: Fix Let's Encrypt certificate chain validation.
Branches
Unknown
Tags
Unknown
Tasks
T5639: dirmngr uses the wrong Let's encrypt chain