Home GnuPG
Diffusion GnuPG 5d96aab27dcf

gpgsm: Improve cert lookup callback from dirmngr.

Description

gpgsm: Improve cert lookup callback from dirmngr.

* sm/gpgsm.h (FIND_CERT_ALLOW_AMBIG): New.
(FIND_CERT_WITH_EPHEM): New.
* sm/certlist.c (gpgsm_find_cert): Replace arg allow_ambiguous by a
generic flags arg.  Implement the new flag FIND_CERT_WITH_EPHEM.
* sm/call-dirmngr.c (inq_certificate): Return also ephemeral marked
certs.

The dirmngr may need to get a certificate from gpgsm's store in the
course of verifying a CRL. In some cases the certificate is still
marked as epehemeral - this needs to be returned as well.

This _may_ also fix

Details

Provenance
wernerAuthored on Feb 26 2023, 7:11 PM
Parents
rG1952a0e5e41c: sm: Fix dirmngr loadcrl for intermediate certs
Branches
Unknown
Tags
Unknown
Tasks
T4436: gpgsm refuses to encrypt with failure to check CRL