Home GnuPG
Diffusion GnuPG 684b0bd4bfb8

gpgsm: Handle re-issued CA certificates in a better way.
684b0bd4bfb8Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

gpgsm: Handle re-issued CA certificates in a better way.

* sm/certchain.c (find_up_search_by_keyid): Consider all matching
certificates.
(find_up): Add some debug messages.

The DFN-Verein recently re-issued its CA certificates without
generating new keys. Thus looking up the chain using the authority
keyids works but may use still existing old certificates. This may
break the CRL lookup in the Dirmngr. The hack to fix this is by using
the latest issued certificate with the same subject key identifier.

As usual Peter Gutman's X.509 style guide has some comments on that
re-issuing.

Resolved conflicts:
sm/certchain.c - whitespace fixes.

Details

Provenance
wernerAuthored on Jun 2 2014, 4:02 PM
Parents
rG3121c4b6c17b: gpgsm: Add a way to save a found state.
Branches
Unknown
Tags
Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rG684b0bd4bfb8: gpgsm: Handle re-issued CA certificates in a better way. (authored by Werner Koch <wk@gnupg.org>).Jun 2 2014, 4:07 PM

Changes (1)

PathSize
sm/

rG684b0bd4bfb8

View Options

sm/certchain.c

Loading...