Home GnuPG
Diffusion GnuPG b52a0e244ae1

dirmngr: Distinguish between "no crl" and "crl not trusted".

Description

dirmngr: Distinguish between "no crl" and "crl not trusted".

* dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New.
* dirmngr/crlcache.c (cache_isvalid): Set this status.
(crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
(crl_cache_reload_crl): Move diagnostic to ...
* dirmngr/crlfetch.c (crl_fetch): here.
* dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED.
* dirmngr/validate.c (check_revocations): Handle new status.  Improve
diagnostics.
* common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ.
* common/audit.c (proc_type_verify): Ditto.

This avoids repeated loading of CRLs in case of untrusted root
certificates.

Details

Provenance
wernerAuthored on Mar 9 2023, 6:28 PM
Parents
rG65288fc52f0c: keyboxd: Allow import of v0 certificates.
Branches
Unknown
Tags
Unknown