Diffusion GnuPG fa1ac5c23d16

gpgsm: add a certificate chain check for de-vs compliance
fa1ac5c23d16
Actions

Tags

None

Subscribers

None

Description

gpgsm: add a certificate chain check for de-vs compliance

* sm/certchain.c (do_validate_chain): fix typo
* sm/decrypt.c (gpgsm_decrypt): check the certifacte chain for de-vs
compliance
*sm/verify.c (gpgsm_verify): check the certificate chain for de-vs
compliance

The gpgsm status for CO_DE_VS compliance should only be set if the
certificate chain is also checked and compliant (besides the pk algo,
the message digest and cipher which were already checked before).

GnuPG-bug-id: T8188

Details

Provenance

pl13	Authored on Thu, Apr 2, 10:45 AM

Parents

rG7bc969d38808: agent: Accept a trustlist with a missing LF at the end.

Branches

Unknown

Tags

Unknown

References

STABLE-BRANCH-2-2

Tasks

T8188: gpgsm: No error/warning on verification or decryption in case of trusted but not VS-compliant certificate

Event Timeline

pl13 committed rGfa1ac5c23d16: gpgsm: add a certificate chain check for de-vs compliance (authored by pl13).Sun, Apr 5, 11:27 AM

pl13 added a task: T8188: gpgsm: No error/warning on verification or decryption in case of trusted but not VS-compliant certificate.Tue, Apr 7, 1:51 PM

• werner mentioned this in rG56a1e5f3dda3: gpgsm: Add a certificate chain check for de-vs compliance.Tue, Apr 7, 3:18 PM

Changes (3)

Path

Size

sm/

rGfa1ac5c23d16

sm/certchain.c

Loading...

sm/decrypt.c

Loading...

sm/verify.c

Loading...