Home GnuPG

Rewrite the post-processing of external X.509 certificate imports

Description

Rewrite the post-processing of external X.509 certificate imports

The main reason for the rewrite was that the call
KeyCache::mutableInstance()->refresh(keys);
clears the key cache and only adds the passed keys (i.e. the imported
X.509 certificates) to the key cache. In particular, this removed all
OpenPGP keys and all previously existing X.509 certificates from the
key cache. That was certainly not intended.

The new approach is a bit slower because it does an update for each
imported X.509 certificate instead of for all certificates with a single
keylisting.

This change also fixes a regression introduced with commit
0b7978d550490695b1cd28229bc27d1124dc3cf3
which performed the validation for external and local CMS imports.

Details