[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.10-11-g6b36c16

by Andre Heinecke cvs at cvs.gnupg.org
Tue Oct 23 16:00:08 CEST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  6b36c16f77722d17f4f317c788701cbc1e9552b2 (commit)
      from  a2bd4a64e5b057f291a60a9499f881dd47745e2f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 6b36c16f77722d17f4f317c788701cbc1e9552b2
Author: Andre Heinecke <aheinecke at intevation.de>
Date:   Tue Oct 23 12:46:38 2018 +0200

    sm: Fix dirmngr loadcrl for intermediate certs
    
    * sm/call-dirmngr.c (run_command_inq_cb): Support ISTRUSTED.
    (inq_certificate): Distinguish unsupported inquiry error.
    
    --
    When loading a CRL through "gpgsm --call-dirmngr loadcrl foo"
    dirmngr can ask gpgsm back if a certificate used ISTRUSTED, which
    previously resulted in an error.

diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 3a38bca..fb05413 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -390,7 +390,7 @@ inq_certificate (void *opaque, const char *line)
     }
   else
     {
-      log_error ("unsupported inquiry '%s'\n", line);
+      log_error ("unsupported certificate inquiry '%s'\n", line);
       return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     }
 
@@ -950,9 +950,33 @@ run_command_inq_cb (void *opaque, const char *line)
       line = s;
       log_info ("dirmngr: %s\n", line);
     }
+  else if ((s = has_leading_keyword (line, "ISTRUSTED")))
+    {
+      /* The server is asking us whether the certificate is a trusted
+         root certificate.  */
+      char fpr[41];
+      struct rootca_flags_s rootca_flags;
+      int n;
+
+      line = s;
+
+      for (s=line,n=0; hexdigitp (s); s++, n++)
+        ;
+      if (*s || n != 40)
+        return gpg_error (GPG_ERR_ASS_PARAMETER);
+      for (s=line, n=0; n < 40; s++, n++)
+        fpr[n] = (*s >= 'a')? (*s & 0xdf): *s;
+      fpr[n] = 0;
+
+      if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags))
+        rc = assuan_send_data (parm->ctx, "1", 1);
+      else
+        rc = 0;
+      return rc;
+    }
   else
     {
-      log_error ("unsupported inquiry '%s'\n", line);
+      log_error ("unsupported command inquiry '%s'\n", line);
       rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     }
 

-----------------------------------------------------------------------

Summary of changes:
 sm/call-dirmngr.c | 28 ++++++++++++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list