[PATCH] gpgsm: Fix loading of CRLs with Auth Keyid extension.

Damien Goutte-Gattat dgouttegattat at incenp.org
Wed Jan 27 17:43:57 CET 2016


* sm/call-dirmngr.c (run_command_inq_cb): Reply to SENDCERT_SKI
inquiries.

--
Trying to load a CRL with the following command:

  gpgsm --call-dirmngr loadcrl crl_file

fails with the following messgaes:

  gpgsm: unsupported inquiry 'SENDCERT_SKI ...'
  gpgsm: response of dirmngr: Unknown IPC inquire

if the CRL has a Authority Key Identifier extension.

This is because the callback used when passing commands to
dirmngr replies only to SENDCERT inquiries but not to
SENDCERT_SKI inquiries.

This patch fixes that behavior by replying to both types of
inquiries.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
 sm/call-dirmngr.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 881c484..46ffa51 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -921,18 +921,28 @@ run_command_inq_cb (void *opaque, const char *line)
   const char *s;
   int rc = 0;
 
-  if ((s = has_leading_keyword (line, "SENDCERT")))
+  if ((s = has_leading_keyword (line, "SENDCERT")) ||
+      (s = has_leading_keyword (line, "SENDCERT_SKI")))
     { /* send the given certificate */
       int err;
       ksba_cert_t cert;
+      ksba_sexp_t ski = NULL;
       const unsigned char *der;
-      size_t derlen;
+      size_t derlen, skilen;
+
+      if (has_leading_keyword (line, "SENDCERT_SKI"))
+        {
+          ski = make_simple_sexp_from_hexstr (s, &skilen);
+          s += skilen;
+          while (*s == ' ')
+            s++;
+        }
 
       line = s;
       if (!*line)
         return gpg_error (GPG_ERR_ASS_PARAMETER);
 
-      err = gpgsm_find_cert (line, NULL, &cert);
+      err = gpgsm_find_cert (line, ski, &cert);
       if (err)
         {
           log_error ("certificate not found: %s\n", gpg_strerror (err));
-- 
1.8.4




More information about the Gnupg-devel mailing list