[PATCH] gpgsm: Fix loading of CRLs with Auth Keyid extension.
Damien Goutte-Gattat
dgouttegattat at incenp.org
Wed Jan 27 17:43:57 CET 2016
* sm/call-dirmngr.c (run_command_inq_cb): Reply to SENDCERT_SKI
inquiries.
--
Trying to load a CRL with the following command:
gpgsm --call-dirmngr loadcrl crl_file
fails with the following messgaes:
gpgsm: unsupported inquiry 'SENDCERT_SKI ...'
gpgsm: response of dirmngr: Unknown IPC inquire
if the CRL has a Authority Key Identifier extension.
This is because the callback used when passing commands to
dirmngr replies only to SENDCERT inquiries but not to
SENDCERT_SKI inquiries.
This patch fixes that behavior by replying to both types of
inquiries.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat at incenp.org>
---
sm/call-dirmngr.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 881c484..46ffa51 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -921,18 +921,28 @@ run_command_inq_cb (void *opaque, const char *line)
const char *s;
int rc = 0;
- if ((s = has_leading_keyword (line, "SENDCERT")))
+ if ((s = has_leading_keyword (line, "SENDCERT")) ||
+ (s = has_leading_keyword (line, "SENDCERT_SKI")))
{ /* send the given certificate */
int err;
ksba_cert_t cert;
+ ksba_sexp_t ski = NULL;
const unsigned char *der;
- size_t derlen;
+ size_t derlen, skilen;
+
+ if (has_leading_keyword (line, "SENDCERT_SKI"))
+ {
+ ski = make_simple_sexp_from_hexstr (s, &skilen);
+ s += skilen;
+ while (*s == ' ')
+ s++;
+ }
line = s;
if (!*line)
return gpg_error (GPG_ERR_ASS_PARAMETER);
- err = gpgsm_find_cert (line, NULL, &cert);
+ err = gpgsm_find_cert (line, ski, &cert);
if (err)
{
log_error ("certificate not found: %s\n", gpg_strerror (err));
--
1.8.4
More information about the Gnupg-devel
mailing list