gpgsm: Support SENDCERT_SKI for --call-dirmngr

* sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI. * dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with the unknown OID nortice.
author: Werner Koch <wk@gnupg.org> 2023-06-19 14:05:22 +0200
committer: Werner Koch <wk@gnupg.org> 2023-06-19 14:05:22 +0200
commit: 701a8b30f0be24552772fc2818ad07402eb14478 (patch)
tree: 4b0be2fbcfb0bef79c93c1bbee7f90e64433b493 /sm
parent: dirmngr: Disable the HTTP redirect rewriting. (diff)
download: gnupg2-701a8b30f0be24552772fc2818ad07402eb14478.tar.xz
gnupg2-701a8b30f0be24552772fc2818ad07402eb14478.zip
1 files changed, 36 insertions, 9 deletions
diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c
index 86beeedc1..7fe7a68f5 100644
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@@ -1001,16 +1001,17 @@ static gpg_error_t
 run_command_inq_cb (void *opaque, const char *line)
 {
   struct run_command_parm_s *parm = opaque;
+  gpg_error_t err;
   const char *s;
   int rc = 0;
+  ksba_cert_t cert = NULL;
+  ksba_sexp_t ski = NULL;
+  const unsigned char *der;
+  size_t derlen, n;
 
   if ((s = has_leading_keyword (line, "SENDCERT")))
-    { /* send the given certificate */
-      int err;
-      ksba_cert_t cert;
-      const unsigned char *der;
-      size_t derlen;
-
+    {
+      /* Send the given certificate.  */
       line = s;
       if (!*line)
         return gpg_error (GPG_ERR_ASS_PARAMETER);
@@ -1029,11 +1030,36 @@ run_command_inq_cb (void *opaque, const char *line)
             rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
           else
             rc = assuan_send_data (parm->ctx, der, derlen);
-          ksba_cert_release (cert);
+        }
+    }
+  else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
+    {
+      /* Send a certificate where a sourceKeyIdentifier is included. */
+      line = s;
+      ski = make_simple_sexp_from_hexstr (line, &n);
+      line += n;
+      while (*line == ' ')
+        line++;
+
+      err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
+                             FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
+      if (err)
+        {
+          log_error ("certificate not found: %s\n", gpg_strerror (err));
+          rc = gpg_error (GPG_ERR_NOT_FOUND);
+        }
+      else
+        {
+          der = ksba_cert_get_image (cert, &derlen);
+          if (!der)
+            rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
+          else
+            rc = assuan_send_data (parm->ctx, der, derlen);
         }
     }
   else if ((s = has_leading_keyword (line, "PRINTINFO")))
-    { /* Simply show the message given in the argument. */
+    {
+      /* Simply show the message given in the argument. */
       line = s;
       log_info ("dirmngr: %s\n", line);
     }
@@ -1043,7 +1069,6 @@ run_command_inq_cb (void *opaque, const char *line)
          root certificate.  */
       char fpr[41];
       struct rootca_flags_s rootca_flags;
-      int n;
 
       line = s;
 
@@ -1067,6 +1092,8 @@ run_command_inq_cb (void *opaque, const char *line)
       rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
     }
 
+  ksba_cert_release (cert);
+  xfree (ski);
   return rc;
 }
author	Werner Koch <wk@gnupg.org>	2023-06-19 14:05:22 +0200
committer	Werner Koch <wk@gnupg.org>	2023-06-19 14:05:22 +0200
commit	701a8b30f0be24552772fc2818ad07402eb14478 (patch)
tree	4b0be2fbcfb0bef79c93c1bbee7f90e64433b493 /sm
parent	dirmngr: Disable the HTTP redirect rewriting. (diff)
download	gnupg2-701a8b30f0be24552772fc2818ad07402eb14478.tar.xz gnupg2-701a8b30f0be24552772fc2818ad07402eb14478.zip