* certpath.c (gpgsm_validate_path): Ask the agent to add the
authorWerner Koch <wk@gnupg.org>
Mon, 18 Feb 2002 20:47:29 +0000 (20:47 +0000)
committerWerner Koch <wk@gnupg.org>
Mon, 18 Feb 2002 20:47:29 +0000 (20:47 +0000)
certificate into the trusted list.
* call-agent.c (gpgsm_agent_marktrusted): New.

sm/ChangeLog
sm/call-agent.c
sm/certchain.c
sm/certpath.c

index 1cbacaf..9f9aaa3 100644 (file)
@@ -1,3 +1,9 @@
+2002-02-18  Werner Koch  <wk@gnupg.org>
+
+       * certpath.c (gpgsm_validate_path): Ask the agent to add the
+       certificate into the trusted list.
+       * call-agent.c (gpgsm_agent_marktrusted): New.
+
 2002-02-07  Werner Koch  <wk@gnupg.org>
 
        * certlist.c (gpgsm_add_to_certlist): Check that the specified
index 5b3b6d6..54e8fac 100644 (file)
@@ -461,8 +461,43 @@ gpgsm_agent_istrusted (KsbaCert cert)
   rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
   return map_assuan_err (rc);
 }
-\f
 
+/* Ask the agent to mark CERT as a trusted Root-CA one */
+int
+gpgsm_agent_marktrusted (KsbaCert cert)
+{
+  int rc;
+  char *fpr, *dn;
+  char line[ASSUAN_LINELENGTH];
+
+  rc = start_agent ();
+  if (rc)
+    return rc;
+
+  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+  if (!fpr)
+    {
+      log_error ("error getting the fingerprint\n");
+      return seterr (General_Error);
+    }
+
+  dn = ksba_cert_get_issuer (cert, 0);
+  if (!dn)
+    {
+      xfree (fpr);
+      return seterr (General_Error);
+    }
+  snprintf (line, DIM(line)-1, "MARKTRUSTED %s S %s", fpr, dn);
+  line[DIM(line)-1] = 0;
+  ksba_free (dn);
+  xfree (fpr);
+
+  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
+  return map_assuan_err (rc);
+}
+
+
+\f
 /* Ask the agent whether the a corresponding secret key is available
    for the given keygrip */
 int
@@ -484,3 +519,4 @@ gpgsm_agent_havekey (const char *hexkeygrip)
   rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
   return map_assuan_err (rc);
 }
+
index 842481b..e76ff6c 100644 (file)
@@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
             ;
           else if (rc == GNUPG_Not_Trusted)
             {
+              int rc2;
+
               char *fpr = gpgsm_get_fingerprint_string (subject_cert,
                                                         GCRY_MD_SHA1);
-              log_error (_("root certificate is not marked trusted\n"));
+              log_info (_("root certificate is not marked trusted\n"));
               log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
               xfree (fpr);
-              /* fixme: print a note while we have not yet the code to
-                 ask whether the cert should be entered into the trust
-                 list */
-              gpgsm_dump_cert ("issuer", subject_cert);
-              log_info ("after checking the fingerprint, you may want "
-                        "to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
+              rc2 = gpgsm_agent_marktrusted (subject_cert);
+              if (!rc2)
+                {
+                  log_info (_("root certificate has now"
+                              " been marked as trusted\n"));
+                  rc = 0;
+                }
+              else 
+                {
+                  gpgsm_dump_cert ("issuer", subject_cert);
+                  log_info ("after checking the fingerprint, you may want "
+                            "to enter it manually into "
+                            "\"~/.gnupg-test/trustlist.txt\"\n");
+                }
             }
           else 
             {
index 842481b..e76ff6c 100644 (file)
@@ -261,17 +261,27 @@ gpgsm_validate_path (KsbaCert cert)
             ;
           else if (rc == GNUPG_Not_Trusted)
             {
+              int rc2;
+
               char *fpr = gpgsm_get_fingerprint_string (subject_cert,
                                                         GCRY_MD_SHA1);
-              log_error (_("root certificate is not marked trusted\n"));
+              log_info (_("root certificate is not marked trusted\n"));
               log_info (_("fingerprint=%s\n"), fpr? fpr : "?");
               xfree (fpr);
-              /* fixme: print a note while we have not yet the code to
-                 ask whether the cert should be entered into the trust
-                 list */
-              gpgsm_dump_cert ("issuer", subject_cert);
-              log_info ("after checking the fingerprint, you may want "
-                        "to enter it into \"~/.gnupg-test/trustlist.txt\"\n");
+              rc2 = gpgsm_agent_marktrusted (subject_cert);
+              if (!rc2)
+                {
+                  log_info (_("root certificate has now"
+                              " been marked as trusted\n"));
+                  rc = 0;
+                }
+              else 
+                {
+                  gpgsm_dump_cert ("issuer", subject_cert);
+                  log_info ("after checking the fingerprint, you may want "
+                            "to enter it manually into "
+                            "\"~/.gnupg-test/trustlist.txt\"\n");
+                }
             }
           else 
             {