diff options
author | Niels De Graef <nielsdegraef@gmail.com> | 2021-09-01 23:15:13 +0200 |
---|---|---|
committer | Niels De Graef <nielsdegraef@gmail.com> | 2022-06-06 09:24:55 +0200 |
commit | c61fd4fe606b8dfd5a5c0001ace848f192a53626 (patch) | |
tree | 26979a879fb418adf0a75063e4305eb9a11d809f /docs | |
parent | 242f31eda7e5aed4948f078bb3d5fc3344df7281 (diff) | |
download | gcr-c61fd4fe606b8dfd5a5c0001ace848f192a53626.tar.gz |
Add lookup of trust assertions for distrusted certscert-distrusted
There is one notable type of trust assertions that is not implemented in
gcr: those where `CK_X_ASSERTION_TYPE` equals
`CKT_X_DISTRUSTED_CERTIFICATE`.
This is actually also something needed by Seahorse, as that is showing
the infamous "null" certificates due to distrusted certificates being
present on the machine, but not having any DER data stored with them.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/gcr/trust-store.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/gcr/trust-store.md b/docs/gcr/trust-store.md index 1c97ec2..baeabe7 100644 --- a/docs/gcr/trust-store.md +++ b/docs/gcr/trust-store.md @@ -36,3 +36,11 @@ After the user has requested to override the trust decision about a given certificate then a pinned certificates can be added by using the [func@Gcr.trust_add_pinned_certificate] function, or [func@Gcr.trust_add_pinned_certificate_async] for the asynchronous version. + +Distrusted certificates +------------------------ +Certificates can be marked _distrusted_, either by manual action of the user, or +by Certificate Authorities (CAs) that add them in a Certificate Revocation List +(CRL) or other means. To check if a certificate is distrusted, one can use +[func@Gcr.trust_is_certificate_distrusted], or +[func@Gcr.trust_is_certificate_distrusted_async] for the asynchronous version. |