diff options
| author | Werner Koch <[email protected]> | 2007-11-19 16:32:05 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2007-11-19 16:32:05 +0000 |
| commit | c1270f06feda61ff864c485336d31db8a00cb56c (patch) | |
| tree | 0643cd45958cb506d90cb7c2ef020c5049d0d47a /doc | |
| parent | Started to implement the audit log feature. (diff) | |
| download | gnupg-c1270f06feda61ff864c485336d31db8a00cb56c.tar.gz gnupg-c1270f06feda61ff864c485336d31db8a00cb56c.zip | |
Document --auto-issuer-key-retrieve.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/ChangeLog | 5 | ||||
| -rw-r--r-- | doc/DETAILS | 1 | ||||
| -rw-r--r-- | doc/gpgsm.texi | 13 |
3 files changed, 18 insertions, 1 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 7a455df7a..1e276e2a3 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2007-11-19 Werner Koch <[email protected]> + + * gpgsm.texi (Certificate Options): Document + --auto-issuer-key-retrieve. + 2007-11-15 Werner Koch <[email protected]> * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA. diff --git a/doc/DETAILS b/doc/DETAILS index 2d60aae6a..1582f6936 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -554,6 +554,7 @@ more arguments in future versions. 8 := "Policy mismatch" 9 := "Not a secret key" 10 := "Key not trusted" + 11 := "Missing certifciate" (e.g. intermediate or root cert.) Note that this status is also used for gpgsm's SIGNER command where it relates to signer's of course. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index e98de1512..f9f783702 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -405,7 +405,7 @@ command. This option should not be used in a configuration file. @itemx --disable-ocsp @opindex enable-ocsp @opindex disable-ocsp -Be default @acronym{OCSP} checks are disabled. The enable opton may +Be default @acronym{OCSP} checks are disabled. The enable option may be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks are also enabled, CRLs will be used as a fallback if for some reason an OCSP request won't succeed. Note, that you have to allow OCSP @@ -413,6 +413,17 @@ requests in Dirmngr's configuration too (option @option{--allow-ocsp} and configure dirmngr properly. If you don't do so you will get the error code @samp{Not supported}. +@item --auto-issuer-key-retrieve +@opindex auto-issuer-key-retrieve +If a required certificate is missing while validating the chain of +certificates, try to load that certificate from an external location. +This usually means that Dirmngr is employed t search for the +certificate. Note that this option makes a "web bug" like behavior +possible. LDAP server operators can see which keys you request, so by +sending you a message signed by a brand new key (which you naturally +will not have on your local keybox), the operator can tell both your IP +address and the time when you verified the signature. + @item --validation-model @var{name} @opindex validation-model |