| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
* scripts/gitlog-to-changelog: Add option --tear-off.
* Makefile.am (gen-ChangeLog): Use that option.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
|
| |
|
|
| |
* Makefile.am (gen-ChangeLog): Supply --append-dot.
|
| |
|
|
|
|
|
|
|
|
| |
* scripts/gitlog-to-changelog: Ignore lines after a "--" line.
--
The first line with two dashes at the start of a line (optionally
followed by white space) stops copying the commit log lines to the
ChangeLog entry in "make dist". This is useful to allow adding
comments to the log which are not useful in a ChangeLog.
|
| |
|
|
|
|
|
| |
* sm/certreqgen.c (pAUTHKEYID): New.
(read_parameters): Add keyword Authority-Key-Id.
(proc_parameters): Check its value.
(create_request): Insert an Authority-Key-Id.
|
| |
|
|
|
|
|
|
| |
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
|
| |
|
|
| |
* sm/certreqgen.c (create_request): Fix hex-bin conversion.
|
| |
|
|
| |
* agent/command.c (start_command_handler): Remove use of removed var.
|
| |
|
|
| |
* agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
|
| |
|
|
|
|
|
|
| |
* scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
(SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
(parse_ccid_descriptor): Use them.
(scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
ST-2000. Suggested by Matthias-Christian Ott.
|
| |
|
|
|
| |
* g10/export.c (transfer_format_to_openpgp): Avoid possible double
free of LIST. Reported by NIIBE Yutaka.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.
* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on. use_keypad only makes sense for
iso7816_change_reference_data_kp.
* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
|
| |
|
|
| |
* autogen.sh: Install commit-msg hook for git.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. Change
iobuf arg to a estream-t. Rewrite function to make use of estream
instead of iobuf. Require all parameters. Return an gpg_error_t
error instead of the type. Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
|
| |
|
|
| |
* common/estream.h (es_fopenmem_init): New.
|
| |
|
|
|
| |
* estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is not
set. Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is given.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* common/t-dns-cert.c (main): Increase MAX_SIZE to 64k.
* g10/keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.
|
| |
|
|
|
| |
* dns-cert.c (get_dns_cert): Factor test code out to ...
* t-dns-cert.c: new file.
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
admin).
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Run this script in the parent directory of the working copies. It
does a VPATH build in ~/tmp/gpg-tmp/b in the right order and installs
everything below ~/tmp/gpg-tmp/.
Based on a script by Jim Meyering.
|
| |
|
|
| |
* m4/gpg-error.m4: Update from git master.
|
| |
|
|
|
|
|
| |
* command-ssh.c (card_key_available): Change wording of no key
diagnostic.
(ssh_handler_request_identities): Do not call card_key_available
if the scdaemon is disabled.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this change, it is layered like following:
iso7816_verify
iso7816_verify_kp
apdu_send_simple, apdu_send_simple_kp
...
After this change, it will be layered like:
iso7816_verify iso7816_verify_kp
apdu_send_simple apdu_keypad_verify
...
and apdu_send_simple_kp will be deprecated.
For PC/SC API, we use:
SCardControl API to compose CCID PC_to_RDR_Secure message
SCardTransmit API to compose CCID PC_to_RDR_XfrBlock message
Considering the support of PC/SC, we have nothing to share between _kp
version of iso7816_* and no _kp version.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We had some debug code here which prevented it from working.
The host selection code still needs a review!
* ks-engine-http.c (ks_http_help): Do not print help for hkp.
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
(send_request): Remove test code.
(map_host): Use xtrymalloc.
* certcache.c (classify_pattern): Remove unused variable and make
explicit substring search work.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
We had some debug code here which prevented it from working.
The host selection code still needs a review!
* ks-engine-http.c (ks_http_help): Do not print help for hkp.
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
(send_request): Remove test code.
(map_host): Use xtrymalloc.
* certcache.c (classify_pattern): Remove unused variable and make
explicit substring search work.
|
| |
|
|
| |
* po/de.po: Update.
|
| |
|
|
| |
This is bug#1378.
|
| |
|
|
|
|
| |
This works by specifying the keygrip instead of an algorithm (section
number 13) and requires that the option -expert has been used. It
will be easy to extend this to the primary key.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also removed the single letter options from the index.
|
| |
|
|
|
|
| |
Current makeinfo versions allow to indent the texinfo source. However
yat2m had no support for this. With this patch it is now possible to
use a simple indentation style while keeping man pages readable.
|
| |
|
|
| |
This is to allow the use of this code with code under GPLv2(only).
|
| |
|
|
| |
Also fixed a type in the GLIB version.
|
| | |
|
| |
|
|
| |
This is achieved by passing the define DOTLOCK_USE_PTHREAD.
|
| |
|
|
| |
This allows us to extend this function in the future.
|
| | |
|
| |
|
|
|
|
|
| |
- It is now more portable and may be used outside of GnuPG
- vfat file systems are now supported.
- The use of link(2) is more robust.
- Wrote extensive documentation.
|
| |
|
|
|
| |
This is not anymore required because we require Libgcrypt 1.5.0 which
features this function.
|
