aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* dirmngr: Interrogate LDAP server when base DN specified.Joey Berkovitz2022-09-291-7/+26
| | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP server when basedn specified. -- GnuPG-bug-id: 6047 Signed-off-by: Joey Berkovitz <[email protected]>
* Register DCO for Joey Berkovitz.NIIBE Yutaka2022-09-291-0/+3
| | | | --
* dirmngr: Fix lost flags during LDAP uploadWerner Koch2022-09-282-15/+18
| | | | | | | | | | * dirmngr/ldapserver.c (ldapserver_parse_one): Turn LINE into a const. Use strtokenize instead of strtok style parsing. -- This fixes a problem with resulted in a General Error for the second key to be uploaded in the same session. But only if the colon format to specify a keyserver with flags was used.
* gpg: Silence some diagnostics.Werner Koch2022-09-282-8/+11
| | | | | | | | | | | | | | | | | | * g10/parse-packet.c (enum_sig_subpkt): Show "buffer shorter than subpacket" only in debug mode. (parse_signature): Show "signature packet without timestamp / keyid" only in souble verbose mode. * g10/sig-check.c (check_signature_metadata_validity): Use ISO timestamp in UTC for the signature expired note. -- I have seen to many of these diagnostics and in particular the first one seems to be a connected to the others. Thus it does not make sense to show them in standard verbose mode. The ISO timestamp is much easier to read than than the localized timestamp and switching from localtime to UTC should not harm.
* dirmngr: New server flag "areconly" (A-record-only)Werner Koch2022-09-286-3/+51
| | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly" * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag. * dirmngr/dirmngr_ldap.c: Add option --areconly (connect_ldap): Implement option. * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option. -- This flag is used to pass the Windows specific option LDAP_OPT_AREC_EXCLUSIVE. It is ignored on other systems. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND.Werner Koch2022-09-261-2/+8
| | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if server supports this.
* gpg: Don't consider unknown keys as non-compliant while decrypting.Werner Koch2022-09-261-4/+4
| | | | | | | | | | * g10/mainproc.c (proc_encrypted): Change compliance logic. -- For the description of the proplem see https://dev.gnupg.org/T6205#163306 GnuPG-bug-id: 6205
* dirmngr: Factor out interrogate_ldap_dn function.NIIBE Yutaka2022-09-261-66/+69
| | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Need to set the dir for common.confWerner Koch2022-09-213-3/+8
| | | | | | | * tools/gpg-connect-agent.c (main): Set dirs. * tools/gpg-card.c (main): Ditto. -- Fixes-commit: 203dcc19eb48228c60036691fe87fb37e29369a4
* dirmngr: Fix CRL DP error fallback to other schemes.Werner Koch2022-09-161-28/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop. Remove the unused issuername_uri stuff. -- It is quite common that LDAP servers are blocked and thuis the HTTP access point should be used instead. This worked well for certificates where the DP are given in this form: crlDP: ldap://x500.bund.de/[...] http://x500.bund.de/[...] issuer: none but it failed for this form crlDP: ldap://x500.bund.de/[...] issuer: none crlDP: http://x500.bund.de/[...] issuer: none because the LAST_ERR thing terminated the outer loop. This pacth fixes this and also cleans up the code to be more robust. Note that the common workaround of using --ignore-ldap-dp will now only be needed if the firewall uses packet dropping instead of proper ICMP rejects.
* doc: Keep list of RFCs only in DETAILSWerner Koch2022-09-162-25/+9
| | | | --
* dirmngr:dns,doc,gpg: Fix for noreturn for C11.NIIBE Yutaka2022-09-163-3/+3
| | | | | | | | | | | * dirmngr/dns.c: Use __noreturn__. * doc/yat2m.c: Likewise. * g10/main.h: Likewise. -- GnuPG-bug-id: 4002 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Use LDAP_DEPRECATED to detect ldap library.NIIBE Yutaka2022-09-151-0/+2
| | | | | | | | * m4/ldap.m4: Define LDAP_DEPRECATED when test. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update .gitignore for translations under po/.NIIBE Yutaka2022-09-151-0/+1
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tests: Restrict the use of gpgconf.ctl to make check.Werner Koch2022-09-148-1/+39
| | | | | | | | | | | | | | | | | | | * common/homedir.c (unix_rootdir): Add ".enable" statement to gpgconf.ctl * tests/gpgconf.ctl.in: Use this statement. * tests/cms/Makefile.am (OLD_TESTS_ENVIRONMENT): Enable .enable. (TESTS_ENVIRONMENT): Ditto. * tests/gpgme/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/migrations/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/openpgp/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/pkits/Makefile.am (TESTS_ENVIRONMENT): Ditto. * tests/tpm2dtests/Makefile.am (TESTS_ENVIRONMENT): Ditto. -- Without that it was required to delete the gpgconf.ctl to run manual tests. What a hack.
* common: Fix for GPG_ERR_SOURCE_DEFAULT check.NIIBE Yutaka2022-09-141-2/+0
| | | | | | | | | * common/init.h: Remove GPG_ERR_SOURCE_UNKNOWN check. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <[email protected]>
* kbx: Fix for GPG_ERR_SOURCE_DEFAULT.NIIBE Yutaka2022-09-142-8/+3
| | | | | | | | | | | * kbx/keybox-defs.h (GPG_ERR_SOURCE_DEFAULT): Define here, when not defined. * kbx/kbxutil.c: Let keybox-defs.h include gpg-error.h. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix for USE_LDAP.NIIBE Yutaka2022-09-142-0/+7
| | | | | | | | | | * dirmngr/ks-action.c [USE_LDAP] (ks_action_help): Recover variables. * dirmngr/server.c [USE_LDAP] (dirmngr/server.c): Likewise. -- Fixes-commit: 3d7dbf16618db4d0dc602daadbde098d4a14b528 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix t-recsel.NIIBE Yutaka2022-09-141-2/+0
| | | | | | | | | * common/t-recsel.c (main): Don't need to call init_common_subsystems. -- GnuPG-bug-id: 6200 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr:dns: Fixes for function prototypes.NIIBE Yutaka2022-09-141-59/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dns.c (dns_a_parse0, dns_a_push0, dns_a_cmp0): New. (dns_a_print0, dns_aaaa_parse0, dns_aaaa_cmp0): New. (dns_aaaa_print0, dns_mx_parse0, dns_mx_push0, dns_mx_cmp0): New. (dns_mx_print0, dns_mx_cname0, dns_ns_parse0, dns_ns_push0): New. (dns_ns_cmp0, dns_ns_print0, dns_ns_cname0, dns_cname_parse0): New. (dns_cname_push0, dns_cname_cmp0, dns_cname_print0): New. (dns_cname_cname0, dns_soa_parse0, dns_soa_push0): New. (dns_soa_cmp0, dns_soa_print0, dns_srv_parse0, dns_srv_push0): New. (dns_srv_cmp0, dns_srv_print0, dns_srv_cname0, dns_opt_parse0): New. (dns_opt_push0, dns_opt_cmp0, dns_opt_print0, dns_ptr_parse0): New. (dns_ptr_push0, dns_ptr_cmp0, dns_ptr_print0, dns_ptr_cname0): New. (dns_sshfp_parse0, dns_sshfp_push0, dns_sshfp_cmp0): New. (dns_sshfp_print0, dns_txt_parse0, dns_txt_push0, dns_txt_cmp0): New. (struct dns_rrtype): Add function prototypes. (dns_rrtypes): Use "0" variant of functions. (DNS_PRAGMA_PUSH, DNS_PRAGMA_POP): Remove. -- Original code was pretty badly written ignoring the type system of C, but modern compiler encourages use of the type system. No architectural changes, but only things mechanically possible. Signed-off-by: NIIBE Yutaka <[email protected]>
* agent,dirmngr,gpg,scd: Clean up for modern compiler.NIIBE Yutaka2022-09-1410-8/+11
| | | | | | | | | | | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): It's a write only variable, useful for debugging. * g10/key-check.c (key_check_all_keysigs): Likewise. * g10/keyedit.c (show_basic_key_info, menu_expire): Likewise. * scd/app-sc-hsm.c (read_ef_prkd): Likewise. * dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars. * dirmngr/ks-action.c (ks_action_help): Remove unused variables. * dirmngr/server.c (make_keyserver_item): Likewise. * dirmngr/validate.c (check_cert_sig): Initialize the variable. * scd/app-p15.c (select_and_read_record): Likewise. * tests/gpgscm/scheme.c (scheme_init_new): A function with no args. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: Enhance it to support use case for login.NIIBE Yutaka2022-09-132-12/+39
| | | | | | | | | * tools/Makefile.am: gpg-auth is one in libexec_PROGRAMS. * tools/gpg-auth.c: Support use by root for login user. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* gpg,common,scd,sm: Function prototype fixes for modern compiler.NIIBE Yutaka2022-09-1311-19/+19
| | | | | | | | | | | | | | | | | | | | | | * common/gettime.c (gnupg_get_time): It has no arguments. * common/signal.c (gnupg_block_all_signals): Likewise. (gnupg_unblock_all_signals): Likewise. * common/utf8conv.c (get_native_charset): Likewise. * g10/cpr.c (is_status_enabled, cpr_enabled): Likewise. * g10/getkey.c (getkey_disable_caches): Likewise. * g10/keygen.c (ask_expiredate): Likewise. * g10/passphrase.c (have_static_passphrase): Likewise. (get_last_passphrase): Likewise. * g10/tdbio.c (tdbio_is_dirty, tdbio_sync): Likewise. (tdbio_get_dbname, open_db, tdbio_db_matches_options): Likewise. (tdbio_read_nextcheck): Likewise. * g10/trustdb.c (how_to_fix_the_trustdb): Likewise. * scd/scdaemon.c (scd_get_socket_name): Likewise. * sm/passphrase.c (have_static_passphrase): Likewise. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* sm: Fix reporting of bad passphrase errorIngo Klöcker2022-09-091-1/+4
| | | | | | | | * sm/minip12.c (p12_parse): Set badpass flag to result in ctx. -- Fixes-commit: a4e04375e84ecb7ea0d02e153cb27988fca4c2d0 GnuPG-bug-id: 5713, 6037
* Revert "common: Add a default OpenPGP ECC mapping."Ingo Klöcker2022-09-091-1/+0
| | | | | | | | This reverts commit 8e63e813c7404e1dae1def98e0f45d148f71082d. The change broke adding existing ECDH encryption subkeys to a key. GnuPG-bug-id: 5555
* agent: Don't start in --supervised mode if no-autostart is enabled.Werner Koch2022-09-072-0/+14
| | | | | * agent/gpg-agent.c (main): Print an error message if no-autostart is set in common.conf.
* gpg: Support key flags for RENC, TIME, and GROUP.Werner Koch2022-09-077-3/+70
| | | | | | | | | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.
* tools:gpg-auth: Support use of pinpad.NIIBE Yutaka2022-09-061-14/+27
| | | | | | | | | * tools/gpg-auth.c (getpin): Use comment. (inq_needpin): Support "POPUPPINPADPROMPT" protocol response. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Fix to determine ECC curve for SSH.NIIBE Yutaka2022-09-061-3/+3
| | | | | | | | | | | | * common/ssh-utils.c (ssh_public_key_in_base64): Use standard name for ECC curve. -- See oidtable in common/openpgp-oid.c. Fixes-commit: 8e650dbd48fa5fde6d8f08154e6a892d495e9227 Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: Show SSH key comment when asking PIN.NIIBE Yutaka2022-09-051-3/+21
| | | | | | | | | | * tools/gpg-auth.c (authenticate): Put key_list->comment to assuan user's pointer. (getpin): Show SSH key comment if any. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools: Fix gpg-auth.NIIBE Yutaka2022-09-021-15/+42
| | | | | | | | | | | | | | | | | | * tools/gpg-auth.c (my_strusage): Fix usage string. (main): Use gpg-agent to get scdaemon socket. (authenticate): Return GPG_ERR_NOT_FOUND when no success. (ga_scd_connect): Use DBG_IPC. (inq_needpin): Change API for getpin. (put_second_field_cb): New, to get the second field. (scd_get_pubkey): Use put_second_field_cb. (ga_filter_by_authorized_keys): Put NULL at the PREV->next. (getpin): Flush the standard output. Include the last terminating NUL. Return the length. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* tools:gpg-auth: New tool for authentication.NIIBE Yutaka2022-09-022-1/+924
| | | | | | | | | | | * tools/Makefile.am (bin_PROGRAMS): Add gpg-auth. (gpg_auth_SOURCES, gpg_auth_LDADD): * tools/gpg-auth.c: New. -- GnuPG-bug-id: 5862 Signed-off-by: NIIBE Yutaka <[email protected]>
* common: Make nvc_lookup more robust.Werner Koch2022-09-011-1/+12
| | | | | | | | * common/name-value.c (nvc_first): Allow for NULL arg. (nvc_lookup): Allow for PK being NULL. -- GnuPG-bug-id: 6176
* po: Update Japanese Translation.NIIBE Yutaka2022-09-011-26/+13
| | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: New option --debug-cache-expired-certs.Werner Koch2022-08-313-3/+14
| | | | | | | | * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs: * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New. (opts): Add option. (parse_rereadable_options): Set option. * dirmngr/certcache.c (put_cert): Handle the option.
* dirmngr: Reject certificate which is not valid into cache.NIIBE Yutaka2022-08-261-0/+14
| | | | | | | | | | | | | | | | * dirmngr/certcache.c (put_cert): When PERMANENT, reject the certificate which is obviously invalid. -- With this change, invalid certificates from system won't be registered into cache. Then, an intermediate certificate which is issued by an entity certified by such an invalid certificate will be also rejected with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache, it helps the validate_cert_chain function work better. GnuPG-bug-id: 6142 Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add npth_unprotect/npth_protect for blocking operations.NIIBE Yutaka2022-08-251-0/+20
| | | | | | | | | | * scd/ccid-driver.c (ccid_open_usb_reader): Name the thread. (ccid_vendor_specific_setup, ccid_open_usb_reader): Wrap blocking operations by npth_unprotect/npth_protect. -- Signed-off-by: NIIBE Yutaka <[email protected]>
* scd: Add a libusb debug level.Werner Koch2022-08-221-1/+33
| | | | | | | | | | * scd/ccid-driver.c (USE_LIBUSB_DEBUG_CB): New const. (debug_libusb_cb): new. (ccid_set_debug_level): Use it. -- This allows to see the libusb log in our usual debug output. For this the option debug-ccid-driver needs to be given 5 or more times.
* common: New common option no-autostart.Werner Koch2022-08-228-2/+39
| | | | | | | | | | | | | | | | | | | | * common/comopt.c (opts): Add "no-autostart". (parse_comopt): Set it. * common/comopt.h (comopt): Add no_autostart. * g10/gpg.c (main): Take care of the new option. * sm/gpgsm.c (main): Ditto. * tools/gpg-connect-agent.c (INCLUDED_BY_MAIN_MODULE): Add. (main): Parse common options and handle new option. * tools/gpg-card.c (main): Ditto. (cmd_yubikey): Fix minor error reporting issue. * common/util.h (GNUPG_MODULE_NAME_CARD): New const. * common/homedir.c (gnupg_module_name): Support it. -- Having a global option makes it easier to use disable autostart on a server which is required to use a remote gpg-agent reliable.
* dirmngr: Fix NTBTLS include for testAndre Heinecke2022-08-161-1/+2
| | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS. -- This fixes the build in case every lib is installed into its own prefix.
* gpg: Fix --card-status to handle lowercase APPTYPEsWerner Koch2022-08-161-6/+6
| | | | * g10/card-util.c (current_card_status): Use ascii_strcasecmp.
* doc: Update description of the key format.Werner Koch2022-08-162-11/+21
| | | | --
* gpg: Improve --edit-key setpref.Werner Koch2022-08-121-5/+17
| | | | | | | | | | * g10/keygen.c (keygen_set_std_prefs): Allow extra spaces before preference elements. Detect the bracketed versions of the strings. Ignore "aead". -- This allows to c+p the list shown by pref with out remove the brackets.
* agent: New option --need-attr for KEYINFO.Werner Koch2022-08-112-17/+73
| | | | | | | | | | | | | | * agent/command.c (do_one_keyinfo): New arg need_Attr. (cmd_keyinfo): New option --need-attr. * agent/findkey.c (public_key_from_file): Use nvc_get_boolean. -- This option makes it easier to list keys suitable only for certain purposes. The second patch makes if compliant to the description in keyformat.txt
* common: New function nvc_get_boolean.Werner Koch2022-08-112-0/+25
| | | | * common/name-value.c (nvc_get_boolean): New.
* gpg: Emit an ERROR status if --quick-set-primary-uid failsIngo Klöcker2022-08-091-3/+9
| | | | | | | | | | * g10/keyedit.c (keyedit_quick_set_primary): Issue a status error. -- This allows GpgME to detect and report a failure if setting the primary user ID of a key failed. GnuPG-bug-id: 6126
* gpg: Look up user ID to mark as primary by UID hashIngo Klöcker2022-08-082-26/+25
| | | | | | | | | | | | | | | | * g10/keyedit.c (find_userid_by_namehash, find_userid): Add argument want_valid. Skip invalid user IDs if valid is wanted. (keyedit_quick_revuid): Ask find_userid() for any matching user ID. (keyedit_quick_set_primary): Use find_userid() to find the user ID to mark as primary. * tests/openpgp/quick-key-manipulation.scm: Change second call of the quick-set-primary-uid test to specify the user ID by its hash. -- This makes it possible to specify the user ID to mark as primary via its UID hash when calling --quick-set-primary-uid. GnuPG-bug-id: 6126
* gpg: Fix wrong error message for keytocard.Werner Koch2022-08-041-3/+1
| | | | | | | * g10/call-agent.c (agent_keytocard): Emit SC_OP_FAILURE. -- GnuPG-bug-id: 6122
* common: Silence warnings from AllowSetForegroundWindow.Werner Koch2022-08-032-2/+12
| | | | | * common/sysutils.c (gnupg_allow_set_foregound_window): Print warning only with debug flag set.
* dirmngr: Fix failed malloc error message.Werner Koch2022-08-031-2/+5
| | | | * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-19 00:49:33 +0000