| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
* g10/keyid.c (hash_public_key): Do not pass the version.
--
Fixes-commit: 1f76cbca35133969ccccfa324d633556e19a386c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (oWithV5Fingerprint): New.
(opts): Add new option.
(main): Set option.
* g10/options.h (opt): Add with_v5_fingerprint.
* g10/keyid.c (hash_public_key): Factor out to ...
(do_hash_public_key): this. Add new arg to foce v5 style hashing.
(v5_fingerprint_from_pk): New.
(v5hexfingerprint): New.
* g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys
if the option is set.
--
GnuPG-bug-id: 6705
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--
GnuPG-bug-id: 6559
|
| |
|
|
|
|
| |
--
This is repo only.
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ldap-misc.c (rfc4517toisotime): Correct index.
--
Obviously the parser assumes the standard ISO format with the 'T'
before the hour. That is not correct here. We need this parser for
the modifyTimestamp thingy.
|
| |
|
|
|
|
|
|
| |
* m4/libassuan.m4: Update from libassuan master.
--
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (enum para_name): Add pSUBKEYEXPIREDATE.
(proc_parameter_file): Add support for pSUBKEYEXPIREDATE.
(read_parameter_file): Add "Subkey-Expire-Date".
--
Cherry-pick from master commit of:
23bcb78d279ebc81ec9340356401d19cf89985f1
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (parse_expire_string_with_ct): New function, optionally
supply the creation time.
(parse_expire_string): Use parse_expire_string_with_ct with no
creation time.
(proc_parameter_file): Use parse_expire_string_with_ct possibly with
the creation time.
--
Cherry-pick from master commit of:
b07b5144ff6a9208ea27fe1e1518270bd22b382c
GnuPG-bug-id: 5252
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* build-aux/speedo.mk (AUTHENTICODE_FILES): Add keyboxd.exe
--
This should prevent that keyboxd.exe is blocked on systems that
only allow signed executables.
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (gpgrt_opt_t): Use string for oFakedSystemTime.
(oFakedSystemTime): Use similar conversion as gpgsm has.
* dirmngr/dirmngr.texi (faked-system-time): Document it.
--
For testing X509 certificates this is usually required and
then confusing that the example from the gpgsm man page
does not work for dirmngr.
|
| |
|
|
|
|
|
|
|
|
|
| |
* common/sysutils.c (gnupg_w32_set_errno): Return EC.
--
Cherry-pick master commit of:
4c6b759368bcf19a13df07c5c6080765ecac28ca
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.
--
Cherry-pick master commit of:
dc13361524c1477b2106c7385f2059f9ea111b84
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
| |
--
|
| | |
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* scd/app-p15.c (CARD_PRODUCT_NEXUS): New.
(read_p15_info): Detect Nexus cards.
(get_dispserialno): Use product_id instead of comparing the
manufacturer_id.
(do_sign): Handle Nexus like BELPIC.
|
| |
|
|
|
| |
* sm/minip12.c (p12_parse): Init where.
--
|
| |
|
|
|
|
|
| |
* common/iobuf.c (file_filter, sock_filter): Add missing mapping.
--
GnuPG-bug-id: 6528
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/minip12.c (struct bufferlist_s): New.
(struct tlv_ctx_s): Add bufferlist.
(tlv_register_buffer): New.
(tlv_release): Release bufferlist.
(tlv_expect_object): Handle octet string cramming.
(tlv_expect_octet_string): Ditto.
(cram_octet_string): Changed interface. We don't need the
input_consumed value anymore.
* sm/minip12.c (parse_shrouded_key_bag): Also parse the attribute set.
* sm/t-minip12.c (main): Add option --no-extra.
(cert_collect_cb, run_tests_from_file): Fix memory leak
* tests/cms/samplekeys/t5793-openssl.pfx: New from T5793.
* tests/cms/samplekeys/t5793-test.pfx: Ditto.
* tests/cms/samplekeys/Description-p12: Add them.
* tests/cms/Makefile.am (EXTRA_DIST): Add samplekeys.
--
This should finish the rewrite of the pkcsc#12 parser for now. More
fun is likely to come.
GnuPG-bug-id: 6536, 5793
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/minip12.c: Reworked most of the parser.
(p12_set_verbosity): Add arg debug and change all callers.
* sm/t-minip12.c: Major rewrite to run regression tests unattended.
* sm/Makefile.am (module_maint_tests): Move t-Minit to ...
(module_tests): here.
* tests/cms/samplekeys/Description-p12: New.
--
Note that cram_octet_string stuff has not yet been reworked. I need
to locate the sample files first.
GnuPG-bug-id: 6536
|
| |
|
|
|
|
| |
* sm/minip12.c (struct tag_info): Change type of length and nhdr.
(dump_tag_info): Adjust.
(parse_tag): Re-implement using the parse_ber_header.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* scd/app-piv.c (auth_adm_key): Fix the value of the Response Tag.
(do_setattr): Fix the comment.
--
Cherry-pick master commit of:
7cfbf0dd72d8d5c14fbf19c13722d153bd1cbd70
Reported-by: Heiko Schäfer <[email protected]>
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* tools/gpg-wks-client.c (opt): New option --no-add-revocs.
(main): Make --add-revocs the default.
(command_send): Rename to ...
(command_create): to match the command name.
|
| |
|
|
|
|
|
|
|
| |
* tools/wks-util.c (wks_get_key): Change from export-minimal to
export-clean
--
To properly work with tusted introducers et al. it is important to also
upload valid key signatures to the Web Key Directory.
|
| |
|
|
|
|
|
|
|
|
| |
* kbx/keybox-dump.c (_keybox_dump_find_dups): Close FP on the error
paths.
--
GnuPG-bug-id: 6495
Signed-off-by: zhangguangzhi <[email protected]>
|
| |
|
|
|
|
|
| |
--
GnuPG-bug-id: 6482
Signed-off-by: zhangguangzhi <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--
This option is is useful for debugging problems with new CRL
extensions. It is similar to --ignore-cert-extension.
GnuPG-bug-id: 6545
|
| |
|
|
|
|
|
| |
* sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI.
* dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with
the unknown OID nortice.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.h (struct http_redir_info_s): Add restrict_redir.
* dirmngr/ks-engine-hkp.c (send_request): Set it depending on flags.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http-basic.c (test_http_prepare_redirect): Always set it.
* dirmngr/http.c (http_prepare_redirect): Remove location rewriting
unless the flag is set.
--
GnuPG-bug-id: 6477
|
| |
|
|
|
|
|
| |
* dirmngr/dirmngr.c (oCompatibilityFlags): NEw.
(opts): Add option --compatibility-flags.
(compatibility_flags): New.
(parse_rereadable_options): Parse them.
|
| |
|
|
|
|
|
|
|
| |
* tools/gpgtar.c: Add option --no-compress.
* tools/gpgtar.h (opt): Add field no_compress.
* tools/gpgtar-create.c (gpgtar_create): Pass -z0 to gpg.
--
This option is probably easier to remember than --gpg-args '-z0'.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sm/gpgsm.c (oInputSizeHint): New.
(opts): Add "--input-size-hint".
(main): Set option.
* sm/server.c (option_handler): Add option "input-size-hint".
* sm/gpgsm.h (struct server_control_s): Add field input_size_hint.
* sm/encrypt.c (gpgsm_encrypt): Set the toatl file size.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
This option allows to set a value for the progress output line. Note
that as of now there is no other way to set the file size.
GnuPG-bug-id: 6534
|
| |
|
|
|
|
| |
--
There was some test code left over and a check reversed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/ksba-io-support.c (struct writer_cb_parm_s): Add field
progress.
(struct gnupg_ksba_io_s): Add field is_writer.
(update_write_progress): New.
(base64_writer_cb, plain_writer_cb): Call update_write_progress.
(base64_finish_write): Ditto.
(gnupg_ksba_create_writer): Set is_writer.
(gnupg_ksba_set_progress_cb): New.
(gnupg_ksba_set_total): New.
* common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type.
* sm/server.c (gpgsm_status2): Return error from statusfp writes.
(gpgsm_progress_cb): New.
* sm/decrypt.c (gpgsm_decrypt): Set progress handler.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6534
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/iobuf.c (iobuf_get_filelength): Change return type to
uint64_t and remove the overflow args. For Windows always use
GetFileSizeEx which is available since the long EOL-ed Windows XP.
* g10/sign.c (write_plaintext_packet): Adjust for changed
iobuf_get_filelength.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Ditto.
* g10/photoid.c (generate_photo_id): Ditto. Also add an upper limit.
* g10/filter.h (progress_filter_context_t): Change amount values to
use uint64_t.
* g10/progress.c (write_status_progress): Change accordingly.
--
GnuPG-bug-id: 6534
|
| |
|
|
|
|
|
|
|
| |
* common/iobuf.c (file_filter): Improve diagnostics.
* g10/build-packet.c (do_plaintext): Make sure to cache all error
cases.
--
GnuPG-bug-id: 6528
|
| |
|
|
|
| |
* build-aux/speedo/w32/inst.nsi: Use kill all instead of
explicitly killing processes.
|
| |
|
|
|
|
|
| |
* common/sysutils.c (map_w32_to_errno): Add mapping.
--
We see this error sometimes when writing to an USB connected disk.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (impex_filter_getval): Support new filter properties.
--
Here is how to list all subkeys expiring in the year 2061:
gpg --list-keys --list-filter
'select= sub/key_expires_d -gt 2061-01-01 \
&& sub/key_expires_d -lt 2061-12-31'
To list all primary key expirations, use the "pub/" prefix and to list
all expiration dates use no prefix.
GnuPG-bug-id: 6509
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_ad_query): Add options --help and --subst.
(cmd_getinfo): Add sub-command "sid".
* dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New.
* dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New.
(getval_for_filter): New.
(map_rid_to_dn): New.
(ks_ldap_query): Support variables.
--
The new variables features makes it easier to write AD queries without
requiring domain specific expressions.
|
| |
|
|
|
|
|
|
|
| |
* common/stringhelp.c (substitute_envvars): Factor code out to
(substitute_vars): new.
(subst_getenv): New.
--
This is a generalized version of substitute_envvars.
|
| |
|
|
|
|
|
|
| |
* g10/keygen.c (default_expiration_interval): Change.
--
This is a revision of
GnuPG-bug-id: 2701
|
| |
|
|
| |
--
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
--
Forgot it today again; better do it by default. Also disable
sslsigncode verify due to missing certificate problem (for signing we
use Scute).
|
| |
|
|
| |
--
|
| | |
|
