GnuPG - The GNU Privacy Guard

	Commit message (Collapse)	Author	Age	Files	Lines
*	dirmngr: Add special treatment for the standard hkps pool to ntbtls.	Werner Koch	2017-02-21	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/validate.h (VALIDATE_FLAG_SYSTRUST): Remove (VALIDATE_FLAG_EXTRATRUST): Remove (VALIDATE_FLAG_TRUST_SYSTEM): New. (VALIDATE_FLAG_TRUST_CONFIG): New. (VALIDATE_FLAG_TRUST_HKP): New. (VALIDATE_FLAG_TRUST_HKPSPOOL): New. (VALIDATE_FLAG_MASK_TRUST): New. * dirmngr/validate.c (check_header_constants): New. (validate_cert_chain): Call new function. Simplify call to is_trusted_cert. * dirmngr/crlcache.c (crl_parse_insert): Pass VALIDATE_FLAG_TRUST_CONFIG to validate_cert_chain * dirmngr/server.c (cmd_validate): Use VALDIATE_FLAG_TRUST_SYSTEM and VALIDATE_FLAG_TRUST_CONFIG. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Check provided TLS context. Set trustclass flags using the new VALIDATE_FLAG_TRUST values. * dirmngr/certcache.c (cert_cache_init): Load the standard pool certificate prior to the --hkp-cacerts. -- Note that this changes the way the standard cert is used: We require that it is installed at /usr/share/gnupg and we do not allow to change it. If this is not desired, the the standard cert can be removed or replaced by a newer one. Signed-off-by: Werner Koch <[email protected]>
*	dirmngr: New Assuan option "http-crl".	Werner Koch	2017-02-21	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/dirmngr.h (server_control_s): New flag 'http_no_crl'. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set this flag. * dirmngr/server.c (option_handler): New option "http-crl" * dirmngr/http.h (HTTP_FLAG_NO_CRL): New flag. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Consult this flag. * dirmngr/ks-engine-hkp.c (send_request): Set flag depending on CTRL. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): New option --no-crl. -- This new option can be used to enable CRL checks on a per session base. The default is not to use CRLs for https connections. Signed-off-by: Werner Koch <[email protected]>
*	dirmngr: Add per-session verify callback to http.c	Werner Koch	2017-02-18	1	-2/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/http.h (http_verify_cb_t): New type. * dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and verify_cb_value. (http_session_new): Remove arg tls_priority. Add args verify_cb and verify-cb_value. Store them in the session object. (send_request): Use per-session verify callback. (http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return GPG_ERR_NOT_IMPLEMENTED. * dirmngr/ks-engine-hkp.c (send_request): Adjust for changed http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. * dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc. Signed-off-by: Werner Koch <[email protected]>
*	dirmngr: Add debug code to http.c.	Werner Koch	2017-01-11	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/http.c (opt_verbose, opt_debug): New vars. (http_set_verbose): New function. (_my_socket_new): Add debug output. (_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if OPT_DEBUG has ben set to 2 in a debugger. (http_session_new, http_session_ref): Ditto. (send_request, http_start_data): Print debug output for the request. (parse_response): Change to use log_debug_string for the response. Signed-off-by: Werner Koch <[email protected]>
*	dirmngr: Do not use a SRV record for HKP if a port was specified.	Werner Koch	2017-01-09	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT. * dirmngr/http.c (do_parse_uri): That it. * dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV. (make_host_part): Ditto. (ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT. (ks_hkp_search): Ditto. (ks_hkp_get): Ditto. (ks_hkp_put): Ditto. -- This implements the behaviour of the keyserver helpers from 1.4 and 2.0. Signed-off-by: Werner Koch <[email protected]>
*	dirmngr: Prepare to trigger jobs by network activity.	Werner Koch	2016-11-11	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \|	* dirmngr/http.c (netactivity_cb): New. (http_register_netactivity_cb): New. (notify_netactivity): New. (connect_server): Call that function. * dirmngr/dirmngr.c (main): Call http_register_netactivity_cb. (netactivity_action): New stub handler. Signed-off-by: Werner Koch <[email protected]>
*	Change all http://www.gnu.org in license notices to https://	Werner Koch	2016-11-05	1	-1/+1
\| \| \| \|	--
*	http: Allow to request system defined CAs for TLS.	Werner Koch	2016-04-26	1	-3/+6
\| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New. * dirmngr/http.c (http_session_new): Add arg "flags". * dirmngr/ks-engine-hkp.c (send_request): Use new flag HTTP_FLAG_TRUST_DEF for the new arg of http_session_new. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/t-http.c (main): Ditto. -- Signed-off-by: Werner Koch <[email protected]>
*	dirmngr: Use sks-keyservers CA by default for the hkps pool.	Daniel Kahn Gillmor	2016-01-22	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/Makefile.am (dist_pkgdata_DATA): Add sks-keyservers.netCA.pem. * dirmngr/http.c (http_session_new): Add optional arg intended_hostname and set a default cert. * dirmngr/ks-engine-hkp.c (send_request): Pass httphost to http_session_new. -- Ship the certificate for the sks-keyservers hkps pool. If the user has specified that they want to use hkps://hkps.pool.sks-keyservers.net, and they have not specified any hkp-cacert explicitly, then initialize the trust path with this specific trust anchor. Co-authored-by: [email protected] Signed-off-by: Werner Koch <[email protected]>
*	http: Enhance parser to detect .onion addresses.	Werner Koch	2015-12-02	1	-0/+1
\| \| \| \| \| \| \| \|	* dirmngr/http.h (parsed_uri_s): Add flag 'onion'. * dirmngr/http.c (do_parse_uri): Set that flag. * dirmngr/t-http.c (main): Print flags. Signed-off-by: Werner Koch <[email protected]>
*	Move http module from common/ to dirmngr/.	Werner Koch	2015-10-18	1	-0/+156
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* common/http.c: Move to ../dirmngr/. * common/http.h: Move to ../dirmngr/. * common/t-http.c: Move to ../dirmngr/. * common/tls-ca.pem: Move to ../dirmngr/. * common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a. Remove http.c related stuff. * po/POTFILES.in: Move http.c to dirmngr/. * dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem. (module_maint_tests): New. (noinst_PROGRAMS): Add module_maint_tests. (dirmngr_SOURCES): Add http.c and http.h. (dirmngr_LDADD): Remove libcommontlsnpth. (t_common_ldadd): Ditto. (t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New. (t_ldap_parse_uri_SOURCES): Add http.c. (t_ldap_parse_uri_CFLAGS): Build without npth. ($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a. * dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h. -- All network access is done via dirmngr and thus http.c should be there. Signed-off-by: Werner Koch <[email protected]>
*	Some work on porting dirmngr (unfinished)	Werner Koch	2010-07-16	1	-109/+0
\| \| \| \| \|	Ported gpgtar to W32.
*	Merged Dirmngr with GnuPG.	Werner Koch	2010-06-09	1	-0/+109
	A few code changes to support dirmngr.