aboutsummaryrefslogtreecommitdiffstats
path: root/dirmngr (follow)
Commit message (Collapse)AuthorAgeFilesLines
* gpgconf: Show also the used nPth version with -VWerner Koch2024-11-121-1/+4
| | | | | | | * dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version. -- Note that this requires nPth 1.8
* dirmngr: Print a brief list of URLs with LISTCRLS.Werner Koch2024-10-141-0/+5
| | | | | | | | | | * dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs. * sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to stdout if the dirmngr has been disabled. -- GnuPG-bug-id: 7337
* dirmngr: Fix keep-alive flag handling.NIIBE Yutaka2024-02-211-1/+9
| | | | | | | | | | * dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic Authentication. Fix resource leak of FP_WRITE. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix the regression of use of proxy for TLS connection.NIIBE Yutaka2024-02-211-12/+2
| | | | | | | | | | | * dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it causes resource leak of FP_WRITE. Don't try to read response body to fix the hang. -- GnuPG-bug-id: 6997 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix proxy with TLS.NIIBE Yutaka2024-02-211-5/+0
| | | | | | | | | | | | * dirmngr/http.c (proxy_get_token, run_proxy_connect): Always available regardless of USE_TLS. (send_request): Remove USE_TLS. -- Since quite some time building w/o TLS won't work. GnuPG-bug-id: 6997
* dirmngr: For CRL issuer verification trust the system's root CA.Werner Koch2024-01-261-0/+1
| | | | | | | | * dirmngr/crlcache.c (crl_parse_insert): Add VALIDATE_FLAG_TRUST_SYSTEM. -- GnuPG-bug-id: 6963
* w32: Actually add the manifest to the dirmngr.Werner Koch2023-11-151-1/+1
| | | | | | | | * dirmngr/Makefile.am (dirmngr_LDADD): Fix type in dirmngr_rc_objs. -- We had a dependency but due to the typo the resource file was not linked.
* dirmngr: Add code to support the negotiation auth method.Werner Koch2023-10-022-34/+369
| | | | | | | | | | | | | | | | | | | | * dirmngr/http.c (enum auth_negotiate_states): New. (struct proxy_info_s): Add new fields. (release_proxy_info): Free Windows stuff. (proxy_get_token): New. Implemented only for Windows for now. (run_proxy_connect): Add support for auth method Negotiation. (store_header): Keep some header lines separate. -- The code does something but I have not yet been able to test it due to problems setting up Squid with AD authentication. As of now it will respond with a failure but that should not be worse than not to implement Negotiation. Supporting Negotiation using GSS for Unix should eventually also be done. GnuPG-bug-id: 6719
* dirmngr: Extended the http_get_header function.Werner Koch2023-10-026-14/+23
| | | | | | | * dirmngr/http.c (send_request): Add arg 'skip'. Adjust all callers. -- GnuPG-bug-id: 6719
* dirmngr: Fix handling of the HTTP Content-LengthWerner Koch2023-09-261-15/+139
| | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.c (cookie_s): Add fields pending, up_to_empty_line, last_was_lf, and last_was_lfcr. (http_context_s): Add field keep-alive. (http_wait_response): Set up_to_empty_line. Take care of keep_alive flag. (coookie_read): Implement detection of empty lines. (cookie_write): Free the pending buffer. -- The problem we fix here is that we already buffered stuff beyond the empty line which marks the start of the content-length counting. Thus we tried to wait for more bytes despite that everything had already been read. This bug might have showed up more often in the real world since the we changed the BUFSIZ on Windows from 512 byte to 8k. It also depends on the length of the headers and whether the server closed the connection so that we ignored the Content-Length. The bug was introduced earlier than 2010 and could have the effect that a connection got stuck until the network layer timed out. Note that the keep-alive parts of the patch are not yet used.
* dirmngr: Require gnutls 3.2Werner Koch2023-09-261-138/+193
| | | | | | | | | | | | | | * dirmngr/http.c: Remove gnutls version specific code. (send_request): Factor some code out to ... (run_proxy_connect): new. (mk_proxy_request): new. (mk_std_request): new. * configure.ac (NEED_GNUTLS_VERSION): Require 3.2. -- This patch is to factor out some code and also to remove support for legacy gnutls versions. Note that gnutls 3.2 was released 10 years ago.
* dirmngr: Improve error codes returned from http fetching.Werner Koch2023-09-193-14/+20
| | | | | | * dirmngr/ks-engine-http.c (ks_http_fetch): Return better error codes. * dirmngr/ks-engine-hkp.c (send_request): Ditto. * dirmngr/t-http.c (main): New option --try-proxy.
* dirmngr: Implement automatic proxy detection on Windows.Werner Koch2023-09-194-3/+163
| | | | | | | | | | | | | | * dirmngr/http.c [W32]: Include winhttp.h (w32_get_internet_session): New. (w32_get_proxy): New. (get_proxy_for_url): Implement automatic proxy detection and fix error in last patch. (http_reinitialize): New. * dirmngr/dirmngr.c (dirmngr_sighup_action): Call reinitialize. * dirmngr/Makefile.am (NETLIBS) [W32]: Link with winhttp. -- GnuPG-bug-id: 5768
* dirmngr: Further simplify the http code and improve a message.Werner Koch2023-09-191-125/+99
| | | | | | | | | | | * dirmngr/http.c (make_fp_write, make_fp_read): New. (http_raw_connect): Use new functions. (http_wait_response): Ditto. (send_request): Ditto. Change proxy error diagnostic. (connect_server): Improve error message for host not found. -- GnuPG-bug-id: 5768
* dirmngr: Cleanup the http module.Werner Koch2023-09-182-319/+446
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (NEED_NTBTLS_VERSION): Require at least 0.2.0 so that we can remove a conditional compilation. * dirmngr/http.c (struct proxy_info_s): New. (release_proxy_info): New to keep proxy information in one object. (send_request): Factor some code out to ... (get_proxy_for_url): this, (send_request_basic_checks): this, (send_request_set_sni): this, (run_ntbtls_handshake): this, (run_gnutls_handshake): and this. -- Note that this also removes some never used code. For example the NTBTLS handshake has code taken from GNUTLS which was never used due to the different ways on how the certificates are checked. The proxy code has been factored out to make to prepare further authentication methods. The proxy_info_t was introduced for the same reason. Tested against gnutls and ntbtls builds. No proxy tests yet done, because we need more sophisticated tests anyway. GnuPG-bug-id: 5768
* dirmngr: Relax the detection of the "none" keyserver.Werner Koch2023-09-111-2/+7
| | | | | | | | | * dirmngr/server.c (cmd_keyserver): Ignore also hkps://none. (ensure_keyserver): Better ignore also "none" with a hkp or hpks scheme. -- GnuPG-bug-id: 6708
* dirmngr: Allow conf files to disable default keyservers.Werner Koch2023-09-061-4/+18
| | | | | | | | * dirmngr/server.c (ensure_keyserver): Detect special value "none" (cmd_keyserver): Ignore "none" and "hkp://none". -- GnuPG-bug-id: 6708
* dirmngr: Enable the call of ks_ldap_help_variables when USE_LDAP.NIIBE Yutaka2023-09-061-0/+2
| | | | | | | | | | | * dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize. -- Cherry-pick master commit of: dc13361524c1477b2106c7385f2059f9ea111b84 Signed-off-by: NIIBE Yutaka <[email protected]>
* build: Update for newer autoconf.NIIBE Yutaka2023-08-311-1/+1
| | | | | | | | | | | | | | | | * configure.ac (AC_PREREQ): Use >= 2.69. (AC_CONFIG_HEADERS): Use it, instead of AC_CONFIG_HEADER. (AC_HEADER_STDC, AC_HEADER_TIME): Remove obsolete macros. (sys/time.h): Add the check of the header. (time_t): Don't use TIME_WITH_SYS_TIME. * acinclude.m4 (AC_HEADER_TIME): Don't require. Don't use TIME_WITH_SYS_TIME. * dirmngr/dns.c: Don't use TIME_WITH_SYS_TIME. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 6b4441a7de9d7090bb3b1570a12e1e8bce0554cb)
* dirmngr: Extend the AD_QUERY command.Werner Koch2023-08-253-8/+251
| | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ad_query): Add options --help and --subst. (cmd_getinfo): Add sub-command "sid". * dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New. * dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New. (getval_for_filter): New. (map_rid_to_dn): New. (ks_ldap_query): Support variables. -- The new variables features makes it easier to write AD queries without requiring domain specific expressions. (cherry picked from commit 207c99567ced260aab04c471c77f179943d492f4)
* dirmngr: Fix LDAP time parser.Werner Koch2023-08-251-1/+2
| | | | | | | | | * dirmngr/ldap-misc.c (rfc4517toisotime): Correct index. -- Obviously the parser assumes the standard ISO format with the 'T' before the hour. That is not correct here. We need this parser for the modifyTimestamp thingy.
* dirmngr: Return modifyTimestamp and add server option --newer.Werner Koch2023-08-257-27/+195
| | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator. (cherry picked from commit 56d309133f0e54ac5e2f95871fb74f8cb97e2636)
* dirmngr: New command AD_QUERY.Werner Koch2023-08-258-150/+774
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h: Include name-value.h (struct server_control_s): Add rootdse and rootdse_tried. * dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them. * dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags. * dirmngr/ks-engine-ldap.c: Include ks-action.h (SERVERINFO_GENERIC): New. (struct ks_engine_ldap_local_s): Add scope. (ks_ldap_new_state): Set a default scope. (ks_ldap_clear_state): Ditto. (my_ldap_connect): Add flag generic. (return_all_attributes): New. (fetch_rootdse): New. (basedn_from_rootdse): New. (ks_ldap_get): Move some code out to ... (ks_ldap_prepare_my_state): New. (ks_ldap_query): New. * dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c (ks_action_query): New. * dirmngr/server.c (make_keyserver_item): Factored most code out to ks_action_parse_uri. (cmd_ad_query): New. * dirmngr/ks-engine-ldap.c (no_ldap_due_to_tor): New common error printing. Now also with status line. -- This command allows to query the Windows Active directory. (cherry picked from commit 625aeb65b0e75192a414fdca5383cb67c996adee) no_ldap_due_to_tor has been backported from 2.4
* dirmngr: New option --ignore-crl-extensions.Werner Koch2023-07-053-0/+21
| | | | | | | | | | | | | | * dirmngr/dirmngr.c (oIgnoreCRLExtension): New. (opts): Add --ignore-crl-extension. (parse_rereadable_options): Add to list/ * dirmngr/dirmngr.h (opt): Add ignored_crl_extensions. * dirmngr/crlcache.c (crl_cache_insert): Implement option. -- This option is is useful for debugging problems with new CRL extensions. It is similar to --ignore-cert-extension. GnuPG-bug-id: 6545
* gpgsm: Support SENDCERT_SKI for --call-dirmngrWerner Koch2023-07-051-0/+1
| | | | | | | * sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI. * dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with the unknown OID nortice.
* dirmngr: New dummy option --compatibility-flags.Werner Koch2023-07-052-0/+26
| | | | | | | * dirmngr/dirmngr.c (oCompatibilityFlags): New. (opts): Add option --compatibility-flags. (compatibility_flags): New. (parse_rereadable_options): Parse them.
* delete redundant characterszhangguangzhi2023-06-201-1/+1
| | | | | | | -- GnuPG-bug-id: 6482 Signed-off-by: zhangguangzhi <[email protected]>
* w32: Add missing manifests and set a requestedExecutionLevel.Werner Koch2023-05-257-15/+185
| | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.w32-manifest.in: New. * dirmngr/dirmngr-client-w32info.rc: New. * dirmngr/dirmngr-client.w32-manifest.in: New. * dirmngr/dirmngr-w32info.rc: New. * dirmngr/dirmngr.w32-manifest.in: New. * dirmngr/dirmngr_ldap-w32info.rc: New. * dirmngr/dirmngr_ldap.w32-manifest.in: New. * g10/gpgv-w32info.rc: New. * g10/gpgv.w32-manifest.in: New. * kbx/keyboxd.w32-manifest.in: New. * scd/scdaemon.w32-manifest.in: New. * sm/gpgsm.w32-manifest.in: New. -- This avoids the use of the VirtualStore uner Windows. GnuPG-bug-id: 6503 Backported from 2.4; some manifest files already existed in 2.2 but not in 2.4
* dirmngr: Do not check for Tor for --gpgconf-* optionsWerner Koch2023-01-111-4/+15
| | | | | * dirmngr/dirmngr.c (post_option_parsing): Add arg CMD. (main): Pass the current command.
* dirmngr: Silence debug diagnostics in OCSPWerner Koch2022-11-171-2/+5
| | | | | * dirmngr/ocsp.c (check_signature_core): Print them only in debug mode.
* dirmngr: Fix verification of ECDSA signed CRLs.Werner Koch2022-11-152-3/+4
| | | | | | | | | | * dirmngr/crlcache.c (finish_sig_check): Use raw value for the data. -- This had the usual signed/unsigned problem. By using the modern form we enforce Libgcrypt internal parsing as unsigned integer. (cherry picked from commit 868dabb4027a03f4ce39be3c143b480bccde1a63)
* dirmngr: Support ECDSA for OCSP.Werner Koch2022-11-153-49/+106
| | | | | | | | | | | | | | * dirmngr/validate.c (pk_algo_from_sexp): Make public. Support ECC. * dirmngr/ocsp.c (check_signature): Remove hash preparation out to ... (check_signature_core): here. This changes the arg s_hash to md. Support ECDSA. -- The test was done with my qualified signature certificate from the Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr . See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf (cherry picked from commit 890e9849b58e91fb7e0ad8d3b11d19363fca2d8a)
* dirmngr: Support ECDSA for CRLsWerner Koch2022-11-152-12/+114
| | | | | | | | * dirmngr/crlcache.c (finish_sig_check): Support ECDSA. * dirmngr/validate.c (check_cert_sig): Ditto. Remove the never used support for DSA. (cherry picked from commit de87c8e1ead72ea67789ffa4375f9dd3e4f9e2fa)
* dirmngr: Fix build with no LDAP support.NIIBE Yutaka2022-10-181-0/+2
| | | | | | | | | | | | * dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize. -- Cherry-pick master commit of: 7011286ce6e1fb56c2989fdafbd11b931c489faa GnuPG-bug-id: 6239 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Support paged LDAP mode for KS_GETWerner Koch2022-10-073-37/+215
| | | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (PAGE_SIZE): New. (struct ks_engine_ldap_local_s): Add several new fields. (ks_ldap_clear_state): Release them. (search_and_parse): Factored out from ks_ldap_get and extended to support the paged mode. (ks_ldap_get): Implement the pages mode for --first and --next. * dirmngr/server.c (cmd_ks_get): Provide a dummy passphrase in --first mode. * dirmngr/Makefile.am (dirmngr_LDADD): Add LBER_LIBS. -- The paged mode allows to retrieve more items than the servers usually limit (e.g. 1000 for an LDS). This patch also allows to use --first without a patter to retrieve all keyblocks (except for disabled and revoked keys). GnuPG-bug-id: 6224 Backported-from-master: 7a01e806eac4cd7a65eaf3e17dcd2f117ec2d327
* dirmngr: New options --first and --next for KS_GET.Werner Koch2022-10-076-132/+344
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --first and --next. (start_command_handler): Free that new ldap state. * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. (ks_ldap_new_state, ks_ldap_clear_state): New. (ks_ldap_free_state): New. (return_one_keyblock): New. Mostly factored out from .... (ks_ldap_get): here. Implement --first/--next feature. * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to ks_get_flags. * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. (KS_GET_FLAG_FIRST): New. (KS_GET_FLAG_NEXT): New. * dirmngr/dirmngr.h (struct server_control_s): Add member ks_get_state. (struct ks_engine_ldap_local_s): New forward reference. -- This feature allows to fetch keyblock by keyblock from an LDAP server. This way tools can process and maybe filter each keyblock in a more flexible way. Here is an example where two keyblocks for one mail address are returned: $ gpg-connect-agent --dirmngr > ks_get --ldap --first <[email protected]> [... First keyblock is returned ] OK > ks_get --next [ ... Next keyblock is returned ] OK > ks_get --next ERR 167772218 No data <Dirmngr> GnuPG_bug_id: 6224 Backported-from-master: 4de98d4468f37bfb8352426830d5d5642ded7536
* dirmngr: Minor fix for baseDN fallback.Werner Koch2022-10-071-37/+20
| | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data behind the EOS. (interrogate_ldap_dn): Stylistic change. -- This also updates the my_ldap_connect description. GnuPG-bug-id: 6047 (cherry picked from commit 11aa5a93a754fe978d0f35d7fbeb4767b6b6df05)
* dirnmgr: Fix the function prototype.NIIBE Yutaka2022-10-071-1/+1
| | | | | | | | | | * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): It's with no arguments. -- Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 530d709607e54465ce47c1fc7d2554ea3b0bea6b)
* dirmngr: Change interrogate_ldap_dn for better memory semantics.NIIBE Yutaka2022-10-071-28/+12
| | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): Return BASEDN found, memory allocated. (my_ldap_connect): Follow the change, removing needless allocation. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <[email protected]> (cherry picked from commit 4b2066afb4988c32a030330acf51b7b0dc190041)
* dirmngr: Interrogate LDAP server when base DN specified.Joey Berkovitz2022-10-071-7/+26
| | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP server when basedn specified. -- GnuPG-bug-id: 6047 Signed-off-by: Joey Berkovitz <[email protected]> (cherry picked from commit 3257385378bb3f19ebf089538f0efe2154487989)
* dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND.Werner Koch2022-10-071-2/+8
| | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if server supports this.
* dirmngr: Factor out interrogate_ldap_dn function.Werner Koch2022-10-071-66/+71
| | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <[email protected]> Backported-from-master: 993820c315216584e23d36299920007abfeb3a32
* doc: Typo fix in a comment.Werner Koch2022-09-281-1/+1
| | | | --
* dirmngr: Fix lost flags during LDAP uploadWerner Koch2022-09-282-36/+39
| | | | | | | | | | * dirmngr/ldapserver.c (ldapserver_parse_one): Turn LINE into a const. Use strtokenize instead of strtok style parsing. -- This fixes a problem with resulted in a General Error for the second key to be uploaded in the same session. But only if the colon format to specify a keyserver with flags was used.
* dirmngr: New server flag "areconly" (A-record-only)Werner Koch2022-09-285-3/+48
| | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly" * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag. * dirmngr/dirmngr_ldap.c: Add option --areconly (connect_ldap): Implement option. * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option. -- This flag is used to pass the Windows specific option LDAP_OPT_AREC_EXCLUSIVE. It is ignored on other systems. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Fix CRL DP error fallback to other schemes.Werner Koch2022-09-161-28/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop. Remove the unused issuername_uri stuff. -- It is quite common that LDAP servers are blocked and thuis the HTTP access point should be used instead. This worked well for certificates where the DP are given in this form: crlDP: ldap://x500.bund.de/[...] http://x500.bund.de/[...] issuer: none but it failed for this form crlDP: ldap://x500.bund.de/[...] issuer: none crlDP: http://x500.bund.de/[...] issuer: none because the LAST_ERR thing terminated the outer loop. This pacth fixes this and also cleans up the code to be more robust. Note that the common workaround of using --ignore-ldap-dp will now only be needed if the firewall uses packet dropping instead of proper ICMP rejects.
* dirmngr: New option --debug-cache-expired-certs.Werner Koch2022-08-313-3/+14
| | | | | | | | * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs: * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New. (opts): Add option. (parse_rereadable_options): Set option. * dirmngr/certcache.c (put_cert): Handle the option.
* dirmngr: Reject certificate which is not valid into cache.NIIBE Yutaka2022-08-311-0/+14
| | | | | | | | | | | | | | | | * dirmngr/certcache.c (put_cert): When PERMANENT, reject the certificate which is obviously invalid. -- With this change, invalid certificates from system won't be registered into cache. Then, an intermediate certificate which is issued by an entity certified by such an invalid certificate will be also rejected with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache, it helps the validate_cert_chain function work better. GnuPG-bug-id: 6142 Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: Fix failed malloc error message.Werner Koch2022-08-031-2/+5
| | | | * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
* dirmngr: Ask keyservers to provide the key fingerprintsIngo Klöcker2022-07-261-1/+1
| | | | | | | | | | | | | * dirmngr/ks-engine-hkp.c (ks_hkp_search): Add "fingerprint=on" to request URL. -- Some keyservers, e.g. keyserver.ubuntu.com (Hockeypuck), do not provide the key fingerprints by default. Therefore, we ask for the fingerprints explicitly. GnuPG-bug-id: 5741 (cherry picked from commit c7fa4c7f8bf375e3739ef8361f38b6b31113b8bf)
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 06:52:50 +0000