aboutsummaryrefslogtreecommitdiffstats
path: root/sm/certchain.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Change all quotes in strings and comments to the new GNU standard.Werner Koch2012-06-051-1/+1
| | | | | | | | | | | | | | | | | | | The asymmetric quotes used by GNU in the past (`...') don't render nicely on modern systems. We now use two \x27 characters ('...'). The proper solution would be to use the correct Unicode symmetric quotes here. However this has the disadvantage that the system requires Unicode support. We don't want that today. If Unicode is available a generated po file can be used to output proper quotes. A simple sed script like the one used for en@quote is sufficient to change them. The changes have been done by applying sed -i "s/\`\([^'\`]*\)'/'\1'/g" to most files and fixing obvious problems by hand. The msgid strings in the po files were fixed with a similar command.
* gpgsm: Add new validation model "steed".Werner Koch2011-12-071-12/+49
| | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (VALIDATE_FLAG_STEED): New. * sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed". * sm/server.c (option_handler): Allow validation model "steed". * sm/certlist.c (gpgsm_cert_has_well_known_private_key): New. * sm/certchain.c (do_validate_chain): Handle the well-known-private-key attribute. Support the "steed" model. (gpgsm_validate_chain): Ditto. * sm/verify.c (gpgsm_verify): Return "steed" in the trust status line. * sm/keylist.c (list_cert_colon): Print the new 'w' flag. -- This is the first part of changes to implement the STEED proposal as described at http://g10code.com/steed.html . The idea for X.509 is not to use plain self-signed certificates but certificates signed by a dummy CA (i.e. one for which the private key is known). Having a single CA as an indication for the use of STEED might help other X.509 implementations to implement STEED.
* Nuked almost all trailing white space.post-nuke-of-trailing-wsWerner Koch2011-02-041-82/+82
| | | | | | | | We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
* Don't set SSH_AGENTPID_INFO.Werner Koch2010-10-051-1/+1
| | | | | | Doc fixes. Allow TCP and local sockets in watchgnupg.
* Exporting secret keys via gpg-agent is now basically supported.Werner Koch2010-10-011-3/+3
| | | | | | A couple of forward ported changes. Doc updates.
* Implement --faked-systrem-time for gpg.Werner Koch2009-12-171-3/+3
| | | | | Typo and comment fixes.
* Add option --cert-extension.Werner Koch2009-12-101-1/+16
|
* Print status of CRL checks in the audit log.Werner Koch2009-07-231-1/+7
|
* Remove duplicated code.Werner Koch2009-03-161-8/+8
|
* Help dirmngr to use supplied trust anchors.Werner Koch2008-10-211-2/+2
|
* Marked all unused args on non-W32 platforms.Werner Koch2008-10-201-0/+2
|
* Fixed a C-89 incompatibility.Werner Koch2008-04-231-1/+3
| | | | | | Minor changes to make it build on Debian bo. Thanks to Alain Guibert.
* Fix a problem with dirmngr looked up certificates.Werner Koch2008-04-011-2/+2
| | | | | Typo fixes.
* Improve certificate chain construction.Werner Koch2008-02-191-14/+85
| | | | | Extend PKITS framework
* Always search missing certifcates using a running Dirmngr's cache.Werner Koch2008-02-131-24/+108
|
* Support DSA2.Werner Koch2007-12-121-0/+2
| | | | | | Support Camellia for testing. More audit stuff.
* Started to implement the audit log feature.Werner Koch2007-11-191-1/+16
| | | | | | | | Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry. Improved support for the quality bar. Minor internal restructuring. Translation fixes.
* About to do a releasegnupg-2.0.6Werner Koch2007-08-161-1/+1
|
* Implemented the chain model for X.509 validation.Werner Koch2007-08-101-179/+507
|
* Changed to GPLv3.Werner Koch2007-07-041-6/+3
| | | | | Removed intl/.
* kbx/Werner Koch2007-03-201-21/+89
| | | | | | | | | | | | | | | | | | | | * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): New. * keybox-update.c (keybox_compress): Use it here instead of a magic constant. sm/ * fingerprint.c (gpgsm_get_fingerprint): Add caching. (gpgsm_get_fingerprint_string): Use bin2hexcolon(). (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only as much memory as required. (gpgsm_get_keygrip_hexstring): Use bin2hex. * certchain.c (gpgsm_validate_chain): Keep track of the certificate chain and reset the ephemeral flags. * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. Changed caller to use a mask of ~0. Return a proper error code if the certificate is not available.
* Changes to let the key listing use estream to help systems withoutWerner Koch2007-03-191-9/+9
| | | | | funopen.
* Add subjectAltName to the list of known critical extensionsWerner Koch2007-01-051-0/+6
|
* 2006-12-21 Marcus Brinkmann <[email protected]>Marcus Brinkmann2006-12-211-0/+1
| | | | | * certchain.c (gpgsm_basic_cert_check): Release SUBJECT.
* Preparing a releasegnupg-1.9.93Werner Koch2006-10-181-2/+3
|
* Fixed aegypten bug 299Werner Koch2006-10-161-4/+71
|
* Fix for bug 537Werner Koch2006-10-021-1/+1
|
* Finished implementation of the "relax" flag.Werner Koch2006-09-261-21/+70
|
* New "relax" option for trustlist.txtWerner Koch2006-09-251-8/+33
|
* Take advantage of newer gpg-error features.Werner Koch2006-09-141-1/+1
|
* Minor changes and typo fixes.Werner Koch2006-09-061-0/+2
|
* Various smaller changesWerner Koch2006-06-271-0/+2
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* Add Kludge for RegTP sillyness.Werner Koch2006-03-211-5/+122
|
* Added qualified signature features.Werner Koch2005-11-131-2/+74
|
* * configure.ac: Do not build gpg by default.Werner Koch2005-04-211-4/+6
| | | | | | | | | | | | * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check. * certchain.c (gpgsm_validate_chain): Make use of it. * certchain.c (gpgsm_validate_chain): Check revocations even for expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not. * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
* (gpgsm_validate_chain): Check revocations even forWerner Koch2005-04-211-6/+3
| | | | | | expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not.
* * configure.ac: Require libksba 0.9.11.Werner Koch2005-04-181-20/+93
| | | | | | | | | | | | sm/ * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI. * certlist.c (gpgsm_find_cert): Add new arg KEYID and implement this filter. Changed all callers. * certchain.c (find_up_search_by_keyid): New helper. (find_up): Also try using the AKI.keyIdentifier. (find_up_external): Ditto.
* * certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509.Werner Koch2005-03-171-50/+83
| | | | | | | | | * certchain.c (gpgsm_basic_cert_check): Dump certificates after a failed gcry_pk_verify. (find_up): Do an external lookup also for an authorityKeyIdentifier lookup. Factored external lookup code out to .. (find_up_external): .. new.
* Preparing 1.9.13Werner Koch2004-12-031-4/+17
|
* 2004-10-08 Moritz Schulte <[email protected]>Moritz Schulte2004-10-081-2/+3
| | | | | | | * certchain.c (gpgsm_validate_chain): Do not use keydb_new() in case the no_chain_validation-return-short-cut is used (fixes memory leak).
* (show_key_with_all_names): Print the card S/N.Werner Koch2004-09-201-3/+12
| | | | | | * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and not app_number_serialno.
* * import.c (check_and_store): Do a full validation ifWerner Koch2004-08-171-6/+10
| | | | | | | | | | | | | | --with-validation is set. * certchain.c (gpgsm_basic_cert_check): Print more detailed error messages. * certcheck.c (do_encode_md): Partly support DSA. Add new arg PKALGO. Changed all callers to pass it. (pk_algo_from_sexp): New. tests/pkits: New directory
* (gpgsm_validate_chain): The trust check didn'tWerner Koch2004-07-201-0/+3
| | | | | worked anymore, probably due to the changes at 2003-03-04. Fixed.
* * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)Werner Koch2004-04-261-2/+2
| | | | | | | | | | | | | | (gpgsm_agent_genkey, gpgsm_agent_istrusted) (gpgsm_agent_marktrusted, gpgsm_agent_havekey) (gpgsm_agent_passwd): Add new arg CTRL and changed all callers. (start_agent): New arg CTRL. Send progress item when starting a new agent. * sign.c (gpgsm_get_default_cert, get_default_signer): New arg CTRL to be passed down to the agent function. * decrypt.c (prepare_decryption): Ditto. * certreqgen.c (proc_parameters, read_parameters): Ditto. * certcheck.c (gpgsm_create_cms_signature): Ditto.
* * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.Werner Koch2004-04-051-11/+21
| | | | | | | | | | | | | * certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do not just warn if a cert is not suitable; bail out immediately. * call-dirmngr.c (isvalid_status_cb): New. (unhexify_fpr): New. Taken from ../g10/call-agent.c (gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass it thru. Detect need to check the respondert cert and do that. * certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed all callers.
* still preparing for a releaseV1-9-6Werner Koch2004-03-061-2/+2
|
* Preparing for a releaseWerner Koch2004-03-061-40/+69
|
* (compare_certs): New.Werner Koch2004-02-261-4/+40
| | | | | | (gpgsm_validate_chain): Fixed infinite certificate checks after bad signatures.
* * gpgsm.c (main): New option --debug-ignore-expiration.Werner Koch2004-02-201-5/+9
| | | | | | | * certchain.c (gpgsm_validate_chain): Use it here. * certlist.c (cert_usage_p): Apply extKeyUsage.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-14 07:55:57 +0000