aboutsummaryrefslogtreecommitdiffstats
path: root/sm/certchain.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Implement --faked-systrem-time for gpg.Werner Koch2009-12-171-3/+3
| | | | | Typo and comment fixes.
* Add option --cert-extension.Werner Koch2009-12-101-1/+16
|
* Print status of CRL checks in the audit log.Werner Koch2009-07-231-1/+7
|
* Remove duplicated code.Werner Koch2009-03-161-8/+8
|
* Help dirmngr to use supplied trust anchors.Werner Koch2008-10-211-2/+2
|
* Marked all unused args on non-W32 platforms.Werner Koch2008-10-201-0/+2
|
* Fixed a C-89 incompatibility.Werner Koch2008-04-231-1/+3
| | | | | | Minor changes to make it build on Debian bo. Thanks to Alain Guibert.
* Fix a problem with dirmngr looked up certificates.Werner Koch2008-04-011-2/+2
| | | | | Typo fixes.
* Improve certificate chain construction.Werner Koch2008-02-191-14/+85
| | | | | Extend PKITS framework
* Always search missing certifcates using a running Dirmngr's cache.Werner Koch2008-02-131-24/+108
|
* Support DSA2.Werner Koch2007-12-121-0/+2
| | | | | | Support Camellia for testing. More audit stuff.
* Started to implement the audit log feature.Werner Koch2007-11-191-1/+16
| | | | | | | | Pass PINENTRY_USER_DATA and XAUTHORITY to Pinentry. Improved support for the quality bar. Minor internal restructuring. Translation fixes.
* About to do a releasegnupg-2.0.6Werner Koch2007-08-161-1/+1
|
* Implemented the chain model for X.509 validation.Werner Koch2007-08-101-179/+507
|
* Changed to GPLv3.Werner Koch2007-07-041-6/+3
| | | | | Removed intl/.
* kbx/Werner Koch2007-03-201-21/+89
| | | | | | | | | | | | | | | | | | | | * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): New. * keybox-update.c (keybox_compress): Use it here instead of a magic constant. sm/ * fingerprint.c (gpgsm_get_fingerprint): Add caching. (gpgsm_get_fingerprint_string): Use bin2hexcolon(). (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only as much memory as required. (gpgsm_get_keygrip_hexstring): Use bin2hex. * certchain.c (gpgsm_validate_chain): Keep track of the certificate chain and reset the ephemeral flags. * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. Changed caller to use a mask of ~0. Return a proper error code if the certificate is not available.
* Changes to let the key listing use estream to help systems withoutWerner Koch2007-03-191-9/+9
| | | | | funopen.
* Add subjectAltName to the list of known critical extensionsWerner Koch2007-01-051-0/+6
|
* 2006-12-21 Marcus Brinkmann <[email protected]>Marcus Brinkmann2006-12-211-0/+1
| | | | | * certchain.c (gpgsm_basic_cert_check): Release SUBJECT.
* Preparing a releasegnupg-1.9.93Werner Koch2006-10-181-2/+3
|
* Fixed aegypten bug 299Werner Koch2006-10-161-4/+71
|
* Fix for bug 537Werner Koch2006-10-021-1/+1
|
* Finished implementation of the "relax" flag.Werner Koch2006-09-261-21/+70
|
* New "relax" option for trustlist.txtWerner Koch2006-09-251-8/+33
|
* Take advantage of newer gpg-error features.Werner Koch2006-09-141-1/+1
|
* Minor changes and typo fixes.Werner Koch2006-09-061-0/+2
|
* Various smaller changesWerner Koch2006-06-271-0/+2
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* Add Kludge for RegTP sillyness.Werner Koch2006-03-211-5/+122
|
* Added qualified signature features.Werner Koch2005-11-131-2/+74
|
* * configure.ac: Do not build gpg by default.Werner Koch2005-04-211-4/+6
| | | | | | | | | | | | * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check. * certchain.c (gpgsm_validate_chain): Make use of it. * certchain.c (gpgsm_validate_chain): Check revocations even for expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not. * gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
* (gpgsm_validate_chain): Check revocations even forWerner Koch2005-04-211-6/+3
| | | | | | expired certificates. This is required because on signature verification an expired key is fine whereas a revoked one is not.
* * configure.ac: Require libksba 0.9.11.Werner Koch2005-04-181-20/+93
| | | | | | | | | | | | sm/ * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI. * certlist.c (gpgsm_find_cert): Add new arg KEYID and implement this filter. Changed all callers. * certchain.c (find_up_search_by_keyid): New helper. (find_up): Also try using the AKI.keyIdentifier. (find_up_external): Ditto.
* * certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509.Werner Koch2005-03-171-50/+83
| | | | | | | | | * certchain.c (gpgsm_basic_cert_check): Dump certificates after a failed gcry_pk_verify. (find_up): Do an external lookup also for an authorityKeyIdentifier lookup. Factored external lookup code out to .. (find_up_external): .. new.
* Preparing 1.9.13Werner Koch2004-12-031-4/+17
|
* 2004-10-08 Moritz Schulte <[email protected]>Moritz Schulte2004-10-081-2/+3
| | | | | | | * certchain.c (gpgsm_validate_chain): Do not use keydb_new() in case the no_chain_validation-return-short-cut is used (fixes memory leak).
* (show_key_with_all_names): Print the card S/N.Werner Koch2004-09-201-3/+12
| | | | | | * app-openpgp.c (app_select_openpgp): Its app_munge_serialno and not app_number_serialno.
* * import.c (check_and_store): Do a full validation ifWerner Koch2004-08-171-6/+10
| | | | | | | | | | | | | | --with-validation is set. * certchain.c (gpgsm_basic_cert_check): Print more detailed error messages. * certcheck.c (do_encode_md): Partly support DSA. Add new arg PKALGO. Changed all callers to pass it. (pk_algo_from_sexp): New. tests/pkits: New directory
* (gpgsm_validate_chain): The trust check didn'tWerner Koch2004-07-201-0/+3
| | | | | worked anymore, probably due to the changes at 2003-03-04. Fixed.
* * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)Werner Koch2004-04-261-2/+2
| | | | | | | | | | | | | | (gpgsm_agent_genkey, gpgsm_agent_istrusted) (gpgsm_agent_marktrusted, gpgsm_agent_havekey) (gpgsm_agent_passwd): Add new arg CTRL and changed all callers. (start_agent): New arg CTRL. Send progress item when starting a new agent. * sign.c (gpgsm_get_default_cert, get_default_signer): New arg CTRL to be passed down to the agent function. * decrypt.c (prepare_decryption): Ditto. * certreqgen.c (proc_parameters, read_parameters): Ditto. * certcheck.c (gpgsm_create_cms_signature): Ditto.
* * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.Werner Koch2004-04-051-11/+21
| | | | | | | | | | | | | * certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do not just warn if a cert is not suitable; bail out immediately. * call-dirmngr.c (isvalid_status_cb): New. (unhexify_fpr): New. Taken from ../g10/call-agent.c (gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass it thru. Detect need to check the respondert cert and do that. * certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed all callers.
* still preparing for a releaseV1-9-6Werner Koch2004-03-061-2/+2
|
* Preparing for a releaseWerner Koch2004-03-061-40/+69
|
* (compare_certs): New.Werner Koch2004-02-261-4/+40
| | | | | | (gpgsm_validate_chain): Fixed infinite certificate checks after bad signatures.
* * gpgsm.c (main): New option --debug-ignore-expiration.Werner Koch2004-02-201-5/+9
| | | | | | | * certchain.c (gpgsm_validate_chain): Use it here. * certlist.c (cert_usage_p): Apply extKeyUsage.
* * gpgsm.c: New option --with-md5-fingerprint.Werner Koch2004-02-171-92/+177
| | | | | | | | | | | | | | | | | | | | | | | * keylist.c (list_cert_std): Print MD5 fpr. * gpgsm.c: New options --with-validation. * server.c (option_handler): New option "with-validation". * keylist.c (list_cert_std, list_internal_keys): New args CTRL and WITH_VALIDATION. Changed callers to set it. (list_external_cb, list_external_keys): Pass CTRL to the callback. (list_cert_colon): Add arg CTRL. Check validation if requested. * certchain.c (unknown_criticals, allowed_ca, check_cert_policy) (gpgsm_validate_chain): New args LISTMODE and FP. (do_list): New helper for info output. (find_up): New arg FIND_NEXT. (gpgsm_validate_chain): After a bad signature try again with other CA certificates. * import.c (print_imported_status): New arg NEW_CERT. Print additional STATUS_IMPORT_OK becuase that is what gpgme expects. (check_and_store): Always call above function after import. * server.c (get_status_string): Added STATUS_IMPORT_OK.
* * keybox.h (keybox_flag_t): New.Werner Koch2004-02-021-0/+6
| | | | | | | | | | | | | | | | | | | | | * keybox-search.c (get_flag_from_image, keybox_get_flags): New. (_keybox_get_flag_location): New. * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a revoked flag. (list_internal_keys): Retrieve validity flag. (list_external_cb): Pass 0 as validity flag. * keydb.c (keydb_get_flags, keydb_set_flags): New. (keydb_set_cert_flags): New. (lock_all): Return a proper error code. (keydb_lock): New. (keydb_delete): Don't lock but check that it has been locked. (keydb_update_keyblock): Ditto. * delete.c (delete_one): Take a lock.
* (check_cert_policy): Fixed read error checking.V1-9-4Werner Koch2004-01-301-6/+12
| | | | | | (check_cert_policy): With no critical policies issue only a warning if the policy file does not exists.
* (gpgsm_validate_chain): Changed the message printedWerner Koch2004-01-281-2/+2
| | | | | for an untrusted root certificate.
* Replaced deprecated type names.Werner Koch2003-12-171-16/+16
| | | | | | | | * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul. (gpgsm_dump_serial): Ditto. * decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 11:37:03 +0000