| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* sm/gpgsm.c (oNoProtection): New.
(opts): Add "--no-protection".
(main): PArse it.
* sm/gpgsm.h (struct server_control_s): Add field no_protection.
* sm/server.c (option_handler): Add option "no-protection".
(reset_notify): Clear option.
* sm/export.c (export_p12): Use empty passphrase if option is set.
|
|
* sm/keylist.c (list_internal_keys): Detect write errors to the output
stream.
* sm/server.c (any_failure_printed): New var.
(gpgsm_status2): Handle new var. Move statusfp init to ...
(gpgsm_init_statusfp): new function.
(gpgsm_exit_failure_status): New.
* sm/gpgsm.c (main): Explicit statusfp init.
(gpgsm_exit): Print failure status on error.
--
Test by using
gpgsm -k >/dev/full
gpgsm -k --wit-colons >/dev/full
and also by redirecting to a file on a small partition.
GnuPG-bug-id: 6185
|
|
* sm/gpgsm.h (struct keyinfo_cache_item_s): New.
(struct server_control_s): Add keyinfo_cache and keyinfo_cache_valid.
* sm/call-agent.c (keyinfo_cache_disabled): New flag.
(release_a_keyinfo_cache): New.
(gpgsm_flush_keyinfo_cache): New.
(struct keyinfo_status_parm_s): New.
(keyinfo_status_cb): Implement a fill mode.
(gpgsm_agent_keyinfo): Implement a cache.
* sm/server.c (reset_notify): Flush the cache.
* sm/gpgsm.c (gpgsm_deinit_default_ctrl): Ditto.
--
In almost all cases we have just a few private keys in the agent and
thus it is better to fetch them early. This does not work in a
restricted connection but we take care and disable the cache in this
case.
This cache gives a a minor speed up.
GnuPG-bug-id: 7308
|
|
* sm/gpgsm.h (opt): Re-purpose unused flag always_trust.
(struct server_control_s): Add "always_trust".
(VALIDATE_FLAG_BYPASS): New.
* sm/gpgsm.c (oAlwaysTrust): New.
(opts): Add "--always-trust"
(main): Set option.
* sm/server.c (option_handler): Add option "always-trust".
(reset_notify): Clear that option.
(cmd_encrypt): Ditto.
(cmd_getinfo): Add sub-command always-trust.
* sm/certchain.c (gpgsm_validate_chain): Handle VALIDATE_FLAG_BYPASS.
* sm/certlist.c (gpgsm_add_to_certlist): Set that flag for recipients
in always-trust mode.
--
GnuPG-bug-id: 6559
|
|
* sm/decrypt.c (gpgsm_decrypt): Use estream for the input.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (open_read): Remove.
(main): Use open_es_fread for gpgsm_import_files. Fix call of
gpgsm_encrypt, gpgsm_sign, gpgsm_verify and gpgsm_decrypt.
(open_es_fread): Use gnupg_check_special_filename and open_stream_nc.
* sm/gpgsm.h: Fix function declarations.
* sm/import.c (import_one): Use estream for the input.
(reimport_one, gpgsm_import, gpgsm_import_files): Likewise.
* sm/server.c (struct server_local_s): Rename MESSAGE_FD to
MESSAGE_FP.
(close_message_fp): Rename from close_message_fd.
(reset_notify): Follow the change of close_message_fp.
(cmd_encrypt, cmd_decrypt, cmd_verify, cmd_sign): Follow the change of
close_message_fp. Use open_stream_nc to get estream.
(cmd_import): Likewise.
(cmd_export, cmd_delkeys, gpgsm_server): Follow the change of
close_message_fp.
(cmd_message): Setup MESSAGE_FP with open_stream_nc.
* sm/sign.c (hash_data): Use estream for the input.
(hash_and_copy_data): Likewise.
(gpgsm_sign): Likewise.
* sm/verify.c (hash_data): Use estream_t for FP.
(gpgsm_verify): Use estream_t for IN_FP and DATA_FP.
--
GnuPG-bug-id: 6592
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* sm/server.c (do_listkeys): Use open_stream_nc.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* sm/server.c (cmd_genkey): Use open_stream_nc for input and output.
(cmd_getauditlog): Use open_stream_nc for output.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* sm/server.c (cmd_encrypt): Use gnupg_fd_t for OUT_FD.
Call open_stream_nc with OUT_FD.
(cmd_decrypt, cmd_verify, cmd_sign, cmd_export): Likewise.
--
GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* sm/gpgsm.c (oInputSizeHint): New.
(opts): Add "--input-size-hint".
(main): Set option.
* sm/server.c (option_handler): Add option "input-size-hint".
* sm/gpgsm.h (struct server_control_s): Add field input_size_hint.
* sm/encrypt.c (gpgsm_encrypt): Set the toatl file size.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
This option allows to set a value for the progress output line. Note
that as of now there is no other way to set the file size.
GnuPG-bug-id: 6534
|
|
--
There was some test code left over and a check reversed.
|
|
* common/ksba-io-support.c (struct writer_cb_parm_s): Add field
progress.
(struct gnupg_ksba_io_s): Add field is_writer.
(update_write_progress): New.
(base64_writer_cb, plain_writer_cb): Call update_write_progress.
(base64_finish_write): Ditto.
(gnupg_ksba_create_writer): Set is_writer.
(gnupg_ksba_set_progress_cb): New.
(gnupg_ksba_set_total): New.
* common/ksba-io-support.h (gnupg_ksba_progress_cb_t): New type.
* sm/server.c (gpgsm_status2): Return error from statusfp writes.
(gpgsm_progress_cb): New.
* sm/decrypt.c (gpgsm_decrypt): Set progress handler.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
* sm/verify.c (gpgsm_verify): Ditto.
--
GnuPG-bug-id: 6534
|
|
* g10/plaintext.c (get_output_file): Fix error code.
|
|
* sm/gpgsm.c (main): Do it here.
|
|
--
|
|
* sm/certcheck.c (extract_pss_params): Avoid double free
* sm/decrypt.c (gpgsm_decrypt): goto leave instead of return
* sm/encrypt.c (encrypt_dek): release s_pkey
* sm/server.c (cmd_export): free list
(do_listkeys): free lists
--
Signed-off-by: Jakub Jelen <[email protected]>
GnuPG-bug-id: 5393
|
|
* sm/Makefile.am (AM_CFLAGS): Add npth flags.
(common_libs): Use npth version of the lib.
(gpgsm_LDADD): Add npth libs.
* sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New.
(opts): New options --use-keyboxd and --keyboxd-program.
(main): Set them.
(gpgsm_deinit_default_ctrl): New.
(main): Call it.
* sm/server.c (gpgsm_server): Ditto.
* sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program.
(keydb_local_s): New type.
(struct server_control_s): Add field keybd_local.
* sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h.
(struct keydb_local_s): New.
(struct keydb_handle): Add fields for keyboxd use.
(gpgsm_keydb_deinit_session_data): New.
(warn_version_mismatch): New.
(create_new_context): New.
(open_context): New.
(keydb_new): Implement keyboxd mode.
(keydb_release): Ditto.
(keydb_get_resource_name): Ditto.
* sm/keydb.c: Add stub support for all other functions.
Signed-off-by: Werner Koch <[email protected]>
|
|
* sm/server.c (do_listkeys): Implement new option.
--
This option can be used by clients who can only provide a DER encoded
form of the issuer. For example in PKCS#11 providers.
Testing:
Put the DER encoded issuer DN into a file, say issuer.der.
The run
gpg-connect-agent -E -- gpgsm --server
> /definqfile ISSUER_DER issuer.der
> list-keys --issuer-der 01020304
and if the local keyring has a certifictate with that issuer and a s/n
of 0x01020304 that certificate will be listed.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/command.c (cmd_getinfo): Return GPG_ERR_FALSE as boolean False.
* g13/server.c (cmd_getinfo): Ditto.
* sm/server.c (cmd_getinfo): Ditto.
--
GPG_ERR_FALSE was introduced with libgpg-error 1.21 and we now require
a later version for gnupg 2. Thus we can switch to this more
descriptive code.
Signed-off-by: Werner Koch <[email protected]>
|
|
* sm/server.c: Include shareddefs.h.
(option_handler): Add option.
--
This is required when running gpgsm in server mode as done by GPGME.
Noet that a command line option takes precedence.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--
This fixes a potential overflow if LFs are passed to the status
string functions. This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing. In any case the functions need to be more robust and
comply to the promised interface. Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.
For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.
Reported-by: private_pers
|
|
* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
(run_command_inq_cb): Ditto.
* sm/gpgsm.c (main): Pass false.
* sm/server.c (cmd_passwd): Pass false.
--
As described in my report T1644, it is possible that multiple
certificates exist with the same Distinguished Name and the same key.
In this case, verifying S/MIME signatures and other actions fail with
"certificate not found: Ambiguous name". For details see the bug
report.
To circumvent the problem, I am patching GnuPG since 2014 so that in
this case the newest of the ambiguous certificates is used.
This is not an ultimate solution of the problem: You should try every
certificate with the same DN until verification succeeds or until all
certificates fail, and if multiple certificates of a chain are
ambiguous you even have to check every combination. You may even
consider checking the keyUsage attributes of the ambiguous certificates
to reduce the number of combinations.
But in the existing case of the certificates in the German Research
Network (DFN) PKI where the newest one is the valid one and all
ambiguous certificates have the same keyUsage attributes, this patch
has proven to be sufficient over the last three years.
With every GnuPG update, I have adapted the patch, luckily I never
needed to change anything except line numbers.
GnuPG-bug-id: 1644
ChangeLog log written by wk, comment taken from mail. Signed-off line
was missing in the plain diff. However the mail with the patch and
the DCO posted as reply to that mail were both signed.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
In addition, fix trailing spaces in tests/inittests.
GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
|
* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global. Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global. Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND. Also add new arg CTRL and change
all callers to pass it down.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
* dirmngr/server.c, sm/server.c: s/conenction/connection/
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/learncard.c: s/coccured/occurred/
* doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
s/reponses/responses/i
* doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
to" to more conventional english usage.
* doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
tests/openpgp/armor.test: s/occured/occurred/
* tools/gpgsplit.c: s/calcualting/calculating/
* sm/server.c: s/formated/formatted/
Signed-off-by: Daniel Kahn Gillmor <[email protected]>
|
|
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--
This will make detection of a non-default homedir easier.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/Makefile.am (common_sources): Add new files.
* common/server-help.c: New file.
* common/server-help.h: Likewise.
* agent/command.c: Drop argument handling primitives in favor of using
the consolidated ones.
* dirmngr/server.c: Likewise.
* g10/server.c: Likewise.
* g13/server.c: Likewise.
* scd/command.c: Likewise.
* sm/server.c: Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
|
* sm/call-dirmngr.c (prepare_dirmngr): Remove setting of ERR.
(unhexify_fpr): Remove useless computation on N.
* sm/certchain.c (do_validate_chain): Remove clearing of RC. Remove
useless setting of RC.
* sm/fingerprint.c (gpgsm_get_keygrip): Remove setting of RC.
* sm/gpgsm.c (build_list): Replace final stpcpy by strcpy.
* sm/keydb.c (keydb_clear_some_cert_flags): Remove clearing of RC.
* sm/server.c (cmd_getauditlog): Comment unused skip_options.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
* dirmngr/server.c (data_line_cookie_write): Ditto.
* sm/certdump.c (format_name_writer): Ditto.
* sm/server.c (data_line_cookie_write): Ditto.
* dirmngr/http.c (cookie_read, cookie_write): Ditto.
--
See the release notes of libgpg-error 1.15 for background info on
gpgrt_ssize_t.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.
Signed-off-by: Justus Winter <[email protected]>
|
|
* sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12.
Signed-off-by: Werner Koch <[email protected]>
|
|
* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--
Adding this option makes it easier to implement the corresponding
feature in gpgme.
Signed-off-by: Werner Koch <[email protected]>
|
|
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options. Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--
The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
|
|
* sm/server.c (option_handler): Use "with-secret".
|
|
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret. Also move
the token string from the wrong field 14 to 15.
--
This option is useful for key managers which need to know whether a
key has a secret key. This change allows to collect this information
in one pass.
|
|
* common/homedir.c (dirmngr_socket_name): Rename to
dirmngr_sys_socket_name.
(dirmngr_user_socket_name): New.
* common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr
socket.
* dirmngr/dirmngr.c (main): Ditto.
* dirmngr/server.c (cmd_getinfo): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* dirmngr/dirmngr-client.c (start_dirmngr): Likewise.
* tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs.
* configure.ac (USE_DIRMNGR_AUTO_START): Set by default.
|
|
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.
* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
|
|
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
|
|
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
|
|
|
|
|
2010-06-11 Marcus Brinkmann <[email protected]>
* sysutils.c (translate_sys2libc_fd): Revert last change.
(translate_sys2libc_fd_int): Revert last change.
sm/
2010-06-11 Marcus Brinkmann <[email protected]>
* server.c (cmd_message) [HAVE_W32CE_SYSTEM]: Finish pipe.
|
|
2010-06-10 Marcus Brinkmann <[email protected]>
* estream.c (_es_get_std_stream): Fix cut&paste bug.
sm/
2010-06-10 Marcus Brinkmann <[email protected]>
* server.c (SERVER_STDIN, SERVER_STDOUT): New macros.
(gpgsm_server): Use them with assuan_fdopen.
|
|
|
|
descriptors.
|
|
|
|
|
