| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* sm/call-dirmngr.c (get_cached_cert): Make sure buflen is initialized.
|
|
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
|
|
* sm/certreqgen.c (pAUTHKEYID): New.
(read_parameters): Add keyword Authority-Key-Id.
(proc_parameters): Check its value.
(create_request): Insert an Authority-Key-Id.
|
|
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
|
|
* sm/certreqgen.c (create_request): Fix hex-bin conversion.
|
|
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
|
|
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
|
|
This allows us to extend this function in the future.
|
|
Also cleaned up the dotlock code for easier readability.
|
|
This is to allow building with Libgcrypt master (1.6) which has some
cleanups in the API/ABI.
|
|
|
|
This should always work because the dirmngr asked us to validate the
given certificate. This should make OCSP configuration easier because
there is less requirement to install all certificates for Dirmngr and
gpgsm.
CAUTION: This code has not yet been tested.
|
|
|
|
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'. This happened when I merged the user id
classification code of gpgsm and gpg.
|
|
This is so that we read compatible with gnutls's certtool. Only
AES-128 is supported. The latest Libgcrypt from git is required.
Fixes bug#1321.
|
|
|
|
|
|
|
|
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.
Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file. An example parameter file
is
Key-Type: RSA
Key-Length: 1024
Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=some test key
Name-Email: [email protected]
Name-Email: [email protected]
Hash-Algo: SHA384
not-after: 2038-01-16 12:44
This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm. The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
|
|
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
|
|
|
|
Make self-check interval larger
|
|
Allow for a longer agent atartup under wince.
Print gpg output via estream.
|
|
|
|
|
|
Doc fixes.
Allow TCP and local sockets in watchgnupg.
|
|
A couple of forward ported changes.
Doc updates.
|
|
Add a registry key to enable catch-all remote debugging for W32.
Replace more stdio stuff by estream.
|
|
|
|
|
|
|
|
2010-06-11 Marcus Brinkmann <[email protected]>
* sysutils.c (translate_sys2libc_fd): Revert last change.
(translate_sys2libc_fd_int): Revert last change.
sm/
2010-06-11 Marcus Brinkmann <[email protected]>
* server.c (cmd_message) [HAVE_W32CE_SYSTEM]: Finish pipe.
|
|
* server.c (SERVER_STDIN, SERVER_STDOUT): New macros.
(gpgsm_server): Use them with assuan_fdopen.
|
|
2010-06-10 Marcus Brinkmann <[email protected]>
* estream.c (_es_get_std_stream): Fix cut&paste bug.
sm/
2010-06-10 Marcus Brinkmann <[email protected]>
* server.c (SERVER_STDIN, SERVER_STDOUT): New macros.
(gpgsm_server): Use them with assuan_fdopen.
|
|
A few code changes to support dirmngr.
|
|
|
|
* certreqgen.c (read_parameters): Use ascii_isspace instead of
spacep to stop at newline, too.
|
|
|
|
|
|
|
|
descriptors.
|
|
stdio.
|
|
|
|
|
|
|
|
|
|
Comment fixes.
Minor chnages in preparation of a W32CE port.
|
|
Typo and comment fixes.
|
|
|
|
|
