aboutsummaryrefslogtreecommitdiffstats
path: root/doc/dirmngr.texi (follow)
Commit message (Collapse)AuthorAgeFilesLines
* doc: Declare --disable-http as legacy.Werner Koch2025-02-191-1/+6
| | | | --
* Remove the default keyserver.Werner Koch2025-01-081-3/+1
|
* Stronger deprecate the --supervised option.Werner Koch2025-01-081-2/+4
| | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (opts): Rename option supervised. * dirmngr/dirmngr.c (opts): Ditto. -- The --supervised way to start gpg-agent has been deprecated for 2.5 years and will probably entirely removed with version 2.6.0. To allow its use until its removal the systemd service description need to be adjusted to use this option. The reason for the deprecation are conflicts with the way systemd starts gpg-agent and gpg expects how gpg-agent is started. In particular gpg expects that the gpg-agent matching its own version is started. Further the systemd way is not portable to other platforms and long term experience on Windows has show that the standard way of starting gpg-agent is less error prone. Note to those who want to re-introduse this option: Pretty please do not use socket names conflicting with our standard socket names. For example use /run/user/1000/foo-gnupg/S.gpg-agent.
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-1/+1
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-03-121-1/+1
|\ | | | | | | | | | | | | | | -- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
| * doc: Fix spelling errors found by lintian.Werner Koch2024-01-291-1/+1
| | | | | | | | | | | | -- Reported-by: Andreas Metzler <[email protected]>
* | Merge branch 'STABLE-BRANCH-2-4'Werner Koch2023-11-071-3/+6
|\| | | | | | | | | | | | | * common/b64dec.c (b64decode): Move to ... * common/miscellaneous.c: here. * common/t-b64.c: Re-inroduce and keep only the b64decode test code.
| * dirmngr: Implement automatic proxy detection on Windows.Werner Koch2023-09-261-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/http.c [W32]: Include winhttp.h (w32_get_internet_session): New. (w32_get_proxy): New. (get_proxy_for_url): Implement automatic proxy detection and fix error in last patch. (http_reinitialize): New. * dirmngr/dirmngr.c (dirmngr_sighup_action): Call reinitialize. * dirmngr/Makefile.am (NETLIBS) [W32]: Link with winhttp. -- GnuPG-bug-id: 5768
| * dirmngr: Allow conf files to disable default keyservers.Werner Koch2023-09-061-1/+2
| | | | | | | | | | | | | | | | * dirmngr/server.c (ensure_keyserver): Detect special value "none" (cmd_keyserver): Ignore "none" and "hkp://none". -- GnuPG-bug-id: 6708
| * dirmngr: Add doc for faked-system-timeAndre Heinecke2023-07-211-0/+7
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (gpgrt_opt_t): Use string for oFakedSystemTime. (oFakedSystemTime): Use similar conversion as gpgsm has. * dirmngr/dirmngr.texi (faked-system-time): Document it. -- For testing X509 certificates this is usually required and then confusing that the example from the gpgsm man page does not work for dirmngr.
* | doc: Use the em dash to mark a break in a sentence.NIIBE Yutaka2023-11-071-1/+1
| | | | | | | | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | doc: Fix to avoid using en-dash for command options.NIIBE Yutaka2023-11-021-1/+1
| | | | | | | | | | | | | | -- GnuPG-bug-id: 6746 Signed-off-by: NIIBE Yutaka <[email protected]>
* | Minor style fixes.NIIBE Yutaka2023-10-051-16/+16
| | | | | | | | | | | | -- Signed-off-by: NIIBE Yutaka <[email protected]>
* | dirmngr: Add doc for faked-system-timeAndre Heinecke2023-07-191-0/+7
|/ | | | | | | | | | | * dirmngr/dirmngr.c (gpgrt_opt_t): Use string for oFakedSystemTime. (oFakedSystemTime): Use similar conversion as gpgsm has. * dirmngr/dirmngr.texi (faked-system-time): Document it. -- For testing X509 certificates this is usually required and then confusing that the example from the gpgsm man page does not work for dirmngr.
* dirmngr: New option --ignore-crl-extensions.Werner Koch2023-06-191-0/+9
| | | | | | | | | | | | | | * dirmngr/dirmngr.c (oIgnoreCRLExtension): New. (opts): Add --ignore-crl-extension. (parse_rereadable_options): Add to list/ * dirmngr/dirmngr.h (opt): Add ignored_crl_extensions. * dirmngr/crlcache.c (crl_cache_insert): Implement option. -- This option is is useful for debugging problems with new CRL extensions. It is similar to --ignore-cert-extension. GnuPG-bug-id: 6545
* dirmngr: New option --compatibility-flags.Werner Koch2023-06-151-0/+8
| | | | | | | * dirmngr/dirmngr.c (oCompatibilityFlags): NEw. (opts): Add option --compatibility-flags. (compatibility_flags): New. (parse_rereadable_options): Parse them.
* doc: Minor fix of the --keyserver option.Werner Koch2023-01-111-9/+9
| | | | | | -- Unfortunately the a reflow took place.
* doc: Typo fixesWerner Koch2022-12-161-2/+2
| | | | | | | -- Reported-by: Andreas Metzler GnuPG-bug-id: 6309
* dirmngr: New server flag "areconly" (A-record-only)Werner Koch2022-09-281-0/+3
| | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly" * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag. * dirmngr/dirmngr_ldap.c: Add option --areconly (connect_ldap): Implement option. * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option. -- This flag is used to pass the Windows specific option LDAP_OPT_AREC_EXCLUSIVE. It is ignored on other systems. Signed-off-by: Werner Koch <[email protected]>
* Deprecate the --supervised options.Werner Koch2022-04-251-2/+1
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* dirmngr: New option --ignore-certWerner Koch2021-10-061-0/+19
| | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen. (opt): Add field ignored_certs. * dirmngr/dirmngr.c: Add option --ignore-cert (parse_rereadable_options): Handle that option. (parse_ocsp_signer): Rename to ... (parse_fingerprint_item): this and add two args. * dirmngr/certcache.c (put_cert): Ignore all to be igored certs. Change callers to handle the new error return. -- This option is useful as a workaround in case we ill run into other chain validation errors like what we fixed in GnuPG-bug-id: 5639
* dirmngr: Change the default keyserver.Werner Koch2021-08-241-8/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to keyserver.ubuntu.com. * dirmngr/certcache.c (cert_cache_init): Disable default pool cert. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto. * dirmngr/http.c (http_session_new): Ditto. * dirmngr/server.c (make_keyserver_item): Use a different mapping for the gnupg.net names. -- Due to the unfortunate shutdown of the keyserver pool, the long term defaults won't work anymore. Thus it is better to change them. For https access keyserver.ubuntu.com is now used because it can be expected that this server can stand the load from newer gnupg LTS versions. For http based access the Dutch Surfnet keyserver is used. However due to a non-standard TLS certificate this server can not easily be made the default for https. Note: that the default server will be changed again as soon as a new connected keyserver infrastructure has been established. (cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
* doc: Update description of LDAP keyserversWerner Koch2021-06-161-10/+25
| | | | | | -- (cherry picked from commit 7c4b0eda7462cecf230aba8472d264593257dd0d)
* dirmngr: Use --ldaptimeout for OpenPGP LDAP keyservers.Werner Koch2021-06-161-5/+7
| | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Use LDAP_OPT_TIMEOUT. * dirmngr/dirmngr.c (main): Move --ldaptimeout setting to ... (parse_rereadable_options): here. -- Note that this has not yet been tested. In fact a test with OpenLDAP using a modified route got stuck in the connection attempt. Maybe it works on Windows - will be tested later. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit 317d5947b84ae2707e46b89fb0d8318c07174e13)
* dirmngr: New option --ldapserverWerner Koch2021-06-161-10/+37
| | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (opts): Add option --ldapserver. (ldapserver_list_needs_reset): New var. (parse_rereadable_options): Implement option. (main): Ignore dirmngr_ldapservers.conf if no --ldapserver is used. * dirmngr/server.c (cmd_ldapserver): Add option --clear and list configured servers if none are given. -- This option allows to specify LDAP keyserver in dirmngr instead of using gpgsm.conf. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ff17aee5d10c8c5ab902253fb4332001c3fc3701)
* doc: Typo fixes for dirmngr.texiWerner Koch2021-02-251-3/+3
| | | | --
* doc: Explain how Tor is detected.Werner Koch2021-02-241-1/+4
| | | | --
* dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.Werner Koch2021-02-171-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds extension. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with hostname - which is NULL and thus the same if not given. Fix minor error in error code handling. -- Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet been officially regisetered. Thus for correctness the OID can be used: 1.3.6.1.4.1.11591.2.5 LDAP URL extensions 1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user) Note that the value must be 1; all other values won't enable AD authentication and are resevered for future use. This has been cherry-picked from the 2.2 branch, commit 55f46b33df08e8e0ea520ade5f73b321bc01d705 Signed-off-by: Werner Koch <[email protected]>
* doc: Explain LDAP keyserver parametersWerner Koch2020-12-211-1/+20
|
* dirmngr: Add warning on the use of --add-servers.Werner Koch2020-10-051-11/+16
| | | | | * tools/gpgconf-comp.c (known_options_dirmngr): Degrade add-servers to expert mode.
* doc: Some documentation updates.Werner Koch2020-09-211-9/+70
| | | | | | -- Also fixed some typos and documented soon to be used OIDs
* Spelling cleanup.Daniel Kahn Gillmor2020-02-181-1/+1
| | | | | | | | | | | | | | | | No functional changes, just fixing minor spelling issues. --- Most of these were identified from the command line by running: codespell \ --ignore-words-list fpr,stati,keyserver,keyservers,asign,cas,iff,ifset \ --skip '*.po,ChangeLog*,help.*.txt,*.jpg,*.eps,*.pdf,*.png,*.gpg,*.asc' \ doc g13 g10 kbx agent artwork scd tests tools am common dirmngr sm \ NEWS README README.maint TODO Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* doc,dirmngr: Clarify --standard-resolver.Werner Koch2019-11-231-1/+2
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* gpgsm: Allow sepcification of ldaps servers.Werner Koch2019-11-091-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | * sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps. * sm/gpgsm.c (parse_keyserver_line): Parse flags. * sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr. * dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags. * dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls. * dirmngr/dirmngr_ldap.c: New option --tls. (fetch_ldap): Make use of that option. -- There was no way to specify an LDAPS server in dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This patch fixes this. Eventually we should allow to replace host and port by a partial URI in the same way ldap_initialize does it. For backward compatibility we do not yet do that. Although the dirmngr code accepts an URL (eg. taken from a certificate), I can't see how the scheme was ever used. Thus the patch also detects an ldaps scheme and uses this. That part has not been tested, though. Signed-off-by: Werner Koch <[email protected]>
* doc: Document gpgsm's --keyserver option.Werner Koch2019-11-071-3/+4
| | | | | | | | -- Also fix a few related entries. Signed-off-by: Werner Koch <[email protected]>
* doc: Update description of --debugWerner Koch2019-09-051-5/+5
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
* doc: Minor doc fix to dirmngr.Werner Koch2019-05-031-3/+1
| | | | | | -- Reported-by: dkg
* all: fix more spelling errorsDaniel Kahn Gillmor2018-10-251-1/+1
|
* dirmngr: Add the used TLS library to the debug output.Werner Koch2018-04-251-3/+4
| | | | | | | | | | | * dirmngr/http.c (send_request): Print the used TLS library in debug mode. -- We allow two different TLS libararies and thus it is useful to see that in the debug output of bug reports. Signed-off-by: Werner Koch <[email protected]>
* Change backlog from 5 to 64 and provide option --listen-backlog.Werner Koch2017-12-121-0/+4
| | | | | | | | | | | | | | * agent/gpg-agent.c (oListenBacklog): New const. (opts): New option --listen-backlog. (listen_backlog): New var. (main): Parse new options. (create_server_socket): Use var instead of 5. * dirmngr/dirmngr.c: Likewise. * scd/scdaemon.c: Likewise. -- GnuPG-bug-id: 3473 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Reduce default LDAP timeout to 15 seconds.Werner Koch2017-11-071-1/+1
| | | | | | | | | * dirmngr/dirmngr.c (DEFAULT_LDAP_TIMEOUT): Change to 15. * dirmngr/dirmngr_ldap.c (DEFAULT_LDAP_TIMEOUT): Ditto. Signed-off-by: Werner Koch <[email protected]> (cherry picked from commit ab7ac827041b5cd97bbca7a75b0930072dd6611f) GnuPG-bug-id: 3487
* dirmngr: Auto-enable Tor on startup or reload.Werner Koch2017-07-261-3/+9
| | | | | | | | * dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility. -- GnuPG-bug-id: 2935 Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.Werner Koch2017-06-081-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New enums. (opts): New options --connect-timeout and --connect-quick-timeout. (DEFAULT_CONNECT_TIMEOUT): New. (DEFAULT_CONNECT_QUICK_TIMEOUT): New. (parse_rereadable_options): Handle new options. (post_option_parsing): New. Use instead of direct calls to set_debug() and set_tor_mode (). (main): Setup default timeouts. (dirmngr_init_default_ctrl): Set standard connect timeout. * dirmngr/dirmngr.h (opt): New fields connect_timeout and connect_quick_timeout. (server_control_s): New field timeout. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to http_raw_connect. * dirmngr/ks-engine-hkp.c (send_request): Call http_session_set_timeout. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get) (cmd_ks_fetch): Implement --quick option. -- The standard connect timeouts are way to long so we add a timeout to the connect calls. Also implement the --quick option which is already used by gpg for non-important requests (e.g. looking up a key for verification). Signed-off-by: Werner Koch <[email protected]>
* Spelling fixes in docs and comments.NIIBE Yutaka2017-04-281-1/+1
| | | | | | | | | | -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <[email protected]>
* dirmngr: New option --disable-ipv6Werner Koch2017-04-031-2/+3
| | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'. * dirmngr/dirmngr.c (oDisableIPv6): New const. (opts): New option --disable-ipv6. (parse_rereadable_options): Set that option. * dirmngr/dns-stuff.c (opt_disable_ipv6): New var. (set_dns_disable_ipv6): New. (resolve_name_standard): Make use of it. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of OPT.DISABLE_IPV6. * dirmngr/ks-engine-hkp.c (map_host): Ditto. (send_request): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Signed-off-by: Werner Koch <[email protected]>
* Clean up word replication.Yuri Chornoivan2017-02-211-3/+3
| | | | | | | | | -- This fixes extra word repetitions (like "the the" or "is is") in the code and docs. Signed-off-by: Daniel Kahn Gillmor <[email protected]>
* dirmngr: Require --allow-version-check even if --use-tor is used.Werner Koch2017-01-311-2/+2
| | | | | | | * dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the option is set. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: New option --disable-ipv4.Werner Koch2017-01-241-0/+5
| | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.c (oDisableIPv4): New const. (opts): New option --disable-ipv4. (parse_rereadable_options): Set that option. * dirmngr/dirmngr.h (opt): New field 'disable_ipv4'. * dirmngr/dns-stuff.c (opt_disable_ipv4): bew var. (set_dns_disable_ipv4): New. (resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is set. * dirmngr/ks-engine-hkp.c (map_host): Ditto. (send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set. * dirmngr/crlfetch.c (crl_fetch): Ditto. * dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. * dirmngr/ocsp.c (do_ocsp_request): Ditto. Signed-off-by: Werner Koch <[email protected]>
* dirmngr: Implement debug option "network" for http.Werner Koch2017-01-111-3/+5
| | | | | | * dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging. Signed-off-by: Werner Koch <[email protected]>
* doc: Mention dirmngr.confWerner Koch2017-01-101-2/+15
| | | | | | -- Signed-off-by: Werner Koch <[email protected]>
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 09:30:06 +0000