aboutsummaryrefslogtreecommitdiffstats
path: root/sm/verify.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Implemented the chain model for X.509 validation.Werner Koch2007-08-101-10/+42
|
* Changed to GPLv3.Werner Koch2007-07-041-4/+2
| | | | | Removed intl/.
* Allow export to work on systems without funopen/fopencookie.Werner Koch2007-03-191-1/+1
|
* sm/Werner Koch2006-11-141-11/+14
| | | | | | | | | | | | | | * server.c (skip_options): Skip leading spaces. (has_option): Honor "--". (cmd_export): Add option --data to do an inline export. Skip all options. * certdump.c (gpgsm_fpr_and_name_for_status): New. * verify.c (gpgsm_verify): Use it to print correct status messages. doc/ * gpgsm.texi (GPGSM EXPORT): Document changes.
* The big Assuan error code removal.Werner Koch2006-09-061-1/+1
|
* Updated FSF's address.Werner Koch2006-06-201-1/+2
|
* Added qualified signature features.Werner Koch2005-11-131-2/+8
|
* * configure.ac: Require libksba 0.9.7.Werner Koch2004-06-061-47/+34
| | | | | | | | | | | | | | | | * certreqgen.c (get_parameter_uint, create_request): Create an extension for key usage when requested. * gpgsm.c (main): Install emergency_cleanup also as an atexit handler. * verify.c (gpgsm_verify): Removed the separate error code handling for KSBA. We use shared error codes anyway. * export.c (export_p12): Removed debugging code. * encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
* * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.Werner Koch2004-04-051-1/+4
| | | | | | | | | | | | | * certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do not just warn if a cert is not suitable; bail out immediately. * call-dirmngr.c (isvalid_status_cb): New. (unhexify_fpr): New. Taken from ../g10/call-agent.c (gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass it thru. Detect need to check the respondert cert and do that. * certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed all callers.
* * gpgsm.c: New option --with-md5-fingerprint.Werner Koch2004-02-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | * keylist.c (list_cert_std): Print MD5 fpr. * gpgsm.c: New options --with-validation. * server.c (option_handler): New option "with-validation". * keylist.c (list_cert_std, list_internal_keys): New args CTRL and WITH_VALIDATION. Changed callers to set it. (list_external_cb, list_external_keys): Pass CTRL to the callback. (list_cert_colon): Add arg CTRL. Check validation if requested. * certchain.c (unknown_criticals, allowed_ca, check_cert_policy) (gpgsm_validate_chain): New args LISTMODE and FP. (do_list): New helper for info output. (find_up): New arg FIND_NEXT. (gpgsm_validate_chain): After a bad signature try again with other CA certificates. * import.c (print_imported_status): New arg NEW_CERT. Print additional STATUS_IMPORT_OK becuase that is what gpgme expects. (check_and_store): Always call above function after import. * server.c (get_status_string): Added STATUS_IMPORT_OK.
* * encrypt.c (init_dek): Check for too weak algorithms.Werner Koch2004-02-131-1/+1
| | | | | | | | | | | | * import.c (parse_p12, popen_protect_tool): New. * base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM. Changed all callers. (base64_reader_cb): Handle it here. (gpgsm_reader_eof_seen): New. (base64_reader_cb): Set a flag for EOF. (simple_reader_cb): Ditto.
* Replaced deprecated type names.Werner Koch2003-12-171-8/+8
| | | | | | | | * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul. (gpgsm_dump_serial): Ditto. * decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
* * gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.Werner Koch2003-12-011-1/+2
| | | | | | | | (gpgsm_init_default_ctrl): Set USE_OCSP to the default value. * certchain.c (gpgsm_validate_chain): Handle USE_OCSP. * call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and proceed accordingly.
* * verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info.Werner Koch2003-11-181-1/+6
| | | | | * certchain.c (unknown_criticals): Fixed an error code test.
* Mainly changes to adjust for the changed KSBA API.Werner Koch2003-11-121-15/+16
|
* * verify.c (strtimestamp_r, gpgsm_verify):Werner Koch2003-10-311-19/+12
| | | | | | | | | | | * sign.c (gpgsm_sign): * keylist.c (print_time, list_cert_std, list_cert_colon): * certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert): * certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
* This commit was manufactured by cvs2svn to create branchRepo Admin2003-08-051-0/+550
| | | | 'GNUPG-1-9-BRANCH'.
* This commit was manufactured by cvs2svn to create branchRepo Admin2002-10-191-510/+0
| | | | 'GNUPG-1-9-BRANCH'.
* * gpgsm.c (main): Use the log file only in server mode.Werner Koch2002-08-201-13/+22
| | | | | | | | | | * import.c (print_imported_summary): New. (check_and_store): Update the counters, take new argument. (import_one): Factored out core of gpgsm_import. (gpgsm_import): Print counters. (gpgsm_import_files): New. * gpgsm.c (main): Use the new function for import.
* Made it compile.Werner Koch2002-08-161-1/+1
|
* * call-agent.c (learn_cb): Special treatment when the issuerWerner Koch2002-08-161-3/+3
| | | | | certificate is missing.
* * keylist.c (list_cert_colon): Print the short fingerprint in theWerner Koch2002-08-101-7/+23
| | | | | | | | key ID field. * fingerprint.c (gpgsm_get_short_fingerprint): New. * verify.c (gpgsm_verify): Print more verbose info for a good signature.
* * gpgsm.c (emergency_cleanup): New.Werner Koch2002-08-091-3/+7
| | | | | | | | (main): Initialize the signal handler. * sign.c (gpgsm_sign): Reset the hash context for subsequent signers and release it at the end.
* * verify.c (gpgsm_verify): Extend the STATUS_BADSIG line withWerner Koch2002-07-021-2/+10
| | | | | the fingerprint.
* * keydb.c (keydb_store_cert): Add optional ar EXISTED and changedWerner Koch2002-07-021-1/+1
| | | | | | | | | | | | all callers. * call-agent.c (learn_cb): Print info message only for real imports. * import.c (gpgsm_import): Moved duplicated code to ... (check_and_store): new function. Added magic to import the entire chain. Print status only for real imports and moved printing code to .. (print_imported_status): New.
* * certlist.c (gpgsm_add_to_certlist): Fixed locating of aWerner Koch2002-06-201-2/+9
| | | | | | | | | | | | | | | | | | | | | | | certificate with the required key usage. * gpgsm.c (main): Fixed a segv when using --outfile without an argument. * keylist.c (print_capabilities): Also check for non-repudiation and data encipherment. * certlist.c (cert_usage_p): Test for signing and encryption was swapped. Add a case for certification usage, handle non-repudiation and data encipherment. (gpgsm_cert_use_cert_p): New. (gpgsm_add_to_certlist): Added a CTRL argument and changed all callers to pass it. * certpath.c (gpgsm_validate_path): Use it here to print a status message. Added a CTRL argument and changed all callers to pass it. * decrypt.c (gpgsm_decrypt): Print a status message for wrong key usage. * verify.c (gpgsm_verify): Ditto. * keydb.c (classify_user_id): Allow a colon delimited fingerprint.
* * call-agent.c (learn_cb): Use log_info instead of log_error onWerner Koch2002-06-191-1/+1
| | | | | | | | | | | | successful import. * keydb.c (keydb_set_ephemeral): New. (keydb_store_cert): New are ephemeral, changed all callers. * keylist.c (list_external_cb): Store cert as ephemeral. * export.c (gpgsm_export): Kludge to export epehmeral certificates. * gpgsm.c (main): New command --list-external-keys.
* * sign.c (hash_and_copy_data): New.Werner Koch2002-06-121-6/+25
| | | | | | | | | | | (gpgsm_sign): Implemented normal (non-detached) signatures. * gpgsm.c (main): Ditto. * certpath.c (gpgsm_validate_path): Special error handling for no policy match. * configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now.
* * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changedWerner Koch2002-05-031-26/+41
| | | | | | | all callers. * verify.c (gpgsm_verify): Tweaked usage of log_debug and log_error. Return EXPSIG status and add expiretime to VALIDSIG.
* * certlist.c (cert_usable_p): New.Werner Koch2002-04-121-0/+1
| | | | | | | | | | | | (gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New. (gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New. (gpgsm_add_to_certlist): Check the key usage. * sign.c (gpgsm_sign): Ditto. * verify.c (gpgsm_verify): Print a message wehn an unsuitable certificate was used. * decrypt.c (gpgsm_decrypt): Ditto * keylist.c (print_capabilities): Determine values from the cert.
* * verify.c (gpgsm_verify): Detect certs-only message.Werner Koch2002-03-121-6/+11
|
* * gpgsm.c, gpgsm.h: Add local_user.Werner Koch2002-03-051-4/+2
| | | | | | | | | | | * sign.c (gpgsm_get_default_cert): New. (get_default_signer): Use the new function if local_user is not set otherwise used that value. * encrypt.c (get_default_recipient): Removed. (gpgsm_encrypt): Use gpgsm_get_default_cert. * verify.c (gpgsm_verify): Better error text for a bad signature found by comparing the hashs.
* * certlist.c (gpgsm_add_to_certlist): Check that the specifiedWerner Koch2002-02-071-1/+1
| | | | | | | | | | | | | | | | name identifies a certificate unambiguously. (gpgsm_find_cert): Ditto. * server.c (cmd_listkeys): Check that the data stream is available. (cmd_listsecretkeys): Ditto. (has_option): New. (cmd_sign): Fix ambiguousity in option recognition. * gpgsm.c (main): Enable --logger-fd. * encrypt.c (gpgsm_encrypt): Increased buffer size for better performance. * call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from the agent. * keylist.c (list_cert_colon): Filter out control characters.
* * import.c (gpgsm_import): Just do a basic cert check beforeWerner Koch2002-01-151-30/+5
| | | | | | | | | | | | | | | | storing it. * certpath.c (gpgsm_basic_cert_check): New. * keydb.c (keydb_store_cert): New. * import.c (store_cert): Removed and change all caller to use the new function. * verify.c (store_cert): Ditto. * certlist.c (gpgsm_add_to_certlist): Validate the path * certpath.c (gpgsm_validate_path): Check the trust list. * call-agent.c (gpgsm_agent_istrusted): New.
* * verify.c (gpgsm_verify): Implemented non-detached signatureWerner Koch2001-12-201-12/+37
| | | | | | | verification. Add OUT_FP arg, initialize a writer and changed all callers. * server.c (cmd_verify): Pass an out_fp if one has been set.
* * base64.c (base64_reader_cb): Try to detect an S/MIME body part.Werner Koch2001-12-201-46/+3
| | | | | | | | | | | | | | * certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made global. (print_time): Renamed to gpgsm_dump_time, made global. (gpgsm_dump_serial): Take a real S-Expression as argument and print the first item. * keylist.c (list_cert_colon): Ditto. * keydb.c (keydb_search_issuer_sn): Ditto. * decrypt.c (print_integer_sexp): Removed and made callers use gpgsm_dump_serial. * verify.c (print_time): Removed, made callers use gpgsm_dump_time.
* Changes to be used with the new libksba interface.Werner Koch2001-12-181-7/+14
| | | | | libgcrypt-1.1.5 is required (cvs or tarball)
* * verify.c (gpgsm_verify): Add hash debug helpersWerner Koch2001-12-141-0/+5
| | | | | | | | | | | | | | * sign.c (gpgsm_sign): Ditto. * base64.c (base64_reader_cb): Reset the linelen when we need to skip the line and adjusted test; I somehow forgot about DeMorgan. * server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify) (cmd_import): Close the FDs on success. (close_message_fd): New. (input_notify): Setting autodetect_encoding to 0 after initializing it to 0 is pretty pointless. Easy to fix.
* Implemented encryption in server mode.Werner Koch2001-12-111-1/+1
| | | | | | Allow to specify a recipient on the commandline There is still a default hardwired recipient if none has been set.
* --encrypt does now work for a hardwired key.Werner Koch2001-12-101-1/+1
|
* * base64.c: New. Changed all other functions to use this insteadWerner Koch2001-11-271-66/+16
| | | | | | | of direct creation of ksba_reader/writer. * gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used. This way we can feed PEM encoded stuff to --verify.
* * keydb.c (keydb_add_resource): Create keyboxWerner Koch2001-11-261-0/+34
| | | | | | * keylist.c (gpgsm_list_keys): Fixed non-server keylisting. * server.c (rc_to_assuan_status): New. Use it for all commands.
* The agent does now work and read the secret keys from the directoryWerner Koch2001-11-251-1/+0
| | | | | | ~/.gnupg-test/private-keys-v1.d/<keygrip-as-20-byte-hex-number>. I will post a sample key to gpa-dev.
* Added new directory common to enable sharing of some code and errorWerner Koch2001-11-241-12/+12
| | | | | | numbers between gpg, gpgsm and gpg-agent. Move some files and code to there.
* Signing does now work. There is no secret key management yet, so youWerner Koch2001-11-241-2/+6
| | | | | | should set GPGSM_FAKE_KEY=1 before you try to verify a signature created by gpgsm --sign or the SIGN server command.
* Just a Backup. We can now write out a basic signature which in turnWerner Koch2001-11-231-1/+1
| | | | | exhibits a bug in --verify.
* Map Libksba's OIDs to Libgcrypt digest algo numbers.Werner Koch2001-11-201-11/+17
| | | | | The latest Libgcrypt CVS version is needed.
* Write status output, make verify work in server mode.Werner Koch2001-11-191-2/+50
|
* gpgsm --verify does now work like gpg including theWerner Koch2001-11-191-8/+52
| | | | | --enable-special-filenames option.
* Base code for gpgsm --verify does workWerner Koch2001-11-161-0/+374
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 22:10:49 +0000