« back to all changes in this revision
Viewing changes to sm/ChangeLog
- browse files at revision 20
- compare with another revision
- download diff
- download tarball
- view history from revision 20
- Committer: Package Import Robot
- Author(s): Sebastien Bacher
- Date: 2012-11-06 11:25:58 UTC
- mfrom: (1.1.16) (7.1.8 raring-proposed)
- Revision ID: package-import@ubuntu.com-20121106112558-lkpndvv4gqthgrn4
Tags: 2.0.19-1ubuntu1
* Resynchronize on Debian, remaining changes:
- Add udev rules to give gpg access to some smartcard readers;
Debian #543217.
. debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
- Add udev rules to give gpg access to some smartcard readers;
Debian #543217.
. debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
- files added:
- ChangeLog-2011
- files removed:
- .pc/gnupg2-fix-libgcrypt.diff
- .pc/gnupg2-fix-libgcrypt.diff/g10
- .pc/long-keyids.diff
- .pc/long-keyids.diff/keyserver
- files modified:
- .pc/01-gnupg2-rename.diff/configure.ac
added
removed
sm/ChangeLog
1
2010-09-16 Werner Koch <wk@g10code.com>
2
3
* certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
4
(do_validate_chain): Ditto.
5
(gpgsm_basic_cert_check): Ditto.
6
* call-agent.c (learn_cb): Take care of new
7
GPG_ERR_MISSING_ISSUER_CERT.
8
* import.c (check_and_store): Ditto.
9
(check_and_store): Ditto.
10
11
2010-05-12 Werner Koch <wk@g10code.com>
12
13
* Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for
14
Solaris.
15
16
2010-03-12 Werner Koch <wk@g10code.com>
17
18
* server.c (cmd_passwd): New. From trunk.
19
(register_commands): Register it.
20
21
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
22
23
From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
24
2009-12-08:
25
26
* call-agent.c (membuf_data_cb, default_inq_cb)
27
(inq_ciphertext_cb, scd_serialno_status_cb)
28
(scd_keypairinfo_status_cb, istrusted_status_cb)
29
(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
30
* gpgsm.c (main): Update to new assuan API.
31
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
32
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
33
* server.c (reset_notify, input_notify, output_notify): Update to
34
new assuan interface.
35
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
36
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
37
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
38
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
39
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
40
(register_commands): Use assuan_handler_t. Same for member HANDLER
41
in table. Add NULL arg to assuan_register_command. Add help arg to
42
assuan_register_command. Provide help strings for all commands.
43
(gpgsm_server): Allocate assuan context before starting server.
44
Use assuan_fd_t and assuan_fdopen on fds.
45
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
46
setting LDAPSERVER.
47
(start_dirmngr_ext): Allocate assuan context before starting
48
server. Update use ofassuan_pipe_connect and assuan_socket_connect.
49
Convert posix fd to assuan fd.
50
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
51
(run_command_cb, run_command_inq_cb, run_command_status_cb):
52
Return gpg_error_t instead of int.
53
54
2009-12-10 Werner Koch <wk@g10code.com>
55
56
* gpgsm.c: Add option --ignore-cert-extension.
57
* gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS.
58
* certchain.c (unknown_criticals): Handle ignored extensions,
59
60
2009-12-03 Werner Koch <wk@g10code.com>
61
62
From trunk:
63
64
* verify.c (gpgsm_verify): Add audit info on hash algorithms.
65
* sign.c (gpgsm_sign): Add audit log calls.
66
(hash_data): Return an error indicator.
67
* decrypt.c (gpgsm_decrypt): Add audit log calls.
68
69
* gpgsm.c: New option --html-audit-log.
70
71
* certreqgen.c (proc_parameters): Change fallback key length to
72
2048.
73
* gpgsm.c (main) <aGpgConfList>: Add key "default_pubkey_algo".
74
75
2009-12-03 Werner Koch <wk@g10code.com>
76
77
* gpgsm.c (set_debug): Allow for numerical debug levels. Print
78
active debug flags.
79
80
2009-10-16 Werner Koch <wk@g10code.com>
81
82
* gpgsm.c (DEFAULT_INCLUDE_CERTS): New.
83
(default_include_certs): Init to -2.
84
85
2009-08-06 Werner Koch <wk@g10code.com>
86
87
* sign.c (gpgsm_sign): Print INV_SNDR for a bad default key.
88
89
* server.c (cmd_signer): Remove unneeded case for -1. Send
90
INV_SGNR. Use new map function.
91
(cmd_recipient): Use new map function.
92
* gpgsm.c (do_add_recipient): Use new map function for INV_RECP.
93
(main): Ditto. Also send INV_SGNR.
94
95
2009-07-30 Werner Koch <wk@g10code.com>
96
97
* call-agent.c (learn_cb): Do not store as ephemeral.
98
99
2009-07-29 Marcus Brinkmann <marcus@g10code.com>
100
101
* keylist.c (print_capabilities): Print a trailing colon.
102
103
2009-07-23 Werner Koch <wk@g10code.com>
104
105
* certchain.c (is_cert_still_valid): Emit AUDIT_CRL_CHECK.
106
107
2009-07-07 Werner Koch <wk@g10code.com>
108
109
* server.c (command_has_option): New.
110
(cmd_getinfo): Add subcommand "cmd_has_option".
111
(cmd_import): Implement option --re-import.
112
* import.c (gpgsm_import): Add arg reimport_mode.
113
(reimport_one): New.
114
115
* gpgsm.h: Include session-env.h.
116
(opt): Add field SESSION_ENV. Remove obsolete fields.
117
* server.c (option_handler): Rewrite setting of option fields.
118
Replace strdup by xtrystrdup.
119
* gpgsm.c (set_opt_session_env): New.
120
(main): Use it for oDisplay, oTTYname, oTTYtype and oXauthority.
121
* call-agent.c (start_agent): Adjust start_new_gpg_agent for
122
changed args.
123
* misc.c (setup_pinentry_env): Use new session_env stuff.
124
125
2009-07-02 Werner Koch <wk@g10code.com>
126
127
* certreqgen-ui.c (gpgsm_gencertreq_tty): Allow using a key from a
128
card.
129
* call-agent.c (gpgsm_agent_scd_serialno)
130
(scd_serialno_status_cb, store_serialno): New.
131
(scd_keypairinfo_status_cb, gpgsm_agent_scd_keypairinfo): New.
132
133
2009-07-01 Werner Koch <wk@g10code.com>
134
135
* certreqgen-ui.c (check_keygrip): New.
136
(gpgsm_gencertreq_tty): Allow using an existing key.
137
138
* gpgsm.c (open_es_fread): New.
139
(main) <aKeygen>: Implement --batch mode.
140
141
2009-06-24 Werner Koch <wk@g10code.com>
142
143
* call-dirmngr.c (pattern_from_strlist): Remove dead assignment of N.
144
* sign.c (gpgsm_sign): Remove dead assignment.
145
* certreqgen.c (create_request): Assign GPG_ERR_BUG to RC.
146
Reported by Fabian Keil.
147
148
2009-05-27 Werner Koch <wk@g10code.com>
149
150
* encrypt.c (encrypt_dek): Make use of make_canon_sexp.
151
152
2009-05-18 Werner Koch <wk@g10code.com>
153
154
* server.c (option_handler): New option "no-encrypt-to".
155
(cmd_encrypt): Make use of it.
156
157
* gpgsm.c: Remove not implemented --verify-files.
158
159
2009-04-02 Werner Koch <wk@g10code.com>
160
161
* keylist.c (list_cert_std): Print card serial number.
162
163
2009-04-01 Werner Koch <wk@g10code.com>
164
165
* export.c (popen_protect_tool): Add command line option
166
--agent-program and pass flag bit 6.
167
* import.c (popen_protect_tool): Ditto.
168
169
2009-03-26 Werner Koch <wk@g10code.com>
170
171
* gpgsm.c (main): s/def_digest_string/forced_digest_algo/ and
172
activate the --digest-algo option.
173
* gpgsm.h (struct opt): s/def_digest_algo/forced_digest_algo/.
174
* sign.c (gpgsm_sign): Implement --digest-algo.
175
176
* sign.c (MAX_DIGEST_LEN): Change to 64.
177
178
* call-agent.c (gpgsm_agent_marktrusted): Format the issuer name.
179
180
2009-03-25 Werner Koch <wk@g10code.com>
181
182
* decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY stati.
183
Fixes bug#1020.
184
* fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
185
change all callers.
186
187
2009-03-23 Werner Koch <wk@g10code.com>
188
189
* delete.c (delete_one): Also delete ephemeral certificates if
190
specified uniquely.
191
192
2009-03-20 Werner Koch <wk@g10code.com>
193
194
* keylist.c (list_internal_keys): Set released cert to NULL.
195
196
* call-agent.c (learn_status_cb): New.
197
(gpgsm_agent_learn): Use it.
198
(learn_cb): Send a progress for every certificate.
199
200
2009-03-18 Werner Koch <wk@g10code.com>
201
202
* gpgsm.h (struct opt): Move field WITH_EPHEMERAL_KEYS to struct
203
server_control_s.
204
* gpgsm.c (main): Change accordingly.
205
* keylist.c (list_internal_keys): Ditto.
206
* server.c (option_handler): Add "with-ephemeral-keys".
207
208
2009-03-12 Werner Koch <wk@g10code.com>
209
210
* certdump.c (gpgsm_dump_time): Remove.
211
* certdump.c, verify.c, certchain.c
212
* gpgsm.c: s/gpgsm_dump_time/dump_isotime/.
213
214
2009-03-06 Werner Koch <wk@g10code.com>
215
216
* call-agent.c (gpgsm_agent_keyinfo, keyinfo_status_cb): New.
217
* keylist.c (list_cert_colon): Print card S/N.
218
219
* keylist.c (list_internal_keys): Always list ephemeral keys if
220
specified by keygrip or fingerprint.
221
(list_cert_raw): Always show ephemeral flag.
222
* export.c (gpgsm_export): Export ephemeral keys if specified by
223
keygrip.
224
225
2009-02-09 Werner Koch <wk@g10code.com>
226
227
* gpgsm.c (main): Change default cipher back to 3DES.
228
229
2009-01-12 Werner Koch <wk@g10code.com>
230
231
* keylist.c (print_utf8_extn_raw): Cast printf precision argument.
232
233
2009-01-08 Werner Koch <wk@g10code.com>
234
235
* fingerprint.c (gpgsm_get_keygrip_hexstring): Add error detection.
236
237
2008-12-10 Werner Koch <wk@g10code.com>
238
239
* gpgsm.c (our_cipher_test_algo): Use the GCRY constants as we now
240
require 1.4.
241
(our_md_test_algo): Ditto. Add SHA224.
242
(main) <aGpgConfList>: Update default cipher algo.
243
244
2008-12-09 Werner Koch <wk@g10code.com>
245
246
* gpgsm.c (main): Call i18n_init before init_common_subsystems.
247
248
2008-12-05 Werner Koch <wk@g10code.com>
249
250
* certreqgen.c (create_request): Provide a custom prompt for the
251
signing.
252
253
* certdump.c (gpgsm_format_keydesc): Remove debug output.
254
(gpgsm_format_keydesc): Remove saving of errno as xfree is
255
supposed not to change it. Use the new percent_plus_escape
256
function which also fixes the issue that we did not escaped a
257
percent in the past.
258
259
2008-11-18 Werner Koch <wk@g10code.com>
260
261
* gpgsm.c (make_libversion): New.
262
(my_strusage): Use new function.
263
(build_lib_list): Remove.
264
265
2008-11-13 Werner Koch <wk@g10code.com>
266
267
* gpgsm.c: Remove all unused options. Use ARGPARSE macros.
268
269
2008-10-28 Werner Koch <wk@g10code.com>
270
271
* certdump.c (gpgsm_format_keydesc): Use xtryasprintf and xfree.
272
(gpgsm_es_print_name): Factor code out to ...
273
(gpgsm_es_print_name2): New function.
274
(gpgsm_format_name2, format_name_writer): Use estream so that it
275
works on all platforms.
276
(format_name_writer): Fix reallocation bug.
277
278
2008-10-23 Werner Koch <wk@g10code.com>
279
280
* import.c (popen_protect_tool): Add arg CTRL and assure that the
281
agent is running. Pass a value for CTRL from all caller.
282
* export.c (popen_protect_tool): Ditto.
283
284
2008-10-21 Werner Koch <wk@g10code.com>
285
286
* call-dirmngr.c (inq_certificate_parm_s): Add field CTRL.
287
(gpgsm_dirmngr_isvalid): Supply a value for that field.
288
(inq_certificate): Add inquiry ISTRUSTED.
289
290
* call-agent.c (gpgsm_agent_istrusted): Add new optional arg
291
HEXFPR. Changed all callers.
292
293
2008-10-20 Werner Koch <wk@g10code.com>
294
295
* keydb.c (keydb_locate_writable): Mark unused arg.
296
(keydb_search_kid): Ditto.
297
(keydb_clear_some_cert_flags): Ditto.
298
* server.c (cmd_encrypt): Ditto.
299
(cmd_decrypt, cmd_verify, cmd_import, cmd_genkey): Ditto.
300
* call-agent.c (gpgsm_scd_pksign): Ditto.
301
* call-dirmngr.c (release_dirmngr, release_dirmngr2)
302
(run_command_cb): Ditto.
303
* certlist.c (gpgsm_add_cert_to_certlist): Ditto.
304
* certchain.c (find_up_dirmngr): Ditto.
305
* keylist.c (print_key_data): Ditto.
306
(list_cert_raw, list_cert_std): Ditto.
307
* qualified.c (gpgsm_is_in_qualified_list): Ditto.
308
309
* gpgsm.c (set_binary) [!W32]: Mark unused arg.
310
311
2008-10-17 Werner Koch <wk@g10code.com>
312
313
* call-dirmngr.c (start_dirmngr, start_dirmngr2): Reset the lock
314
flag on error.
315
(release_dirmngr, release_dirmngr2): Replace asserts by error messages.
316
(gpgsm_dirmngr_lookup): Replace assert by fatal error message.
317
318
2008-10-13 Werner Koch <wk@g10code.com>
319
320
* gpgsm.c: Add alias --delete-keys.
321
322
2008-09-30 Werner Koch <wk@g10code.com>
323
324
* server.c (cmd_getinfo): New subcommand agent-check.
325
* call-agent.c (gpgsm_agent_send_nop): New.
326
327
2008-09-29 Werner Koch <wk@g10code.com>
328
329
* certcheck.c (MY_GCRY_PK_ECDSA): Remove. Change users to
330
GCRY_PK_ECDSA.
331
* gpgsm.c (MY_GCRY_PK_ECDSA): Ditto.
332
* sign.c (MY_GCRY_MD_SHA224): Remove change users to GCRY_MD_SHA224.
333
334
2008-09-04 Werner Koch <wk@g10code.com>
335
336
* certdump.c (gpgsm_format_keydesc): Work around a mingw32 bug.
337
338
2008-09-03 Werner Koch <wk@g10code.com>
339
340
* sign.c (MY_GCRY_MD_SHA224): New, so that we don't need libgcrypt
341
1.2.
342
343
2008-08-13 Werner Koch <wk@g10code.com>
344
345
* keylist.c (list_cert_colon): Print 'f' for validated certs.
346
347
2008-08-08 Marcus Brinkmann <marcus@g10code.de>
348
349
* gpgsm.h (struct server_control_s): Remove member dirmngr_seen.
350
* call-dirmngr.c (dirmngr2_ctx, dirmngr_ctx_locked)
351
(dirmngr2_ctx_locked): New global variables.
352
(prepare_dirmngr): Don't check dirmngr_seen anymore.
353
(start_dirmngr): Move bunch of code to ...
354
(start_dirmngr_ext): ... this new function.
355
(release_dirmngr, start_dirmngr2, release_dirmngr2): New
356
functions.
357
(gpgsm_dirmngr_isvalid): Call release_dirmngr.
358
(gpgsm_dirmngr_lookup): Call release_dirmngr. If dirmngr_ctx is
359
locked, use dirmngr2_locked.
360
(gpgsm_dirmngr_run_command): Call release_dirmngr.
361
362
2008-06-25 Werner Koch <wk@g10code.com>
363
364
* sign.c (gpgsm_sign): Revamp the hash algorithm selection.
365
* gpgsm.h (struct certlist_s): Add field HASH_ALGO and HASH_ALGO_OID.
366
367
* qualified.c (gpgsm_qualified_consent): Fix double free.
368
369
* gpgsm.c (main): Change default cipher algo to AES.
370
371
* keylist.c (print_utf8_extn_raw, print_utf8_extn): New.
372
(list_cert_raw, list_cert_std): Print the TeleSec restriction
373
extension.
374
375
2008-06-23 Werner Koch <wk@g10code.com>
376
377
* encrypt.c (encode_session_key): Replace xmalloc by xtrymalloc.
378
Use bin2hex instead of open coding the conversion.
379
(encrypt_dek): Init S_DATA.
380
381
2008-06-13 Marcus Brinkmann <marcus@ulysses.g10code.com>
382
383
* call-dirmngr.c (prepare_dirmngr): Fix error code to ignore.
384
385
2008-06-12 Marcus Brinkmann <marcus@g10code.de>
386
387
* gpgsm.h (struct keyserver_spec): New struct.
388
(opt): Add member keyserver.
389
* gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions.
390
(main): Implement --keyserver option.
391
* call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands.
392
393
2008-05-20 Werner Koch <wk@g10code.com>
394
395
* gpgsm.c (main) <aExportSecretKeyP12>: Pass FP and not stdout to
396
the export function. Reported by Marc Mutz.
397
398
2008-05-06 Werner Koch <wk@g10code.com>
399
400
* keylist.c (list_external_keys): Ignore NOT FOUND error code.
401
This is bug#907.
402
403
2008-04-23 Werner Koch <wk@g10code.com>
404
405
* certchain.c (find_up): Make correct C89 code. Declare variable
406
at the top of the block. Reported by Alain Guibert.
407
408
2008-04-09 Werner Koch <wk@g10code.com>
409
410
* verify.c (gpgsm_verify): Print the message hash values on error.
411
412
2008-03-31 Werner Koch <wk@g10code.com>
413
414
* call-dirmngr.c (start_dirmngr): Use log_info instead of
415
log_error when falling back to start dirmngr.
416
417
2008-03-20 Werner Koch <wk@g10code.com>
418
419
* certlist.c (gpgsm_add_to_certlist): Always save the first
420
subject and issuer. Initialize issuer with issuer and not with
421
subject.
422
(same_subject_issuer): Set issuer2 to issuer and not to subject.
423
424
2008-03-17 Werner Koch <wk@g10code.com>
425
426
* certdump.c (my_funopen_hook_size_t): New.
427
(format_name_writer): Use it.
428
429
2008-03-13 Werner Koch <wk@g10code.com>
430
431
* certdump.c (gpgsm_fpr_and_name_for_status): Fix signed/unsigned
432
char issue.
433
(gpgsm_format_keydesc): Remove superfluous test. Add expire date
434
to the prompt.
435
436
2008-02-18 Werner Koch <wk@g10code.com>
437
438
* certchain.c (gpgsm_is_root_cert): Factor code out to ...
439
(is_root_cert): New. Extend test for self-issued certificates
440
signed by other CAs.
441
(do_validate_chain, gpgsm_basic_cert_check)
442
(gpgsm_walk_cert_chain): Use it here.
443
444
* gpgsm.c: Add option --no-common-certs-import.
445
446
* certchain.c (find_up_dirmngr, find_up, do_validate_chain)
447
(check_cert_policy): Be more silent with --quiet.
448
449
* gpgsm.c: Add option --disable-dirmngr.
450
* gpgsm.h (opt): Add field DISABLE_DIRMNGR.
451
* call-dirmngr.c (start_dirmngr): Implement option.
452
453
2008-02-14 Werner Koch <wk@g10code.com>
454
455
* server.c (option_handler): Add option allow-pinentry-notify.
456
(gpgsm_proxy_pinentry_notify): New.
457
* call-agent.c (default_inq_cb): New.
458
(gpgsm_agent_pksign, gpgsm_scd_pksign, gpgsm_agent_readkey)
459
(gpgsm_agent_istrusted, gpgsm_agent_marktrusted)
460
(gpgsm_agent_passwd, gpgsm_agent_get_confirmation): Call it.
461
(struct cipher_parm_s, struct genkey_parm_s): Add field CTRL.
462
(inq_ciphertext_cb): Test keyword and fallback to default_inq_cb.
463
(inq_genkey_parms): Ditto.
464
(start_agent): Tell agent to send us the pinentry notifications.
465
466
2008-02-13 Werner Koch <wk@g10code.com>
467
468
* call-dirmngr.c (gpgsm_dirmngr_lookup): Add arg CACHE_ONLY.
469
* keylist.c (list_external_keys): Pass false for new arg.
470
* certchain.c (find_up_dirmngr): New.
471
(find_up): Also try to read from the dirmngr cache.
472
(find_up, find_up_external, gpgsm_walk_cert_chain)
473
(gpgsm_basic_cert_check, allowed_ca): Add arg CTRL and changed all
474
callers.
475
* call-agent.c (struct learn_parm_s): Add field CTRL.
476
(gpgsm_agent_learn): Set it.
477
478
2008-02-11 Werner Koch <wk@g10code.com>
479
480
* server.c (cmd_getinfo): New.
481
(gpgsm_server): Register GETINFO.
482
483
2008-01-29 Marcus Brinkmann <marcus@g10code.de>
484
485
* keylist.c (list_internal_keys): New variable lastcert. Use it
486
to suppress duplicates which immediately follow each other.
487
488
2008-01-27 Werner Koch <wk@g10code.com>
489
490
* import.c (popen_protect_tool): Set bit 7 in the flags for
491
gnupg_spawn_process so that under W32 no window appears.
492
* export.c (popen_protect_tool): Ditto.
493
494
2007-12-13 Werner Koch <wk@g10code.com>
495
496
* gpgsm.c (main): Add option --extra-digest-algo.
497
* gpgsm.h (struct): Add EXTRA_DIGEST_ALGO.
498
* verify.c (gpgsm_verify): Use it. Use the hash algorithm from
499
the signature value.
500
501
2007-12-11 Werner Koch <wk@g10code.com>
502
503
* certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED.
504
505
* server.c (cmd_sign, cmd_decrypt, cmd_encrypt): Start audit log.
506
(cmd_recipient): Start audit session.
507
508
* gpgsm.c (main): Revamp creation of the audit log.
509
510
* gpgsm.h (struct server_control_s): Add AGENT_SEEN and DIRMNGR_SEEN.
511
* call-agent.c (start_agent): Record an audit event.
512
* call-dirmngr.c (start_dirmngr): Ditto. Add new arg CTRL and pass
513
it from all callers.
514
(prepare_dirmngr): New helper for start_dirmngr.
515
516
* encrypt.c (gpgsm_encrypt): Add calls to audit_log.
517
518
2007-12-03 Werner Koch <wk@g10code.com>
519
520
* gpgsm.c (main): Call gnupg_reopen_std.
521
522
h2007-11-22 Werner Koch <wk@g10code.com>
523
524
* server.c (cmd_getauditlog): New.
525
(register_commands): Register GETAUDITLOG.
526
527
2007-11-19 Werner Koch <wk@g10code.com>
528
529
* server.c (cmd_recipient, cmd_signer): Add error reason 11.
530
531
* gpgsm.c (main): Print a warning if --audit-log is used.
532
533
2007-11-15 Werner Koch <wk@g10code.com>
534
535
* gpgsm.h (struct): Add XAUTHORITY and PINENTRY_USER_DATA.
536
* misc.c (setup_pinentry_env): Add XAUTHORITY and PINENTRY_USER_DATA.
537
* gpgsm.c (main): New option --xauthority.
538
* call-agent.c (start_agent): Adjust for changed start_new_gpg_agent.
539
* server.c (option_handler): Ad the new options.
540
541
2007-11-07 Werner Koch <wk@g10code.com>
542
543
* gpgsm.c (main): New option --audit-log.
544
* server.c (option_handler): New option enable-audit-log.
545
(start_audit_session): New.
546
(cmd_verify): Create audit context.
547
(gpgsm_server): Release the context.
548
549
* gpgsm.h (struct server_control_s): Add member AUDIT, include
550
audit.h.
551
* certdump.c (gpgsm_format_sn_issuer): New.
552
* verify.c (hash_data): Return an error code.
553
(gpgsm_verify): Add calls to audit_log.
554
555
* gpgsm.c (get_status_string): Remove.
556
* gpgsm.h: Include status.h instead of errors.h.
557
558
2007-10-19 Werner Koch <wk@g10code.com>
559
560
* qualified.c (gpgsm_qualified_consent): Use i18N-swicth functions.
561
(gpgsm_not_qualified_warning): Ditto.
562
* certdump.c (gpgsm_format_keydesc): Ditto.
563
564
2007-09-14 Werner Koch <wk@g10code.com>
565
566
* gpgsm.c (build_lib_list): New.
567
(my_strusage): Print lib info.
568
569
2007-08-24 Werner Koch <wk@g10code.com>
570
571
* Makefile.am (common_libs): Swap libkeybox and jnlib.
572
573
2007-08-23 Werner Koch <wk@g10code.com>
574
575
* certlist.c (gpgsm_certs_identical_p): New.
576
(gpgsm_add_to_certlist): Ignore duplicate certificates in
577
ambigious name detection.
578
(gpgsm_find_cert): Ditto.
579
* export.c (gpgsm_p12_export): Ditto.
580
581
2007-08-22 Werner Koch <wk@g10code.com>
582
583
* certreqgen.c (create_request): Replace open coding by bin2hex.
584
585
* certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_fopenmem.
586
587
2007-08-21 Werner Koch <wk@g10code.com>
588
589
* import.c (parse_p12): Use gnupg_tmpfile.
590
* export.c (export_p12): Ditto.
591
592
2007-08-20 Werner Koch <wk@g10code.com>
593
594
* certreqgen.c (read_parameters): Change FP to an estream_t.
595
(gpgsm_genkey): Replace in_fd and in_stream by a estream_t.
596
* server.c (cmd_genkey): Adjust for that.
597
* certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_open_memstream
598
instead of a temporary file.
599
600
2007-08-14 Werner Koch <wk@g10code.com>
601
602
* call-dirmngr.c (start_dirmngr): Use dirmngr_socket_name. change
603
the way infostr is xstrdupped.
604
605
* gpgsm.c (main) [W32]: Make --prefer-system-dirmngr a dummy under
606
Windows.
607
608
2007-08-13 Werner Koch <wk@g10code.com>
609
610
* gpgsm.c (do_add_recipient): Add RECP_REQUIRED and make error
611
message depend on that.
612
(main): Add avriable RECP_REQUIRED, set ift for encryption
613
commands and pass it to do_add_recipient.
614
(our_pk_test_algo, our_cipher_test_algo, our_md_test_algo): Implement.
615
616
2007-08-09 Werner Koch <wk@g10code.com>
617
618
* gpgsm.c (main) [W32]: Enable CRL check by default.
619
(main): Update the default control structure after reading the
620
options.
621
(gpgsm_parse_validation_model, parse_validation_model): New.
622
(main): New option --validation-model.
623
* certchain.c (gpgsm_validate_chain): Implement this option.
624
* server.c (option_handler): Ditto.
625
626
* certchain.c (is_cert_still_valid): Reformatted. Add arg
627
FORCE_OCSP. Changed callers to set this flag when using the chain
628
model.
629
630
2007-08-08 Werner Koch <wk@g10code.com>
631
632
* certdump.c (gpgsm_print_serial): Fixed brown paper bag style bugs
633
which prefixed the output with a 3A and cut it off at a 00.
634
635
* keylist.c (list_cert_raw): Print the certificate ID first and
636
rename "Serial number" to "S/N".
637
(list_cert_std): Ditto.
638
639
2007-08-07 Werner Koch <wk@g10code.com>
640
641
* gpgsm.c (main): Allow a string for --faked-system-time.
642
643
2007-08-06 Werner Koch <wk@g10code.com>
644
645
Implementation of the chain model.
646
647
* gpgsm.h (struct rootca_flags_s): Define new members VALID and
648
CHAIN_MODEL.
649
* call-agent.c (gpgsm_agent_istrusted): Mark ROOTCA_FLAGS valid.
650
(istrusted_status_cb): Set CHAIN_MODEL.
651
* certchain.c (gpgsm_validate_chain): Replace LM alias by LISTMODE
652
and FP by LISTFP.
653
(gpgsm_validate_chain): Factor some code out to ...
654
(check_validity_period, ask_marktrusted): .. new.
655
(check_validity_cm_basic, check_validity_cm_main): New.
656
(do_validate_chain): New with all code from gpgsm_validate_chain.
657
New arg ROOTCA_FLAGS.
658
(gpgsm_validate_chain): Provide ROOTCA_FLAGS and fallback to chain
659
model. Add RETFLAGS arg and changed all callers to pass NULL. Add
660
CHECKTIME arg and changed all callers to pass a nil value.
661
(has_validity_model_chain): New.
662
* verify.c (gpgsm_verify): Check for chain model and return as
663
part of the trust status.
664
665
* gpgsm.h (VALIDATE_FLAG_NO_DIRMNGR): New.
666
(VALIDATE_FLAG_NO_DIRMNGR): New.
667
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Use constant here.
668
669
2007-08-03 Werner Koch <wk@g10code.com>
670
671
* keylist.c (list_cert_colon): Avoid duplicate listing of kludge
672
uids.
673
674
* verify.c (gpgsm_verify): Make STATUS_VERIFY return the hash and
675
pk algo.
676
* certcheck.c (gpgsm_check_cms_signature): Add arg R_PKALGO.
677
678
2007-08-02 Werner Koch <wk@g10code.com>
679
680
* gpgsm.c (main): Factored GC_OPT_FLAGS out to gc-opt-flags.h.
681
682
2007-07-17 Werner Koch <wk@g10code.com>
683
684
* gpgsm.c (main): Implement --default-key.
685
(main) <gpgconf-list>: Declare --default-key and --encrypt-to.
686
687
2007-07-16 Werner Koch <wk@g10code.com>
688
689
* server.c (cmd_message): Use gnupg_fd_t to avoid dependecy on
690
newer assuan versions.
691
692
2007-07-12 Werner Koch <wk@g10code.com>
693
694
* gpgsm.c (check_special_filename): Use translate_sys2libc_fd_int
695
when passing an int value.
696
* server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_import)
697
(cmd_export, cmd_message, cmd_genkey): Translate file descriptors.
698
699
2007-07-05 Werner Koch <wk@g10code.com>
700
701
* Makefile.am (common_libs): Changed order of libs.
702
703
2007-07-04 Werner Koch <wk@g10code.com>
704
705
* certchain.c (check_cert_policy): Remove extra checks for
706
GPG_ERR_NO_VALUE. They are not needed since libksba 1.0.1.
707
* keylist.c (print_capabilities, list_cert_raw, list_cert_std): Ditto.
708
* certlist.c (cert_usage_p, cert_usage_p): Ditto.
709
710
2007-06-26 Werner Koch <wk@g10code.com>
711
712
* gpgsm.c (main): Call gnupg_rl_initialize.
713
* Makefile.am (gpgsm_LDADD): Add LIBREADLINE and libgpgrl.a.
714
715
2007-06-25 Werner Koch <wk@g10code.com>
716
717
* gpgsm.c (check_special_filename): Use translate_sys2libc_fd and
718
add new arg FOR_WRITE. Change callers to pass new arg.
719
720
2007-06-24 Werner Koch <wk@g10code.com>
721
722
* gpgsm.c (open_es_fwrite): Avoid the dup by using the new
723
es_fdopen_nc().
724
725
2007-06-21 Werner Koch <wk@g10code.com>
726
727
* certreqgen-ui.c: New.
728
* gpgsm.c (main): Let --gen-key call it.
729
* certreqgen.c (gpgsm_genkey): Add optional IN_STREAM arg and
730
adjusted caller.
731
732
* gpgsm.h (ctrl_t): Remove. It is now declared in ../common/util.h.
733
734
* call-agent.c (start_agent): Factored almost all code out to
735
../common/asshelp.c.
736
737
2007-06-20 Werner Koch <wk@g10code.com>
738
739
* call-agent.c (start_agent) [W32]: Start the agent on the fly.
740
741
2007-06-18 Marcus Brinkmann <marcus@g10code.de>
742
743
* gpgsm.c (main): Percent escape output of --gpgconf-list.
744
745
2007-06-14 Werner Koch <wk@g10code.com>
746
747
* call-agent.c (start_agent): Use gnupg_module_name.
748
* call-dirmngr.c (start_dirmngr): Ditto.
749
* export.c (export_p12): Ditto.
750
* import.c (parse_p12): Ditto.
751
* gpgsm.c (run_protect_tool): Ditto.
752
753
2007-06-12 Werner Koch <wk@g10code.com>
754
755
* gpgsm.c (main): Replace some calls by init_common_subsystems.
756
(main): Use gnupg_datadir.
757
* qualified.c (read_list): Use gnupg-datadir.
758
759
2007-06-11 Werner Koch <wk@g10code.com>
760
761
* Makefile.am (common_libs): Use libcommaonstd macr.
762
763
* gpgsm.c (main) [W32]: Call pth_init.
764
765
2007-06-06 Werner Koch <wk@g10code.com>
766
767
* qualified.c (gpgsm_not_qualified_warning) [!ENABLE_NLS]: Do not
768
define orig_codeset.
769
* certdump.c (gpgsm_format_keydesc) [!ENABLE_NLS]: Do not define
770
orig_codeset.
771
(format_name_writer): Define only if funopen et al is available.
772
773
* gpgsm.c (i18n_init): Remove.
774
775
2007-05-29 Werner Koch <wk@g10code.com>
776
777
* export.c (gpgsm_p12_export): Print passphrase encoding info only
778
in PEM mode.
779
780
2007-05-18 Marcus Brinkmann <marcus@g10code.de>
781
782
* qualified.c (gpgsm_qualified_consent,
783
gpgsm_not_qualified_warning): Free ORIG_CODESET on error.
784
* certdump.c (gpgsm_format_keydesc): Likewise.
785
786
2007-05-07 Werner Koch <wk@g10code.com>
787
788
* certcheck.c (MY_GCRY_PK_ECDSA): New.
789
790
2007-04-20 Werner Koch <wk@g10code.com>
791
792
* gpgsm.c (main): Parameterize failed versions check messages.
793
794
2007-04-19 Werner Koch <wk@g10code.com>
795
796
* certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2
797
and all ECDSA sizes.
798
(get_dsa_qbits): New.
799
(pk_algo_from_sexp): A key will never contain ecdsa as algorithm,
800
so remove that.
801
802
2007-04-18 Werner Koch <wk@g10code.com>
803
804
* certcheck.c (do_encode_md): Support 160 bit ECDSA.
805
806
2007-04-13 Werner Koch <wk@g10code.com>
807
808
* call-agent.c (start_agent): Don't use log_error when using the
809
fallback hack to start the agent. This is bug 782.
810
811
2007-03-20 Werner Koch <wk@g10code.com>
812
813
* fingerprint.c (gpgsm_get_fingerprint): Add caching.
814
(gpgsm_get_fingerprint_string): Use bin2hexcolon().
815
(gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only
816
as much memory as required.
817
(gpgsm_get_keygrip_hexstring): Use bin2hex.
818
819
* certchain.c (gpgsm_validate_chain): Keep track of the
820
certificate chain and reset the ephemeral flags.
821
* keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK.
822
Changed caller to use a mask of ~0. Return a proper error code if
823
the certificate is not available.
824
825
* gpgsm.c: Add option --p12-charset.
826
* gpgsm.h (struct opt): Add p12_charset.
827
* export.c (popen_protect_tool): Use new option.
828
829
2007-03-19 Werner Koch <wk@g10code.com>
830
831
Changes to let export and key listing use estream to help systems
832
without funopen.
833
834
* keylist.c: Use estream in place of stdio functions.
835
* gpgsm.c (open_es_fwrite): New.
836
(main): Use it for the list commands.
837
* server.c (data_line_cookie_functions): New.
838
(data_line_cookie_write, data_line_cookie_close): New.
839
(do_listkeys): Use estream.
840
841
* certdump.c (gpgsm_print_serial): Changed to use estream.
842
(gpgsm_print_time): Ditto.
843
(pretty_es_print_sexp): New.
844
(gpgsm_es_print_name): New.
845
(print_dn_part): New arg STREAM. Changed all callers.
846
(print_dn_parts): Ditto.
847
* certchain.c (gpgsm_validate_chain): Changed FP to type
848
estream_t.
849
(do_list, unknown_criticals, allowed_ca, check_cert_policy)
850
(is_cert_still_valid): Ditto.
851
852
* export.c (gpgsm_export): New arg STREAM.
853
(do_putc, do_fputs): New.
854
(print_short_info): Allow printing to optional STREAM.
855
* server.c (cmd_export): Use stream.
856
* base64.c (do_putc, do_fputs): New.
857
(base64_writer_cb, base64_finish_write): Let them cope with an
858
alternate output function.
859
(plain_writer_cb): New.
860
(gpgsm_create_writer): New arg STREAM and call plain_writer_cb for
861
binary output to an estream. Changed call callers.
862
863
2007-01-31 Werner Koch <wk@g10code.com>
864
865
* gpgsm.c (main): Let --gen-key print a more informative error
866
message.
867
868
2007-01-25 Werner Koch <wk@g10code.com>
869
870
* Makefile.am (gpgsm_LDADD): Add LIBICONV. Noted by Billy Halsey.
871
872
2007-01-05 Werner Koch <wk@g10code.com>
873
874
* certchain.c (unknown_criticals): Add subjectAltName.
875
876
2006-12-21 Werner Koch <wk@g10code.com>
877
878
* gpgsm.c: Comment mtrace feature.
879
880
2006-12-21 Marcus Brinkmann <marcus@g10code.de>
881
882
* certchain.c (gpgsm_basic_cert_check): Release SUBJECT.
883
884
* encrypt.c (encrypt_dek): Release S_CIPH.
885
886
2006-12-20 Marcus Brinkmann <marcus@g10code.de>
887
888
* server.c (gpgsm_server): Release CTRL->server_local.
889
890
* base64.c: Add new members READER and WRITER in union U2.
891
(gpgsm_create_reader): Initialise CTX->u2.reader.
892
(gpgsm_destroy_reader): Invoke ksba_reader_release. Return early
893
if CTX is NULL.
894
(gpgsm_create_writer): Initialise CTX->u2.writer.
895
(gpgsm_destroy_writer): Invoke ksba_writer_release. Return early
896
if CTX is NULL.
897
898
2006-12-18 Marcus Brinkmann <marcus@g10code.de>
899
900
* fingerprint.c (gpgsm_get_fingerprint): Close MD.
901
902
2006-11-24 Werner Koch <wk@g10code.com>
903
904
* certdump.c (parse_dn_part): Take '#' as a special character only
905
at the beginning of a string.
906
907
2006-11-21 Werner Koch <wk@g10code.com>
908
909
* certdump.c (my_funopen_hook_ret_t): New.
910
(format_name_writer): Use it for the return value.
911
912
2006-11-14 Werner Koch <wk@g10code.com>
913
914
* server.c (skip_options): Skip leading spaces.
915
(has_option): Honor "--".
916
(cmd_export): Add option --data to do an inline export. Skip all
917
options.
918
919
* certdump.c (gpgsm_fpr_and_name_for_status): New.
920
* verify.c (gpgsm_verify): Use it to print correct status messages.
921
922
2006-11-11 Werner Koch <wk@g10code.com>
923
924
* server.c (skip_options): New.
925
926
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
927
928
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
929
930
2006-10-23 Werner Koch <wk@g10code.com>
931
932
* gpgsm.c (main): Remap common cipher algo names to their OIDs.
933
(main): New command --gpgconf-test.
934
935
2006-10-20 Werner Koch <wk@g10code.com>
936
937
* keydb.c (classify_user_id): Parse keygrip for the '&' identifier.
938
939
2006-10-18 Werner Koch <wk@g10code.com>
940
941
* keylist.c (list_cert_raw): Also test for GPG_ERR_NO_VALUE when
942
testing for GPG_ERR_NO_DATA.
943
* certlist.c (cert_usage_p, gpgsm_find_cert): Ditto.
944
* certchain.c (check_cert_policy): Ditto.
945
946
* keylist.c (list_cert_std, list_cert_raw): Print "none" for no
947
chain length available.
948
949
2006-10-17 Werner Koch <wk@g10code.com>
950
951
* gpgsm.c: No need for pth.h.
952
(main): or to init it. It used to be hack for W32.
953
954
* sign.c (gpgsm_get_default_cert): Changed to return only
955
certificates usable for signing.
956
957
2006-10-16 Werner Koch <wk@g10code.com>
958
959
* certchain.c (already_asked_marktrusted)
960
(set_already_asked_marktrusted): New.
961
(gpgsm_validate_chain) <not trusted>: Keep track of certificates
962
we already asked for.
963
964
2006-10-11 Werner Koch <wk@g10code.com>
965
966
* certreqgen.c (proc_parameters, create_request): Allow for
967
creation directly from a card.
968
* call-agent.c (gpgsm_agent_readkey): New arg FROMCARD.
969
(gpgsm_scd_pksign): New.
970
971
2006-10-06 Werner Koch <wk@g10code.com>
972
973
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
974
(gpgsm_LDADD): Ditto.
975
976
2006-10-05 Werner Koch <wk@g10code.com>
977
978
* certcheck.c (do_encode_md): Check that the has algo is valid.
979
980
2006-10-02 Marcus Brinkmann <marcus@g10code.de>
981
982
* server.c (register_commands): New commands DUMPKEYS and
983
DUMPSECRETKEYS.
984
(cmd_dumpkeys, cmd_dumpsecretkeys): New functions.
985
(option_handler): Support with-key-data option.
986
987
2006-09-26 Werner Koch <wk@g10code.com>
988
989
* certchain.c (gpgsm_validate_chain): More changes for the relax
990
feature. Use certificate reference counting instead of the old
991
explicit tests. Added a missing free.
992
993
2006-09-25 Werner Koch <wk@g10code.com>
994
995
* gpgsm.h (struct rootca_flags_s): New.
996
* call-agent.c (istrusted_status_cb): New.
997
(gpgsm_agent_istrusted): New arg ROOTCA_FLAGS.
998
* keylist.c (list_cert_colon): Use dummy for new arg.
999
* certchain.c (gpgsm_validate_chain): Make use of the relax flag
1000
for root certificates.
1001
(unknown_criticals): Ignore a GPG_ERR_NO_VALUE.
1002
1003
2006-09-20 Werner Koch <wk@g10code.com>
1004
1005
* gpgsm.c: Add alias command --dump-cert.
1006
1007
* Makefile.am: Changes to allow parallel make runs.
1008
1009
2006-09-18 Werner Koch <wk@g10code.com>
1010
1011
* gpgsm.c (main): Use this to import standard certificates.
1012
* keydb.c (keydb_add_resource): New arg AUTO_CREATED.
1013
1014
2006-09-14 Werner Koch <wk@g10code.com>
1015
1016
Replaced all call gpg_error_from_errno(errno) by
1017
gpg_error_from_syserror().
1018
1019
2006-09-13 Werner Koch <wk@g10code.com>
1020
1021
* keylist.c (list_internal_keys): Print marker line to FP and not
1022
to stdout.
1023
1024
* gpgsm.c (main): All list key list commands now make ose of
1025
--output. Cleaned up calls to list modes. New command
1026
--dump-chain. Renamed --list-sigs to --list-chain and added an
1027
alias for the old one.
1028
1029
* server.c (cmd_message): Changed to use assuan_command_parse_fd.
1030
(option_handler): New option list-to-output.
1031
(do_listkeys): Use it.
1032
1033
2006-09-06 Werner Koch <wk@g10code.com>
1034
1035
* gpgsm.h (OUT_OF_CORE): Removed and changed all callers to
1036
out_of_core.
1037
(CTRL): Removed and changed everywhere to ctrl_t.
1038
(CERTLIST): Ditto.
1039
1040
Replaced all Assuan error codes by libgpg-error codes. Removed
1041
all map_to_assuan_status and map_assuan_err.
1042
1043
* gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan
1044
switch to gpg-error codes.
1045
* server.c (set_error): Adjusted.
1046
1047
2006-08-29 Werner Koch <wk@g10code.com>
1048
1049
* call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
1050
complete S-expressions as implemented by the current gpg-agent.
1051
1052
* gpgsm.c (main): Implement --output for encrypt, decrypt, sign
1053
and export.
1054
1055
2006-07-03 Werner Koch <wk@g10code.com>
1056
1057
* certreqgen.c (proc_parameters): Print the component label of a
1058
faulty DN.
1059
1060
2006-06-26 Werner Koch <wk@g10code.com>
1061
1062
* certdump.c (gpgsm_cert_log_name): New.
1063
* certchain.c (is_cert_still_valid): Log the name of the certificate.
1064
1065
2006-06-20 Werner Koch <wk@g10code.com>
1066
1067
* gpgsm.c (gpgsm_init_default_ctrl): Take care of the command line
1068
option --include-certs.
1069
1070
* keylist.c (list_cert_raw): Print the certid.
1071
1072
2006-05-23 Werner Koch <wk@g10code.com>
1073
1074
* keydb.c (hextobyte): Deleted as it is now defined in jnlib.
1075
1076
* Makefile.am (gpgsm_LDADD): Include ZLIBS.
1077
1078
2006-05-19 Marcus Brinkmann <marcus@g10code.de>
1079
1080
* keydb.c (keydb_insert_cert): Do not lock here, but only check if
1081
it is locked.
1082
(keydb_store_cert): Lock here.
1083
1084
* keydb.h (keydb_delete): Accept new argument UNLOCK.
1085
* keydb.c (keydb_delete): Likewise. Only unlock if this is set.
1086
* delete.c (delete_one): Add new argument to invocation of
1087
keydb_delete.
1088
1089
2006-05-15 Werner Koch <wk@g10code.com>
1090
1091
* keylist.c (print_names_raw): Sanitize URI.
1092
1093
2006-03-21 Werner Koch <wk@g10code.com>
1094
1095
* certchain.c (get_regtp_ca_info): New.
1096
(allowed_ca): Use it.
1097
1098
2006-03-20 Werner Koch <wk@g10code.com>
1099
1100
* qualified.c (gpgsm_is_in_qualified_list): New optional arg COUNTRY.
1101
1102
2006-02-17 Werner Koch <wk@g10code.com>
1103
1104
* call-dirmngr.c (start_dirmngr): Print name of dirmngr to be started.
1105
1106
2005-11-23 Werner Koch <wk@g10code.com>
1107
1108
* gpgsm.h: New member QUALSIG_APPROVAL.
1109
* sign.c (gpgsm_sign): Print a warning if a certificate is not
1110
qualified.
1111
* qualified.c (gpgsm_qualified_consent): Include a note that this
1112
is not approved software.
1113
(gpgsm_not_qualified_warning): New.
1114
* gpgsm.c (main): Prepared to print a note whether the software
1115
has been approved.
1116
1117
2005-11-13 Werner Koch <wk@g10code.com>
1118
1119
* call-agent.c (gpgsm_agent_get_confirmation): New.
1120
1121
* keylist.c (list_cert_std): Print qualified status.
1122
* qualified.c: New.
1123
* certchain.c (gpgsm_validate_chain): Check for qualified
1124
certificates.
1125
1126
* certchain.c (gpgsm_basic_cert_check): Release keydb handle when
1127
no-chain-validation is used.
1128
1129
2005-11-11 Werner Koch <wk@g10code.com>
1130
1131
* keylist.c (print_capabilities): Print is_qualified status.
1132
1133
2005-10-28 Werner Koch <wk@g10code.com>
1134
1135
* certdump.c (pretty_print_sexp): New.
1136
(gpgsm_print_name2): Use it here. This allows proper printing of
1137
DNS names as used with server certificates.
1138
1139
2005-10-10 Werner Koch <wk@g10code.com>
1140
1141
* keylist.c: Add pkaAdress OID as reference.
1142
1143
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
1144
1145
* Makefile.am (gpgsm_LDADD): Add ../gl/libgnu.a after
1146
../common/libcommon.a.
1147
1148
2005-09-13 Werner Koch <wk@g10code.com>
1149
1150
* verify.c (gpgsm_verify): Print a note if the unknown algorithm
1151
is MD2.
1152
* sign.c (gpgsm_sign): Ditto.
1153
* certcheck.c (gpgsm_check_cert_sig): Ditto.
1154
1155
2005-09-08 Werner Koch <wk@g10code.com>
1156
1157
* export.c (popen_protect_tool): Add option --have-cert. We
1158
probably lost this option with 1.9.14 due to restructuring of
1159
export.c.
1160
1161
2005-07-21 Werner Koch <wk@g10code.com>
1162
1163
* gpgsm.c (main): New options --no-log-file and --debug-none.
1164
1165
* certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg
1166
to allow enumeration. Changed all callers.
1167
(create_request): Process DNS and URI parameters.
1168
1169
2005-07-20 Werner Koch <wk@g10code.com>
1170
1171
* keylist.c (email_kludge): Reworked.
1172
1173
* certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf
1174
arg to unsigned.
1175
* call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto
1176
1177
2005-07-19 Werner Koch <wk@g10code.com>
1178
1179
* fingerprint.c (gpgsm_get_certid): Cast printf arg to unsigned.
1180
Bug accidently introduced while solving the #$%^& gcc
1181
signed/unsigned char* warnings.
1182
1183
2005-06-15 Werner Koch <wk@g10code.com>
1184
1185
* delete.c (delete_one): Changed FPR to unsigned.
1186
* encrypt.c (encrypt_dek): Made ENCVAL unsigned.
1187
(gpgsm_encrypt): Ditto.
1188
* sign.c (gpgsm_sign): Made SIGVAL unsigned.
1189
* base64.c (base64_reader_cb): Need to use some casting to get
1190
around signed/unsigned char* warnings.
1191
* certcheck.c (gpgsm_check_cms_signature): Ditto.
1192
(gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*.
1193
(do_encode_md): Made NFRAME a size_t.
1194
* certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning.
1195
(gpgsm_dump_serial): Ditto.
1196
(gpgsm_format_serial): Ditto.
1197
(gpgsm_dump_string): Ditto.
1198
(gpgsm_dump_cert): Ditto.
1199
(parse_dn_part): Ditto.
1200
(gpgsm_print_name2): Ditto.
1201
* keylist.c (email_kludge): Ditto.
1202
* certreqgen.c (proc_parameters, create_request): Ditto.
1203
(create_request): Ditto.
1204
* call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned.
1205
(struct cipher_parm_s): Made CIPHERTEXT unsigned.
1206
(struct genkey_parm_s): Ditto.
1207
* server.c (strcpy_escaped_plus): Made arg S signed char*.
1208
* fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned.
1209
(gpgsm_get_keygrip): Ditto.
1210
* keydb.c (keydb_insert_cert): Made DIGEST unsigned.
1211
(keydb_update_cert): Ditto.
1212
(classify_user_id): Apply cast to signed/unsigned assignment.
1213
(hextobyte): Ditto.
1214
1215
2005-06-01 Werner Koch <wk@g10code.com>
1216
1217
* misc.c: Include setenv.h.
1218
1219
2005-04-21 Werner Koch <wk@g10code.com>
1220
1221
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
1222
* certchain.c (gpgsm_validate_chain): Make use of it.
1223
1224
* certchain.c (gpgsm_validate_chain): Check revocations even for
1225
expired certificates. This is required because on signature
1226
verification an expired key is fine whereas a revoked one is not.
1227
1228
2005-04-20 Werner Koch <wk@g10code.com>
1229
1230
* Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks.
1231
1232
2005-04-19 Werner Koch <wk@g10code.com>
1233
1234
* certchain.c (check_cert_policy): Print the diagnostic for a open
1235
failure of policies.txt only in verbose mode or when it is not
1236
ENOENT.
1237
1238
2005-04-17 Werner Koch <wk@g10code.com>
1239
1240
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
1241
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
1242
this filter. Changed all callers.
1243
1244
* certchain.c (find_up_search_by_keyid): New helper.
1245
(find_up): Also try using the AKI.keyIdentifier.
1246
(find_up_external): Ditto.
1247
1248
2005-04-15 Werner Koch <wk@g10code.com>
1249
1250
* keylist.c (list_cert_raw): Print the subjectKeyIdentifier as
1251
well as the keyIdentifier part of the authorityKeyIdentifier.
1252
1253
2005-03-31 Werner Koch <wk@g10code.com>
1254
1255
* call-dirmngr.c (start_dirmngr): Use PATHSEP_C instead of ':'.
1256
* call-agent.c (start_agent): Ditto.
1257
1258
2005-03-17 Werner Koch <wk@g10code.com>
1259
1260
* certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509.
1261
1262
* certchain.c (gpgsm_basic_cert_check): Dump certificates after a
1263
failed gcry_pk_verify.
1264
(find_up): Do an external lookup also for an authorityKeyIdentifier
1265
lookup. Factored external lookup code out to ..
1266
(find_up_external): .. new.
1267
1268
2005-03-03 Werner Koch <wk@g10code.com>
1269
1270
* Makefile.am (gpgsm_LDADD): Added PTH_LIBS. Noted by Kazu Yamamoto.
1271
1272
2005-01-13 Werner Koch <wk@g10code.com>
1273
1274
* certreqgen.c (proc_parameters): Cast printf arg.
1275
1276
2004-12-22 Werner Koch <wk@g10code.com>
1277
1278
* gpgsm.c (set_binary): New.
1279
(main, open_read, open_fwrite): Use it.
1280
1281
2004-12-21 Werner Koch <wk@g10code.com>
1282
1283
* gpgsm.c (main): Use default_homedir().
1284
(main) [W32]: Default to disabled CRL checks.
1285
1286
2004-12-20 Werner Koch <wk@g10code.com>
1287
1288
* call-agent.c (start_agent): Before starting a pipe server start
1289
to connect to a server on the standard socket. Use PATHSEP
1290
* call-dirmngr.c (start_dirmngr): Use PATHSEP.
1291
1292
* import.c: Include unistd.h for dup and close.
1293
1294
2004-12-18 Werner Koch <wk@g10code.com>
1295
1296
* gpgsm.h (map_assuan_err): Define in terms of
1297
map_assuan_err_with_source.
1298
* call-agent.c (start_agent): Pass error source to
1299
send_pinentry_environment.
1300
1301
2004-12-17 Werner Koch <wk@g10code.com>
1302
1303
* call-dirmngr.c (isvalid_status_cb, lookup_status_cb)
1304
(run_command_status_cb): Return cancel status if gpgsm_status
1305
returned an error.
1306
1307
* server.c (gpgsm_status, gpgsm_status2)
1308
(gpgsm_status_with_err_code): Return an error code.
1309
(gpgsm_status2): Always call va_end().
1310
1311
2004-12-15 Werner Koch <wk@g10code.com>
1312
1313
* call-dirmngr.c (lookup_status_cb): Send progress messages
1314
upstream.
1315
(isvalid_status_cb): Ditto.
1316
(gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters.
1317
(gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to
1318
status callback and handle PROGRESS.
1319
1320
* misc.c (setup_pinentry_env) [W32]: Don't use it.
1321
1322
* gpgsm.c (main) [W32]: Init Pth because we need it for the socket
1323
operations and to resolve libassuan symbols.
1324
(run_protect_tool) [W32]: Disable it.
1325
1326
* Makefile.am (gpgsm_LDADD): Move LIBASSUAN_LIBS more to the end.
1327
1328
2004-12-07 Werner Koch <wk@g10code.com>
1329
1330
* Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because
1331
under W32 we need the w32 pth code from jnlib.
1332
1333
* misc.c (setup_pinentry_env) [W32]: Disabled.
1334
1335
2004-12-06 Werner Koch <wk@g10code.com>
1336
1337
* gpgsm.c (run_protect_tool) [_WIN32]: Disabled.
1338
1339
* import.c (popen_protect_tool): Simplified by making use of
1340
gnupg_spawn_process.
1341
(parse_p12): Likewise, using gnupg_wait_process.
1342
* export.c (popen_protect_tool): Ditto.
1343
(export_p12): Ditto.
1344
1345
* keydb.c: Don't define DIRSEP_S here.
1346
1347
2004-12-02 Werner Koch <wk@g10code.com>
1348
1349
* certchain.c (gpgsm_basic_cert_check): Dump certs with bad
1350
signature for debugging.
1351
(gpgsm_validate_chain): Ditto.
1352
1353
2004-11-29 Werner Koch <wk@g10code.com>
1354
1355
* gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and
1356
DEBUG_VALUE.
1357
(main): Made DEBUG_LEVEL global and introduced DEBUG_VALUE. This
1358
now allows to add debug flags on top of a debug-level setting.
1359
1360
2004-11-23 Werner Koch <wk@g10code.com>
1361
1362
* gpgsm.c: New option --prefer-system-dirmngr.
1363
* call-dirmngr.c (start_dirmngr): Implement this option.
1364
1365
2004-10-22 Werner Koch <wk@g10code.com>
1366
1367
* certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate
1368
request PEM header. This is according to the Sphinx standard.
1369
1370
2004-10-08 Moritz Schulte <moritz@g10code.com>
1371
1372
* certchain.c (gpgsm_validate_chain): Do not use keydb_new() in
1373
case the no_chain_validation-return-short-cut is used (fixes
1374
memory leak).
1375
1376
2004-10-04 Werner Koch <wk@g10code.com>
1377
1378
* misc.c (setup_pinentry_env): Try hard to set a default for GPG_TTY.
1379
1380
2004-09-30 Werner Koch <wk@g10code.com>
1381
1382
* gpgsm.c (i18n_init): Always use LC_ALL.
1383
1384
* certdump.c (gpgsm_format_name): Factored code out to ..
1385
(gpgsm_format_name2): .. new.
1386
(gpgsm_print_name): Factored code out to ..
1387
(gpgsm_print_name2): .. new.
1388
(print_dn_part): New arg TRANSLATE. Changed all callers.
1389
(print_dn_parts): Ditto.
1390
(gpgsm_format_keydesc): Do not translate the SUBJECT; we require
1391
it to stay UTF-8 but we still want to filter out bad control
1392
characters.
1393
1394
* Makefile.am: Adjusted for gettext 0.14.
1395
1396
* keylist.c (list_cert_colon): Make sure that the expired flag has
1397
a higher precedence than the invalid flag.
1398
1399
2004-09-29 Werner Koch <wk@g10code.com>
1400
1401
* import.c (parse_p12): Write an error status line for bad
1402
passphrases. Add new arg CTRL and changed caller.
1403
* export.c (export_p12): Likewise.
1404
1405
2004-09-14 Werner Koch <wk@g10code.com>
1406
1407
* certchain.c (gpgsm_validate_chain): Give expired certificates a
1408
higher error precedence and don't bother to check any CRL in that
1409
case.
1410
1411
2004-08-24 Werner Koch <wk@g10code.de>
1412
1413
* certlist.c: Fixed typo in ocsp OID.
1414
1415
2004-08-18 Werner Koch <wk@g10code.de>
1416
1417
* certlist.c (gpgsm_cert_use_ocsp_p): New.
1418
(cert_usage_p): Support it here.
1419
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here.
1420
1421
2004-08-17 Marcus Brinkmann <marcus@g10code.de>
1422
1423
* import.c: Fix typo in last change.
1424
1425
2004-08-17 Werner Koch <wk@g10code.de>
1426
1427
* import.c (check_and_store): Do a full validation if
1428
--with-validation is set.
1429
1430
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
1431
messages.
1432
1433
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
1434
PKALGO. Changed all callers to pass it.
1435
(pk_algo_from_sexp): New.
1436
1437
2004-08-16 Werner Koch <wk@g10code.de>
1438
1439
* gpgsm.c: New option --fixed-passphrase.
1440
* import.c (popen_protect_tool): Pass it to the protect-tool.
1441
1442
* server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist
1443
for encrypt-to keys.
1444
1445
2004-08-06 Werner Koch <wk@g10code.com>
1446
1447
* gpgsm.c: New option --with-ephemeral-keys.
1448
* keylist.c (list_internal_keys): Set it here.
1449
(list_cert_raw): And indicate those keys. Changed all our callers
1450
to pass the new arg HD through.
1451
1452
2004-07-23 Werner Koch <wk@g10code.de>
1453
1454
* certreqgen.c (proc_parameters): Do not allow key length below
1455
1024.
1456
1457
2004-07-22 Werner Koch <wk@g10code.de>
1458
1459
* keylist.c (list_cert_raw): Print the keygrip.
1460
1461
2004-07-20 Werner Koch <wk@gnupg.org>
1462
1463
* certchain.c (gpgsm_validate_chain): The trust check didn't
1464
worked anymore, probably due to the changes at 2003-03-04. Fixed.
1465
1466
2004-06-06 Werner Koch <wk@gnupg.org>
1467
1468
* certreqgen.c (get_parameter_uint, create_request): Create
1469
an extension for key usage when requested.
1470
1471
2004-05-12 Werner Koch <wk@gnupg.org>
1472
1473
* gpgsm.c (main): Install emergency_cleanup also as an atexit
1474
handler.
1475
1476
* verify.c (gpgsm_verify): Removed the separate error code
1477
handling for KSBA. We use shared error codes anyway.
1478
1479
* export.c (export_p12): Removed debugging code.
1480
1481
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
1482
1483
2004-05-11 Werner Koch <wk@gnupg.org>
1484
1485
* sign.c (gpgsm_sign): Include the error source in the final error
1486
message.
1487
* decrypt.c (gpgsm_decrypt): Ditto.
1488
1489
* fingerprint.c (gpgsm_get_key_algo_info): New.
1490
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
1491
* keylist.c (list_cert_colon): Really print the algorithm and key
1492
length.
1493
(list_cert_raw, list_cert_std): Ditto.
1494
(list_cert_colon): Reorganized to be able to tell whether a root
1495
certificate is trusted.
1496
1497
* gpgsm.c: New option --debug-allow-core-dump.
1498
1499
* gpgsm.h (opt): Add member CONFIG_FILENAME.
1500
* gpgsm.c (main): Use it here instead of the local var.
1501
1502
* server.c (gpgsm_server): Print some additional information with
1503
the hello in verbose mode.
1504
1505
2004-04-30 Werner Koch <wk@gnupg.org>
1506
1507
* import.c (check_and_store): Do not update the stats for hidden
1508
imports of issuer certs.
1509
(popen_protect_tool): Request statusmessages from the protect-tool.
1510
(parse_p12): Detect status messages. Add new arg STATS and update them.
1511
(print_imported_summary): Include secret key stats.
1512
1513
2004-04-28 Werner Koch <wk@gnupg.org>
1514
1515
* gpgsm.c: New command --keydb-clear-some-cert-flags.
1516
* keydb.c (keydb_clear_some_cert_flags): New.
1517
(keydb_update_keyblock, keydb_set_flags): Change error code
1518
CONFLICT to NOT_LOCKED.
1519
1520
2004-04-26 Werner Koch <wk@gnupg.org>
1521
1522
* gpgsm.c (main) <gpgconf>: Do not use /dev/null as default config
1523
filename.
1524
1525
* call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)
1526
(gpgsm_agent_genkey, gpgsm_agent_istrusted)
1527
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
1528
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
1529
(start_agent): New arg CTRL. Send progress item when starting a
1530
new agent.
1531
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
1532
CTRL to be passed down to the agent function.
1533
* decrypt.c (prepare_decryption): Ditto.
1534
* certreqgen.c (proc_parameters, read_parameters): Ditto.
1535
* certcheck.c (gpgsm_create_cms_signature): Ditto.
1536
1537
2004-04-23 Werner Koch <wk@gnupg.org>
1538
1539
* keydb.c (keydb_add_resource): Try to compress the file on init.
1540
1541
* keylist.c (oidtranstbl): New. OIDs collected from several sources.
1542
(print_name_raw, print_names_raw, list_cert_raw): New.
1543
(gpgsm_list_keys): Check the dump mode and pass it down as
1544
necessary.
1545
1546
2004-04-22 Werner Koch <wk@gnupg.org>
1547
1548
* gpgsm.c (main): New commands --dump-keys, --dump-external-keys,
1549
--dump-secret-keys.
1550
1551
2004-04-13 Werner Koch <wk@gnupg.org>
1552
1553
* misc.c (setup_pinentry_env): New.
1554
* import.c (popen_protect_tool): Call it.
1555
* export.c (popen_protect_tool): Call it.
1556
1557
2004-04-08 Werner Koch <wk@gnupg.org>
1558
1559
* decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a
1560
encrypted message.
1561
1562
2004-04-07 Werner Koch <wk@gnupg.org>
1563
1564
* gpgsm.c: New option --force-crl-refresh.
1565
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr.
1566
1567
2004-04-05 Werner Koch <wk@gnupg.org>
1568
1569
* server.c (get_status_string): Add STATUS_NEWSIG.
1570
* verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.
1571
1572
* certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
1573
not just warn if a cert is not suitable; bail out immediately.
1574
1575
2004-04-01 Werner Koch <wk@gnupg.org>
1576
1577
* call-dirmngr.c (isvalid_status_cb): New.
1578
(unhexify_fpr): New. Taken from ../g10/call-agent.c
1579
(gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
1580
it thru. Detect need to check the respondert cert and do that.
1581
* certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed
1582
all callers.
1583
1584
2004-03-24 Werner Koch <wk@gnupg.org>
1585
1586
* sign.c (gpgsm_sign): Include a short list of capabilities.
1587
1588
2004-03-17 Werner Koch <wk@gnupg.org>
1589
1590
* gpgsm.c (main) <gpgconf>: Fixed default value quoting.
1591
1592
2004-03-16 Werner Koch <wk@gnupg.org>
1593
1594
* gpgsm.c (main): Implemented --gpgconf-list.
1595
1596
2004-03-15 Werner Koch <wk@gnupg.org>
1597
1598
* keylist.c (list_cert_colon): Hack to set the expired flag.
1599
1600
2004-03-09 Werner Koch <wk@gnupg.org>
1601
1602
* gpgsm.c (main): Correctly intitialze USE_OCSP flag.
1603
1604
* keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/
1605
1606
2004-03-04 Werner Koch <wk@gnupg.org>
1607
1608
* call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT.
1609
1610
* certchain.c (is_cert_still_valid): New. Code moved from ...
1611
(gpgsm_validate_chain): ... here because we now need to check at
1612
two places and at a later stage, so that we can pass the issuer
1613
cert down to the dirmngr.
1614
1615
2004-03-03 Werner Koch <wk@gnupg.org>
1616
1617
* call-agent.c (start_agent): Replaced pinentry setup code by a
1618
call to a new common function.
1619
1620
* certdump.c (gpgsm_format_keydesc): Make sure the string is
1621
returned as utf-8.
1622
1623
* export.c (gpgsm_export): Make sure that we don't export more
1624
than one certificate.
1625
1626
2004-03-02 Werner Koch <wk@gnupg.org>
1627
1628
* export.c (create_duptable, destroy_duptable)
1629
(insert_duptable): New.
1630
(gpgsm_export): Avoid duplicates.
1631
1632
2004-02-26 Werner Koch <wk@gnupg.org>
1633
1634
* certchain.c (compare_certs): New.
1635
(gpgsm_validate_chain): Fixed infinite certificate checks after
1636
bad signatures.
1637
1638
2004-02-24 Werner Koch <wk@gnupg.org>
1639
1640
* keylist.c (list_cert_colon): Print the fingerprint as the
1641
cert-id for root certificates.
1642
1643
2004-02-21 Werner Koch <wk@gnupg.org>
1644
1645
* keylist.c (list_internal_keys): Return error codes.
1646
(list_external_keys, gpgsm_list_keys): Ditto.
1647
* server.c (do_listkeys): Ditto.
1648
1649
* gpgsm.c (main): Display a key description for --passwd.
1650
* call-agent.c (gpgsm_agent_passwd): New arg DESC.
1651
1652
2004-02-20 Werner Koch <wk@gnupg.org>
1653
1654
* gpgsm.c (main): New option --debug-ignore-expiration.
1655
* certchain.c (gpgsm_validate_chain): Use it here.
1656
1657
* certlist.c (cert_usage_p): Apply extKeyUsage.
1658
1659
2004-02-19 Werner Koch <wk@gnupg.org>
1660
1661
* export.c (export_p12, popen_protect_tool)
1662
(gpgsm_p12_export): New.
1663
* gpgsm.c (main): New command --export-secret-key-p12.
1664
1665
2004-02-18 Werner Koch <wk@gnupg.org>
1666
1667
* gpgsm.c (set_debug): Set the new --debug-level flags.
1668
(main): New option --gpgconf-list.
1669
(main): Do not setup -u and -r keys when not required.
1670
(main): Setup the used character set.
1671
1672
* keydb.c (keydb_add_resource): Print a hint to start the
1673
gpg-agent.
1674
1675
2004-02-17 Werner Koch <wk@gnupg.org>
1676
1677
* gpgsm.c: Fixed value parsing for --with-validation.
1678
* call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO.
1679
* call-dirmngr.c (start_dirmngr): Likewise for DIRMNGR_INFO.
1680
1681
* gpgsm.c: New option --with-md5-fingerprint.
1682
* keylist.c (list_cert_std): Print MD5 fpr.
1683
1684
* gpgsm.c: New options --with-validation.
1685
* server.c (option_handler): New option "with-validation".
1686
* keylist.c (list_cert_std, list_internal_keys): New args CTRL and
1687
WITH_VALIDATION. Changed callers to set it.
1688
(list_external_cb, list_external_keys): Pass CTRL to the callback.
1689
(list_cert_colon): Add arg CTRL. Check validation if requested.
1690
* certchain.c (unknown_criticals, allowed_ca, check_cert_policy)
1691
(gpgsm_validate_chain): New args LISTMODE and FP.
1692
(do_list): New helper for info output.
1693
(find_up): New arg FIND_NEXT.
1694
(gpgsm_validate_chain): After a bad signature try again with other
1695
CA certificates.
1696
1697
* import.c (print_imported_status): New arg NEW_CERT. Print
1698
additional STATUS_IMPORT_OK becuase that is what gpgme expects.
1699
(check_and_store): Always call above function after import.
1700
* server.c (get_status_string): Added STATUS_IMPORT_OK.
1701
1702
2004-02-13 Werner Koch <wk@gnupg.org>
1703
1704
* certcheck.c (gpgsm_create_cms_signature): Format a description
1705
for use by the pinentry.
1706
* decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
1707
* certdump.c (format_name_cookie, format_name_writer)
1708
(gpgsm_format_name): New.
1709
(gpgsm_format_serial): New.
1710
(gpgsm_format_keydesc): New.
1711
* call-agent.c (gpgsm_agent_pksign): New arg DESC.
1712
(gpgsm_agent_pkdecrypt): Ditto.
1713
1714
* encrypt.c (init_dek): Check for too weak algorithms.
1715
1716
* import.c (parse_p12, popen_protect_tool): New.
1717
1718
* base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
1719
Changed all callers.
1720
(base64_reader_cb): Handle it here.
1721
(gpgsm_reader_eof_seen): New.
1722
(base64_reader_cb): Set a flag for EOF.
1723
(simple_reader_cb): Ditto.
1724
1725
2004-02-12 Werner Koch <wk@gnupg.org>
1726
1727
* gpgsm.h, gpgsm.c: New option --protect-tool-program.
1728
* gpgsm.c (run_protect_tool): Use it.
1729
1730
2004-02-11 Werner Koch <wk@gnupg.org>
1731
1732
* Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this
1733
will allow to override directory names at make time.
1734
1735
2004-02-02 Werner Koch <wk@gnupg.org>
1736
1737
* import.c (check_and_store): Import certificates even with
1738
missing issuer's cert. Fixed an "depending on the verbose
1739
setting" bug.
1740
1741
* certchain.c (gpgsm_validate_chain): Mark revoked certs in the
1742
keybox.
1743
1744
* keylist.c (list_cert_colon): New arg VALIDITY; use it to print a
1745
revoked flag.
1746
(list_internal_keys): Retrieve validity flag.
1747
(list_external_cb): Pass 0 as validity flag.
1748
* keydb.c (keydb_get_flags, keydb_set_flags): New.
1749
(keydb_set_cert_flags): New.
1750
(lock_all): Return a proper error code.
1751
(keydb_lock): New.
1752
(keydb_delete): Don't lock but check that it has been locked.
1753
(keydb_update_keyblock): Ditto.
1754
* delete.c (delete_one): Take a lock.
1755
1756
2004-01-30 Werner Koch <wk@gnupg.org>
1757
1758
* certchain.c (check_cert_policy): Fixed read error checking.
1759
(check_cert_policy): With no critical policies issue only a
1760
warning if the policy file does not exists.
1761
1762
* sign.c (add_certificate_list): Decrement N for the first cert.
1763
1764
2004-01-29 Werner Koch <wk@gnupg.org>
1765
1766
* certdump.c (parse_dn_part): Map common OIDs to human readable
1767
labels. Make sure that a value won't get truncated if it includes
1768
a Nul.
1769
1770
2004-01-28 Werner Koch <wk@gnupg.org>
1771
1772
* certchain.c (gpgsm_validate_chain): Changed the message printed
1773
for an untrusted root certificate.
1774
1775
2004-01-27 Werner Koch <wk@gnupg.org>
1776
1777
* certdump.c (parse_dn_part): Pretty print the nameDistinguisher OID.
1778
(print_dn_part): Do not delimit multiple RDN by " + ". Handle
1779
multi-valued RDNs in a special way, i.e. in the order specified by
1780
the certificate.
1781
(print_dn_parts): Simplified.
1782
1783
2004-01-16 Werner Koch <wk@gnupg.org>
1784
1785
* sign.c (gpgsm_sign): Print an error message on all failures.
1786
* decrypt.c (gpgsm_decrypt): Ditto.
1787
1788
2003-12-17 Werner Koch <wk@gnupg.org>
1789
1790
* server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
1791
(cmd_encrypt): Add all enrypt-to marked certs to the list.
1792
* encrypt.c (gpgsm_encrypt): Check that real recipients are
1793
available.
1794
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
1795
options work. Pass the list of recients to gpgsm_server.
1796
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
1797
(opt): Add NO_ENCRYPT_TO.
1798
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
1799
Changed all callers and ignore duplicate entries.
1800
(is_cert_in_certlist): New.
1801
(gpgsm_add_cert_to_certlist): New.
1802
1803
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
1804
(gpgsm_dump_serial): Ditto.
1805
1806
* decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
1807
1808
2003-12-16 Werner Koch <wk@gnupg.org>
1809
1810
* gpgsm.c (main): Set the prefixes for assuan logging.
1811
1812
* sign.c (gpgsm_sign): Add validation checks for the default
1813
certificate.
1814
1815
* gpgsm.c: Add -k as alias for --list-keys and -K for
1816
--list-secret-keys.
1817
1818
2003-12-15 Werner Koch <wk@gnupg.org>
1819
1820
* encrypt.c (init_dek): Use gry_create_nonce for the IV; there is
1821
not need for real strong random here and it even better protect
1822
the random bits used for the key.
1823
1824
2003-12-01 Werner Koch <wk@gnupg.org>
1825
1826
* gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
1827
(gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
1828
* certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
1829
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
1830
proceed accordingly.
1831
1832
2003-11-19 Werner Koch <wk@gnupg.org>
1833
1834
* verify.c (gpgsm_verify): Use "0" instead of an empty string for
1835
the VALIDSIG status.
1836
1837
2003-11-18 Werner Koch <wk@gnupg.org>
1838
1839
* verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info.
1840
1841
* certchain.c (unknown_criticals): Fixed an error code test.
1842
1843
2003-11-12 Werner Koch <wk@gnupg.org>
1844
1845
Adjusted for API changes in Libksba.
1846
1847
2003-10-31 Werner Koch <wk@gnupg.org>
1848
1849
* certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
1850
* verify.c (strtimestamp_r, gpgsm_verify): Ditto.
1851
* sign.c (gpgsm_sign): Ditto.
1852
* keylist.c (print_time, list_cert_std, list_cert_colon): Ditto.
1853
* certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):
1854
Ditto.
1855
1856
2003-10-25 Werner Koch <wk@gnupg.org>
1857
1858
* certreqgen.c (read_parameters): Fixed faulty of !spacep().
1859
1860
2003-08-20 Marcus Brinkmann <marcus@g10code.de>
1861
1862
* encrypt.c (encode_session_key): Allocate enough space. Cast key
1863
byte to unsigned char to prevent sign extension.
1864
(encrypt_dek): Check return value before error.
1865
1866
2003-08-14 Timo Schulz <twoaday@freakmail.de>
1867
1868
* encrypt.c (encode_session_key): Use new Libgcrypt interface.
1869
1870
2003-07-31 Werner Koch <wk@gnupg.org>
1871
1872
* Makefile.am (gpgsm_LDADD): Added INTLLIBS.
1873
1874
2003-07-29 Werner Koch <wk@gnupg.org>
1875
1876
* gpgsm.c (main): Add secmem features and set the random seed file.
1877
(gpgsm_exit): Update the random seed file and enable debug output.
1878
1879
2003-07-27 Werner Koch <wk@gnupg.org>
1880
1881
Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
1882
1883
2003-06-24 Werner Koch <wk@gnupg.org>
1884
1885
* server.c (gpgsm_status_with_err_code): New.
1886
* verify.c (gpgsm_verify): Use it here instead of the old
1887
tokenizing version.
1888
1889
* verify.c (strtimestamp): Renamed to strtimestamp_r
1890
1891
Adjusted for changes in the libgcrypt API. Some more fixes for the
1892
libgpg-error stuff.
1893
1894
2003-06-04 Werner Koch <wk@gnupg.org>
1895
1896
* call-agent.c (init_membuf,put_membuf,get_membuf): Removed.
1897
Include new membuf header and changed used type.
1898
1899
Renamed error codes from INVALID to INV and removed _ERROR suffixes.
1900
1901
2003-06-03 Werner Koch <wk@gnupg.org>
1902
1903
Changed all error codes in all files to the new libgpg-error scheme.
1904
1905
* gpgsm.h: Include gpg-error.h .
1906
* Makefile.am: Link with libgpg-error.
1907
1908
2003-04-29 Werner Koch <wk@gnupg.org>
1909
1910
* Makefile.am: Use libassuan. Don't override LDFLAGS anymore.
1911
* server.c (register_commands): Adjust for new Assuan semantics.
1912
1913
2002-12-03 Werner Koch <wk@gnupg.org>
1914
1915
* call-agent.c (gpgsm_agent_passwd): New.
1916
* gpgsm.c (main): New command --passwd and --call-protect-tool
1917
(run_protect_tool): New.
1918
1919
2002-11-25 Werner Koch <wk@gnupg.org>
1920
1921
* verify.c (gpgsm_verify): Handle content-type attribute.
1922
1923
2002-11-13 Werner Koch <wk@gnupg.org>
1924
1925
* call-agent.c (start_agent): Try to use $GPG_TTY instead of
1926
ttyname. Changed ttyname to test stdin becuase it can be assumed
1927
that output redirection is more common that input redirection.
1928
1929
2002-11-12 Werner Koch <wk@gnupg.org>
1930
1931
* gpgsm.c: New command --call-dirmngr.
1932
* call-dirmngr.c (gpgsm_dirmngr_run_command)
1933
(run_command_inq_cb,run_command_cb)
1934
(run_command_status_cb): New.
1935
1936
2002-11-11 Werner Koch <wk@gnupg.org>
1937
1938
* certcheck.c (gpgsm_check_cms_signature): Don't double free
1939
s_sig but free s_pkey at leave.
1940
1941
2002-11-10 Werner Koch <wk@gnupg.org>
1942
1943
* gpgsm.c: Removed duplicate --list-secret-key entry.
1944
1945
2002-09-19 Werner Koch <wk@gnupg.org>
1946
1947
* certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging.
1948
1949
* certchain.c (find_up): Print info when the cert was not found
1950
by the autorithyKeyIdentifier.
1951
1952
2002-09-03 Werner Koch <wk@gnupg.org>
1953
1954
* gpgsm.c (main): Disable the internal libgcrypt locking.
1955
1956
2002-08-21 Werner Koch <wk@gnupg.org>
1957
1958
* import.c (print_imported_summary): Cleaned up. Print new
1959
not_imported value.
1960
(check_and_store): Update non_imported counter.
1961
(print_import_problem): New.
1962
(check_and_store): Print error status message.
1963
* server.c (get_status_string): Added STATUS_IMPORT_PROBLEM.
1964
1965
2002-08-20 Werner Koch <wk@gnupg.org>
1966
1967
* gpgsm.c (main): Use the log file only in server mode.
1968
1969
* import.c (print_imported_summary): New.
1970
(check_and_store): Update the counters, take new argument.
1971
(import_one): Factored out core of gpgsm_import.
1972
(gpgsm_import): Print counters.
1973
(gpgsm_import_files): New.
1974
* gpgsm.c (main): Use the new function for import.
1975
1976
2002-08-19 Werner Koch <wk@gnupg.org>
1977
1978
* decrypt.c (gpgsm_decrypt): Return a better error status token.
1979
* verify.c (gpgsm_verify): Don't error on messages with no signing
1980
time or no message digest. This is only the case for messages
1981
without any signed attributes.
1982
1983
2002-08-16 Werner Koch <wk@gnupg.org>
1984
1985
* certpath.c: Renamed to ..
1986
* certchain.c: this. Renamed all all other usages of "path" in the
1987
context of certificates to "chain".
1988
1989
* call-agent.c (learn_cb): Special treatment when the issuer
1990
certificate is missing.
1991
1992
2002-08-10 Werner Koch <wk@gnupg.org>
1993
1994
* Makefile.am (INCLUDES): Add definition for localedir.
1995
1996
* keylist.c (list_cert_colon): Print the short fingerprint in the
1997
key ID field.
1998
* fingerprint.c (gpgsm_get_short_fingerprint): New.
1999
* verify.c (gpgsm_verify): Print more verbose info for a good
2000
signature.
2001
2002
2002-08-09 Werner Koch <wk@gnupg.org>
2003
2004
* decrypt.c (prepare_decryption): Hack to detected already
2005
unpkcsedone keys.
2006
2007
* gpgsm.c (emergency_cleanup): New.
2008
(main): Initialize the signal handler.
2009
2010
* sign.c (gpgsm_sign): Reset the hash context for subsequent
2011
signers and release it at the end.
2012
2013
2002-08-05 Werner Koch <wk@gnupg.org>
2014
2015
* server.c (cmd_signer): New command "SIGNER"
2016
(register_commands): Register it.
2017
(cmd_sign): Pass the signer list to gpgsm_sign.
2018
* certlist.c (gpgsm_add_to_certlist): Add SECRET argument, check
2019
for secret key if set and changed all callers.
2020
* sign.c (gpgsm_sign): New argument SIGNERLIST and implemt
2021
multiple signers.
2022
* gpgsm.c (main): Support more than one -u.
2023
2024
* server.c (cmd_recipient): Return reason code 1 for No_Public_Key
2025
which is actually what gets returned from add_to_certlist.
2026
2027
2002-07-26 Werner Koch <wk@gnupg.org>
2028
2029
* certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup.
2030
(gpgsm_check_cms_signature): Ditto.
2031
2032
2002-07-22 Werner Koch <wk@gnupg.org>
2033
2034
* keydb.c (keydb_add_resource): Register a lock file.
2035
(lock_all, unlock_all): Implemented.
2036
2037
* delete.c: New.
2038
* gpgsm.c: Made --delete-key work.
2039
* server.c (cmd_delkeys): New.
2040
(register_commands): New command DELKEYS.
2041
2042
* decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is
2043
used and a STATUS_ERROR with the algorithm oid.
2044
2045
2002-07-03 Werner Koch <wk@gnupg.org>
2046
2047
* server.c (gpgsm_status2): Insert a blank between all optional
2048
arguments when using assuan.
2049
* server.c (cmd_recipient): No more need for extra blank in constants.
2050
* import.c (print_imported_status): Ditto.
2051
* gpgsm.c (main): Ditto.
2052
2053
2002-07-02 Werner Koch <wk@gnupg.org>
2054
2055
* verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with
2056
the fingerprint.
2057
2058
* certpath.c (check_cert_policy): Don't use log_error to print a
2059
warning.
2060
2061
* keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
2062
all callers.
2063
* call-agent.c (learn_cb): Print info message only for real imports.
2064
2065
* import.c (gpgsm_import): Moved duplicated code to ...
2066
(check_and_store): new function. Added magic to import the entire
2067
chain. Print status only for real imports and moved printing code
2068
to ..
2069
(print_imported_status): New.
2070
2071
* call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr
2072
call in very verbose mode.
2073
2074
* gpgsm.c (main): Use the same error codes for STATUS_INV_RECP as
2075
with the server mode.
2076
2077
2002-06-29 Werner Koch <wk@gnupg.org>
2078
2079
* gpgsm.c: New option --auto-issuer-key-retrieve.
2080
* certpath.c (find_up): Try to retrieve an issuer key from an
2081
external source and from the ephemeral key DB.
2082
(find_up_store_certs_cb): New.
2083
2084
* keydb.c (keydb_set_ephemeral): Does now return the old
2085
state. Call the backend only when required.
2086
2087
* call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
2088
(lookup_status_cb): Issue status only when CTRL is not NULL.
2089
(gpgsm_dirmngr_lookup): Document that CTRL is optional.
2090
2091
* call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
2092
2093
2002-06-28 Werner Koch <wk@gnupg.org>
2094
2095
* server.c (cmd_recipient): Add more reason codes.
2096
2097
2002-06-27 Werner Koch <wk@gnupg.org>
2098
2099
* certpath.c (gpgsm_basic_cert_check): Use
2100
--debug-no-path-validation to also bypass this basic check.
2101
2102
* gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
2103
2104
* call-agent.c (start_agent): Create and pass the list of FD to
2105
keep in the child to assuan.
2106
* call-dirmngr.c (start_dirmngr): Ditto.
2107
2108
2002-06-26 Werner Koch <wk@gnupg.org>
2109
2110
* import.c (gpgsm_import): Print an STATUS_IMPORTED.
2111
2112
* gpgsm.c: --debug-no-path-validation does not take an argument.
2113
2114
2002-06-25 Werner Koch <wk@gnupg.org>
2115
2116
* certdump.c (print_dn_part): Always print a leading slash,
2117
removed NEED_DELIM arg and changed caller.
2118
2119
* export.c (gpgsm_export): Print LFs to FP and not stdout.
2120
(print_short_info): Ditto. Make use of gpgsm_print_name.
2121
2122
* server.c (cmd_export): Use output-fd instead of data lines; this
2123
was actually the specified way.
2124
2125
2002-06-24 Werner Koch <wk@gnupg.org>
2126
2127
* gpgsm.c: Removed duped help entry for --list-keys.
2128
2129
* gpgsm.c, gpgsm.h: New option --debug-no-path-validation.
2130
2131
* certpath.c (gpgsm_validate_path): Use it here instead of the
2132
debug flag hack.
2133
2134
* certpath.c (check_cert_policy): Return No_Policy_Match if the
2135
policy file could not be opened.
2136
2137
2002-06-20 Werner Koch <wk@gnupg.org>
2138
2139
* certlist.c (gpgsm_add_to_certlist): Fixed locating of a
2140
certificate with the required key usage.
2141
2142
* gpgsm.c (main): Fixed a segv when using --outfile without an
2143
argument.
2144
2145
* keylist.c (print_capabilities): Also check for non-repudiation
2146
and data encipherment.
2147
* certlist.c (cert_usage_p): Test for signing and encryption was
2148
swapped. Add a case for certification usage, handle
2149
non-repudiation and data encipherment.
2150
(gpgsm_cert_use_cert_p): New.
2151
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
2152
callers to pass it.
2153
* certpath.c (gpgsm_validate_path): Use it here to print a status
2154
message. Added a CTRL argument and changed all callers to pass it.
2155
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
2156
usage.
2157
* verify.c (gpgsm_verify): Ditto.
2158
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2159
2160
2002-06-19 Werner Koch <wk@gnupg.org>
2161
2162
* call-agent.c (learn_cb): Use log_info instead of log_error on
2163
successful import.
2164
2165
* keydb.c (keydb_set_ephemeral): New.
2166
(keydb_store_cert): New are ephemeral, changed all callers.
2167
* keylist.c (list_external_cb): Store cert as ephemeral.
2168
* export.c (gpgsm_export): Kludge to export epehmeral certificates.
2169
2170
* gpgsm.c (main): New command --list-external-keys.
2171
2172
2002-06-17 Werner Koch <wk@gnupg.org>
2173
2174
* certreqgen.c (read_parameters): Improved error handling.
2175
(gpgsm_genkey): Print error message.
2176
2177
2002-06-13 Werner Koch <wk@gnupg.org>
2178
2179
* gpgsm.c (main): New option --log-file.
2180
2181
2002-06-12 Werner Koch <wk@gnupg.org>
2182
2183
* call-dirmngr.c (lookup_status_cb): New.
2184
(gpgsm_dirmngr_lookup): Use the status CB. Add new arg CTRL and
2185
changed caller to pass it.
2186
2187
* gpgsm.c (open_fwrite): New.
2188
(main): Allow --output for --verify.
2189
2190
* sign.c (hash_and_copy_data): New.
2191
(gpgsm_sign): Implemented normal (non-detached) signatures.
2192
* gpgsm.c (main): Ditto.
2193
2194
* certpath.c (gpgsm_validate_path): Special error handling for
2195
no policy match.
2196
2197
2002-06-10 Werner Koch <wk@gnupg.org>
2198
2199
* server.c (get_status_string): Add STATUS_ERROR.
2200
2201
* certpath.c (gpgsm_validate_path): Tweaked the error checking to
2202
return error codes in a more sensitive way.
2203
* verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad
2204
CA certificate and when the certificate has been revoked. Issue
2205
TRUST_FULLY even when the cert has expired. Append an error token
2206
to these status lines. Issue the new generic error status when a
2207
cert was not found and when leaving the function.
2208
2209
2002-06-04 Werner Koch <wk@gnupg.org>
2210
2211
* gpgsm.c (main): New command --list-sigs
2212
* keylist.c (list_cert_std): New. Use it whenever colon mode is
2213
not used.
2214
(list_cert_chain): New.
2215
2216
2002-05-31 Werner Koch <wk@gnupg.org>
2217
2218
* gpgsm.c (main): Don't print the "go ahead" message for an
2219
invalid command.
2220
2221
2002-05-23 Werner Koch <wk@gnupg.org>
2222
2223
* import.c (gpgsm_import): Add error messages.
2224
2225
2002-05-21 Werner Koch <wk@gnupg.org>
2226
2227
* keylist.c (list_internal_keys): Renamed from gpgsm_list_keys.
2228
(list_external_keys): New.
2229
(gpgsm_list_keys): Dispatcher for above.
2230
* call-dirmngr.c (lookup_cb,pattern_from_strlist)
2231
(gpgsm_dirmngr_lookup): New.
2232
* server.c (option_handler): Handle new option --list-mode.
2233
(do_listkeys): Handle options and actually use the mode argument.
2234
(get_status_string): New code TRUNCATED.
2235
2236
* import.c (gpgsm_import): Try to identify the type of input and
2237
handle certs-only messages.
2238
2239
2002-05-14 Werner Koch <wk@gnupg.org>
2240
2241
* gpgsm.c: New option --faked-system-time
2242
* sign.c (gpgsm_sign): And use it here.
2243
* certpath.c (gpgsm_validate_path): Ditto.
2244
2245
2002-05-03 Werner Koch <wk@gnupg.org>
2246
2247
* certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
2248
all callers.
2249
* verify.c (gpgsm_verify): Tweaked usage of log_debug and
2250
log_error. Return EXPSIG status and add expiretime to VALIDSIG.
2251
2252
2002-04-26 Werner Koch <wk@gnupg.org>
2253
2254
* gpgsm.h (DBG_AGENT,DBG_AGENT_VALUE): Replaced by DBG_ASSUAN_*.
2255
Changed all users.
2256
2257
* call-agent.c (start_agent): Be more silent without -v.
2258
* call-dirmngr.c (start_dirmngr): Ditto.
2259
2260
2002-04-25 Werner Koch <wk@gnupg.org>
2261
2262
* call-agent.c (start_agent): Make copies of old locales and check
2263
for setlocale.
2264
2265
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
2266
2267
* call-agent.c (start_agent): Fix error handling logic so the
2268
locale is always correctly reset.
2269
2270
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
2271
2272
* server.c (option_handler): Accept display, ttyname, ttytype,
2273
lc_ctype and lc_messages options.
2274
* gpgsm.c (main): Allocate memory for these options.
2275
* gpgsm.h (struct opt): Make corresponding members non-const.
2276
2277
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
2278
2279
* gpgsm.h (struct opt): New members display, ttyname, ttytype,
2280
lc_ctype, lc_messages.
2281
* gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
2282
oTTYname, oTTYtype, oLCctype, oLCmessages.
2283
(opts): New entries for these options.
2284
(main): Handle these new options.
2285
* call-agent.c (start_agent): Set the various display and tty
2286
parameter after resetting.
2287
2288
2002-04-18 Werner Koch <wk@gnupg.org>
2289
2290
* certreqgen.c (gpgsm_genkey): Write status output on success.
2291
2292
2002-04-15 Werner Koch <wk@gnupg.org>
2293
2294
* gpgsm.c (main): Check ksba version.
2295
2296
* certpath.c (find_up): New to use the authorithKeyIdentifier.
2297
Use it in all other functions to locate the signing cert..
2298
2299
2002-04-11 Werner Koch <wk@gnupg.org>
2300
2301
* certlist.c (cert_usable_p): New.
2302
(gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
2303
(gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
2304
(gpgsm_add_to_certlist): Check the key usage.
2305
* sign.c (gpgsm_sign): Ditto.
2306
* verify.c (gpgsm_verify): Print a message wehn an unsuitable
2307
certificate was used.
2308
* decrypt.c (gpgsm_decrypt): Ditto
2309
* keylist.c (print_capabilities): Determine values from the cert.
2310
2311
2002-03-28 Werner Koch <wk@gnupg.org>
2312
2313
* keylist.c (list_cert_colon): Fixed listing of crt record; the
2314
issuer is not at the right place. Print a chainingID.
2315
* certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on
2316
common errors.
2317
2318
2002-03-21 Werner Koch <wk@gnupg.org>
2319
2320
* export.c: New.
2321
* gpgsm.c: Add command --export.
2322
* server.c (cmd_export): New.
2323
2324
2002-03-13 Werner Koch <wk@gnupg.org>
2325
2326
* decrypt.c (gpgsm_decrypt): Allow multiple recipients.
2327
2328
2002-03-12 Werner Koch <wk@gnupg.org>
2329
2330
* certpath.c (check_cert_policy): Print the policy list.
2331
2332
* verify.c (gpgsm_verify): Detect certs-only message.
2333
2334
2002-03-11 Werner Koch <wk@gnupg.org>
2335
2336
* import.c (gpgsm_import): Print a notice about imported certificates
2337
when in verbose mode.
2338
2339
* gpgsm.c (main): Print INV_RECP status.
2340
* server.c (cmd_recipient): Ditto.
2341
2342
* server.c (gpgsm_status2): New. Allows for a list of strings.
2343
(gpgsm_status): Divert to gpgsm_status2.
2344
2345
* encrypt.c (gpgsm_encrypt): Don't use a default key when no
2346
recipients are given. Print a NO_RECP status.
2347
2348
2002-03-06 Werner Koch <wk@gnupg.org>
2349
2350
* server.c (cmd_listkeys, cmd_listsecretkeys): Divert to
2351
(do_listkeys): new. Add pattern parsing.
2352
2353
* keylist.c (gpgsm_list_keys): Handle selection pattern.
2354
2355
* gpgsm.c: New command --learn-card
2356
* call-agent.c (learn_cb,gpgsm_agent_learn): New.
2357
2358
* gpgsm.c (main): Print error messages for non-implemented commands.
2359
2360
* base64.c (base64_reader_cb): Use case insensitive compare of the
2361
Content-Type string to detect plain base-64.
2362
2363
2002-03-05 Werner Koch <wk@gnupg.org>
2364
2365
* gpgsm.c, gpgsm.h: Add local_user.
2366
* sign.c (gpgsm_get_default_cert): New.
2367
(get_default_signer): Use the new function if local_user is not
2368
set otherwise used that value.
2369
* encrypt.c (get_default_recipient): Removed.
2370
(gpgsm_encrypt): Use gpgsm_get_default_cert.
2371
2372
* verify.c (gpgsm_verify): Better error text for a bad signature
2373
found by comparing the hashs.
2374
2375
2002-02-27 Werner Koch <wk@gnupg.org>
2376
2377
* call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses
2378
of assuan_transact.
2379
2380
2002-02-25 Werner Koch <wk@gnupg.org>
2381
2382
* server.c (option_handler): Allow to use -2 for "send all certs
2383
except the root cert".
2384
* sign.c (add_certificate_list): Implement it here.
2385
* certpath.c (gpgsm_is_root_cert): New.
2386
2387
2002-02-19 Werner Koch <wk@gnupg.org>
2388
2389
* certpath.c (check_cert_policy): New.
2390
(gpgsm_validate_path): And call it from here.
2391
* gpgsm.c (main): New options --policy-file,
2392
--disable-policy-checks and --enable-policy-checks.
2393
* gpgsm.h (opt): Added policy_file, no_policy_checks.
2394
2395
2002-02-18 Werner Koch <wk@gnupg.org>
2396
2397
* certpath.c (gpgsm_validate_path): Ask the agent to add the
2398
certificate into the trusted list.
2399
* call-agent.c (gpgsm_agent_marktrusted): New.
2400
2401
2002-02-07 Werner Koch <wk@gnupg.org>
2402
2403
* certlist.c (gpgsm_add_to_certlist): Check that the specified
2404
name identifies a certificate unambiguously.
2405
(gpgsm_find_cert): Ditto.
2406
2407
* server.c (cmd_listkeys): Check that the data stream is available.
2408
(cmd_listsecretkeys): Ditto.
2409
(has_option): New.
2410
(cmd_sign): Fix ambiguousity in option recognition.
2411
2412
* gpgsm.c (main): Enable --logger-fd.
2413
2414
* encrypt.c (gpgsm_encrypt): Increased buffer size for better
2415
performance.
2416
2417
* call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from
2418
the agent.
2419
2420
* keylist.c (list_cert_colon): Filter out control characters.
2421
2422
2002-02-06 Werner Koch <wk@gnupg.org>
2423
2424
* decrypt.c (gpgsm_decrypt): Bail out after an decryption error.
2425
2426
* server.c (reset_notify): Close input and output FDs.
2427
(cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import)
2428
(cmd_genkey): Close the FDs and release the recipient list even in
2429
the error case.
2430
2431
2002-02-01 Marcus Brinkmann <marcus@g10code.de>
2432
2433
* sign.c (gpgsm_sign): Do not release certificate twice.
2434
2435
2002-01-29 Werner Koch <wk@gnupg.org>
2436
2437
* call-agent.c (gpgsm_agent_havekey): New.
2438
* keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs"
2439
when we know that the secret key is available.
2440
(gpgsm_list_keys): New arg MODE, check whether a secret key is
2441
available. Changed all callers.
2442
* gpgsm.c (main): New command --list-secret-keys.
2443
* server.c (cmd_listsecretkeys): New.
2444
(cmd_listkeys): Return secret keys with "crs" record.
2445
2446
2002-01-28 Werner Koch <wk@gnupg.org>
2447
2448
* certreqgen.c (create_request): Store the email address in the req.
2449
2450
2002-01-25 Werner Koch <wk@gnupg.org>
2451
2452
* gpgsm.c (main): Disable core dumps.
2453
2454
* sign.c (add_certificate_list): New.
2455
(gpgsm_sign): Add the certificates to the CMS object.
2456
* certpath.c (gpgsm_walk_cert_chain): New.
2457
* gpgsm.h (server_control_s): Add included_certs.
2458
* gpgsm.c: Add option --include-certs.
2459
(gpgsm_init_default_ctrl): New.
2460
(main): Call it.
2461
* server.c (gpgsm_server): Ditto.
2462
(option_handler): Support --include-certs.
2463
2464
2002-01-23 Werner Koch <wk@gnupg.org>
2465
2466
* certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
2467
* certdump.c (gpgsm_dump_string): New.
2468
(print_dn): Replaced by above.
2469
2470
2002-01-22 Werner Koch <wk@gnupg.org>
2471
2472
* certpath.c (unknown_criticals): New.
2473
(allowed_ca): New.
2474
(gpgsm_validate_path): Check validity, CA attribute, path length
2475
and unknown critical extensions.
2476
2477
2002-01-21 Werner Koch <wk@gnupg.org>
2478
2479
* gpgsm.c: Add option --enable-crl-checks.
2480
2481
* call-agent.c (start_agent): Implemented socket based access.
2482
* call-dirmngr.c (start_dirmngr): Ditto.
2483
2484
2002-01-20 Werner Koch <wk@gnupg.org>
2485
2486
* server.c (option_handler): New.
2487
(gpgsm_server): Register it with assuan.
2488
2489
2002-01-19 Werner Koch <wk@gnupg.org>
2490
2491
* server.c (gpgsm_server): Use assuan_deinit_server and setup
2492
assuan logging if enabled.
2493
* call-agent.c (inq_ciphertext_cb): Don't show the session key in
2494
an Assuan log file.
2495
2496
* gpgsm.c (my_strusage): Take bugreport address from configure.ac
2497
2498
2002-01-15 Werner Koch <wk@gnupg.org>
2499
2500
* import.c (gpgsm_import): Just do a basic cert check before
2501
storing it.
2502
* certpath.c (gpgsm_basic_cert_check): New.
2503
2504
* keydb.c (keydb_store_cert): New.
2505
* import.c (store_cert): Removed and change all caller to use
2506
the new function.
2507
* verify.c (store_cert): Ditto.
2508
2509
* certlist.c (gpgsm_add_to_certlist): Validate the path
2510
2511
* certpath.c (gpgsm_validate_path): Check the trust list.
2512
* call-agent.c (gpgsm_agent_istrusted): New.
2513
2514
2002-01-14 Werner Koch <wk@gnupg.org>
2515
2516
* call-dirmngr.c (inq_certificate): Changed for new interface semantic.
2517
* certlist.c (gpgsm_find_cert): New.
2518
2519
2002-01-13 Werner Koch <wk@gnupg.org>
2520
2521
* fingerprint.c (gpgsm_get_certid): Print the serial and not the
2522
hash after the dot.
2523
2524
2002-01-11 Werner Koch <wk@gnupg.org>
2525
2526
* call-dirmngr.c: New.
2527
* certpath.c (gpgsm_validate_path): Check the CRL here.
2528
* fingerprint.c (gpgsm_get_certid): New.
2529
* gpgsm.c: New options --dirmngr-program and --disable-crl-checks.
2530
2531
2002-01-10 Werner Koch <wk@gnupg.org>
2532
2533
* base64.c (gpgsm_create_writer): Allow to set the object name
2534
2535
2002-01-08 Werner Koch <wk@gnupg.org>
2536
2537
* keydb.c (spacep): Removed because it is now in util.c
2538
2539
* server.c (cmd_genkey): New.
2540
* certreqgen.c: New. The parameter handling code has been taken
2541
from gnupg/g10/keygen.c version 1.0.6.
2542
* call-agent.c (gpgsm_agent_genkey): New.
2543
2544
2002-01-02 Werner Koch <wk@gnupg.org>
2545
2546
* server.c (rc_to_assuan_status): Removed and changed all callers
2547
to use map_to_assuan_status.
2548
2549
2001-12-20 Werner Koch <wk@gnupg.org>
2550
2551
* verify.c (gpgsm_verify): Implemented non-detached signature
2552
verification. Add OUT_FP arg, initialize a writer and changed all
2553
callers.
2554
* server.c (cmd_verify): Pass an out_fp if one has been set.
2555
2556
* base64.c (base64_reader_cb): Try to detect an S/MIME body part.
2557
2558
* certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
2559
global.
2560
(print_time): Renamed to gpgsm_dump_time, made global.
2561
(gpgsm_dump_serial): Take a real S-Expression as argument and
2562
print the first item.
2563
* keylist.c (list_cert_colon): Ditto.
2564
* keydb.c (keydb_search_issuer_sn): Ditto.
2565
* decrypt.c (print_integer_sexp): Removed and made callers
2566
use gpgsm_dump_serial.
2567
* verify.c (print_time): Removed, made callers use gpgsm_dump_time.
2568
2569
2001-12-19 Marcus Brinkmann <marcus@g10code.de>
2570
2571
* call-agent.c (start_agent): Add new argument to assuan_pipe_connect.
2572
2573
2001-12-18 Werner Koch <wk@gnupg.org>
2574
2575
* verify.c (print_integer_sexp): Renamed from print_integer and
2576
print the serial number according to the S-Exp rules.
2577
* decrypt.c (print_integer_sexp): Ditto.
2578
2579
2001-12-17 Werner Koch <wk@gnupg.org>
2580
2581
* keylist.c (list_cert_colon): Changed for new return value of
2582
get_serial.
2583
* keydb.c (keydb_search_issuer_sn): Ditto.
2584
* certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp
2585
returingin functions.
2586
* fingerprint.c (gpgsm_get_keygrip): Ditto.
2587
* encrypt.c (encrypt_dek): Ditto
2588
* certcheck.c (gpgsm_check_cms_signature): Ditto
2589
* decrypt.c (prepare_decryption): Ditto.
2590
* call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen,
2591
use KsbaSexp type and calculate the length.
2592
2593
* certdump.c (print_sexp): Remaned from print_integer, changed caller.
2594
2595
* Makefile.am: Use the LIBGCRYPT and LIBKSBA variables.
2596
2597
* fingerprint.c (gpgsm_get_keygrip): Use the new
2598
gcry_pk_get_keygrip to calculate the grip - note the algorithm and
2599
therefore the grip values changed.
2600
2601
2001-12-15 Werner Koch <wk@gnupg.org>
2602
2603
* certcheck.c (gpgsm_check_cms_signature): Removed the faked-key
2604
kludge.
2605
(gpgsm_create_cms_signature): Removed the commented fake key
2606
code. This makes the function pretty simple.
2607
2608
* gpgsm.c (main): Renamed the default key database to "keyring.kbx".
2609
2610
* decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*.
2611
* sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED.
2612
2613
2001-12-14 Werner Koch <wk@gnupg.org>
2614
2615
* keylist.c (list_cert_colon): Kludge to show an email address
2616
encoded in the subject's DN.
2617
2618
* verify.c (gpgsm_verify): Add hash debug helpers
2619
* sign.c (gpgsm_sign): Ditto.
2620
2621
* base64.c (base64_reader_cb): Reset the linelen when we need to
2622
skip the line and adjusted test; I somehow forgot about DeMorgan.
2623
2624
* server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify)
2625
(cmd_import): Close the FDs on success.
2626
(close_message_fd): New.
2627
(input_notify): Setting autodetect_encoding to 0 after initializing
2628
it to 0 is pretty pointless. Easy to fix.
2629
2630
* gpgsm.c (main): New option --debug-wait n, so that it is
2631
possible to attach gdb when used in server mode.
2632
2633
* sign.c (get_default_signer): Use keydb_classify_name here.
2634
2635
2001-12-14 Marcus Brinkmann <marcus@g10code.de>
2636
2637
* call-agent.c (LINELENGTH): Removed.
2638
(gpgsm_agent_pksign): Use ASSUAN_LINELENGTH, not LINELENGTH.
2639
(gpgsm_agent_pkdecrypt): Likewise.
2640
2641
2001-12-13 Werner Koch <wk@gnupg.org>
2642
2643
* keylist.c (list_cert_colon): Print alternative names of subject
2644
and a few other values.
2645
2646
2001-12-12 Werner Koch <wk@gnupg.org>
2647
2648
* gpgsm.c (main): New options --assume-{armor,base64,binary}.
2649
* base64.c (base64_reader_cb): Fixed non-autodetection mode.
2650
2651
2001-12-04 Werner Koch <wk@gnupg.org>
2652
2653
* call-agent.c (read_from_agent): Check for inquire responses.
2654
(request_reply): Handle them using a new callback arg, changed all
2655
callers.
2656
(gpgsm_agent_pkdecrypt): New.
2657
2658
2001-11-27 Werner Koch <wk@gnupg.org>
2659
2660
* base64.c: New. Changed all other functions to use this instead
2661
of direct creation of ksba_reader/writer.
2662
* gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used.
2663
2664
2001-11-26 Werner Koch <wk@gnupg.org>
2665
2666
* gpgsm.c: New option --agent-program
2667
* call-agent.c (start_agent): Allow to override the default path
2668
to the agent.
2669
2670
* keydb.c (keydb_add_resource): Create keybox
2671
2672
* keylist.c (gpgsm_list_keys): Fixed non-server keylisting.
2673
2674
* server.c (rc_to_assuan_status): New. Use it for all commands.
2675
2676
2677
Copyright 2001, 2002, 2003, 2004, 2005, 2006,
2678
2007, 2008, 2009 Free Software Foundation, Inc.
2679
2680
This file is free software; as a special exception the author gives
2681
unlimited permission to copy and/or distribute it, with or without
2682
modifications, as long as this notice is preserved.
2683
2684
This file is distributed in the hope that it will be useful, but
2685
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
2686
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Loggerhead is a web-based interface for Breezy
Version: 2.0.1