1
2010-09-16 Werner Koch <wk@g10code.com>
3
* certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
4
(do_validate_chain): Ditto.
5
(gpgsm_basic_cert_check): Ditto.
6
* call-agent.c (learn_cb): Take care of new
7
GPG_ERR_MISSING_ISSUER_CERT.
8
* import.c (check_and_store): Ditto.
9
(check_and_store): Ditto.
11
2010-05-12 Werner Koch <wk@g10code.com>
13
* Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for
16
2010-03-12 Werner Koch <wk@g10code.com>
18
* server.c (cmd_passwd): New. From trunk.
19
(register_commands): Register it.
21
2010-02-11 Marcus Brinkmann <marcus@g10code.de>
23
From trunk 2009-09-23, 2009-11-02, 2009-11-04, 2009-11-05, 2009-11-25,
26
* call-agent.c (membuf_data_cb, default_inq_cb)
27
(inq_ciphertext_cb, scd_serialno_status_cb)
28
(scd_keypairinfo_status_cb, istrusted_status_cb)
29
(learn_status_cb, learn_cb, keyinfo_status_cb): Return gpg_error_t.
30
* gpgsm.c (main): Update to new assuan API.
31
* server.c: Include "gpgsm.h" before <assuan.h> due to check for
32
GPG_ERR_SOURCE_DEFAULT and assuan.h now including gpg-error.h.
33
* server.c (reset_notify, input_notify, output_notify): Update to
35
(option_handler, cmd_recipient, cmd_signer, cmd_encrypt)
36
(cmd_decrypt, cmd_verify, cmd_sign, cmd_import, cmd_export)
37
(cmd_delkeys, cmd_message, cmd_listkeys, cmd_dumpkeys)
38
(cmd_listsecretkeys, cmd_dumpsecretkeys, cmd_genkey)
39
(cmd_getauditlog, cmd_getinfo): Return gpg_error_t instead of int.
40
(register_commands): Use assuan_handler_t. Same for member HANDLER
41
in table. Add NULL arg to assuan_register_command. Add help arg to
42
assuan_register_command. Provide help strings for all commands.
43
(gpgsm_server): Allocate assuan context before starting server.
44
Use assuan_fd_t and assuan_fdopen on fds.
45
* call-dirmngr.c (prepare_dirmngr): Check for CTX and error before
47
(start_dirmngr_ext): Allocate assuan context before starting
48
server. Update use ofassuan_pipe_connect and assuan_socket_connect.
49
Convert posix fd to assuan fd.
50
(inq_certificate, isvalid_status_cb, lookup_cb, lookup_status_cb)
51
(run_command_cb, run_command_inq_cb, run_command_status_cb):
52
Return gpg_error_t instead of int.
54
2009-12-10 Werner Koch <wk@g10code.com>
56
* gpgsm.c: Add option --ignore-cert-extension.
57
* gpgsm.h (opt): Add field IGNORED_CERT_EXTENSIONS.
58
* certchain.c (unknown_criticals): Handle ignored extensions,
60
2009-12-03 Werner Koch <wk@g10code.com>
64
* verify.c (gpgsm_verify): Add audit info on hash algorithms.
65
* sign.c (gpgsm_sign): Add audit log calls.
66
(hash_data): Return an error indicator.
67
* decrypt.c (gpgsm_decrypt): Add audit log calls.
69
* gpgsm.c: New option --html-audit-log.
71
* certreqgen.c (proc_parameters): Change fallback key length to
73
* gpgsm.c (main) <aGpgConfList>: Add key "default_pubkey_algo".
75
2009-12-03 Werner Koch <wk@g10code.com>
77
* gpgsm.c (set_debug): Allow for numerical debug levels. Print
80
2009-10-16 Werner Koch <wk@g10code.com>
82
* gpgsm.c (DEFAULT_INCLUDE_CERTS): New.
83
(default_include_certs): Init to -2.
85
2009-08-06 Werner Koch <wk@g10code.com>
87
* sign.c (gpgsm_sign): Print INV_SNDR for a bad default key.
89
* server.c (cmd_signer): Remove unneeded case for -1. Send
90
INV_SGNR. Use new map function.
91
(cmd_recipient): Use new map function.
92
* gpgsm.c (do_add_recipient): Use new map function for INV_RECP.
93
(main): Ditto. Also send INV_SGNR.
95
2009-07-30 Werner Koch <wk@g10code.com>
97
* call-agent.c (learn_cb): Do not store as ephemeral.
99
2009-07-29 Marcus Brinkmann <marcus@g10code.com>
101
* keylist.c (print_capabilities): Print a trailing colon.
103
2009-07-23 Werner Koch <wk@g10code.com>
105
* certchain.c (is_cert_still_valid): Emit AUDIT_CRL_CHECK.
107
2009-07-07 Werner Koch <wk@g10code.com>
109
* server.c (command_has_option): New.
110
(cmd_getinfo): Add subcommand "cmd_has_option".
111
(cmd_import): Implement option --re-import.
112
* import.c (gpgsm_import): Add arg reimport_mode.
115
* gpgsm.h: Include session-env.h.
116
(opt): Add field SESSION_ENV. Remove obsolete fields.
117
* server.c (option_handler): Rewrite setting of option fields.
118
Replace strdup by xtrystrdup.
119
* gpgsm.c (set_opt_session_env): New.
120
(main): Use it for oDisplay, oTTYname, oTTYtype and oXauthority.
121
* call-agent.c (start_agent): Adjust start_new_gpg_agent for
123
* misc.c (setup_pinentry_env): Use new session_env stuff.
125
2009-07-02 Werner Koch <wk@g10code.com>
127
* certreqgen-ui.c (gpgsm_gencertreq_tty): Allow using a key from a
129
* call-agent.c (gpgsm_agent_scd_serialno)
130
(scd_serialno_status_cb, store_serialno): New.
131
(scd_keypairinfo_status_cb, gpgsm_agent_scd_keypairinfo): New.
133
2009-07-01 Werner Koch <wk@g10code.com>
135
* certreqgen-ui.c (check_keygrip): New.
136
(gpgsm_gencertreq_tty): Allow using an existing key.
138
* gpgsm.c (open_es_fread): New.
139
(main) <aKeygen>: Implement --batch mode.
141
2009-06-24 Werner Koch <wk@g10code.com>
143
* call-dirmngr.c (pattern_from_strlist): Remove dead assignment of N.
144
* sign.c (gpgsm_sign): Remove dead assignment.
145
* certreqgen.c (create_request): Assign GPG_ERR_BUG to RC.
146
Reported by Fabian Keil.
148
2009-05-27 Werner Koch <wk@g10code.com>
150
* encrypt.c (encrypt_dek): Make use of make_canon_sexp.
152
2009-05-18 Werner Koch <wk@g10code.com>
154
* server.c (option_handler): New option "no-encrypt-to".
155
(cmd_encrypt): Make use of it.
157
* gpgsm.c: Remove not implemented --verify-files.
159
2009-04-02 Werner Koch <wk@g10code.com>
161
* keylist.c (list_cert_std): Print card serial number.
163
2009-04-01 Werner Koch <wk@g10code.com>
165
* export.c (popen_protect_tool): Add command line option
166
--agent-program and pass flag bit 6.
167
* import.c (popen_protect_tool): Ditto.
169
2009-03-26 Werner Koch <wk@g10code.com>
171
* gpgsm.c (main): s/def_digest_string/forced_digest_algo/ and
172
activate the --digest-algo option.
173
* gpgsm.h (struct opt): s/def_digest_algo/forced_digest_algo/.
174
* sign.c (gpgsm_sign): Implement --digest-algo.
176
* sign.c (MAX_DIGEST_LEN): Change to 64.
178
* call-agent.c (gpgsm_agent_marktrusted): Format the issuer name.
180
2009-03-25 Werner Koch <wk@g10code.com>
182
* decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY stati.
184
* fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
187
2009-03-23 Werner Koch <wk@g10code.com>
189
* delete.c (delete_one): Also delete ephemeral certificates if
192
2009-03-20 Werner Koch <wk@g10code.com>
194
* keylist.c (list_internal_keys): Set released cert to NULL.
196
* call-agent.c (learn_status_cb): New.
197
(gpgsm_agent_learn): Use it.
198
(learn_cb): Send a progress for every certificate.
200
2009-03-18 Werner Koch <wk@g10code.com>
202
* gpgsm.h (struct opt): Move field WITH_EPHEMERAL_KEYS to struct
204
* gpgsm.c (main): Change accordingly.
205
* keylist.c (list_internal_keys): Ditto.
206
* server.c (option_handler): Add "with-ephemeral-keys".
208
2009-03-12 Werner Koch <wk@g10code.com>
210
* certdump.c (gpgsm_dump_time): Remove.
211
* certdump.c, verify.c, certchain.c
212
* gpgsm.c: s/gpgsm_dump_time/dump_isotime/.
214
2009-03-06 Werner Koch <wk@g10code.com>
216
* call-agent.c (gpgsm_agent_keyinfo, keyinfo_status_cb): New.
217
* keylist.c (list_cert_colon): Print card S/N.
219
* keylist.c (list_internal_keys): Always list ephemeral keys if
220
specified by keygrip or fingerprint.
221
(list_cert_raw): Always show ephemeral flag.
222
* export.c (gpgsm_export): Export ephemeral keys if specified by
225
2009-02-09 Werner Koch <wk@g10code.com>
227
* gpgsm.c (main): Change default cipher back to 3DES.
229
2009-01-12 Werner Koch <wk@g10code.com>
231
* keylist.c (print_utf8_extn_raw): Cast printf precision argument.
233
2009-01-08 Werner Koch <wk@g10code.com>
235
* fingerprint.c (gpgsm_get_keygrip_hexstring): Add error detection.
237
2008-12-10 Werner Koch <wk@g10code.com>
239
* gpgsm.c (our_cipher_test_algo): Use the GCRY constants as we now
241
(our_md_test_algo): Ditto. Add SHA224.
242
(main) <aGpgConfList>: Update default cipher algo.
244
2008-12-09 Werner Koch <wk@g10code.com>
246
* gpgsm.c (main): Call i18n_init before init_common_subsystems.
248
2008-12-05 Werner Koch <wk@g10code.com>
250
* certreqgen.c (create_request): Provide a custom prompt for the
253
* certdump.c (gpgsm_format_keydesc): Remove debug output.
254
(gpgsm_format_keydesc): Remove saving of errno as xfree is
255
supposed not to change it. Use the new percent_plus_escape
256
function which also fixes the issue that we did not escaped a
259
2008-11-18 Werner Koch <wk@g10code.com>
261
* gpgsm.c (make_libversion): New.
262
(my_strusage): Use new function.
263
(build_lib_list): Remove.
265
2008-11-13 Werner Koch <wk@g10code.com>
267
* gpgsm.c: Remove all unused options. Use ARGPARSE macros.
269
2008-10-28 Werner Koch <wk@g10code.com>
271
* certdump.c (gpgsm_format_keydesc): Use xtryasprintf and xfree.
272
(gpgsm_es_print_name): Factor code out to ...
273
(gpgsm_es_print_name2): New function.
274
(gpgsm_format_name2, format_name_writer): Use estream so that it
275
works on all platforms.
276
(format_name_writer): Fix reallocation bug.
278
2008-10-23 Werner Koch <wk@g10code.com>
280
* import.c (popen_protect_tool): Add arg CTRL and assure that the
281
agent is running. Pass a value for CTRL from all caller.
282
* export.c (popen_protect_tool): Ditto.
284
2008-10-21 Werner Koch <wk@g10code.com>
286
* call-dirmngr.c (inq_certificate_parm_s): Add field CTRL.
287
(gpgsm_dirmngr_isvalid): Supply a value for that field.
288
(inq_certificate): Add inquiry ISTRUSTED.
290
* call-agent.c (gpgsm_agent_istrusted): Add new optional arg
291
HEXFPR. Changed all callers.
293
2008-10-20 Werner Koch <wk@g10code.com>
295
* keydb.c (keydb_locate_writable): Mark unused arg.
296
(keydb_search_kid): Ditto.
297
(keydb_clear_some_cert_flags): Ditto.
298
* server.c (cmd_encrypt): Ditto.
299
(cmd_decrypt, cmd_verify, cmd_import, cmd_genkey): Ditto.
300
* call-agent.c (gpgsm_scd_pksign): Ditto.
301
* call-dirmngr.c (release_dirmngr, release_dirmngr2)
302
(run_command_cb): Ditto.
303
* certlist.c (gpgsm_add_cert_to_certlist): Ditto.
304
* certchain.c (find_up_dirmngr): Ditto.
305
* keylist.c (print_key_data): Ditto.
306
(list_cert_raw, list_cert_std): Ditto.
307
* qualified.c (gpgsm_is_in_qualified_list): Ditto.
309
* gpgsm.c (set_binary) [!W32]: Mark unused arg.
311
2008-10-17 Werner Koch <wk@g10code.com>
313
* call-dirmngr.c (start_dirmngr, start_dirmngr2): Reset the lock
315
(release_dirmngr, release_dirmngr2): Replace asserts by error messages.
316
(gpgsm_dirmngr_lookup): Replace assert by fatal error message.
318
2008-10-13 Werner Koch <wk@g10code.com>
320
* gpgsm.c: Add alias --delete-keys.
322
2008-09-30 Werner Koch <wk@g10code.com>
324
* server.c (cmd_getinfo): New subcommand agent-check.
325
* call-agent.c (gpgsm_agent_send_nop): New.
327
2008-09-29 Werner Koch <wk@g10code.com>
329
* certcheck.c (MY_GCRY_PK_ECDSA): Remove. Change users to
331
* gpgsm.c (MY_GCRY_PK_ECDSA): Ditto.
332
* sign.c (MY_GCRY_MD_SHA224): Remove change users to GCRY_MD_SHA224.
334
2008-09-04 Werner Koch <wk@g10code.com>
336
* certdump.c (gpgsm_format_keydesc): Work around a mingw32 bug.
338
2008-09-03 Werner Koch <wk@g10code.com>
340
* sign.c (MY_GCRY_MD_SHA224): New, so that we don't need libgcrypt
343
2008-08-13 Werner Koch <wk@g10code.com>
345
* keylist.c (list_cert_colon): Print 'f' for validated certs.
347
2008-08-08 Marcus Brinkmann <marcus@g10code.de>
349
* gpgsm.h (struct server_control_s): Remove member dirmngr_seen.
350
* call-dirmngr.c (dirmngr2_ctx, dirmngr_ctx_locked)
351
(dirmngr2_ctx_locked): New global variables.
352
(prepare_dirmngr): Don't check dirmngr_seen anymore.
353
(start_dirmngr): Move bunch of code to ...
354
(start_dirmngr_ext): ... this new function.
355
(release_dirmngr, start_dirmngr2, release_dirmngr2): New
357
(gpgsm_dirmngr_isvalid): Call release_dirmngr.
358
(gpgsm_dirmngr_lookup): Call release_dirmngr. If dirmngr_ctx is
359
locked, use dirmngr2_locked.
360
(gpgsm_dirmngr_run_command): Call release_dirmngr.
362
2008-06-25 Werner Koch <wk@g10code.com>
364
* sign.c (gpgsm_sign): Revamp the hash algorithm selection.
365
* gpgsm.h (struct certlist_s): Add field HASH_ALGO and HASH_ALGO_OID.
367
* qualified.c (gpgsm_qualified_consent): Fix double free.
369
* gpgsm.c (main): Change default cipher algo to AES.
371
* keylist.c (print_utf8_extn_raw, print_utf8_extn): New.
372
(list_cert_raw, list_cert_std): Print the TeleSec restriction
375
2008-06-23 Werner Koch <wk@g10code.com>
377
* encrypt.c (encode_session_key): Replace xmalloc by xtrymalloc.
378
Use bin2hex instead of open coding the conversion.
379
(encrypt_dek): Init S_DATA.
381
2008-06-13 Marcus Brinkmann <marcus@ulysses.g10code.com>
383
* call-dirmngr.c (prepare_dirmngr): Fix error code to ignore.
385
2008-06-12 Marcus Brinkmann <marcus@g10code.de>
387
* gpgsm.h (struct keyserver_spec): New struct.
388
(opt): Add member keyserver.
389
* gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions.
390
(main): Implement --keyserver option.
391
* call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands.
393
2008-05-20 Werner Koch <wk@g10code.com>
395
* gpgsm.c (main) <aExportSecretKeyP12>: Pass FP and not stdout to
396
the export function. Reported by Marc Mutz.
398
2008-05-06 Werner Koch <wk@g10code.com>
400
* keylist.c (list_external_keys): Ignore NOT FOUND error code.
403
2008-04-23 Werner Koch <wk@g10code.com>
405
* certchain.c (find_up): Make correct C89 code. Declare variable
406
at the top of the block. Reported by Alain Guibert.
408
2008-04-09 Werner Koch <wk@g10code.com>
410
* verify.c (gpgsm_verify): Print the message hash values on error.
412
2008-03-31 Werner Koch <wk@g10code.com>
414
* call-dirmngr.c (start_dirmngr): Use log_info instead of
415
log_error when falling back to start dirmngr.
417
2008-03-20 Werner Koch <wk@g10code.com>
419
* certlist.c (gpgsm_add_to_certlist): Always save the first
420
subject and issuer. Initialize issuer with issuer and not with
422
(same_subject_issuer): Set issuer2 to issuer and not to subject.
424
2008-03-17 Werner Koch <wk@g10code.com>
426
* certdump.c (my_funopen_hook_size_t): New.
427
(format_name_writer): Use it.
429
2008-03-13 Werner Koch <wk@g10code.com>
431
* certdump.c (gpgsm_fpr_and_name_for_status): Fix signed/unsigned
433
(gpgsm_format_keydesc): Remove superfluous test. Add expire date
436
2008-02-18 Werner Koch <wk@g10code.com>
438
* certchain.c (gpgsm_is_root_cert): Factor code out to ...
439
(is_root_cert): New. Extend test for self-issued certificates
441
(do_validate_chain, gpgsm_basic_cert_check)
442
(gpgsm_walk_cert_chain): Use it here.
444
* gpgsm.c: Add option --no-common-certs-import.
446
* certchain.c (find_up_dirmngr, find_up, do_validate_chain)
447
(check_cert_policy): Be more silent with --quiet.
449
* gpgsm.c: Add option --disable-dirmngr.
450
* gpgsm.h (opt): Add field DISABLE_DIRMNGR.
451
* call-dirmngr.c (start_dirmngr): Implement option.
453
2008-02-14 Werner Koch <wk@g10code.com>
455
* server.c (option_handler): Add option allow-pinentry-notify.
456
(gpgsm_proxy_pinentry_notify): New.
457
* call-agent.c (default_inq_cb): New.
458
(gpgsm_agent_pksign, gpgsm_scd_pksign, gpgsm_agent_readkey)
459
(gpgsm_agent_istrusted, gpgsm_agent_marktrusted)
460
(gpgsm_agent_passwd, gpgsm_agent_get_confirmation): Call it.
461
(struct cipher_parm_s, struct genkey_parm_s): Add field CTRL.
462
(inq_ciphertext_cb): Test keyword and fallback to default_inq_cb.
463
(inq_genkey_parms): Ditto.
464
(start_agent): Tell agent to send us the pinentry notifications.
466
2008-02-13 Werner Koch <wk@g10code.com>
468
* call-dirmngr.c (gpgsm_dirmngr_lookup): Add arg CACHE_ONLY.
469
* keylist.c (list_external_keys): Pass false for new arg.
470
* certchain.c (find_up_dirmngr): New.
471
(find_up): Also try to read from the dirmngr cache.
472
(find_up, find_up_external, gpgsm_walk_cert_chain)
473
(gpgsm_basic_cert_check, allowed_ca): Add arg CTRL and changed all
475
* call-agent.c (struct learn_parm_s): Add field CTRL.
476
(gpgsm_agent_learn): Set it.
478
2008-02-11 Werner Koch <wk@g10code.com>
480
* server.c (cmd_getinfo): New.
481
(gpgsm_server): Register GETINFO.
483
2008-01-29 Marcus Brinkmann <marcus@g10code.de>
485
* keylist.c (list_internal_keys): New variable lastcert. Use it
486
to suppress duplicates which immediately follow each other.
488
2008-01-27 Werner Koch <wk@g10code.com>
490
* import.c (popen_protect_tool): Set bit 7 in the flags for
491
gnupg_spawn_process so that under W32 no window appears.
492
* export.c (popen_protect_tool): Ditto.
494
2007-12-13 Werner Koch <wk@g10code.com>
496
* gpgsm.c (main): Add option --extra-digest-algo.
497
* gpgsm.h (struct): Add EXTRA_DIGEST_ALGO.
498
* verify.c (gpgsm_verify): Use it. Use the hash algorithm from
501
2007-12-11 Werner Koch <wk@g10code.com>
503
* certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED.
505
* server.c (cmd_sign, cmd_decrypt, cmd_encrypt): Start audit log.
506
(cmd_recipient): Start audit session.
508
* gpgsm.c (main): Revamp creation of the audit log.
510
* gpgsm.h (struct server_control_s): Add AGENT_SEEN and DIRMNGR_SEEN.
511
* call-agent.c (start_agent): Record an audit event.
512
* call-dirmngr.c (start_dirmngr): Ditto. Add new arg CTRL and pass
514
(prepare_dirmngr): New helper for start_dirmngr.
516
* encrypt.c (gpgsm_encrypt): Add calls to audit_log.
518
2007-12-03 Werner Koch <wk@g10code.com>
520
* gpgsm.c (main): Call gnupg_reopen_std.
522
h2007-11-22 Werner Koch <wk@g10code.com>
524
* server.c (cmd_getauditlog): New.
525
(register_commands): Register GETAUDITLOG.
527
2007-11-19 Werner Koch <wk@g10code.com>
529
* server.c (cmd_recipient, cmd_signer): Add error reason 11.
531
* gpgsm.c (main): Print a warning if --audit-log is used.
533
2007-11-15 Werner Koch <wk@g10code.com>
535
* gpgsm.h (struct): Add XAUTHORITY and PINENTRY_USER_DATA.
536
* misc.c (setup_pinentry_env): Add XAUTHORITY and PINENTRY_USER_DATA.
537
* gpgsm.c (main): New option --xauthority.
538
* call-agent.c (start_agent): Adjust for changed start_new_gpg_agent.
539
* server.c (option_handler): Ad the new options.
541
2007-11-07 Werner Koch <wk@g10code.com>
543
* gpgsm.c (main): New option --audit-log.
544
* server.c (option_handler): New option enable-audit-log.
545
(start_audit_session): New.
546
(cmd_verify): Create audit context.
547
(gpgsm_server): Release the context.
549
* gpgsm.h (struct server_control_s): Add member AUDIT, include
551
* certdump.c (gpgsm_format_sn_issuer): New.
552
* verify.c (hash_data): Return an error code.
553
(gpgsm_verify): Add calls to audit_log.
555
* gpgsm.c (get_status_string): Remove.
556
* gpgsm.h: Include status.h instead of errors.h.
558
2007-10-19 Werner Koch <wk@g10code.com>
560
* qualified.c (gpgsm_qualified_consent): Use i18N-swicth functions.
561
(gpgsm_not_qualified_warning): Ditto.
562
* certdump.c (gpgsm_format_keydesc): Ditto.
564
2007-09-14 Werner Koch <wk@g10code.com>
566
* gpgsm.c (build_lib_list): New.
567
(my_strusage): Print lib info.
569
2007-08-24 Werner Koch <wk@g10code.com>
571
* Makefile.am (common_libs): Swap libkeybox and jnlib.
573
2007-08-23 Werner Koch <wk@g10code.com>
575
* certlist.c (gpgsm_certs_identical_p): New.
576
(gpgsm_add_to_certlist): Ignore duplicate certificates in
577
ambigious name detection.
578
(gpgsm_find_cert): Ditto.
579
* export.c (gpgsm_p12_export): Ditto.
581
2007-08-22 Werner Koch <wk@g10code.com>
583
* certreqgen.c (create_request): Replace open coding by bin2hex.
585
* certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_fopenmem.
587
2007-08-21 Werner Koch <wk@g10code.com>
589
* import.c (parse_p12): Use gnupg_tmpfile.
590
* export.c (export_p12): Ditto.
592
2007-08-20 Werner Koch <wk@g10code.com>
594
* certreqgen.c (read_parameters): Change FP to an estream_t.
595
(gpgsm_genkey): Replace in_fd and in_stream by a estream_t.
596
* server.c (cmd_genkey): Adjust for that.
597
* certreqgen-ui.c (gpgsm_gencertreq_tty): Use es_open_memstream
598
instead of a temporary file.
600
2007-08-14 Werner Koch <wk@g10code.com>
602
* call-dirmngr.c (start_dirmngr): Use dirmngr_socket_name. change
603
the way infostr is xstrdupped.
605
* gpgsm.c (main) [W32]: Make --prefer-system-dirmngr a dummy under
608
2007-08-13 Werner Koch <wk@g10code.com>
610
* gpgsm.c (do_add_recipient): Add RECP_REQUIRED and make error
611
message depend on that.
612
(main): Add avriable RECP_REQUIRED, set ift for encryption
613
commands and pass it to do_add_recipient.
614
(our_pk_test_algo, our_cipher_test_algo, our_md_test_algo): Implement.
616
2007-08-09 Werner Koch <wk@g10code.com>
618
* gpgsm.c (main) [W32]: Enable CRL check by default.
619
(main): Update the default control structure after reading the
621
(gpgsm_parse_validation_model, parse_validation_model): New.
622
(main): New option --validation-model.
623
* certchain.c (gpgsm_validate_chain): Implement this option.
624
* server.c (option_handler): Ditto.
626
* certchain.c (is_cert_still_valid): Reformatted. Add arg
627
FORCE_OCSP. Changed callers to set this flag when using the chain
630
2007-08-08 Werner Koch <wk@g10code.com>
632
* certdump.c (gpgsm_print_serial): Fixed brown paper bag style bugs
633
which prefixed the output with a 3A and cut it off at a 00.
635
* keylist.c (list_cert_raw): Print the certificate ID first and
636
rename "Serial number" to "S/N".
637
(list_cert_std): Ditto.
639
2007-08-07 Werner Koch <wk@g10code.com>
641
* gpgsm.c (main): Allow a string for --faked-system-time.
643
2007-08-06 Werner Koch <wk@g10code.com>
645
Implementation of the chain model.
647
* gpgsm.h (struct rootca_flags_s): Define new members VALID and
649
* call-agent.c (gpgsm_agent_istrusted): Mark ROOTCA_FLAGS valid.
650
(istrusted_status_cb): Set CHAIN_MODEL.
651
* certchain.c (gpgsm_validate_chain): Replace LM alias by LISTMODE
653
(gpgsm_validate_chain): Factor some code out to ...
654
(check_validity_period, ask_marktrusted): .. new.
655
(check_validity_cm_basic, check_validity_cm_main): New.
656
(do_validate_chain): New with all code from gpgsm_validate_chain.
657
New arg ROOTCA_FLAGS.
658
(gpgsm_validate_chain): Provide ROOTCA_FLAGS and fallback to chain
659
model. Add RETFLAGS arg and changed all callers to pass NULL. Add
660
CHECKTIME arg and changed all callers to pass a nil value.
661
(has_validity_model_chain): New.
662
* verify.c (gpgsm_verify): Check for chain model and return as
663
part of the trust status.
665
* gpgsm.h (VALIDATE_FLAG_NO_DIRMNGR): New.
666
(VALIDATE_FLAG_NO_DIRMNGR): New.
667
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Use constant here.
669
2007-08-03 Werner Koch <wk@g10code.com>
671
* keylist.c (list_cert_colon): Avoid duplicate listing of kludge
674
* verify.c (gpgsm_verify): Make STATUS_VERIFY return the hash and
676
* certcheck.c (gpgsm_check_cms_signature): Add arg R_PKALGO.
678
2007-08-02 Werner Koch <wk@g10code.com>
680
* gpgsm.c (main): Factored GC_OPT_FLAGS out to gc-opt-flags.h.
682
2007-07-17 Werner Koch <wk@g10code.com>
684
* gpgsm.c (main): Implement --default-key.
685
(main) <gpgconf-list>: Declare --default-key and --encrypt-to.
687
2007-07-16 Werner Koch <wk@g10code.com>
689
* server.c (cmd_message): Use gnupg_fd_t to avoid dependecy on
690
newer assuan versions.
692
2007-07-12 Werner Koch <wk@g10code.com>
694
* gpgsm.c (check_special_filename): Use translate_sys2libc_fd_int
695
when passing an int value.
696
* server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_import)
697
(cmd_export, cmd_message, cmd_genkey): Translate file descriptors.
699
2007-07-05 Werner Koch <wk@g10code.com>
701
* Makefile.am (common_libs): Changed order of libs.
703
2007-07-04 Werner Koch <wk@g10code.com>
705
* certchain.c (check_cert_policy): Remove extra checks for
706
GPG_ERR_NO_VALUE. They are not needed since libksba 1.0.1.
707
* keylist.c (print_capabilities, list_cert_raw, list_cert_std): Ditto.
708
* certlist.c (cert_usage_p, cert_usage_p): Ditto.
710
2007-06-26 Werner Koch <wk@g10code.com>
712
* gpgsm.c (main): Call gnupg_rl_initialize.
713
* Makefile.am (gpgsm_LDADD): Add LIBREADLINE and libgpgrl.a.
715
2007-06-25 Werner Koch <wk@g10code.com>
717
* gpgsm.c (check_special_filename): Use translate_sys2libc_fd and
718
add new arg FOR_WRITE. Change callers to pass new arg.
720
2007-06-24 Werner Koch <wk@g10code.com>
722
* gpgsm.c (open_es_fwrite): Avoid the dup by using the new
725
2007-06-21 Werner Koch <wk@g10code.com>
727
* certreqgen-ui.c: New.
728
* gpgsm.c (main): Let --gen-key call it.
729
* certreqgen.c (gpgsm_genkey): Add optional IN_STREAM arg and
732
* gpgsm.h (ctrl_t): Remove. It is now declared in ../common/util.h.
734
* call-agent.c (start_agent): Factored almost all code out to
737
2007-06-20 Werner Koch <wk@g10code.com>
739
* call-agent.c (start_agent) [W32]: Start the agent on the fly.
741
2007-06-18 Marcus Brinkmann <marcus@g10code.de>
743
* gpgsm.c (main): Percent escape output of --gpgconf-list.
745
2007-06-14 Werner Koch <wk@g10code.com>
747
* call-agent.c (start_agent): Use gnupg_module_name.
748
* call-dirmngr.c (start_dirmngr): Ditto.
749
* export.c (export_p12): Ditto.
750
* import.c (parse_p12): Ditto.
751
* gpgsm.c (run_protect_tool): Ditto.
753
2007-06-12 Werner Koch <wk@g10code.com>
755
* gpgsm.c (main): Replace some calls by init_common_subsystems.
756
(main): Use gnupg_datadir.
757
* qualified.c (read_list): Use gnupg-datadir.
759
2007-06-11 Werner Koch <wk@g10code.com>
761
* Makefile.am (common_libs): Use libcommaonstd macr.
763
* gpgsm.c (main) [W32]: Call pth_init.
765
2007-06-06 Werner Koch <wk@g10code.com>
767
* qualified.c (gpgsm_not_qualified_warning) [!ENABLE_NLS]: Do not
769
* certdump.c (gpgsm_format_keydesc) [!ENABLE_NLS]: Do not define
771
(format_name_writer): Define only if funopen et al is available.
773
* gpgsm.c (i18n_init): Remove.
775
2007-05-29 Werner Koch <wk@g10code.com>
777
* export.c (gpgsm_p12_export): Print passphrase encoding info only
780
2007-05-18 Marcus Brinkmann <marcus@g10code.de>
782
* qualified.c (gpgsm_qualified_consent,
783
gpgsm_not_qualified_warning): Free ORIG_CODESET on error.
784
* certdump.c (gpgsm_format_keydesc): Likewise.
786
2007-05-07 Werner Koch <wk@g10code.com>
788
* certcheck.c (MY_GCRY_PK_ECDSA): New.
790
2007-04-20 Werner Koch <wk@g10code.com>
792
* gpgsm.c (main): Parameterize failed versions check messages.
794
2007-04-19 Werner Koch <wk@g10code.com>
796
* certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2
798
(get_dsa_qbits): New.
799
(pk_algo_from_sexp): A key will never contain ecdsa as algorithm,
802
2007-04-18 Werner Koch <wk@g10code.com>
804
* certcheck.c (do_encode_md): Support 160 bit ECDSA.
806
2007-04-13 Werner Koch <wk@g10code.com>
808
* call-agent.c (start_agent): Don't use log_error when using the
809
fallback hack to start the agent. This is bug 782.
811
2007-03-20 Werner Koch <wk@g10code.com>
813
* fingerprint.c (gpgsm_get_fingerprint): Add caching.
814
(gpgsm_get_fingerprint_string): Use bin2hexcolon().
815
(gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only
816
as much memory as required.
817
(gpgsm_get_keygrip_hexstring): Use bin2hex.
819
* certchain.c (gpgsm_validate_chain): Keep track of the
820
certificate chain and reset the ephemeral flags.
821
* keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK.
822
Changed caller to use a mask of ~0. Return a proper error code if
823
the certificate is not available.
825
* gpgsm.c: Add option --p12-charset.
826
* gpgsm.h (struct opt): Add p12_charset.
827
* export.c (popen_protect_tool): Use new option.
829
2007-03-19 Werner Koch <wk@g10code.com>
831
Changes to let export and key listing use estream to help systems
834
* keylist.c: Use estream in place of stdio functions.
835
* gpgsm.c (open_es_fwrite): New.
836
(main): Use it for the list commands.
837
* server.c (data_line_cookie_functions): New.
838
(data_line_cookie_write, data_line_cookie_close): New.
839
(do_listkeys): Use estream.
841
* certdump.c (gpgsm_print_serial): Changed to use estream.
842
(gpgsm_print_time): Ditto.
843
(pretty_es_print_sexp): New.
844
(gpgsm_es_print_name): New.
845
(print_dn_part): New arg STREAM. Changed all callers.
846
(print_dn_parts): Ditto.
847
* certchain.c (gpgsm_validate_chain): Changed FP to type
849
(do_list, unknown_criticals, allowed_ca, check_cert_policy)
850
(is_cert_still_valid): Ditto.
852
* export.c (gpgsm_export): New arg STREAM.
853
(do_putc, do_fputs): New.
854
(print_short_info): Allow printing to optional STREAM.
855
* server.c (cmd_export): Use stream.
856
* base64.c (do_putc, do_fputs): New.
857
(base64_writer_cb, base64_finish_write): Let them cope with an
858
alternate output function.
859
(plain_writer_cb): New.
860
(gpgsm_create_writer): New arg STREAM and call plain_writer_cb for
861
binary output to an estream. Changed call callers.
863
2007-01-31 Werner Koch <wk@g10code.com>
865
* gpgsm.c (main): Let --gen-key print a more informative error
868
2007-01-25 Werner Koch <wk@g10code.com>
870
* Makefile.am (gpgsm_LDADD): Add LIBICONV. Noted by Billy Halsey.
872
2007-01-05 Werner Koch <wk@g10code.com>
874
* certchain.c (unknown_criticals): Add subjectAltName.
876
2006-12-21 Werner Koch <wk@g10code.com>
878
* gpgsm.c: Comment mtrace feature.
880
2006-12-21 Marcus Brinkmann <marcus@g10code.de>
882
* certchain.c (gpgsm_basic_cert_check): Release SUBJECT.
884
* encrypt.c (encrypt_dek): Release S_CIPH.
886
2006-12-20 Marcus Brinkmann <marcus@g10code.de>
888
* server.c (gpgsm_server): Release CTRL->server_local.
890
* base64.c: Add new members READER and WRITER in union U2.
891
(gpgsm_create_reader): Initialise CTX->u2.reader.
892
(gpgsm_destroy_reader): Invoke ksba_reader_release. Return early
894
(gpgsm_create_writer): Initialise CTX->u2.writer.
895
(gpgsm_destroy_writer): Invoke ksba_writer_release. Return early
898
2006-12-18 Marcus Brinkmann <marcus@g10code.de>
900
* fingerprint.c (gpgsm_get_fingerprint): Close MD.
902
2006-11-24 Werner Koch <wk@g10code.com>
904
* certdump.c (parse_dn_part): Take '#' as a special character only
905
at the beginning of a string.
907
2006-11-21 Werner Koch <wk@g10code.com>
909
* certdump.c (my_funopen_hook_ret_t): New.
910
(format_name_writer): Use it for the return value.
912
2006-11-14 Werner Koch <wk@g10code.com>
914
* server.c (skip_options): Skip leading spaces.
915
(has_option): Honor "--".
916
(cmd_export): Add option --data to do an inline export. Skip all
919
* certdump.c (gpgsm_fpr_and_name_for_status): New.
920
* verify.c (gpgsm_verify): Use it to print correct status messages.
922
2006-11-11 Werner Koch <wk@g10code.com>
924
* server.c (skip_options): New.
926
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
928
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
930
2006-10-23 Werner Koch <wk@g10code.com>
932
* gpgsm.c (main): Remap common cipher algo names to their OIDs.
933
(main): New command --gpgconf-test.
935
2006-10-20 Werner Koch <wk@g10code.com>
937
* keydb.c (classify_user_id): Parse keygrip for the '&' identifier.
939
2006-10-18 Werner Koch <wk@g10code.com>
941
* keylist.c (list_cert_raw): Also test for GPG_ERR_NO_VALUE when
942
testing for GPG_ERR_NO_DATA.
943
* certlist.c (cert_usage_p, gpgsm_find_cert): Ditto.
944
* certchain.c (check_cert_policy): Ditto.
946
* keylist.c (list_cert_std, list_cert_raw): Print "none" for no
947
chain length available.
949
2006-10-17 Werner Koch <wk@g10code.com>
951
* gpgsm.c: No need for pth.h.
952
(main): or to init it. It used to be hack for W32.
954
* sign.c (gpgsm_get_default_cert): Changed to return only
955
certificates usable for signing.
957
2006-10-16 Werner Koch <wk@g10code.com>
959
* certchain.c (already_asked_marktrusted)
960
(set_already_asked_marktrusted): New.
961
(gpgsm_validate_chain) <not trusted>: Keep track of certificates
962
we already asked for.
964
2006-10-11 Werner Koch <wk@g10code.com>
966
* certreqgen.c (proc_parameters, create_request): Allow for
967
creation directly from a card.
968
* call-agent.c (gpgsm_agent_readkey): New arg FROMCARD.
969
(gpgsm_scd_pksign): New.
971
2006-10-06 Werner Koch <wk@g10code.com>
973
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
974
(gpgsm_LDADD): Ditto.
976
2006-10-05 Werner Koch <wk@g10code.com>
978
* certcheck.c (do_encode_md): Check that the has algo is valid.
980
2006-10-02 Marcus Brinkmann <marcus@g10code.de>
982
* server.c (register_commands): New commands DUMPKEYS and
984
(cmd_dumpkeys, cmd_dumpsecretkeys): New functions.
985
(option_handler): Support with-key-data option.
987
2006-09-26 Werner Koch <wk@g10code.com>
989
* certchain.c (gpgsm_validate_chain): More changes for the relax
990
feature. Use certificate reference counting instead of the old
991
explicit tests. Added a missing free.
993
2006-09-25 Werner Koch <wk@g10code.com>
995
* gpgsm.h (struct rootca_flags_s): New.
996
* call-agent.c (istrusted_status_cb): New.
997
(gpgsm_agent_istrusted): New arg ROOTCA_FLAGS.
998
* keylist.c (list_cert_colon): Use dummy for new arg.
999
* certchain.c (gpgsm_validate_chain): Make use of the relax flag
1000
for root certificates.
1001
(unknown_criticals): Ignore a GPG_ERR_NO_VALUE.
1003
2006-09-20 Werner Koch <wk@g10code.com>
1005
* gpgsm.c: Add alias command --dump-cert.
1007
* Makefile.am: Changes to allow parallel make runs.
1009
2006-09-18 Werner Koch <wk@g10code.com>
1011
* gpgsm.c (main): Use this to import standard certificates.
1012
* keydb.c (keydb_add_resource): New arg AUTO_CREATED.
1014
2006-09-14 Werner Koch <wk@g10code.com>
1016
Replaced all call gpg_error_from_errno(errno) by
1017
gpg_error_from_syserror().
1019
2006-09-13 Werner Koch <wk@g10code.com>
1021
* keylist.c (list_internal_keys): Print marker line to FP and not
1024
* gpgsm.c (main): All list key list commands now make ose of
1025
--output. Cleaned up calls to list modes. New command
1026
--dump-chain. Renamed --list-sigs to --list-chain and added an
1027
alias for the old one.
1029
* server.c (cmd_message): Changed to use assuan_command_parse_fd.
1030
(option_handler): New option list-to-output.
1031
(do_listkeys): Use it.
1033
2006-09-06 Werner Koch <wk@g10code.com>
1035
* gpgsm.h (OUT_OF_CORE): Removed and changed all callers to
1037
(CTRL): Removed and changed everywhere to ctrl_t.
1040
Replaced all Assuan error codes by libgpg-error codes. Removed
1041
all map_to_assuan_status and map_assuan_err.
1043
* gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan
1044
switch to gpg-error codes.
1045
* server.c (set_error): Adjusted.
1047
2006-08-29 Werner Koch <wk@g10code.com>
1049
* call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
1050
complete S-expressions as implemented by the current gpg-agent.
1052
* gpgsm.c (main): Implement --output for encrypt, decrypt, sign
1055
2006-07-03 Werner Koch <wk@g10code.com>
1057
* certreqgen.c (proc_parameters): Print the component label of a
1060
2006-06-26 Werner Koch <wk@g10code.com>
1062
* certdump.c (gpgsm_cert_log_name): New.
1063
* certchain.c (is_cert_still_valid): Log the name of the certificate.
1065
2006-06-20 Werner Koch <wk@g10code.com>
1067
* gpgsm.c (gpgsm_init_default_ctrl): Take care of the command line
1068
option --include-certs.
1070
* keylist.c (list_cert_raw): Print the certid.
1072
2006-05-23 Werner Koch <wk@g10code.com>
1074
* keydb.c (hextobyte): Deleted as it is now defined in jnlib.
1076
* Makefile.am (gpgsm_LDADD): Include ZLIBS.
1078
2006-05-19 Marcus Brinkmann <marcus@g10code.de>
1080
* keydb.c (keydb_insert_cert): Do not lock here, but only check if
1082
(keydb_store_cert): Lock here.
1084
* keydb.h (keydb_delete): Accept new argument UNLOCK.
1085
* keydb.c (keydb_delete): Likewise. Only unlock if this is set.
1086
* delete.c (delete_one): Add new argument to invocation of
1089
2006-05-15 Werner Koch <wk@g10code.com>
1091
* keylist.c (print_names_raw): Sanitize URI.
1093
2006-03-21 Werner Koch <wk@g10code.com>
1095
* certchain.c (get_regtp_ca_info): New.
1096
(allowed_ca): Use it.
1098
2006-03-20 Werner Koch <wk@g10code.com>
1100
* qualified.c (gpgsm_is_in_qualified_list): New optional arg COUNTRY.
1102
2006-02-17 Werner Koch <wk@g10code.com>
1104
* call-dirmngr.c (start_dirmngr): Print name of dirmngr to be started.
1106
2005-11-23 Werner Koch <wk@g10code.com>
1108
* gpgsm.h: New member QUALSIG_APPROVAL.
1109
* sign.c (gpgsm_sign): Print a warning if a certificate is not
1111
* qualified.c (gpgsm_qualified_consent): Include a note that this
1112
is not approved software.
1113
(gpgsm_not_qualified_warning): New.
1114
* gpgsm.c (main): Prepared to print a note whether the software
1117
2005-11-13 Werner Koch <wk@g10code.com>
1119
* call-agent.c (gpgsm_agent_get_confirmation): New.
1121
* keylist.c (list_cert_std): Print qualified status.
1123
* certchain.c (gpgsm_validate_chain): Check for qualified
1126
* certchain.c (gpgsm_basic_cert_check): Release keydb handle when
1127
no-chain-validation is used.
1129
2005-11-11 Werner Koch <wk@g10code.com>
1131
* keylist.c (print_capabilities): Print is_qualified status.
1133
2005-10-28 Werner Koch <wk@g10code.com>
1135
* certdump.c (pretty_print_sexp): New.
1136
(gpgsm_print_name2): Use it here. This allows proper printing of
1137
DNS names as used with server certificates.
1139
2005-10-10 Werner Koch <wk@g10code.com>
1141
* keylist.c: Add pkaAdress OID as reference.
1143
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
1145
* Makefile.am (gpgsm_LDADD): Add ../gl/libgnu.a after
1146
../common/libcommon.a.
1148
2005-09-13 Werner Koch <wk@g10code.com>
1150
* verify.c (gpgsm_verify): Print a note if the unknown algorithm
1152
* sign.c (gpgsm_sign): Ditto.
1153
* certcheck.c (gpgsm_check_cert_sig): Ditto.
1155
2005-09-08 Werner Koch <wk@g10code.com>
1157
* export.c (popen_protect_tool): Add option --have-cert. We
1158
probably lost this option with 1.9.14 due to restructuring of
1161
2005-07-21 Werner Koch <wk@g10code.com>
1163
* gpgsm.c (main): New options --no-log-file and --debug-none.
1165
* certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg
1166
to allow enumeration. Changed all callers.
1167
(create_request): Process DNS and URI parameters.
1169
2005-07-20 Werner Koch <wk@g10code.com>
1171
* keylist.c (email_kludge): Reworked.
1173
* certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf
1175
* call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto
1177
2005-07-19 Werner Koch <wk@g10code.com>
1179
* fingerprint.c (gpgsm_get_certid): Cast printf arg to unsigned.
1180
Bug accidently introduced while solving the #$%^& gcc
1181
signed/unsigned char* warnings.
1183
2005-06-15 Werner Koch <wk@g10code.com>
1185
* delete.c (delete_one): Changed FPR to unsigned.
1186
* encrypt.c (encrypt_dek): Made ENCVAL unsigned.
1187
(gpgsm_encrypt): Ditto.
1188
* sign.c (gpgsm_sign): Made SIGVAL unsigned.
1189
* base64.c (base64_reader_cb): Need to use some casting to get
1190
around signed/unsigned char* warnings.
1191
* certcheck.c (gpgsm_check_cms_signature): Ditto.
1192
(gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*.
1193
(do_encode_md): Made NFRAME a size_t.
1194
* certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning.
1195
(gpgsm_dump_serial): Ditto.
1196
(gpgsm_format_serial): Ditto.
1197
(gpgsm_dump_string): Ditto.
1198
(gpgsm_dump_cert): Ditto.
1199
(parse_dn_part): Ditto.
1200
(gpgsm_print_name2): Ditto.
1201
* keylist.c (email_kludge): Ditto.
1202
* certreqgen.c (proc_parameters, create_request): Ditto.
1203
(create_request): Ditto.
1204
* call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned.
1205
(struct cipher_parm_s): Made CIPHERTEXT unsigned.
1206
(struct genkey_parm_s): Ditto.
1207
* server.c (strcpy_escaped_plus): Made arg S signed char*.
1208
* fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned.
1209
(gpgsm_get_keygrip): Ditto.
1210
* keydb.c (keydb_insert_cert): Made DIGEST unsigned.
1211
(keydb_update_cert): Ditto.
1212
(classify_user_id): Apply cast to signed/unsigned assignment.
1215
2005-06-01 Werner Koch <wk@g10code.com>
1217
* misc.c: Include setenv.h.
1219
2005-04-21 Werner Koch <wk@g10code.com>
1221
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
1222
* certchain.c (gpgsm_validate_chain): Make use of it.
1224
* certchain.c (gpgsm_validate_chain): Check revocations even for
1225
expired certificates. This is required because on signature
1226
verification an expired key is fine whereas a revoked one is not.
1228
2005-04-20 Werner Koch <wk@g10code.com>
1230
* Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks.
1232
2005-04-19 Werner Koch <wk@g10code.com>
1234
* certchain.c (check_cert_policy): Print the diagnostic for a open
1235
failure of policies.txt only in verbose mode or when it is not
1238
2005-04-17 Werner Koch <wk@g10code.com>
1240
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
1241
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
1242
this filter. Changed all callers.
1244
* certchain.c (find_up_search_by_keyid): New helper.
1245
(find_up): Also try using the AKI.keyIdentifier.
1246
(find_up_external): Ditto.
1248
2005-04-15 Werner Koch <wk@g10code.com>
1250
* keylist.c (list_cert_raw): Print the subjectKeyIdentifier as
1251
well as the keyIdentifier part of the authorityKeyIdentifier.
1253
2005-03-31 Werner Koch <wk@g10code.com>
1255
* call-dirmngr.c (start_dirmngr): Use PATHSEP_C instead of ':'.
1256
* call-agent.c (start_agent): Ditto.
1258
2005-03-17 Werner Koch <wk@g10code.com>
1260
* certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509.
1262
* certchain.c (gpgsm_basic_cert_check): Dump certificates after a
1263
failed gcry_pk_verify.
1264
(find_up): Do an external lookup also for an authorityKeyIdentifier
1265
lookup. Factored external lookup code out to ..
1266
(find_up_external): .. new.
1268
2005-03-03 Werner Koch <wk@g10code.com>
1270
* Makefile.am (gpgsm_LDADD): Added PTH_LIBS. Noted by Kazu Yamamoto.
1272
2005-01-13 Werner Koch <wk@g10code.com>
1274
* certreqgen.c (proc_parameters): Cast printf arg.
1276
2004-12-22 Werner Koch <wk@g10code.com>
1278
* gpgsm.c (set_binary): New.
1279
(main, open_read, open_fwrite): Use it.
1281
2004-12-21 Werner Koch <wk@g10code.com>
1283
* gpgsm.c (main): Use default_homedir().
1284
(main) [W32]: Default to disabled CRL checks.
1286
2004-12-20 Werner Koch <wk@g10code.com>
1288
* call-agent.c (start_agent): Before starting a pipe server start
1289
to connect to a server on the standard socket. Use PATHSEP
1290
* call-dirmngr.c (start_dirmngr): Use PATHSEP.
1292
* import.c: Include unistd.h for dup and close.
1294
2004-12-18 Werner Koch <wk@g10code.com>
1296
* gpgsm.h (map_assuan_err): Define in terms of
1297
map_assuan_err_with_source.
1298
* call-agent.c (start_agent): Pass error source to
1299
send_pinentry_environment.
1301
2004-12-17 Werner Koch <wk@g10code.com>
1303
* call-dirmngr.c (isvalid_status_cb, lookup_status_cb)
1304
(run_command_status_cb): Return cancel status if gpgsm_status
1307
* server.c (gpgsm_status, gpgsm_status2)
1308
(gpgsm_status_with_err_code): Return an error code.
1309
(gpgsm_status2): Always call va_end().
1311
2004-12-15 Werner Koch <wk@g10code.com>
1313
* call-dirmngr.c (lookup_status_cb): Send progress messages
1315
(isvalid_status_cb): Ditto.
1316
(gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters.
1317
(gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to
1318
status callback and handle PROGRESS.
1320
* misc.c (setup_pinentry_env) [W32]: Don't use it.
1322
* gpgsm.c (main) [W32]: Init Pth because we need it for the socket
1323
operations and to resolve libassuan symbols.
1324
(run_protect_tool) [W32]: Disable it.
1326
* Makefile.am (gpgsm_LDADD): Move LIBASSUAN_LIBS more to the end.
1328
2004-12-07 Werner Koch <wk@g10code.com>
1330
* Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because
1331
under W32 we need the w32 pth code from jnlib.
1333
* misc.c (setup_pinentry_env) [W32]: Disabled.
1335
2004-12-06 Werner Koch <wk@g10code.com>
1337
* gpgsm.c (run_protect_tool) [_WIN32]: Disabled.
1339
* import.c (popen_protect_tool): Simplified by making use of
1340
gnupg_spawn_process.
1341
(parse_p12): Likewise, using gnupg_wait_process.
1342
* export.c (popen_protect_tool): Ditto.
1343
(export_p12): Ditto.
1345
* keydb.c: Don't define DIRSEP_S here.
1347
2004-12-02 Werner Koch <wk@g10code.com>
1349
* certchain.c (gpgsm_basic_cert_check): Dump certs with bad
1350
signature for debugging.
1351
(gpgsm_validate_chain): Ditto.
1353
2004-11-29 Werner Koch <wk@g10code.com>
1355
* gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and
1357
(main): Made DEBUG_LEVEL global and introduced DEBUG_VALUE. This
1358
now allows to add debug flags on top of a debug-level setting.
1360
2004-11-23 Werner Koch <wk@g10code.com>
1362
* gpgsm.c: New option --prefer-system-dirmngr.
1363
* call-dirmngr.c (start_dirmngr): Implement this option.
1365
2004-10-22 Werner Koch <wk@g10code.com>
1367
* certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate
1368
request PEM header. This is according to the Sphinx standard.
1370
2004-10-08 Moritz Schulte <moritz@g10code.com>
1372
* certchain.c (gpgsm_validate_chain): Do not use keydb_new() in
1373
case the no_chain_validation-return-short-cut is used (fixes
1376
2004-10-04 Werner Koch <wk@g10code.com>
1378
* misc.c (setup_pinentry_env): Try hard to set a default for GPG_TTY.
1380
2004-09-30 Werner Koch <wk@g10code.com>
1382
* gpgsm.c (i18n_init): Always use LC_ALL.
1384
* certdump.c (gpgsm_format_name): Factored code out to ..
1385
(gpgsm_format_name2): .. new.
1386
(gpgsm_print_name): Factored code out to ..
1387
(gpgsm_print_name2): .. new.
1388
(print_dn_part): New arg TRANSLATE. Changed all callers.
1389
(print_dn_parts): Ditto.
1390
(gpgsm_format_keydesc): Do not translate the SUBJECT; we require
1391
it to stay UTF-8 but we still want to filter out bad control
1394
* Makefile.am: Adjusted for gettext 0.14.
1396
* keylist.c (list_cert_colon): Make sure that the expired flag has
1397
a higher precedence than the invalid flag.
1399
2004-09-29 Werner Koch <wk@g10code.com>
1401
* import.c (parse_p12): Write an error status line for bad
1402
passphrases. Add new arg CTRL and changed caller.
1403
* export.c (export_p12): Likewise.
1405
2004-09-14 Werner Koch <wk@g10code.com>
1407
* certchain.c (gpgsm_validate_chain): Give expired certificates a
1408
higher error precedence and don't bother to check any CRL in that
1411
2004-08-24 Werner Koch <wk@g10code.de>
1413
* certlist.c: Fixed typo in ocsp OID.
1415
2004-08-18 Werner Koch <wk@g10code.de>
1417
* certlist.c (gpgsm_cert_use_ocsp_p): New.
1418
(cert_usage_p): Support it here.
1419
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here.
1421
2004-08-17 Marcus Brinkmann <marcus@g10code.de>
1423
* import.c: Fix typo in last change.
1425
2004-08-17 Werner Koch <wk@g10code.de>
1427
* import.c (check_and_store): Do a full validation if
1428
--with-validation is set.
1430
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
1433
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
1434
PKALGO. Changed all callers to pass it.
1435
(pk_algo_from_sexp): New.
1437
2004-08-16 Werner Koch <wk@g10code.de>
1439
* gpgsm.c: New option --fixed-passphrase.
1440
* import.c (popen_protect_tool): Pass it to the protect-tool.
1442
* server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist
1443
for encrypt-to keys.
1445
2004-08-06 Werner Koch <wk@g10code.com>
1447
* gpgsm.c: New option --with-ephemeral-keys.
1448
* keylist.c (list_internal_keys): Set it here.
1449
(list_cert_raw): And indicate those keys. Changed all our callers
1450
to pass the new arg HD through.
1452
2004-07-23 Werner Koch <wk@g10code.de>
1454
* certreqgen.c (proc_parameters): Do not allow key length below
1457
2004-07-22 Werner Koch <wk@g10code.de>
1459
* keylist.c (list_cert_raw): Print the keygrip.
1461
2004-07-20 Werner Koch <wk@gnupg.org>
1463
* certchain.c (gpgsm_validate_chain): The trust check didn't
1464
worked anymore, probably due to the changes at 2003-03-04. Fixed.
1466
2004-06-06 Werner Koch <wk@gnupg.org>
1468
* certreqgen.c (get_parameter_uint, create_request): Create
1469
an extension for key usage when requested.
1471
2004-05-12 Werner Koch <wk@gnupg.org>
1473
* gpgsm.c (main): Install emergency_cleanup also as an atexit
1476
* verify.c (gpgsm_verify): Removed the separate error code
1477
handling for KSBA. We use shared error codes anyway.
1479
* export.c (export_p12): Removed debugging code.
1481
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
1483
2004-05-11 Werner Koch <wk@gnupg.org>
1485
* sign.c (gpgsm_sign): Include the error source in the final error
1487
* decrypt.c (gpgsm_decrypt): Ditto.
1489
* fingerprint.c (gpgsm_get_key_algo_info): New.
1490
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
1491
* keylist.c (list_cert_colon): Really print the algorithm and key
1493
(list_cert_raw, list_cert_std): Ditto.
1494
(list_cert_colon): Reorganized to be able to tell whether a root
1495
certificate is trusted.
1497
* gpgsm.c: New option --debug-allow-core-dump.
1499
* gpgsm.h (opt): Add member CONFIG_FILENAME.
1500
* gpgsm.c (main): Use it here instead of the local var.
1502
* server.c (gpgsm_server): Print some additional information with
1503
the hello in verbose mode.
1505
2004-04-30 Werner Koch <wk@gnupg.org>
1507
* import.c (check_and_store): Do not update the stats for hidden
1508
imports of issuer certs.
1509
(popen_protect_tool): Request statusmessages from the protect-tool.
1510
(parse_p12): Detect status messages. Add new arg STATS and update them.
1511
(print_imported_summary): Include secret key stats.
1513
2004-04-28 Werner Koch <wk@gnupg.org>
1515
* gpgsm.c: New command --keydb-clear-some-cert-flags.
1516
* keydb.c (keydb_clear_some_cert_flags): New.
1517
(keydb_update_keyblock, keydb_set_flags): Change error code
1518
CONFLICT to NOT_LOCKED.
1520
2004-04-26 Werner Koch <wk@gnupg.org>
1522
* gpgsm.c (main) <gpgconf>: Do not use /dev/null as default config
1525
* call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)
1526
(gpgsm_agent_genkey, gpgsm_agent_istrusted)
1527
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
1528
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
1529
(start_agent): New arg CTRL. Send progress item when starting a
1531
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
1532
CTRL to be passed down to the agent function.
1533
* decrypt.c (prepare_decryption): Ditto.
1534
* certreqgen.c (proc_parameters, read_parameters): Ditto.
1535
* certcheck.c (gpgsm_create_cms_signature): Ditto.
1537
2004-04-23 Werner Koch <wk@gnupg.org>
1539
* keydb.c (keydb_add_resource): Try to compress the file on init.
1541
* keylist.c (oidtranstbl): New. OIDs collected from several sources.
1542
(print_name_raw, print_names_raw, list_cert_raw): New.
1543
(gpgsm_list_keys): Check the dump mode and pass it down as
1546
2004-04-22 Werner Koch <wk@gnupg.org>
1548
* gpgsm.c (main): New commands --dump-keys, --dump-external-keys,
1551
2004-04-13 Werner Koch <wk@gnupg.org>
1553
* misc.c (setup_pinentry_env): New.
1554
* import.c (popen_protect_tool): Call it.
1555
* export.c (popen_protect_tool): Call it.
1557
2004-04-08 Werner Koch <wk@gnupg.org>
1559
* decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a
1562
2004-04-07 Werner Koch <wk@gnupg.org>
1564
* gpgsm.c: New option --force-crl-refresh.
1565
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr.
1567
2004-04-05 Werner Koch <wk@gnupg.org>
1569
* server.c (get_status_string): Add STATUS_NEWSIG.
1570
* verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.
1572
* certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
1573
not just warn if a cert is not suitable; bail out immediately.
1575
2004-04-01 Werner Koch <wk@gnupg.org>
1577
* call-dirmngr.c (isvalid_status_cb): New.
1578
(unhexify_fpr): New. Taken from ../g10/call-agent.c
1579
(gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
1580
it thru. Detect need to check the respondert cert and do that.
1581
* certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed
1584
2004-03-24 Werner Koch <wk@gnupg.org>
1586
* sign.c (gpgsm_sign): Include a short list of capabilities.
1588
2004-03-17 Werner Koch <wk@gnupg.org>
1590
* gpgsm.c (main) <gpgconf>: Fixed default value quoting.
1592
2004-03-16 Werner Koch <wk@gnupg.org>
1594
* gpgsm.c (main): Implemented --gpgconf-list.
1596
2004-03-15 Werner Koch <wk@gnupg.org>
1598
* keylist.c (list_cert_colon): Hack to set the expired flag.
1600
2004-03-09 Werner Koch <wk@gnupg.org>
1602
* gpgsm.c (main): Correctly intitialze USE_OCSP flag.
1604
* keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/
1606
2004-03-04 Werner Koch <wk@gnupg.org>
1608
* call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT.
1610
* certchain.c (is_cert_still_valid): New. Code moved from ...
1611
(gpgsm_validate_chain): ... here because we now need to check at
1612
two places and at a later stage, so that we can pass the issuer
1613
cert down to the dirmngr.
1615
2004-03-03 Werner Koch <wk@gnupg.org>
1617
* call-agent.c (start_agent): Replaced pinentry setup code by a
1618
call to a new common function.
1620
* certdump.c (gpgsm_format_keydesc): Make sure the string is
1623
* export.c (gpgsm_export): Make sure that we don't export more
1624
than one certificate.
1626
2004-03-02 Werner Koch <wk@gnupg.org>
1628
* export.c (create_duptable, destroy_duptable)
1629
(insert_duptable): New.
1630
(gpgsm_export): Avoid duplicates.
1632
2004-02-26 Werner Koch <wk@gnupg.org>
1634
* certchain.c (compare_certs): New.
1635
(gpgsm_validate_chain): Fixed infinite certificate checks after
1638
2004-02-24 Werner Koch <wk@gnupg.org>
1640
* keylist.c (list_cert_colon): Print the fingerprint as the
1641
cert-id for root certificates.
1643
2004-02-21 Werner Koch <wk@gnupg.org>
1645
* keylist.c (list_internal_keys): Return error codes.
1646
(list_external_keys, gpgsm_list_keys): Ditto.
1647
* server.c (do_listkeys): Ditto.
1649
* gpgsm.c (main): Display a key description for --passwd.
1650
* call-agent.c (gpgsm_agent_passwd): New arg DESC.
1652
2004-02-20 Werner Koch <wk@gnupg.org>
1654
* gpgsm.c (main): New option --debug-ignore-expiration.
1655
* certchain.c (gpgsm_validate_chain): Use it here.
1657
* certlist.c (cert_usage_p): Apply extKeyUsage.
1659
2004-02-19 Werner Koch <wk@gnupg.org>
1661
* export.c (export_p12, popen_protect_tool)
1662
(gpgsm_p12_export): New.
1663
* gpgsm.c (main): New command --export-secret-key-p12.
1665
2004-02-18 Werner Koch <wk@gnupg.org>
1667
* gpgsm.c (set_debug): Set the new --debug-level flags.
1668
(main): New option --gpgconf-list.
1669
(main): Do not setup -u and -r keys when not required.
1670
(main): Setup the used character set.
1672
* keydb.c (keydb_add_resource): Print a hint to start the
1675
2004-02-17 Werner Koch <wk@gnupg.org>
1677
* gpgsm.c: Fixed value parsing for --with-validation.
1678
* call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO.
1679
* call-dirmngr.c (start_dirmngr): Likewise for DIRMNGR_INFO.
1681
* gpgsm.c: New option --with-md5-fingerprint.
1682
* keylist.c (list_cert_std): Print MD5 fpr.
1684
* gpgsm.c: New options --with-validation.
1685
* server.c (option_handler): New option "with-validation".
1686
* keylist.c (list_cert_std, list_internal_keys): New args CTRL and
1687
WITH_VALIDATION. Changed callers to set it.
1688
(list_external_cb, list_external_keys): Pass CTRL to the callback.
1689
(list_cert_colon): Add arg CTRL. Check validation if requested.
1690
* certchain.c (unknown_criticals, allowed_ca, check_cert_policy)
1691
(gpgsm_validate_chain): New args LISTMODE and FP.
1692
(do_list): New helper for info output.
1693
(find_up): New arg FIND_NEXT.
1694
(gpgsm_validate_chain): After a bad signature try again with other
1697
* import.c (print_imported_status): New arg NEW_CERT. Print
1698
additional STATUS_IMPORT_OK becuase that is what gpgme expects.
1699
(check_and_store): Always call above function after import.
1700
* server.c (get_status_string): Added STATUS_IMPORT_OK.
1702
2004-02-13 Werner Koch <wk@gnupg.org>
1704
* certcheck.c (gpgsm_create_cms_signature): Format a description
1705
for use by the pinentry.
1706
* decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
1707
* certdump.c (format_name_cookie, format_name_writer)
1708
(gpgsm_format_name): New.
1709
(gpgsm_format_serial): New.
1710
(gpgsm_format_keydesc): New.
1711
* call-agent.c (gpgsm_agent_pksign): New arg DESC.
1712
(gpgsm_agent_pkdecrypt): Ditto.
1714
* encrypt.c (init_dek): Check for too weak algorithms.
1716
* import.c (parse_p12, popen_protect_tool): New.
1718
* base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
1719
Changed all callers.
1720
(base64_reader_cb): Handle it here.
1721
(gpgsm_reader_eof_seen): New.
1722
(base64_reader_cb): Set a flag for EOF.
1723
(simple_reader_cb): Ditto.
1725
2004-02-12 Werner Koch <wk@gnupg.org>
1727
* gpgsm.h, gpgsm.c: New option --protect-tool-program.
1728
* gpgsm.c (run_protect_tool): Use it.
1730
2004-02-11 Werner Koch <wk@gnupg.org>
1732
* Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this
1733
will allow to override directory names at make time.
1735
2004-02-02 Werner Koch <wk@gnupg.org>
1737
* import.c (check_and_store): Import certificates even with
1738
missing issuer's cert. Fixed an "depending on the verbose
1741
* certchain.c (gpgsm_validate_chain): Mark revoked certs in the
1744
* keylist.c (list_cert_colon): New arg VALIDITY; use it to print a
1746
(list_internal_keys): Retrieve validity flag.
1747
(list_external_cb): Pass 0 as validity flag.
1748
* keydb.c (keydb_get_flags, keydb_set_flags): New.
1749
(keydb_set_cert_flags): New.
1750
(lock_all): Return a proper error code.
1752
(keydb_delete): Don't lock but check that it has been locked.
1753
(keydb_update_keyblock): Ditto.
1754
* delete.c (delete_one): Take a lock.
1756
2004-01-30 Werner Koch <wk@gnupg.org>
1758
* certchain.c (check_cert_policy): Fixed read error checking.
1759
(check_cert_policy): With no critical policies issue only a
1760
warning if the policy file does not exists.
1762
* sign.c (add_certificate_list): Decrement N for the first cert.
1764
2004-01-29 Werner Koch <wk@gnupg.org>
1766
* certdump.c (parse_dn_part): Map common OIDs to human readable
1767
labels. Make sure that a value won't get truncated if it includes
1770
2004-01-28 Werner Koch <wk@gnupg.org>
1772
* certchain.c (gpgsm_validate_chain): Changed the message printed
1773
for an untrusted root certificate.
1775
2004-01-27 Werner Koch <wk@gnupg.org>
1777
* certdump.c (parse_dn_part): Pretty print the nameDistinguisher OID.
1778
(print_dn_part): Do not delimit multiple RDN by " + ". Handle
1779
multi-valued RDNs in a special way, i.e. in the order specified by
1781
(print_dn_parts): Simplified.
1783
2004-01-16 Werner Koch <wk@gnupg.org>
1785
* sign.c (gpgsm_sign): Print an error message on all failures.
1786
* decrypt.c (gpgsm_decrypt): Ditto.
1788
2003-12-17 Werner Koch <wk@gnupg.org>
1790
* server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
1791
(cmd_encrypt): Add all enrypt-to marked certs to the list.
1792
* encrypt.c (gpgsm_encrypt): Check that real recipients are
1794
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
1795
options work. Pass the list of recients to gpgsm_server.
1796
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
1797
(opt): Add NO_ENCRYPT_TO.
1798
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
1799
Changed all callers and ignore duplicate entries.
1800
(is_cert_in_certlist): New.
1801
(gpgsm_add_cert_to_certlist): New.
1803
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
1804
(gpgsm_dump_serial): Ditto.
1806
* decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
1808
2003-12-16 Werner Koch <wk@gnupg.org>
1810
* gpgsm.c (main): Set the prefixes for assuan logging.
1812
* sign.c (gpgsm_sign): Add validation checks for the default
1815
* gpgsm.c: Add -k as alias for --list-keys and -K for
1818
2003-12-15 Werner Koch <wk@gnupg.org>
1820
* encrypt.c (init_dek): Use gry_create_nonce for the IV; there is
1821
not need for real strong random here and it even better protect
1822
the random bits used for the key.
1824
2003-12-01 Werner Koch <wk@gnupg.org>
1826
* gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
1827
(gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
1828
* certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
1829
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
1830
proceed accordingly.
1832
2003-11-19 Werner Koch <wk@gnupg.org>
1834
* verify.c (gpgsm_verify): Use "0" instead of an empty string for
1835
the VALIDSIG status.
1837
2003-11-18 Werner Koch <wk@gnupg.org>
1839
* verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info.
1841
* certchain.c (unknown_criticals): Fixed an error code test.
1843
2003-11-12 Werner Koch <wk@gnupg.org>
1845
Adjusted for API changes in Libksba.
1847
2003-10-31 Werner Koch <wk@gnupg.org>
1849
* certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
1850
* verify.c (strtimestamp_r, gpgsm_verify): Ditto.
1851
* sign.c (gpgsm_sign): Ditto.
1852
* keylist.c (print_time, list_cert_std, list_cert_colon): Ditto.
1853
* certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):
1856
2003-10-25 Werner Koch <wk@gnupg.org>
1858
* certreqgen.c (read_parameters): Fixed faulty of !spacep().
1860
2003-08-20 Marcus Brinkmann <marcus@g10code.de>
1862
* encrypt.c (encode_session_key): Allocate enough space. Cast key
1863
byte to unsigned char to prevent sign extension.
1864
(encrypt_dek): Check return value before error.
1866
2003-08-14 Timo Schulz <twoaday@freakmail.de>
1868
* encrypt.c (encode_session_key): Use new Libgcrypt interface.
1870
2003-07-31 Werner Koch <wk@gnupg.org>
1872
* Makefile.am (gpgsm_LDADD): Added INTLLIBS.
1874
2003-07-29 Werner Koch <wk@gnupg.org>
1876
* gpgsm.c (main): Add secmem features and set the random seed file.
1877
(gpgsm_exit): Update the random seed file and enable debug output.
1879
2003-07-27 Werner Koch <wk@gnupg.org>
1881
Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
1883
2003-06-24 Werner Koch <wk@gnupg.org>
1885
* server.c (gpgsm_status_with_err_code): New.
1886
* verify.c (gpgsm_verify): Use it here instead of the old
1889
* verify.c (strtimestamp): Renamed to strtimestamp_r
1891
Adjusted for changes in the libgcrypt API. Some more fixes for the
1894
2003-06-04 Werner Koch <wk@gnupg.org>
1896
* call-agent.c (init_membuf,put_membuf,get_membuf): Removed.
1897
Include new membuf header and changed used type.
1899
Renamed error codes from INVALID to INV and removed _ERROR suffixes.
1901
2003-06-03 Werner Koch <wk@gnupg.org>
1903
Changed all error codes in all files to the new libgpg-error scheme.
1905
* gpgsm.h: Include gpg-error.h .
1906
* Makefile.am: Link with libgpg-error.
1908
2003-04-29 Werner Koch <wk@gnupg.org>
1910
* Makefile.am: Use libassuan. Don't override LDFLAGS anymore.
1911
* server.c (register_commands): Adjust for new Assuan semantics.
1913
2002-12-03 Werner Koch <wk@gnupg.org>
1915
* call-agent.c (gpgsm_agent_passwd): New.
1916
* gpgsm.c (main): New command --passwd and --call-protect-tool
1917
(run_protect_tool): New.
1919
2002-11-25 Werner Koch <wk@gnupg.org>
1921
* verify.c (gpgsm_verify): Handle content-type attribute.
1923
2002-11-13 Werner Koch <wk@gnupg.org>
1925
* call-agent.c (start_agent): Try to use $GPG_TTY instead of
1926
ttyname. Changed ttyname to test stdin becuase it can be assumed
1927
that output redirection is more common that input redirection.
1929
2002-11-12 Werner Koch <wk@gnupg.org>
1931
* gpgsm.c: New command --call-dirmngr.
1932
* call-dirmngr.c (gpgsm_dirmngr_run_command)
1933
(run_command_inq_cb,run_command_cb)
1934
(run_command_status_cb): New.
1936
2002-11-11 Werner Koch <wk@gnupg.org>
1938
* certcheck.c (gpgsm_check_cms_signature): Don't double free
1939
s_sig but free s_pkey at leave.
1941
2002-11-10 Werner Koch <wk@gnupg.org>
1943
* gpgsm.c: Removed duplicate --list-secret-key entry.
1945
2002-09-19 Werner Koch <wk@gnupg.org>
1947
* certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging.
1949
* certchain.c (find_up): Print info when the cert was not found
1950
by the autorithyKeyIdentifier.
1952
2002-09-03 Werner Koch <wk@gnupg.org>
1954
* gpgsm.c (main): Disable the internal libgcrypt locking.
1956
2002-08-21 Werner Koch <wk@gnupg.org>
1958
* import.c (print_imported_summary): Cleaned up. Print new
1960
(check_and_store): Update non_imported counter.
1961
(print_import_problem): New.
1962
(check_and_store): Print error status message.
1963
* server.c (get_status_string): Added STATUS_IMPORT_PROBLEM.
1965
2002-08-20 Werner Koch <wk@gnupg.org>
1967
* gpgsm.c (main): Use the log file only in server mode.
1969
* import.c (print_imported_summary): New.
1970
(check_and_store): Update the counters, take new argument.
1971
(import_one): Factored out core of gpgsm_import.
1972
(gpgsm_import): Print counters.
1973
(gpgsm_import_files): New.
1974
* gpgsm.c (main): Use the new function for import.
1976
2002-08-19 Werner Koch <wk@gnupg.org>
1978
* decrypt.c (gpgsm_decrypt): Return a better error status token.
1979
* verify.c (gpgsm_verify): Don't error on messages with no signing
1980
time or no message digest. This is only the case for messages
1981
without any signed attributes.
1983
2002-08-16 Werner Koch <wk@gnupg.org>
1985
* certpath.c: Renamed to ..
1986
* certchain.c: this. Renamed all all other usages of "path" in the
1987
context of certificates to "chain".
1989
* call-agent.c (learn_cb): Special treatment when the issuer
1990
certificate is missing.
1992
2002-08-10 Werner Koch <wk@gnupg.org>
1994
* Makefile.am (INCLUDES): Add definition for localedir.
1996
* keylist.c (list_cert_colon): Print the short fingerprint in the
1998
* fingerprint.c (gpgsm_get_short_fingerprint): New.
1999
* verify.c (gpgsm_verify): Print more verbose info for a good
2002
2002-08-09 Werner Koch <wk@gnupg.org>
2004
* decrypt.c (prepare_decryption): Hack to detected already
2007
* gpgsm.c (emergency_cleanup): New.
2008
(main): Initialize the signal handler.
2010
* sign.c (gpgsm_sign): Reset the hash context for subsequent
2011
signers and release it at the end.
2013
2002-08-05 Werner Koch <wk@gnupg.org>
2015
* server.c (cmd_signer): New command "SIGNER"
2016
(register_commands): Register it.
2017
(cmd_sign): Pass the signer list to gpgsm_sign.
2018
* certlist.c (gpgsm_add_to_certlist): Add SECRET argument, check
2019
for secret key if set and changed all callers.
2020
* sign.c (gpgsm_sign): New argument SIGNERLIST and implemt
2022
* gpgsm.c (main): Support more than one -u.
2024
* server.c (cmd_recipient): Return reason code 1 for No_Public_Key
2025
which is actually what gets returned from add_to_certlist.
2027
2002-07-26 Werner Koch <wk@gnupg.org>
2029
* certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup.
2030
(gpgsm_check_cms_signature): Ditto.
2032
2002-07-22 Werner Koch <wk@gnupg.org>
2034
* keydb.c (keydb_add_resource): Register a lock file.
2035
(lock_all, unlock_all): Implemented.
2038
* gpgsm.c: Made --delete-key work.
2039
* server.c (cmd_delkeys): New.
2040
(register_commands): New command DELKEYS.
2042
* decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is
2043
used and a STATUS_ERROR with the algorithm oid.
2045
2002-07-03 Werner Koch <wk@gnupg.org>
2047
* server.c (gpgsm_status2): Insert a blank between all optional
2048
arguments when using assuan.
2049
* server.c (cmd_recipient): No more need for extra blank in constants.
2050
* import.c (print_imported_status): Ditto.
2051
* gpgsm.c (main): Ditto.
2053
2002-07-02 Werner Koch <wk@gnupg.org>
2055
* verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with
2058
* certpath.c (check_cert_policy): Don't use log_error to print a
2061
* keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
2063
* call-agent.c (learn_cb): Print info message only for real imports.
2065
* import.c (gpgsm_import): Moved duplicated code to ...
2066
(check_and_store): new function. Added magic to import the entire
2067
chain. Print status only for real imports and moved printing code
2069
(print_imported_status): New.
2071
* call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr
2072
call in very verbose mode.
2074
* gpgsm.c (main): Use the same error codes for STATUS_INV_RECP as
2075
with the server mode.
2077
2002-06-29 Werner Koch <wk@gnupg.org>
2079
* gpgsm.c: New option --auto-issuer-key-retrieve.
2080
* certpath.c (find_up): Try to retrieve an issuer key from an
2081
external source and from the ephemeral key DB.
2082
(find_up_store_certs_cb): New.
2084
* keydb.c (keydb_set_ephemeral): Does now return the old
2085
state. Call the backend only when required.
2087
* call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
2088
(lookup_status_cb): Issue status only when CTRL is not NULL.
2089
(gpgsm_dirmngr_lookup): Document that CTRL is optional.
2091
* call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
2093
2002-06-28 Werner Koch <wk@gnupg.org>
2095
* server.c (cmd_recipient): Add more reason codes.
2097
2002-06-27 Werner Koch <wk@gnupg.org>
2099
* certpath.c (gpgsm_basic_cert_check): Use
2100
--debug-no-path-validation to also bypass this basic check.
2102
* gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
2104
* call-agent.c (start_agent): Create and pass the list of FD to
2105
keep in the child to assuan.
2106
* call-dirmngr.c (start_dirmngr): Ditto.
2108
2002-06-26 Werner Koch <wk@gnupg.org>
2110
* import.c (gpgsm_import): Print an STATUS_IMPORTED.
2112
* gpgsm.c: --debug-no-path-validation does not take an argument.
2114
2002-06-25 Werner Koch <wk@gnupg.org>
2116
* certdump.c (print_dn_part): Always print a leading slash,
2117
removed NEED_DELIM arg and changed caller.
2119
* export.c (gpgsm_export): Print LFs to FP and not stdout.
2120
(print_short_info): Ditto. Make use of gpgsm_print_name.
2122
* server.c (cmd_export): Use output-fd instead of data lines; this
2123
was actually the specified way.
2125
2002-06-24 Werner Koch <wk@gnupg.org>
2127
* gpgsm.c: Removed duped help entry for --list-keys.
2129
* gpgsm.c, gpgsm.h: New option --debug-no-path-validation.
2131
* certpath.c (gpgsm_validate_path): Use it here instead of the
2134
* certpath.c (check_cert_policy): Return No_Policy_Match if the
2135
policy file could not be opened.
2137
2002-06-20 Werner Koch <wk@gnupg.org>
2139
* certlist.c (gpgsm_add_to_certlist): Fixed locating of a
2140
certificate with the required key usage.
2142
* gpgsm.c (main): Fixed a segv when using --outfile without an
2145
* keylist.c (print_capabilities): Also check for non-repudiation
2146
and data encipherment.
2147
* certlist.c (cert_usage_p): Test for signing and encryption was
2148
swapped. Add a case for certification usage, handle
2149
non-repudiation and data encipherment.
2150
(gpgsm_cert_use_cert_p): New.
2151
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
2153
* certpath.c (gpgsm_validate_path): Use it here to print a status
2154
message. Added a CTRL argument and changed all callers to pass it.
2155
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
2157
* verify.c (gpgsm_verify): Ditto.
2158
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2160
2002-06-19 Werner Koch <wk@gnupg.org>
2162
* call-agent.c (learn_cb): Use log_info instead of log_error on
2165
* keydb.c (keydb_set_ephemeral): New.
2166
(keydb_store_cert): New are ephemeral, changed all callers.
2167
* keylist.c (list_external_cb): Store cert as ephemeral.
2168
* export.c (gpgsm_export): Kludge to export epehmeral certificates.
2170
* gpgsm.c (main): New command --list-external-keys.
2172
2002-06-17 Werner Koch <wk@gnupg.org>
2174
* certreqgen.c (read_parameters): Improved error handling.
2175
(gpgsm_genkey): Print error message.
2177
2002-06-13 Werner Koch <wk@gnupg.org>
2179
* gpgsm.c (main): New option --log-file.
2181
2002-06-12 Werner Koch <wk@gnupg.org>
2183
* call-dirmngr.c (lookup_status_cb): New.
2184
(gpgsm_dirmngr_lookup): Use the status CB. Add new arg CTRL and
2185
changed caller to pass it.
2187
* gpgsm.c (open_fwrite): New.
2188
(main): Allow --output for --verify.
2190
* sign.c (hash_and_copy_data): New.
2191
(gpgsm_sign): Implemented normal (non-detached) signatures.
2192
* gpgsm.c (main): Ditto.
2194
* certpath.c (gpgsm_validate_path): Special error handling for
2197
2002-06-10 Werner Koch <wk@gnupg.org>
2199
* server.c (get_status_string): Add STATUS_ERROR.
2201
* certpath.c (gpgsm_validate_path): Tweaked the error checking to
2202
return error codes in a more sensitive way.
2203
* verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad
2204
CA certificate and when the certificate has been revoked. Issue
2205
TRUST_FULLY even when the cert has expired. Append an error token
2206
to these status lines. Issue the new generic error status when a
2207
cert was not found and when leaving the function.
2209
2002-06-04 Werner Koch <wk@gnupg.org>
2211
* gpgsm.c (main): New command --list-sigs
2212
* keylist.c (list_cert_std): New. Use it whenever colon mode is
2214
(list_cert_chain): New.
2216
2002-05-31 Werner Koch <wk@gnupg.org>
2218
* gpgsm.c (main): Don't print the "go ahead" message for an
2221
2002-05-23 Werner Koch <wk@gnupg.org>
2223
* import.c (gpgsm_import): Add error messages.
2225
2002-05-21 Werner Koch <wk@gnupg.org>
2227
* keylist.c (list_internal_keys): Renamed from gpgsm_list_keys.
2228
(list_external_keys): New.
2229
(gpgsm_list_keys): Dispatcher for above.
2230
* call-dirmngr.c (lookup_cb,pattern_from_strlist)
2231
(gpgsm_dirmngr_lookup): New.
2232
* server.c (option_handler): Handle new option --list-mode.
2233
(do_listkeys): Handle options and actually use the mode argument.
2234
(get_status_string): New code TRUNCATED.
2236
* import.c (gpgsm_import): Try to identify the type of input and
2237
handle certs-only messages.
2239
2002-05-14 Werner Koch <wk@gnupg.org>
2241
* gpgsm.c: New option --faked-system-time
2242
* sign.c (gpgsm_sign): And use it here.
2243
* certpath.c (gpgsm_validate_path): Ditto.
2245
2002-05-03 Werner Koch <wk@gnupg.org>
2247
* certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
2249
* verify.c (gpgsm_verify): Tweaked usage of log_debug and
2250
log_error. Return EXPSIG status and add expiretime to VALIDSIG.
2252
2002-04-26 Werner Koch <wk@gnupg.org>
2254
* gpgsm.h (DBG_AGENT,DBG_AGENT_VALUE): Replaced by DBG_ASSUAN_*.
2257
* call-agent.c (start_agent): Be more silent without -v.
2258
* call-dirmngr.c (start_dirmngr): Ditto.
2260
2002-04-25 Werner Koch <wk@gnupg.org>
2262
* call-agent.c (start_agent): Make copies of old locales and check
2265
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
2267
* call-agent.c (start_agent): Fix error handling logic so the
2268
locale is always correctly reset.
2270
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
2272
* server.c (option_handler): Accept display, ttyname, ttytype,
2273
lc_ctype and lc_messages options.
2274
* gpgsm.c (main): Allocate memory for these options.
2275
* gpgsm.h (struct opt): Make corresponding members non-const.
2277
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
2279
* gpgsm.h (struct opt): New members display, ttyname, ttytype,
2280
lc_ctype, lc_messages.
2281
* gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
2282
oTTYname, oTTYtype, oLCctype, oLCmessages.
2283
(opts): New entries for these options.
2284
(main): Handle these new options.
2285
* call-agent.c (start_agent): Set the various display and tty
2286
parameter after resetting.
2288
2002-04-18 Werner Koch <wk@gnupg.org>
2290
* certreqgen.c (gpgsm_genkey): Write status output on success.
2292
2002-04-15 Werner Koch <wk@gnupg.org>
2294
* gpgsm.c (main): Check ksba version.
2296
* certpath.c (find_up): New to use the authorithKeyIdentifier.
2297
Use it in all other functions to locate the signing cert..
2299
2002-04-11 Werner Koch <wk@gnupg.org>
2301
* certlist.c (cert_usable_p): New.
2302
(gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
2303
(gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
2304
(gpgsm_add_to_certlist): Check the key usage.
2305
* sign.c (gpgsm_sign): Ditto.
2306
* verify.c (gpgsm_verify): Print a message wehn an unsuitable
2307
certificate was used.
2308
* decrypt.c (gpgsm_decrypt): Ditto
2309
* keylist.c (print_capabilities): Determine values from the cert.
2311
2002-03-28 Werner Koch <wk@gnupg.org>
2313
* keylist.c (list_cert_colon): Fixed listing of crt record; the
2314
issuer is not at the right place. Print a chainingID.
2315
* certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on
2318
2002-03-21 Werner Koch <wk@gnupg.org>
2321
* gpgsm.c: Add command --export.
2322
* server.c (cmd_export): New.
2324
2002-03-13 Werner Koch <wk@gnupg.org>
2326
* decrypt.c (gpgsm_decrypt): Allow multiple recipients.
2328
2002-03-12 Werner Koch <wk@gnupg.org>
2330
* certpath.c (check_cert_policy): Print the policy list.
2332
* verify.c (gpgsm_verify): Detect certs-only message.
2334
2002-03-11 Werner Koch <wk@gnupg.org>
2336
* import.c (gpgsm_import): Print a notice about imported certificates
2337
when in verbose mode.
2339
* gpgsm.c (main): Print INV_RECP status.
2340
* server.c (cmd_recipient): Ditto.
2342
* server.c (gpgsm_status2): New. Allows for a list of strings.
2343
(gpgsm_status): Divert to gpgsm_status2.
2345
* encrypt.c (gpgsm_encrypt): Don't use a default key when no
2346
recipients are given. Print a NO_RECP status.
2348
2002-03-06 Werner Koch <wk@gnupg.org>
2350
* server.c (cmd_listkeys, cmd_listsecretkeys): Divert to
2351
(do_listkeys): new. Add pattern parsing.
2353
* keylist.c (gpgsm_list_keys): Handle selection pattern.
2355
* gpgsm.c: New command --learn-card
2356
* call-agent.c (learn_cb,gpgsm_agent_learn): New.
2358
* gpgsm.c (main): Print error messages for non-implemented commands.
2360
* base64.c (base64_reader_cb): Use case insensitive compare of the
2361
Content-Type string to detect plain base-64.
2363
2002-03-05 Werner Koch <wk@gnupg.org>
2365
* gpgsm.c, gpgsm.h: Add local_user.
2366
* sign.c (gpgsm_get_default_cert): New.
2367
(get_default_signer): Use the new function if local_user is not
2368
set otherwise used that value.
2369
* encrypt.c (get_default_recipient): Removed.
2370
(gpgsm_encrypt): Use gpgsm_get_default_cert.
2372
* verify.c (gpgsm_verify): Better error text for a bad signature
2373
found by comparing the hashs.
2375
2002-02-27 Werner Koch <wk@gnupg.org>
2377
* call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses
2380
2002-02-25 Werner Koch <wk@gnupg.org>
2382
* server.c (option_handler): Allow to use -2 for "send all certs
2383
except the root cert".
2384
* sign.c (add_certificate_list): Implement it here.
2385
* certpath.c (gpgsm_is_root_cert): New.
2387
2002-02-19 Werner Koch <wk@gnupg.org>
2389
* certpath.c (check_cert_policy): New.
2390
(gpgsm_validate_path): And call it from here.
2391
* gpgsm.c (main): New options --policy-file,
2392
--disable-policy-checks and --enable-policy-checks.
2393
* gpgsm.h (opt): Added policy_file, no_policy_checks.
2395
2002-02-18 Werner Koch <wk@gnupg.org>
2397
* certpath.c (gpgsm_validate_path): Ask the agent to add the
2398
certificate into the trusted list.
2399
* call-agent.c (gpgsm_agent_marktrusted): New.
2401
2002-02-07 Werner Koch <wk@gnupg.org>
2403
* certlist.c (gpgsm_add_to_certlist): Check that the specified
2404
name identifies a certificate unambiguously.
2405
(gpgsm_find_cert): Ditto.
2407
* server.c (cmd_listkeys): Check that the data stream is available.
2408
(cmd_listsecretkeys): Ditto.
2410
(cmd_sign): Fix ambiguousity in option recognition.
2412
* gpgsm.c (main): Enable --logger-fd.
2414
* encrypt.c (gpgsm_encrypt): Increased buffer size for better
2417
* call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from
2420
* keylist.c (list_cert_colon): Filter out control characters.
2422
2002-02-06 Werner Koch <wk@gnupg.org>
2424
* decrypt.c (gpgsm_decrypt): Bail out after an decryption error.
2426
* server.c (reset_notify): Close input and output FDs.
2427
(cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import)
2428
(cmd_genkey): Close the FDs and release the recipient list even in
2431
2002-02-01 Marcus Brinkmann <marcus@g10code.de>
2433
* sign.c (gpgsm_sign): Do not release certificate twice.
2435
2002-01-29 Werner Koch <wk@gnupg.org>
2437
* call-agent.c (gpgsm_agent_havekey): New.
2438
* keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs"
2439
when we know that the secret key is available.
2440
(gpgsm_list_keys): New arg MODE, check whether a secret key is
2441
available. Changed all callers.
2442
* gpgsm.c (main): New command --list-secret-keys.
2443
* server.c (cmd_listsecretkeys): New.
2444
(cmd_listkeys): Return secret keys with "crs" record.
2446
2002-01-28 Werner Koch <wk@gnupg.org>
2448
* certreqgen.c (create_request): Store the email address in the req.
2450
2002-01-25 Werner Koch <wk@gnupg.org>
2452
* gpgsm.c (main): Disable core dumps.
2454
* sign.c (add_certificate_list): New.
2455
(gpgsm_sign): Add the certificates to the CMS object.
2456
* certpath.c (gpgsm_walk_cert_chain): New.
2457
* gpgsm.h (server_control_s): Add included_certs.
2458
* gpgsm.c: Add option --include-certs.
2459
(gpgsm_init_default_ctrl): New.
2461
* server.c (gpgsm_server): Ditto.
2462
(option_handler): Support --include-certs.
2464
2002-01-23 Werner Koch <wk@gnupg.org>
2466
* certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
2467
* certdump.c (gpgsm_dump_string): New.
2468
(print_dn): Replaced by above.
2470
2002-01-22 Werner Koch <wk@gnupg.org>
2472
* certpath.c (unknown_criticals): New.
2474
(gpgsm_validate_path): Check validity, CA attribute, path length
2475
and unknown critical extensions.
2477
2002-01-21 Werner Koch <wk@gnupg.org>
2479
* gpgsm.c: Add option --enable-crl-checks.
2481
* call-agent.c (start_agent): Implemented socket based access.
2482
* call-dirmngr.c (start_dirmngr): Ditto.
2484
2002-01-20 Werner Koch <wk@gnupg.org>
2486
* server.c (option_handler): New.
2487
(gpgsm_server): Register it with assuan.
2489
2002-01-19 Werner Koch <wk@gnupg.org>
2491
* server.c (gpgsm_server): Use assuan_deinit_server and setup
2492
assuan logging if enabled.
2493
* call-agent.c (inq_ciphertext_cb): Don't show the session key in
2496
* gpgsm.c (my_strusage): Take bugreport address from configure.ac
2498
2002-01-15 Werner Koch <wk@gnupg.org>
2500
* import.c (gpgsm_import): Just do a basic cert check before
2502
* certpath.c (gpgsm_basic_cert_check): New.
2504
* keydb.c (keydb_store_cert): New.
2505
* import.c (store_cert): Removed and change all caller to use
2507
* verify.c (store_cert): Ditto.
2509
* certlist.c (gpgsm_add_to_certlist): Validate the path
2511
* certpath.c (gpgsm_validate_path): Check the trust list.
2512
* call-agent.c (gpgsm_agent_istrusted): New.
2514
2002-01-14 Werner Koch <wk@gnupg.org>
2516
* call-dirmngr.c (inq_certificate): Changed for new interface semantic.
2517
* certlist.c (gpgsm_find_cert): New.
2519
2002-01-13 Werner Koch <wk@gnupg.org>
2521
* fingerprint.c (gpgsm_get_certid): Print the serial and not the
2524
2002-01-11 Werner Koch <wk@gnupg.org>
2526
* call-dirmngr.c: New.
2527
* certpath.c (gpgsm_validate_path): Check the CRL here.
2528
* fingerprint.c (gpgsm_get_certid): New.
2529
* gpgsm.c: New options --dirmngr-program and --disable-crl-checks.
2531
2002-01-10 Werner Koch <wk@gnupg.org>
2533
* base64.c (gpgsm_create_writer): Allow to set the object name
2535
2002-01-08 Werner Koch <wk@gnupg.org>
2537
* keydb.c (spacep): Removed because it is now in util.c
2539
* server.c (cmd_genkey): New.
2540
* certreqgen.c: New. The parameter handling code has been taken
2541
from gnupg/g10/keygen.c version 1.0.6.
2542
* call-agent.c (gpgsm_agent_genkey): New.
2544
2002-01-02 Werner Koch <wk@gnupg.org>
2546
* server.c (rc_to_assuan_status): Removed and changed all callers
2547
to use map_to_assuan_status.
2549
2001-12-20 Werner Koch <wk@gnupg.org>
2551
* verify.c (gpgsm_verify): Implemented non-detached signature
2552
verification. Add OUT_FP arg, initialize a writer and changed all
2554
* server.c (cmd_verify): Pass an out_fp if one has been set.
2556
* base64.c (base64_reader_cb): Try to detect an S/MIME body part.
2558
* certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
2560
(print_time): Renamed to gpgsm_dump_time, made global.
2561
(gpgsm_dump_serial): Take a real S-Expression as argument and
2562
print the first item.
2563
* keylist.c (list_cert_colon): Ditto.
2564
* keydb.c (keydb_search_issuer_sn): Ditto.
2565
* decrypt.c (print_integer_sexp): Removed and made callers
2566
use gpgsm_dump_serial.
2567
* verify.c (print_time): Removed, made callers use gpgsm_dump_time.
2569
2001-12-19 Marcus Brinkmann <marcus@g10code.de>
2571
* call-agent.c (start_agent): Add new argument to assuan_pipe_connect.
2573
2001-12-18 Werner Koch <wk@gnupg.org>
2575
* verify.c (print_integer_sexp): Renamed from print_integer and
2576
print the serial number according to the S-Exp rules.
2577
* decrypt.c (print_integer_sexp): Ditto.
2579
2001-12-17 Werner Koch <wk@gnupg.org>
2581
* keylist.c (list_cert_colon): Changed for new return value of
2583
* keydb.c (keydb_search_issuer_sn): Ditto.
2584
* certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp
2585
returingin functions.
2586
* fingerprint.c (gpgsm_get_keygrip): Ditto.
2587
* encrypt.c (encrypt_dek): Ditto
2588
* certcheck.c (gpgsm_check_cms_signature): Ditto
2589
* decrypt.c (prepare_decryption): Ditto.
2590
* call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen,
2591
use KsbaSexp type and calculate the length.
2593
* certdump.c (print_sexp): Remaned from print_integer, changed caller.
2595
* Makefile.am: Use the LIBGCRYPT and LIBKSBA variables.
2597
* fingerprint.c (gpgsm_get_keygrip): Use the new
2598
gcry_pk_get_keygrip to calculate the grip - note the algorithm and
2599
therefore the grip values changed.
2601
2001-12-15 Werner Koch <wk@gnupg.org>
2603
* certcheck.c (gpgsm_check_cms_signature): Removed the faked-key
2605
(gpgsm_create_cms_signature): Removed the commented fake key
2606
code. This makes the function pretty simple.
2608
* gpgsm.c (main): Renamed the default key database to "keyring.kbx".
2610
* decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*.
2611
* sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED.
2613
2001-12-14 Werner Koch <wk@gnupg.org>
2615
* keylist.c (list_cert_colon): Kludge to show an email address
2616
encoded in the subject's DN.
2618
* verify.c (gpgsm_verify): Add hash debug helpers
2619
* sign.c (gpgsm_sign): Ditto.
2621
* base64.c (base64_reader_cb): Reset the linelen when we need to
2622
skip the line and adjusted test; I somehow forgot about DeMorgan.
2624
* server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify)
2625
(cmd_import): Close the FDs on success.
2626
(close_message_fd): New.
2627
(input_notify): Setting autodetect_encoding to 0 after initializing
2628
it to 0 is pretty pointless. Easy to fix.
2630
* gpgsm.c (main): New option --debug-wait n, so that it is
2631
possible to attach gdb when used in server mode.
2633
* sign.c (get_default_signer): Use keydb_classify_name here.
2635
2001-12-14 Marcus Brinkmann <marcus@g10code.de>
2637
* call-agent.c (LINELENGTH): Removed.
2638
(gpgsm_agent_pksign): Use ASSUAN_LINELENGTH, not LINELENGTH.
2639
(gpgsm_agent_pkdecrypt): Likewise.
2641
2001-12-13 Werner Koch <wk@gnupg.org>
2643
* keylist.c (list_cert_colon): Print alternative names of subject
2644
and a few other values.
2646
2001-12-12 Werner Koch <wk@gnupg.org>
2648
* gpgsm.c (main): New options --assume-{armor,base64,binary}.
2649
* base64.c (base64_reader_cb): Fixed non-autodetection mode.
2651
2001-12-04 Werner Koch <wk@gnupg.org>
2653
* call-agent.c (read_from_agent): Check for inquire responses.
2654
(request_reply): Handle them using a new callback arg, changed all
2656
(gpgsm_agent_pkdecrypt): New.
2658
2001-11-27 Werner Koch <wk@gnupg.org>
2660
* base64.c: New. Changed all other functions to use this instead
2661
of direct creation of ksba_reader/writer.
2662
* gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used.
2664
2001-11-26 Werner Koch <wk@gnupg.org>
2666
* gpgsm.c: New option --agent-program
2667
* call-agent.c (start_agent): Allow to override the default path
2670
* keydb.c (keydb_add_resource): Create keybox
2672
* keylist.c (gpgsm_list_keys): Fixed non-server keylisting.
2674
* server.c (rc_to_assuan_status): New. Use it for all commands.
2677
Copyright 2001, 2002, 2003, 2004, 2005, 2006,
2678
2007, 2008, 2009 Free Software Foundation, Inc.
2680
This file is free software; as a special exception the author gives
2681
unlimited permission to copy and/or distribute it, with or without
2682
modifications, as long as this notice is preserved.
2684
This file is distributed in the hope that it will be useful, but
2685
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
2686
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.