1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-31 11:41:32 +01:00

* configure.ac: Do not build gpg by default.

* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.

* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates.  This is required because on signature
verification an expired key is fine whereas a revoked one is not.

* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
This commit is contained in:
Werner Koch 2005-04-21 09:33:07 +00:00
parent 314c234e7d
commit 3ff9a743bf
15 changed files with 97 additions and 43 deletions

View File

@ -1,3 +1,12 @@
2005-04-21 Werner Koch <wk@g10code.com>
* configure.ac: Do not build gpg by default.
2005-04-20 Werner Koch <wk@g10code.com>
* configure.ac: Test whether GPG_ERR_LOCKED is declared and
provide a replacement if not.
2005-04-15 Werner Koch <wk@g10code.com> 2005-04-15 Werner Koch <wk@g10code.com>
* configure.ac: Require libksba 0.9.11. * configure.ac: Require libksba 0.9.11.

5
README
View File

@ -11,7 +11,8 @@ available in 1.9.
You should use this GnuPG version if you want to use the gpg-agent or You should use this GnuPG version if you want to use the gpg-agent or
gpgsm (the S/MIME variant of gpg). Note that the gpg-agent is also gpgsm (the S/MIME variant of gpg). Note that the gpg-agent is also
helpful when using the standard gpg versions (1.2.x or 1.3.x). helpful when using the standard gpg versions (1.3.x as well as some of
the old 1.2.x).
BUILD INSTRUCTIONS BUILD INSTRUCTIONS
@ -51,7 +52,7 @@ If everything succeeds, you have a working GnuPG with support for
S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so S/MIME and smartcards. Note that there is no binary gpg but a gpg2 so
that this package won't confict with a GnuPG 1.2 or 1.3 that this package won't confict with a GnuPG 1.2 or 1.3
installation. gpg2 behaves just like gpg; it is however suggested to installation. gpg2 behaves just like gpg; it is however suggested to
keep using gpg 1.2.x or 1.3.x. keep using gpg 1.2.x or 1.3.x. gpg2 is not even build by default.
In case of problem please ask on gpa-dev@gnupg.org for advise. Note In case of problem please ask on gpa-dev@gnupg.org for advise. Note
that this release is only expected to build on GNU and *BSD systems. that this release is only expected to build on GNU and *BSD systems.

29
TODO
View File

@ -1,10 +1,5 @@
-*- outline -*- -*- outline -*-
* IMPORTANT
Check that openpty and pty.h are available and build symcryptrun only
then. Run shred on the temporary files.
* src/base64 * src/base64
** Make parsing more robust ** Make parsing more robust
Currently we don't cope with overlong lines in the best way. Currently we don't cope with overlong lines in the best way.
@ -23,14 +18,7 @@ might want to have an agent context for each service request
* sm/certchain.c * sm/certchain.c
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent. ** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
** figure out how to auto retrieve a key by serialno+issuer.
Dirmngr is currently not able to parse more than the CN.
* sm/certlist.c
** ocspSigning usage is not fully implemented
We should review the entire CRL and OCSP validation system.
Okay. This has been fixed in dirmngr when running it in system
daemon mode.
* sm/decrypt.c * sm/decrypt.c
** replace leading zero in integer hack by a cleaner solution ** replace leading zero in integer hack by a cleaner solution
@ -58,8 +46,6 @@ might want to have an agent context for each service request
** A SIGHUP should also restart the scdaemon ** A SIGHUP should also restart the scdaemon
But do this only after all connections terminated. As of now we But do this only after all connections terminated. As of now we
only send a RESET. only send a RESET.
** Watch the child process if not invoked as a daemon
and terminate after the child has terminated
* agent/command.c * agent/command.c
** Make sure that secure memory is used where appropriate ** Make sure that secure memory is used where appropriate
@ -69,7 +55,8 @@ might want to have an agent context for each service request
** Support DSA ** Support DSA
* agent/divert-scd.c * agent/divert-scd.c
Remove the agent_reset_scd kludge. Remove the agent_reset_scd kludge. We will do this after Scdaemon
has been changed to allow multiple sessions. Currently in progress.
* Move pkcs-1 encoding into libgcrypt. * Move pkcs-1 encoding into libgcrypt.
@ -93,11 +80,7 @@ might want to have an agent context for each service request
** Explain how to setup a root CA key as trusted ** Explain how to setup a root CA key as trusted
** Explain how trustlist.txt might be managed. ** Explain how trustlist.txt might be managed.
** Write a script to generate man pages from texi. ** Write a script to generate man pages from texi.
In progress (yatm)
* Requirements by the BSI
** Support authorityKeyIdentifier.keyIdentifier
This needs support in libksba/src/cert.c as well as in sm/*.c.
Need test certs as well. Same goes for CRL authorityKeyIdentifier.
* Windows port * Windows port
@ -108,5 +91,9 @@ might want to have an agent context for each service request
** No card status notifications. ** No card status notifications.
* [scdaemon] release the card after use so that gpg 1.4 is abale to access it * scd/
** Release the card after use so that gpg 1.4 is able to access it
This won't be a sufficient change. we need to change gpg 1.4 to make
use of the agent. Work is underway.

View File

@ -62,7 +62,7 @@ have_ksba=no
have_opensc=no have_opensc=no
have_pth=no have_pth=no
GNUPG_BUILD_PROGRAM(gpg, yes) GNUPG_BUILD_PROGRAM(gpg, no)
GNUPG_BUILD_PROGRAM(gpgsm, yes) GNUPG_BUILD_PROGRAM(gpgsm, yes)
GNUPG_BUILD_PROGRAM(agent, yes) GNUPG_BUILD_PROGRAM(agent, yes)
GNUPG_BUILD_PROGRAM(scdaemon, yes) GNUPG_BUILD_PROGRAM(scdaemon, yes)
@ -313,6 +313,11 @@ AH_BOTTOM([
#define EXEC_TEMPFILE_ONLY #define EXEC_TEMPFILE_ONLY
#endif #endif
/* Temporary hacks to avoid requring a libgpg-error update. */
#if !HAVE_DECL_GPG_ERR_LOCKED
#define GPG_ERR_LOCKED 173
#endif
]) ])
AM_MAINTAINER_MODE AM_MAINTAINER_MODE
@ -437,6 +442,10 @@ AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
# #
AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
have_gpg_error=yes,have_gpg_error=no) have_gpg_error=yes,have_gpg_error=no)
_tmp_gpg_error_save_cflags="$CFLAGS"
CFLAGS="$CFLAGS $GPG_ERROR_CFLAGS"
AC_CHECK_DECLS(GPG_ERR_LOCKED,,,[#include <gpg-error.h>])
CFLAGS="${_tmp_gpg_error_save_cflags}"
# #

View File

@ -315,6 +315,18 @@ By default the @acronym{CRL} checks are enabled and the DirMngr is used
to check for revoked certificates. The disable option is most useful to check for revoked certificates. The disable option is most useful
with an off-line network connection to suppress this check. with an off-line network connection to suppress this check.
@item --enable-trusted-cert-crl-check
@itemx --disable-trusted-cert-crl-check
@opindex enable-trusted-cert-crl-check
@opindex disable-trusted-cert-crl-check
By default the @acronym{CRL} for trusted root certificates are checked
like for any other certificates. This allows a CA to revoke its own
certificates voluntary without the need of putting all ever issued
certificates into a CRL. The disable option may be used to switch this
extra check off. Due to the caching done by the Dirmngr, there won't be
any noticeable performance gain. Note, that this also disables possible
OCSP checks for trusted root certificates.
@item --force-crl-refresh @item --force-crl-refresh
@opindex force-crl-refresh @opindex force-crl-refresh
Tell the dirmngr to reload the CRL for each request. For better Tell the dirmngr to reload the CRL for each request. For better

View File

@ -1,3 +1,7 @@
2005-04-20 Werner Koch <wk@g10code.com>
* command.c: Use GPG_ERR_LOCKED instead of EBUSY.
2005-04-14 Werner Koch <wk@g10code.com> 2005-04-14 Werner Koch <wk@g10code.com>
* app-openpgp.c (retrieve_key_material): Rewritten. Return a * app-openpgp.c (retrieve_key_material): Rewritten. Return a

View File

@ -1274,7 +1274,7 @@ ccid_poll (ccid_driver_t handle)
} }
/* Note that this fucntion won't return the error codes NO_CARD or /* Note that this function won't return the error codes NO_CARD or
CARD_INACTIVE */ CARD_INACTIVE */
int int
ccid_slot_status (ccid_driver_t handle, int *statusbits) ccid_slot_status (ccid_driver_t handle, int *statusbits)

View File

@ -263,7 +263,7 @@ open_card (ctrl_t ctrl, const char *apptype)
return 0; /* Already initialized using a card context. */ return 0; /* Already initialized using a card context. */
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
if (ctrl->reader_slot != -1) if (ctrl->reader_slot != -1)
slot = ctrl->reader_slot; slot = ctrl->reader_slot;
@ -360,7 +360,7 @@ cmd_serialno (assuan_context_t ctx, char *line)
if (ctrl->server_local->card_removed) if (ctrl->server_local->card_removed)
{ {
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
do_reset (ctrl, 0); do_reset (ctrl, 0);
} }
@ -745,7 +745,7 @@ cmd_setdata (assuan_context_t ctx, char *line)
unsigned char *buf; unsigned char *buf;
if (locked_session && locked_session != ctrl->server_local) if (locked_session && locked_session != ctrl->server_local)
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
/* Parse the hexstring. */ /* Parse the hexstring. */
for (p=line,n=0; hexdigitp (p); p++, n++) for (p=line,n=0; hexdigitp (p); p++, n++)
@ -817,7 +817,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
char *keyidstr; char *keyidstr;
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
if ((rc = open_card (ctrl, NULL))) if ((rc = open_card (ctrl, NULL)))
return rc; return rc;
@ -871,7 +871,7 @@ cmd_pkauth (assuan_context_t ctx, char *line)
char *keyidstr; char *keyidstr;
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
if ((rc = open_card (ctrl, NULL))) if ((rc = open_card (ctrl, NULL)))
return rc; return rc;
@ -921,7 +921,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
char *keyidstr; char *keyidstr;
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
if ((rc = open_card (ctrl, NULL))) if ((rc = open_card (ctrl, NULL)))
return rc; return rc;
@ -1021,7 +1021,7 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
char *line, *linebuf; char *line, *linebuf;
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
if ((rc = open_card (ctrl, NULL))) if ((rc = open_card (ctrl, NULL)))
return rc; return rc;
@ -1076,7 +1076,7 @@ cmd_genkey (assuan_context_t ctx, char *line)
int force = has_option (line, "--force"); int force = has_option (line, "--force");
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
/* Skip over options. */ /* Skip over options. */
while ( *line == '-' && line[1] == '-' ) while ( *line == '-' && line[1] == '-' )
@ -1165,7 +1165,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
int reset_mode = has_option (line, "--reset"); int reset_mode = has_option (line, "--reset");
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
/* Skip over options. */ /* Skip over options. */
while (*line == '-' && line[1] == '-') while (*line == '-' && line[1] == '-')
@ -1212,7 +1212,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
char *keyidstr; char *keyidstr;
if ( IS_LOCKED (ctrl) ) if ( IS_LOCKED (ctrl) )
return gpg_error (GPG_ERR_EBUSY); return gpg_error (GPG_ERR_LOCKED);
if ((rc = open_card (ctrl, NULL))) if ((rc = open_card (ctrl, NULL)))
return rc; return rc;
@ -1244,7 +1244,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
Grant exclusive card access to this session. Note that there is Grant exclusive card access to this session. Note that there is
no lock counter used and a second lock from the same session will no lock counter used and a second lock from the same session will
get ignore. A single unlock (or RESET) unlocks the session. get ignore. A single unlock (or RESET) unlocks the session.
Return GPG_ERR_EBUSY if another session has locked the reader. Return GPG_ERR_LOCKED if another session has locked the reader.
If the option --wait is given the command will wait until a If the option --wait is given the command will wait until a
lock has been released. lock has been released.
@ -1259,7 +1259,7 @@ cmd_lock (assuan_context_t ctx, char *line)
if (locked_session) if (locked_session)
{ {
if (locked_session != ctrl->server_local) if (locked_session != ctrl->server_local)
rc = gpg_error (GPG_ERR_EBUSY); rc = gpg_error (GPG_ERR_LOCKED);
} }
else else
locked_session = ctrl->server_local; locked_session = ctrl->server_local;
@ -1293,7 +1293,7 @@ cmd_unlock (assuan_context_t ctx, char *line)
if (locked_session) if (locked_session)
{ {
if (locked_session != ctrl->server_local) if (locked_session != ctrl->server_local)
rc = gpg_error (GPG_ERR_EBUSY); rc = gpg_error (GPG_ERR_LOCKED);
else else
locked_session = NULL; locked_session = NULL;
} }

View File

@ -1,5 +1,8 @@
2005-04-21 Werner Koch <wk@g10code.com> 2005-04-21 Werner Koch <wk@g10code.com>
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.
* certchain.c (gpgsm_validate_chain): Check revocations even for * certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature expired certificates. This is required because on signature
verification an expired key is fine whereas a revoked one is not. verification an expired key is fine whereas a revoked one is not.

View File

@ -752,13 +752,13 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
} }
/* Is this a self-signed certificate? */ /* Is this a self-issued certificate? */
if (subject && !strcmp (issuer, subject)) if (subject && !strcmp (issuer, subject))
{ /* Yes. */ { /* Yes. */
if (gpgsm_check_cert_sig (subject_cert, subject_cert) ) if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
{ {
do_list (1, lm, fp, do_list (1, lm, fp,
_("selfsigned certificate has a BAD signature")); _("self-signed certificate has a BAD signature"));
if (DBG_X509) if (DBG_X509)
{ {
gpgsm_dump_cert ("self-signing cert", subject_cert); gpgsm_dump_cert ("self-signing cert", subject_cert);
@ -816,7 +816,9 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* Check for revocations etc. */ /* Check for revocations etc. */
if ((flags & 1)) if ((flags & 1))
rc = 0; ;
else if (opt.no_trusted_cert_crl_check)
;
else else
rc = is_cert_still_valid (ctrl, lm, fp, rc = is_cert_still_valid (ctrl, lm, fp,
subject_cert, subject_cert, subject_cert, subject_cert,
@ -1045,7 +1047,7 @@ gpgsm_basic_cert_check (ksba_cert_t cert)
rc = gpgsm_check_cert_sig (cert, cert); rc = gpgsm_check_cert_sig (cert, cert);
if (rc) if (rc)
{ {
log_error ("selfsigned certificate has a BAD signature: %s\n", log_error ("self-signed certificate has a BAD signature: %s\n",
gpg_strerror (rc)); gpg_strerror (rc));
if (DBG_X509) if (DBG_X509)
{ {

View File

@ -130,6 +130,8 @@ enum cmd_and_opt_values {
oDisableCRLChecks, oDisableCRLChecks,
oEnableCRLChecks, oEnableCRLChecks,
oDisableTrustedCertCRLCheck,
oEnableTrustedCertCRLCheck,
oForceCRLRefresh, oForceCRLRefresh,
oDisableOCSP, oDisableOCSP,
@ -285,6 +287,8 @@ static ARGPARSE_OPTS opts[] = {
N_("use system's dirmngr if available")}, N_("use system's dirmngr if available")},
{ oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")}, { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")},
{ oEnableCRLChecks, "enable-crl-checks", 0, "@"}, { oEnableCRLChecks, "enable-crl-checks", 0, "@"},
{ oDisableTrustedCertCRLCheck, "disable-trusted-cert-crl-check", 0, "@"},
{ oEnableTrustedCertCRLCheck, "enable-trusted-cert-crl-check", 0, "@"},
{ oForceCRLRefresh, "force-crl-refresh", 0, "@"}, { oForceCRLRefresh, "force-crl-refresh", 0, "@"},
{ oDisableOCSP, "disable-ocsp", 0, "@" }, { oDisableOCSP, "disable-ocsp", 0, "@" },
@ -973,6 +977,12 @@ main ( int argc, char **argv)
case oEnableCRLChecks: case oEnableCRLChecks:
opt.no_crl_check = 0; opt.no_crl_check = 0;
break; break;
case oDisableTrustedCertCRLCheck:
opt.no_trusted_cert_crl_check = 1;
break;
case oEnableTrustedCertCRLCheck:
opt.no_trusted_cert_crl_check = 0;
break;
case oForceCRLRefresh: case oForceCRLRefresh:
opt.force_crl_refresh = 1; opt.force_crl_refresh = 1;
break; break;
@ -1352,6 +1362,8 @@ main ( int argc, char **argv)
GC_OPT_FLAG_NONE ); GC_OPT_FLAG_NONE );
printf ("disable-crl-checks:%lu:\n", printf ("disable-crl-checks:%lu:\n",
GC_OPT_FLAG_NONE ); GC_OPT_FLAG_NONE );
printf ("disable-trusted-cert-crl-check:%lu:\n",
GC_OPT_FLAG_NONE );
printf ("enable-ocsp:%lu:\n", printf ("enable-ocsp:%lu:\n",
GC_OPT_FLAG_NONE ); GC_OPT_FLAG_NONE );
printf ("include-certs:%lu:1:\n", printf ("include-certs:%lu:1:\n",

View File

@ -97,6 +97,7 @@ struct {
int ignore_time_conflict; /* Ignore certain time conflicts */ int ignore_time_conflict; /* Ignore certain time conflicts */
int no_crl_check; /* Don't do a CRL check */ int no_crl_check; /* Don't do a CRL check */
int no_trusted_cert_crl_check; /* Don't run a CRL check for trusted certs. */
int force_crl_refresh; /* Force refreshing the CRL. */ int force_crl_refresh; /* Force refreshing the CRL. */
int enable_ocsp; /* Default to use OCSP checks. */ int enable_ocsp; /* Default to use OCSP checks. */

View File

@ -1,3 +1,11 @@
2005-04-21 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
2005-04-20 Werner Koch <wk@g10code.com>
* gpgconf-comp.c: Add gpg-agent:disable-scdaemon.
2005-04-19 Marcus Brinkmann <marcus@g10code.de> 2005-04-19 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c: Add --input option. * symcryptrun.c: Add --input option.

View File

@ -449,6 +449,9 @@ static gc_option_t gc_options_gpg_agent[] =
{ "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT, { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", "|FILE|read options from FILE", "gnupg", "|FILE|read options from FILE",
GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPG_AGENT }, GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPG_AGENT },
{ "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", "do not use the SCdaemon",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "Debug", { "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
@ -651,6 +654,9 @@ static gc_option_t gc_options_gpgsm[] =
{ "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
"gnupg", "never consult a CRL", "gnupg", "never consult a CRL",
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM }, GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", N_("do not check CRLs for root certificates"),
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
{ "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED, { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", "check validity using OCSP", "gnupg", "check validity using OCSP",
GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM }, GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },

View File

@ -124,7 +124,7 @@ enum cmd_and_opt_values
oKeyfile, oKeyfile,
oDecrypt, oDecrypt,
oEncrypt, oEncrypt,
oInput, oInput
}; };