(Certificate Options): Add --{enable,disable}-ocsp.

2024-12-22 10:19:57 +01:00 · 2003-12-01 10:53:40 +00:00 · 2003-12-01 10:53:40 +00:00 · 6b7af47bcc
commit 6b7af47bcc
parent fbd0f91c82
4 changed files with 33 additions and 0 deletions
--- a/4
+++ b/4
@ -1,6 +1,10 @@
 Noteworthy changes in version 1.9.3 (unreleased)
 ------------------------------------------------

+ * New options --{enable,disable}-ocsp to validate keys using OCSP
+   This requires at least DirMngr 0.5.1 to work.  Default is disabled.
+
+
 Noteworthy changes in version 1.9.2 (2003-11-17)
 ------------------------------------------------

--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,12 @@
+2003-12-01  Werner Koch  <wk@gnupg.org>
+
+	* gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp.
+
+2003-11-17  Werner Koch  <wk@gnupg.org>
+
+	* scdaemon.texi (Scdaemon Options): Added --allow-admin and
+	--deny-admin.
+
 2003-10-27  Werner Koch  <wk@gnupg.org>

 	* gpg-agent.texi (Agent GET_CONFIRMATION): New.
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@ -250,6 +250,15 @@ By default the @acronym{CRL} checks are enabled and the DirMngr is used
 to check for revoked certificates.  The disable option is most useful
 with an off-line network connection to suppress this check.

+@item  --enable-ocsp
+@itemx --disable-ocsp
+@opindex enable-ocsp
+@opindex disable-ocsp
+Be default @acronym{OCSP} checks are disabled.  The enable opton may
+be used to enable OCSP checks via Dirmngr.  If @acronym{CRL} checks
+are also enabled, CRLs willbe used as a fallback if for some reason an
+OCSP request won't succeed.
+
@end table

@node Input and Output
--- a/doc/scdaemon.texi
+++ b/doc/scdaemon.texi
@ -146,6 +146,17 @@ default is 32768 (first USB device).
 Use @var{library} to access the smartcard reader.  The current default
 is @code{libtowitoko.so}.

+
+@item --allow-admin
+@itemx --deny-admin
+@opindex allow-admin
+@opindex deny-admin
+This enables the use of Admin class commands for card application
+where this is supported.  Currently we support it for the OpenPGP
+card.  Deny is the default.  This commands is useful to inhibit
+accidental access to admin class command which could ultimately lock
+the card through worng PIN numbers.
+
@end table

 All the long options may also be given in the configuration file after