From 6b7af47bccea369de9215eaa7fc6396b7a5222c7 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 1 Dec 2003 10:53:40 +0000 Subject: [PATCH] (Certificate Options): Add --{enable,disable}-ocsp. --- NEWS | 4 ++++ doc/ChangeLog | 9 +++++++++ doc/gpgsm.texi | 9 +++++++++ doc/scdaemon.texi | 11 +++++++++++ 4 files changed, 33 insertions(+) diff --git a/NEWS b/NEWS index 7a047750e..8aff1add1 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Noteworthy changes in version 1.9.3 (unreleased) ------------------------------------------------ + * New options --{enable,disable}-ocsp to validate keys using OCSP + This requires at least DirMngr 0.5.1 to work. Default is disabled. + + Noteworthy changes in version 1.9.2 (2003-11-17) ------------------------------------------------ diff --git a/doc/ChangeLog b/doc/ChangeLog index 1c335280c..583415cab 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,12 @@ +2003-12-01 Werner Koch + + * gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp. + +2003-11-17 Werner Koch + + * scdaemon.texi (Scdaemon Options): Added --allow-admin and + --deny-admin. + 2003-10-27 Werner Koch * gpg-agent.texi (Agent GET_CONFIRMATION): New. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 4d91bda5b..6695eef67 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -250,6 +250,15 @@ By default the @acronym{CRL} checks are enabled and the DirMngr is used to check for revoked certificates. The disable option is most useful with an off-line network connection to suppress this check. +@item --enable-ocsp +@itemx --disable-ocsp +@opindex enable-ocsp +@opindex disable-ocsp +Be default @acronym{OCSP} checks are disabled. The enable opton may +be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks +are also enabled, CRLs willbe used as a fallback if for some reason an +OCSP request won't succeed. + @end table @node Input and Output diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 3bd8caaa8..e62146837 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -146,6 +146,17 @@ default is 32768 (first USB device). Use @var{library} to access the smartcard reader. The current default is @code{libtowitoko.so}. + +@item --allow-admin +@itemx --deny-admin +@opindex allow-admin +@opindex deny-admin +This enables the use of Admin class commands for card application +where this is supported. Currently we support it for the OpenPGP +card. Deny is the default. This commands is useful to inhibit +accidental access to admin class command which could ultimately lock +the card through worng PIN numbers. + @end table All the long options may also be given in the configuration file after