1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

(Certificate Options): Add --{enable,disable}-ocsp.

This commit is contained in:
Werner Koch 2003-12-01 10:53:40 +00:00
parent fbd0f91c82
commit 6b7af47bcc
4 changed files with 33 additions and 0 deletions

4
NEWS
View File

@ -1,6 +1,10 @@
Noteworthy changes in version 1.9.3 (unreleased) Noteworthy changes in version 1.9.3 (unreleased)
------------------------------------------------ ------------------------------------------------
* New options --{enable,disable}-ocsp to validate keys using OCSP
This requires at least DirMngr 0.5.1 to work. Default is disabled.
Noteworthy changes in version 1.9.2 (2003-11-17) Noteworthy changes in version 1.9.2 (2003-11-17)
------------------------------------------------ ------------------------------------------------

View File

@ -1,3 +1,12 @@
2003-12-01 Werner Koch <wk@gnupg.org>
* gpgsm.texi (Certificate Options): Add --{enable,disable}-ocsp.
2003-11-17 Werner Koch <wk@gnupg.org>
* scdaemon.texi (Scdaemon Options): Added --allow-admin and
--deny-admin.
2003-10-27 Werner Koch <wk@gnupg.org> 2003-10-27 Werner Koch <wk@gnupg.org>
* gpg-agent.texi (Agent GET_CONFIRMATION): New. * gpg-agent.texi (Agent GET_CONFIRMATION): New.

View File

@ -250,6 +250,15 @@ By default the @acronym{CRL} checks are enabled and the DirMngr is used
to check for revoked certificates. The disable option is most useful to check for revoked certificates. The disable option is most useful
with an off-line network connection to suppress this check. with an off-line network connection to suppress this check.
@item --enable-ocsp
@itemx --disable-ocsp
@opindex enable-ocsp
@opindex disable-ocsp
Be default @acronym{OCSP} checks are disabled. The enable opton may
be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks
are also enabled, CRLs willbe used as a fallback if for some reason an
OCSP request won't succeed.
@end table @end table
@node Input and Output @node Input and Output

View File

@ -146,6 +146,17 @@ default is 32768 (first USB device).
Use @var{library} to access the smartcard reader. The current default Use @var{library} to access the smartcard reader. The current default
is @code{libtowitoko.so}. is @code{libtowitoko.so}.
@item --allow-admin
@itemx --deny-admin
@opindex allow-admin
@opindex deny-admin
This enables the use of Admin class commands for card application
where this is supported. Currently we support it for the OpenPGP
card. Deny is the default. This commands is useful to inhibit
accidental access to admin class command which could ultimately lock
the card through worng PIN numbers.
@end table @end table
All the long options may also be given in the configuration file after All the long options may also be given in the configuration file after