diff --git a/TODO b/TODO index 07e348674..7eebe4487 100644 --- a/TODO +++ b/TODO @@ -129,3 +129,12 @@ This may happen and lead to an Ambiguous Name error. Solution is to check the certs for identity before throwing this error. +* Gpg-Agent Locale + Although we pass LC_MESSAGE from gpgsm et al. to Pinentry, this has + only an effect on the stock GTK strings (e.g. "OK") and not on any + strings gpg-agent generates and passes to Pinentry. This defeats + our design goal to allow changing the locale without changing + gpg-agent's default locale (e.g. by the command updatestartuptty). + + + diff --git a/doc/ChangeLog b/doc/ChangeLog index 7a455df7a..1e276e2a3 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,8 @@ +2007-11-19 Werner Koch + + * gpgsm.texi (Certificate Options): Document + --auto-issuer-key-retrieve. + 2007-11-15 Werner Koch * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA. diff --git a/doc/DETAILS b/doc/DETAILS index 2d60aae6a..1582f6936 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -554,6 +554,7 @@ more arguments in future versions. 8 := "Policy mismatch" 9 := "Not a secret key" 10 := "Key not trusted" + 11 := "Missing certifciate" (e.g. intermediate or root cert.) Note that this status is also used for gpgsm's SIGNER command where it relates to signer's of course. diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index e98de1512..f9f783702 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -405,7 +405,7 @@ command. This option should not be used in a configuration file. @itemx --disable-ocsp @opindex enable-ocsp @opindex disable-ocsp -Be default @acronym{OCSP} checks are disabled. The enable opton may +Be default @acronym{OCSP} checks are disabled. The enable option may be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks are also enabled, CRLs will be used as a fallback if for some reason an OCSP request won't succeed. Note, that you have to allow OCSP @@ -413,6 +413,17 @@ requests in Dirmngr's configuration too (option @option{--allow-ocsp} and configure dirmngr properly. If you don't do so you will get the error code @samp{Not supported}. +@item --auto-issuer-key-retrieve +@opindex auto-issuer-key-retrieve +If a required certificate is missing while validating the chain of +certificates, try to load that certificate from an external location. +This usually means that Dirmngr is employed t search for the +certificate. Note that this option makes a "web bug" like behavior +possible. LDAP server operators can see which keys you request, so by +sending you a message signed by a brand new key (which you naturally +will not have on your local keybox), the operator can tell both your IP +address and the time when you verified the signature. + @item --validation-model @var{name} @opindex validation-model diff --git a/sm/ChangeLog b/sm/ChangeLog index 549779892..c033c3811 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,5 +1,7 @@ 2007-11-19 Werner Koch + * server.c (cmd_recipient, cmd_signer): Add error reason 11. + * gpgsm.c (main): Print a warning if --audit-log is used. 2007-11-15 Werner Koch diff --git a/sm/certlist.c b/sm/certlist.c index 3afdbc30b..4c92a1bb3 100644 --- a/sm/certlist.c +++ b/sm/certlist.c @@ -359,7 +359,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret, { ksba_cert_t cert2 = NULL; - /* If this is the first possible duplicate, add thye orginal + /* If this is the first possible duplicate, add the original certificate to our list of duplicates. */ if (!dup_certs) gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0); diff --git a/sm/server.c b/sm/server.c index 3b0968257..df0005b94 100644 --- a/sm/server.c +++ b/sm/server.c @@ -380,6 +380,7 @@ cmd_recipient (assuan_context_t ctx, char *line) r == GPG_ERR_NO_CRL_KNOWN? "6": r == GPG_ERR_CRL_TOO_OLD? "7": r == GPG_ERR_NO_POLICY_MATCH? "8": + r == GPG_ERR_MISSING_CERT? "11": "0", line, NULL); } @@ -425,6 +426,7 @@ cmd_signer (assuan_context_t ctx, char *line) r == GPG_ERR_CRL_TOO_OLD? "7": r == GPG_ERR_NO_POLICY_MATCH? "8": r == GPG_ERR_NO_SECKEY? "9": + r == GPG_ERR_MISSING_CERT? "11": "0", line, NULL); }