1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Document --auto-issuer-key-retrieve.

This commit is contained in:
Werner Koch 2007-11-19 16:32:05 +00:00
parent 55ba204bfa
commit c1270f06fe
7 changed files with 32 additions and 2 deletions

9
TODO
View File

@ -129,3 +129,12 @@
This may happen and lead to an Ambiguous Name error. Solution is to This may happen and lead to an Ambiguous Name error. Solution is to
check the certs for identity before throwing this error. check the certs for identity before throwing this error.
* Gpg-Agent Locale
Although we pass LC_MESSAGE from gpgsm et al. to Pinentry, this has
only an effect on the stock GTK strings (e.g. "OK") and not on any
strings gpg-agent generates and passes to Pinentry. This defeats
our design goal to allow changing the locale without changing
gpg-agent's default locale (e.g. by the command updatestartuptty).

View File

@ -1,3 +1,8 @@
2007-11-19 Werner Koch <wk@g10code.com>
* gpgsm.texi (Certificate Options): Document
--auto-issuer-key-retrieve.
2007-11-15 Werner Koch <wk@g10code.com> 2007-11-15 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA. * gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA.

View File

@ -554,6 +554,7 @@ more arguments in future versions.
8 := "Policy mismatch" 8 := "Policy mismatch"
9 := "Not a secret key" 9 := "Not a secret key"
10 := "Key not trusted" 10 := "Key not trusted"
11 := "Missing certifciate" (e.g. intermediate or root cert.)
Note that this status is also used for gpgsm's SIGNER command Note that this status is also used for gpgsm's SIGNER command
where it relates to signer's of course. where it relates to signer's of course.

View File

@ -405,7 +405,7 @@ command. This option should not be used in a configuration file.
@itemx --disable-ocsp @itemx --disable-ocsp
@opindex enable-ocsp @opindex enable-ocsp
@opindex disable-ocsp @opindex disable-ocsp
Be default @acronym{OCSP} checks are disabled. The enable opton may Be default @acronym{OCSP} checks are disabled. The enable option may
be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks
are also enabled, CRLs will be used as a fallback if for some reason an are also enabled, CRLs will be used as a fallback if for some reason an
OCSP request won't succeed. Note, that you have to allow OCSP OCSP request won't succeed. Note, that you have to allow OCSP
@ -413,6 +413,17 @@ requests in Dirmngr's configuration too (option
@option{--allow-ocsp} and configure dirmngr properly. If you don't do @option{--allow-ocsp} and configure dirmngr properly. If you don't do
so you will get the error code @samp{Not supported}. so you will get the error code @samp{Not supported}.
@item --auto-issuer-key-retrieve
@opindex auto-issuer-key-retrieve
If a required certificate is missing while validating the chain of
certificates, try to load that certificate from an external location.
This usually means that Dirmngr is employed t search for the
certificate. Note that this option makes a "web bug" like behavior
possible. LDAP server operators can see which keys you request, so by
sending you a message signed by a brand new key (which you naturally
will not have on your local keybox), the operator can tell both your IP
address and the time when you verified the signature.
@item --validation-model @var{name} @item --validation-model @var{name}
@opindex validation-model @opindex validation-model

View File

@ -1,5 +1,7 @@
2007-11-19 Werner Koch <wk@g10code.com> 2007-11-19 Werner Koch <wk@g10code.com>
* server.c (cmd_recipient, cmd_signer): Add error reason 11.
* gpgsm.c (main): Print a warning if --audit-log is used. * gpgsm.c (main): Print a warning if --audit-log is used.
2007-11-15 Werner Koch <wk@g10code.com> 2007-11-15 Werner Koch <wk@g10code.com>

View File

@ -359,7 +359,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
{ {
ksba_cert_t cert2 = NULL; ksba_cert_t cert2 = NULL;
/* If this is the first possible duplicate, add thye orginal /* If this is the first possible duplicate, add the original
certificate to our list of duplicates. */ certificate to our list of duplicates. */
if (!dup_certs) if (!dup_certs)
gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0); gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0);

View File

@ -380,6 +380,7 @@ cmd_recipient (assuan_context_t ctx, char *line)
r == GPG_ERR_NO_CRL_KNOWN? "6": r == GPG_ERR_NO_CRL_KNOWN? "6":
r == GPG_ERR_CRL_TOO_OLD? "7": r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8": r == GPG_ERR_NO_POLICY_MATCH? "8":
r == GPG_ERR_MISSING_CERT? "11":
"0", "0",
line, NULL); line, NULL);
} }
@ -425,6 +426,7 @@ cmd_signer (assuan_context_t ctx, char *line)
r == GPG_ERR_CRL_TOO_OLD? "7": r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8": r == GPG_ERR_NO_POLICY_MATCH? "8":
r == GPG_ERR_NO_SECKEY? "9": r == GPG_ERR_NO_SECKEY? "9":
r == GPG_ERR_MISSING_CERT? "11":
"0", "0",
line, NULL); line, NULL);
} }