1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

Document --auto-issuer-key-retrieve.

This commit is contained in:
Werner Koch 2007-11-19 16:32:05 +00:00
parent 55ba204bfa
commit c1270f06fe
7 changed files with 32 additions and 2 deletions

9
TODO
View File

@ -129,3 +129,12 @@
This may happen and lead to an Ambiguous Name error. Solution is to
check the certs for identity before throwing this error.
* Gpg-Agent Locale
Although we pass LC_MESSAGE from gpgsm et al. to Pinentry, this has
only an effect on the stock GTK strings (e.g. "OK") and not on any
strings gpg-agent generates and passes to Pinentry. This defeats
our design goal to allow changing the locale without changing
gpg-agent's default locale (e.g. by the command updatestartuptty).

View File

@ -1,3 +1,8 @@
2007-11-19 Werner Koch <wk@g10code.com>
* gpgsm.texi (Certificate Options): Document
--auto-issuer-key-retrieve.
2007-11-15 Werner Koch <wk@g10code.com>
* gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA.

View File

@ -554,6 +554,7 @@ more arguments in future versions.
8 := "Policy mismatch"
9 := "Not a secret key"
10 := "Key not trusted"
11 := "Missing certifciate" (e.g. intermediate or root cert.)
Note that this status is also used for gpgsm's SIGNER command
where it relates to signer's of course.

View File

@ -405,7 +405,7 @@ command. This option should not be used in a configuration file.
@itemx --disable-ocsp
@opindex enable-ocsp
@opindex disable-ocsp
Be default @acronym{OCSP} checks are disabled. The enable opton may
Be default @acronym{OCSP} checks are disabled. The enable option may
be used to enable OCSP checks via Dirmngr. If @acronym{CRL} checks
are also enabled, CRLs will be used as a fallback if for some reason an
OCSP request won't succeed. Note, that you have to allow OCSP
@ -413,6 +413,17 @@ requests in Dirmngr's configuration too (option
@option{--allow-ocsp} and configure dirmngr properly. If you don't do
so you will get the error code @samp{Not supported}.
@item --auto-issuer-key-retrieve
@opindex auto-issuer-key-retrieve
If a required certificate is missing while validating the chain of
certificates, try to load that certificate from an external location.
This usually means that Dirmngr is employed t search for the
certificate. Note that this option makes a "web bug" like behavior
possible. LDAP server operators can see which keys you request, so by
sending you a message signed by a brand new key (which you naturally
will not have on your local keybox), the operator can tell both your IP
address and the time when you verified the signature.
@item --validation-model @var{name}
@opindex validation-model

View File

@ -1,5 +1,7 @@
2007-11-19 Werner Koch <wk@g10code.com>
* server.c (cmd_recipient, cmd_signer): Add error reason 11.
* gpgsm.c (main): Print a warning if --audit-log is used.
2007-11-15 Werner Koch <wk@g10code.com>

View File

@ -359,7 +359,7 @@ gpgsm_add_to_certlist (ctrl_t ctrl, const char *name, int secret,
{
ksba_cert_t cert2 = NULL;
/* If this is the first possible duplicate, add thye orginal
/* If this is the first possible duplicate, add the original
certificate to our list of duplicates. */
if (!dup_certs)
gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0);

View File

@ -380,6 +380,7 @@ cmd_recipient (assuan_context_t ctx, char *line)
r == GPG_ERR_NO_CRL_KNOWN? "6":
r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8":
r == GPG_ERR_MISSING_CERT? "11":
"0",
line, NULL);
}
@ -425,6 +426,7 @@ cmd_signer (assuan_context_t ctx, char *line)
r == GPG_ERR_CRL_TOO_OLD? "7":
r == GPG_ERR_NO_POLICY_MATCH? "8":
r == GPG_ERR_NO_SECKEY? "9":
r == GPG_ERR_MISSING_CERT? "11":
"0",
line, NULL);
}