Documentaion updates.

Support doe Dirmngr under W32.
Fixed a yat2m bug.

doc/ChangeLog

@@ -1,3 +1,15 @@
+2007-08-14  Werner Koch  <wk@g10code.com>
+
+	* glossary.texi (Glossary): Add a more items.
+
+2007-08-13  Werner Koch  <wk@g10code.com>
+
+	* yat2m.c (proc_texi_cmd): Do not put @samp content between two
+	newlines.
+
+	* gpg-agent.texi (Agent Configuration): Explain the CM flag for
+	trustlist.txt.
+
 2007-08-09  Werner Koch  <wk@g10code.com>
 
 	* gpgsm.texi (Certificate Options): Describe --validation-model.

doc/glossary.texi

@@ -12,6 +12,21 @@
 @acronym{CRL} but used for @acronym{CA}s and not for end user
 certificates.
 
+@item Chain model
+     Verification model for X.509 which uses the creation date of a
+signature as the date the validation starts and in turn checks that each
+certificate has been issued within the time frame, the issuing
+certificate was valid.  This allows the verification of signatures after
+the the CA's certificate expired.  The validation test also required an
+online check of the certificate status.  The chain model is required by
+the German signature law.  See also @emph{Shell model}.
+
+@item CMS
+     The @emph{Cryptographic Message Standard} describes a message
+format for encryption and digital signing.  It is closely related to the
+X.509 certificate format.  @acronym{CMS} was formerly known under the
+name @code{PKCS#7} and is described by @code{RFC3369}.
+
 @item CRL
      The @emph{Certificate Revocation List} is a list containing
 certificates revoked by the issuer.
@@ -21,6 +36,12 @@ certificates revoked by the issuer.
 ask them to issue a new certificate.  The data format of such a signing
 request is called PCKS#10.
 
+@item OpenPGP
+      A data format used to build a PKI and to exchange encrypted or
+signed messages.  In contrast to X.509, OpenPGP also includes the
+message format but does not explicilty demand a specific PKI.  However
+any kind of PKI may be build upon the OpenPGP protocol.
+
 @item Keygrip
       This term is used by GnuPG to describe a 20 byte hash value used
 to identify a certain key without referencing to a concrete protocol.
@@ -37,4 +58,15 @@ store private keys.  This is either a smartcard or a collection of files
 on a disk; the latter is often called a Soft-PSE.
 
 
+@item Shell model
+The standard model for validation of certificates under X.509.  At the
+time of the verification all certifciates must be valid and not expired.
+See also @emph{Chain mode}.
+
+
+@item X.509
+Description of a PKI used with CMS.  It is for example
+defined by @code{RFC3280}.
+
+
 @end table

doc/gpg-agent.texi

@@ -493,31 +493,40 @@ This is however not as secure as maintaining this file manually.  It is
 even advisable to change the permissions to read-only so that this file
 can't be changed inadvertently.
 
-It is possible to add further flags after the @code{S} for use by the
-caller.  The only flag currently defined is @code{relax} to relax
-checking of some root certificate requirements.
-
 As a special feature a line @code{include-default} will include a global
 list of trusted certificates (e.g. @file{/etc/gnupg/trustlist.txt}).
 This global list is also used if the local list is not available.
 
+It is possible to add further flags after the @code{S} for use by the
+caller:
+
+@table @code
+@item relax
+Relax checking of some root certificate requirements.
+
+@item cm
+If validation of a certificate finally issued by a CA with this flag set
+fails, try again using the chain validation model.
+
+@end table
+
   
 @item sshcontrol
 
-  This file is used when support for the secure shell agent protocol has
-  been enabled (@pxref{option --enable-ssh-support}). Only keys present in
-  this file are used in the SSH protocol.  The @command{ssh-add} tool y be
-  used to add new entries to this file; you may also add them manually.
-  Comment lines, indicated by a leading hash mark, as well as empty lines
-  are ignored.  An entry starts with optional white spaces, followed by
-  the keygrip of the key given as 40 hex digits, optionally followed by
-  the caching TTL in seconds and another optional field for arbitrary
-  flags.  A @code{!} may be prepended to the keygrip to disable this
-  entry.
+This file is used when support for the secure shell agent protocol has
+been enabled (@pxref{option --enable-ssh-support}). Only keys present
+in this file are used in the SSH protocol.  The @command{ssh-add} tool
+y be used to add new entries to this file; you may also add them
+manually.  Comment lines, indicated by a leading hash mark, as well as
+empty lines are ignored.  An entry starts with optional white spaces,
+followed by the keygrip of the key given as 40 hex digits, optionally
+followed by the caching TTL in seconds and another optional field for
+arbitrary flags.  A @code{!} may be prepended to the keygrip to
+disable this entry.
     
-  The follwoing example lists exactly one key.  Note that keys available
-  through a OpenPGP smartcard in the active smartcard reader are implictly
-  added to this list; i.e. there is no need to list them.
+The follwoing example lists exactly one key.  Note that keys available
+through a OpenPGP smartcard in the active smartcard reader are
+implictly added to this list; i.e. there is no need to list them.
   
   @example
   # Key added on 2005-02-25 15:08:29

doc/gpgsm.texi

@@ -339,7 +339,8 @@ a running dirmngr can't be connected.
 @opindex prefer-system-dirmngr
 If a system wide @command{dirmngr} is running in daemon mode, first try
 to connect to this one.  Fallback to a pipe based server if this does
-not work.
+not work.  Under Windows this option is ignored because the system dirmngr is
+always used.
 
 @item --no-secmem-warning
 @opindex no-secmem-warning

doc/yat2m.c

@@ -449,7 +449,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
     { "code",    0, "\\fB", "\\fR" },
     { "sc",      0, "\\fB", "\\fR" },
     { "var",     0, "\\fI", "\\fR" },
-    { "samp",    0, "\n'",  "'\n"  },
+    { "samp",    0, "'",  "'"  },
     { "file",    0, "`\\fI","\\fR'" }, 
     { "env",     0, "`\\fI","\\fR'" }, 
     { "acronym", 0 },