security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

(show_key_with_all_names): Print the card S/N. 

* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
not app_number_serialno.
This commit is contained in:
Werner Koch 2004-09-20 18:47:11 +00:00
parent 9ec1437772
commit f100401478
6 changed files with 49 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/ChangeLog
View File

@ -1,3 +1,7 @@
2004-09-20 Werner Koch <wk@g10code.com>
* keyedit.c (show_key_with_all_names): Print the card S/N.
2004-09-11 Moritz Schulte <moritz@g10code.com>
* openfile.c (copy_options_file): Fixed last commit (added a `+').

21
g10/keyedit.c
View File

@ -2121,6 +2121,27 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
datestr_from_sk(sk),
expirestr_from_sk(sk) );
tty_printf("\n");
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{
tty_printf(" ");
tty_printf(_("card-no: "));
if (sk->protect.ivlen == 16
&& !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
{ /* This is an OpenPGP card. */
for (i=8; i < 14; i++)
{
if (i == 10)
tty_printf (" ");
tty_printf ("%02X", sk->protect.iv[i]);
}
}
else
{ /* Something is wrong: Print all. */
for (i=0; i < sk->protect.ivlen; i++)
tty_printf ("%02X", sk->protect.iv[i]);
}
tty_printf ("\n");
}
}
else if( with_subkeys && node->pkt->pkttype == PKT_SIGNATURE
&& node->pkt->pkt.signature->sig_class == 0x28 ) {

5
scd/ChangeLog
View File

@ -1,3 +1,8 @@
2004-09-11 Werner Koch <wk@g10code.com>
* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
not app_number_serialno.
2004-08-20 Werner Koch <wk@g10code.de>
* app.c (select_application): Fixed serial number extraction and

2
scd/app-openpgp.c
View File

@ -1397,7 +1397,7 @@ app_select_openpgp (APP app)
#if GNUPG_MAJOR_VERSION != 1
/* A valid OpenPGP card should never need this but well the test
is cheap. */
rc = app_number_serialno (app);
rc = app_munge_serialno (app);
if (rc)
goto leave;
#endif

6
sm/ChangeLog
View File

@ -1,3 +1,9 @@
2004-09-14 Werner Koch <wk@g10code.com>
* certchain.c (gpgsm_validate_chain): Give expired certificates a
higher error precedence and don't bother to check any CRL in that
case.
2004-08-24 Werner Koch <wk@g10code.de>
* certlist.c: Fixed typo in ocsp OID.

15
sm/certchain.c
View File

@ -672,7 +672,12 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
{
do_list (0, lm, fp, _("root certificate is not marked trusted"));
if (!lm)
/* If we already figured out that the certificate is
expired it does not make much sense to ask the user
whether we wants to trust the root certificate. He
should do this only if the certificate under question
will then be usable. */
if (!lm && !any_expired)
{
int rc2;
char *fpr = gpgsm_get_fingerprint_string (subject_cert,
@ -707,6 +712,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* Check for revocations etc. */
if ((flags & 1))
rc = 0;
else if (any_expired)
; /* Don't bother to run the expensive CRL check then. */
else
rc = is_cert_still_valid (ctrl, lm, fp,
subject_cert, subject_cert,
@ -835,6 +842,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* Check for revocations etc. */
if ((flags & 1))
rc = 0;
else if (any_expired)
; /* Don't bother to run the expensive CRL check then. */
else
rc = is_cert_still_valid (ctrl, lm, fp,
subject_cert, issuer_cert,
@ -866,14 +875,14 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
the error code to the most critical one */
if (any_revoked)
rc = gpg_error (GPG_ERR_CERT_REVOKED);
else if (any_expired)
rc = gpg_error (GPG_ERR_CERT_EXPIRED);
else if (any_no_crl)
rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else if (any_crl_too_old)
rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
else if (any_no_policy_match)
rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
else if (any_expired)
rc = gpg_error (GPG_ERR_CERT_EXPIRED);
}
leave: