security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

(show_key_with_all_names): Print the card S/N.

Browse Source 
* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
not app_number_serialno.
This commit is contained in:
Werner Koch 2004-09-20 18:47:11 +00:00
parent 9ec1437772
commit f100401478
6 changed files with 49 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
g10/ChangeLog
View File

@ -1,3 +1,7 @@
2004-09-20 Werner Koch <wk@g10code.com>
* keyedit.c (show_key_with_all_names): Print the card S/N.
2004-09-11 Moritz Schulte <moritz@g10code.com> 2004-09-11 Moritz Schulte <moritz@g10code.com>
* openfile.c (copy_options_file): Fixed last commit (added a `+'). * openfile.c (copy_options_file): Fixed last commit (added a `+').

21
g10/keyedit.c
View File

@ -2121,6 +2121,27 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
datestr_from_sk(sk), datestr_from_sk(sk),
expirestr_from_sk(sk) ); expirestr_from_sk(sk) );
tty_printf("\n"); tty_printf("\n");
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{
tty_printf(" ");
tty_printf(_("card-no: "));
if (sk->protect.ivlen == 16
&& !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
{ /* This is an OpenPGP card. */
for (i=8; i < 14; i++)
{
if (i == 10)
tty_printf (" ");
tty_printf ("%02X", sk->protect.iv[i]);
}
}
else
{ /* Something is wrong: Print all. */
for (i=0; i < sk->protect.ivlen; i++)
tty_printf ("%02X", sk->protect.iv[i]);
}
tty_printf ("\n");
}
} }
else if( with_subkeys && node->pkt->pkttype == PKT_SIGNATURE else if( with_subkeys && node->pkt->pkttype == PKT_SIGNATURE
&& node->pkt->pkt.signature->sig_class == 0x28 ) { && node->pkt->pkt.signature->sig_class == 0x28 ) {

5
scd/ChangeLog
View File

@ -1,3 +1,8 @@
2004-09-11 Werner Koch <wk@g10code.com>
* app-openpgp.c (app_select_openpgp): Its app_munge_serialno and
not app_number_serialno.
2004-08-20 Werner Koch <wk@g10code.de> 2004-08-20 Werner Koch <wk@g10code.de>
* app.c (select_application): Fixed serial number extraction and * app.c (select_application): Fixed serial number extraction and

2
scd/app-openpgp.c
View File

@ -1397,7 +1397,7 @@ app_select_openpgp (APP app)
#if GNUPG_MAJOR_VERSION != 1 #if GNUPG_MAJOR_VERSION != 1
/* A valid OpenPGP card should never need this but well the test /* A valid OpenPGP card should never need this but well the test
is cheap. */ is cheap. */
rc = app_number_serialno (app); rc = app_munge_serialno (app);
if (rc) if (rc)
goto leave; goto leave;
#endif #endif

6
sm/ChangeLog
View File

@ -1,3 +1,9 @@
2004-09-14 Werner Koch <wk@g10code.com>
* certchain.c (gpgsm_validate_chain): Give expired certificates a
higher error precedence and don't bother to check any CRL in that
case.
2004-08-24 Werner Koch <wk@g10code.de> 2004-08-24 Werner Koch <wk@g10code.de>
* certlist.c: Fixed typo in ocsp OID. * certlist.c: Fixed typo in ocsp OID.

15
sm/certchain.c
View File

@ -672,7 +672,12 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED) else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)
{ {
do_list (0, lm, fp, _("root certificate is not marked trusted")); do_list (0, lm, fp, _("root certificate is not marked trusted"));
if (!lm) /* If we already figured out that the certificate is
expired it does not make much sense to ask the user
whether we wants to trust the root certificate. He
should do this only if the certificate under question
will then be usable. */
if (!lm && !any_expired)
{ {
int rc2; int rc2;
char *fpr = gpgsm_get_fingerprint_string (subject_cert, char *fpr = gpgsm_get_fingerprint_string (subject_cert,
@ -707,6 +712,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* Check for revocations etc. */ /* Check for revocations etc. */
if ((flags & 1)) if ((flags & 1))
rc = 0; rc = 0;
else if (any_expired)
; /* Don't bother to run the expensive CRL check then. */
else else
rc = is_cert_still_valid (ctrl, lm, fp, rc = is_cert_still_valid (ctrl, lm, fp,
subject_cert, subject_cert, subject_cert, subject_cert,
@ -835,6 +842,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* Check for revocations etc. */ /* Check for revocations etc. */
if ((flags & 1)) if ((flags & 1))
rc = 0; rc = 0;
else if (any_expired)
; /* Don't bother to run the expensive CRL check then. */
else else
rc = is_cert_still_valid (ctrl, lm, fp, rc = is_cert_still_valid (ctrl, lm, fp,
subject_cert, issuer_cert, subject_cert, issuer_cert,
@ -866,14 +875,14 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
the error code to the most critical one */ the error code to the most critical one */
if (any_revoked) if (any_revoked)
rc = gpg_error (GPG_ERR_CERT_REVOKED); rc = gpg_error (GPG_ERR_CERT_REVOKED);
else if (any_expired)
rc = gpg_error (GPG_ERR_CERT_EXPIRED);
else if (any_no_crl) else if (any_no_crl)
rc = gpg_error (GPG_ERR_NO_CRL_KNOWN); rc = gpg_error (GPG_ERR_NO_CRL_KNOWN);
else if (any_crl_too_old) else if (any_crl_too_old)
rc = gpg_error (GPG_ERR_CRL_TOO_OLD); rc = gpg_error (GPG_ERR_CRL_TOO_OLD);
else if (any_no_policy_match) else if (any_no_policy_match)
rc = gpg_error (GPG_ERR_NO_POLICY_MATCH); rc = gpg_error (GPG_ERR_NO_POLICY_MATCH);
else if (any_expired)
rc = gpg_error (GPG_ERR_CERT_EXPIRED);
} }
leave: leave: