1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-21 10:09:57 +01:00

746 Commits

Author SHA1 Message Date
Werner Koch
d54db0ac42
gpgconf: Show also the used nPth version with -V
* dirmngr/dirmngr.c (gpgconf_versions): Get and show nPth version.
--

Note that this requires nPth 1.8
2024-11-12 12:07:24 +01:00
Werner Koch
f8b1b7b4df
dirmngr: Print a brief list of URLs with LISTCRLS.
* dirmngr/crlcache.c (crl_cache_list): Print a summary of URLs.

* sm/call-dirmngr.c (gpgsm_dirmngr_run_command): Print a notice to
stdout if the dirmngr has been disabled.
--

GnuPG-bug-id: 7337
2024-10-14 16:48:37 +02:00
NIIBE Yutaka
953dd67368
Use gpgrt_process_spawn API from libgpg-error.
* agent/genkey.c (do_check_passphrase_pattern): Use the gpgrt API.
* common/asshelp.c (start_new_service): Ditto.
* common/exechelp.h: Remove gnupg_process_spawn API.
* common/exechelp-posix.c: Remove gnupg_process_spawn implementation.
* common/exechelp-w32.c: Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Use the gpgrt API.
* common/t-exechelp.c (test_pipe_stream): Remove.
* dirmngr/ldap-wrapper.c (destroy_wrapper, ldap_reaper_thread): Use
the gpgrt API.
(ldap_wrapper_connection_cleanup, ldap_wrapper): Ditto.
* dirmngr/ldap.c, g10/call-keyboxd.c: No need to include exechelp.h.
* g10/photoid.c (run_with_pipe, show_photo): Use the gpgrt API.
* g13/be-encfs.c (run_umount_helper, run_encfs_tool): Ditto.
* g13/g13.c, g13/mount.c, g13/runner.c: No need to include exechelp.h.
* scd/apdu.c: No need to include exechelp.h.
* scd/app.c (report_change): Use the gpgrt API.
* sm/export.c, sm/import.c: No need to include exechelp.h.
* tests/gpgscm/ffi.c (proc_object_finalize, proc_wrap)
(do_process_spawn_io, do_process_spawn_fd, do_process_wait): Use the
gpgrt API.
* tools/gpg-auth.c: No need to include exechelp.h.
* tools/gpg-card.c (cmd_gpg): Use the gpgrt API.
* tools/gpg-connect-agent.c: No need to include exechelp.h.
* tools/gpg-mail-tube.c (mail_tube_encrypt, prepare_for_appimage)
(start_gpg_encrypt): Use the gpgrt API.
* tools/gpgconf-comp.c (gpg_agent_runtime_change)
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Ditto.
* tools/gpgconf.c (show_versions_via_dirmngr): Ditto.
* tools/gpgtar-create.c (gpgtar_create): Ditto.
* tools/gpgtar-extract.c (gpgtar_extract): Ditto.
* tools/gpgtar-list.c (gpgtar_list): Ditto.

--

GnuPG-bug-id: 7192
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-07-09 10:04:16 +09:00
Daniel Kahn Gillmor
42b0e9558a
indent: Fix spelling
--

These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.

With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.

GnuPG-bug-id: 7116
2024-05-31 12:28:32 +02:00
NIIBE Yutaka
fc3fde1bde
spawn: Remove spawn callback, introduce gnupg_spawn_actions.
* common/exechelp-posix.c (call_spawn_cb): Remove.
(gnupg_spawn_actions_new, gnupg_spawn_actions_release)
(gnupg_spawn_actions_set_environ, gnupg_spawn_actions_set_atfork)
(gnupg_spawn_actions_set_redirect)
(gnupg_spawn_actions_set_inherit_fds): New.
(my_exec, spawn_detached): Use spawn actions.
(gnupg_spawn_helper): Remove.
(gnupg_process_spawn): Remove callback, introduce gnupg_spawn_actions.
* common/exechelp-w32.c: Ditto.
* common/exechelp.h: Ditto.
* agent/genkey.c (do_check_passphrase_pattern): Follow the change of
gnupg_process_spawn API.
* common/asshelp.c (start_new_service): Likewise.
* common/exectool.c (gnupg_exec_tool_stream): Likewise.
* common/t-exechelp.c (test_pipe_stream): Likewise.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise.
* g10/photoid.c (run_with_pipe): Likewise.
* scd/app.c (report_change): Likewise.
* tests/gpgscm/ffi.c (do_process_spawn_io, do_process_spawn_fd):
Likewise.
* tools/gpg-card.c (cmd_gpg): Likewise.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Likewise.
(scdaemon_runtime_change, tpm2daemon_runtime_change)
(dirmngr_runtime_change, keyboxd_runtime_change)
(gc_component_launch, gc_component_check_options)
(retrieve_options_from_program): Likewise.
* tools/gpgconf.c (show_versions_via_dirmngr): Likewise.
* tools/gpgtar-create.c (gpgtar_create): Likewise.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-31 15:36:39 +09:00
NIIBE Yutaka
14534e72e1
dirmngr: Fix a call of calloc.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Fix arguments.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-05-14 15:48:45 +09:00
Werner Koch
4485930f9f
Merge branch 'STABLE-BRANCH-2-4'
--
Resolved conflicts:
	NEWS
	common/exechelp-w32.c
	configure.ac
2024-03-12 16:00:55 +01:00
NIIBE Yutaka
2810b93464
dirmngr: Fix keep-alive flag handling.
* dirmngr/http.c (run_proxy_connect): Set KEEP_ALIVE if not Basic
Authentication.  Fix resource leak of FP_WRITE.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 16:24:26 +09:00
NIIBE Yutaka
848546b05a
dirmngr: Fix the regression of use of proxy for TLS connection.
* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-16 11:38:57 +09:00
NIIBE Yutaka
04cbc3074a
dirmngr: Fix proxy with TLS.
* dirmngr/http.c (proxy_get_token, run_proxy_connect): Always
available regardless of USE_TLS.
(run_proxy_connect): Use log_debug_string.
(send_request): Remove USE_TLS.

--

Since the commit of

	1009e4e5f71347a1fe194e59a9d88c8034a67016

Building with TLS library is mandatory.

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15 15:38:34 +09:00
NIIBE Yutaka
874918ab91
common,dirmngr:w32: Add include files.
* common/dynload.h: Include windows.h.  Don't define RTLD_LAZY, if
already defined.
* common/init.c: Include wctype.h.
* dirmngr/certcache.c: Include wincrypt.h.
* dirmngr/dns-stuff.c: Include ws2tcpip.h.

--

GnuPG-bug-id: 5894
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15 14:40:33 +09:00
NIIBE Yutaka
27f66148f7
dirmngr:w32: Add include files.
* dirmngr/ks-engine-ldap.c: Include winldap.h and winber.h.

--

Definition of ber_free is in winber.h.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2024-02-15 14:38:10 +09:00
Werner Koch
2ed1f68b48
doc: Fix spelling errors found by lintian.
--

Reported-by: Andreas Metzler <ametzler@debian.org>
2024-01-29 09:16:21 +01:00
Werner Koch
4dc09bc5e7
dirmngr: For CRL issuer verification trust the system's root CA.
* dirmngr/crlcache.c (crl_parse_insert): Add
VALIDATE_FLAG_TRUST_SYSTEM.
--

GnuPG-bug-id: 6963
2024-01-26 13:14:35 +01:00
Werner Koch
387ee7dcbd
Merge branch 'STABLE-BRANCH-2-4'
* common/b64dec.c (b64decode): Move to ...
* common/miscellaneous.c: here.

* common/t-b64.c: Re-inroduce and keep only the b64decode test code.
2023-11-07 20:38:27 +01:00
Werner Koch
d7a1577a25
dirmngr: Add code to support the negotiation auth method.
* dirmngr/http.c (enum auth_negotiate_states): New.
(struct proxy_info_s): Add new fields.
(release_proxy_info): Free Windows stuff.
(proxy_get_token): New. Implemented only for Windows for now.
(run_proxy_connect): Add support for auth method Negotiation.
(store_header): Keep some header lines separate.
--

The code does something but I have not yet been able to test it due
to problems setting up Squid with AD authentication.  As of now it
will respond with a failure but that should not be worse than not to
implement Negotiation.

Supporting Negotiation using GSS for Unix should eventually also be
done.

GnuPG-bug-id: 6719
2023-10-02 13:10:13 +02:00
Werner Koch
53bdb7440c
dirmngr: Extended the http_get_header function.
* dirmngr/http.c (send_request): Add arg 'skip'.  Adjust all callers.
--

GnuPG-bug-id: 6719
2023-10-02 13:05:49 +02:00
Werner Koch
a5e33618f4
dirmngr: Fix handling of the HTTP Content-Length
* dirmngr/http.c (cookie_s): Add fields pending, up_to_empty_line,
last_was_lf, and last_was_lfcr.
(http_context_s): Add field keep-alive.
(http_wait_response): Set up_to_empty_line.  Take care of keep_alive
flag.
(coookie_read): Implement detection of empty lines.
(cookie_write): Free the pending buffer.
--

The problem we fix here is that we already buffered stuff beyond the
empty line which marks the start of the content-length counting.  Thus
we tried to wait for more bytes despite that everything had already
been read.  This bug might have showed up more often in the real world
since the we changed the BUFSIZ on Windows from 512 byte to 8k.  It
also depends on the length of the headers and whether the server
closed the connection so that we ignored the Content-Length.

The bug was introduced earlier than 2010 and could have the effect
that a connection got stuck until the network layer timed out.

Note that the keep-alive parts of the patch are not yet used.
2023-09-26 14:19:26 +02:00
Werner Koch
3054016db9
dirmngr: Require gnutls 3.2
* dirmngr/http.c: Remove gnutls version specific code.
(send_request): Factor some code out to ...
(run_proxy_connect): new.
(mk_proxy_request): new.
(mk_std_request): new.
* configure.ac (NEED_GNUTLS_VERSION): Require 3.2.
--

This patch is to factor out some code and also to remove support for
legacy gnutls versions.  Note that gnutls 3.2 was released 10 years
ago.
2023-09-26 14:13:51 +02:00
Werner Koch
668deeded9
dirmngr: Improve error codes returned from http fetching.
* dirmngr/ks-engine-http.c (ks_http_fetch): Return better error codes.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/t-http.c (main): New option --try-proxy.
2023-09-26 14:10:42 +02:00
Werner Koch
1e120f5a8d
dirmngr: Implement automatic proxy detection on Windows.
* dirmngr/http.c [W32]: Include winhttp.h
(w32_get_internet_session): New.
(w32_get_proxy): New.
(get_proxy_for_url): Implement automatic proxy detection and fix error
in last patch.
(http_reinitialize): New.
* dirmngr/dirmngr.c (dirmngr_sighup_action): Call reinitialize.
* dirmngr/Makefile.am (NETLIBS) [W32]: Link with winhttp.
--

GnuPG-bug-id: 5768
2023-09-26 14:10:13 +02:00
Werner Koch
fed33baed1
dirmngr: Further simplify the http code and improve a message.
* dirmngr/http.c (make_fp_write, make_fp_read): New.
(http_raw_connect): Use new functions.
(http_wait_response): Ditto.
(send_request): Ditto.  Change proxy error diagnostic.
(connect_server): Improve error message for host not found.
--

GnuPG-bug-id: 5768
2023-09-26 14:06:47 +02:00
Werner Koch
845d5e61d8
dirmngr: Cleanup the http module.
* configure.ac (NEED_NTBTLS_VERSION): Require at least 0.2.0 so that
we can remove a conditional compilation.

* dirmngr/http.c (struct proxy_info_s): New.
(release_proxy_info): New to keep proxy information in one object.
(send_request): Factor some code out to ...
(get_proxy_for_url): this,
(send_request_basic_checks): this,
(send_request_set_sni): this,
(run_ntbtls_handshake): this,
(run_gnutls_handshake): and this.
--

Note that this also removes some never used code.  For example the
NTBTLS handshake has code taken from GNUTLS which was never used due
to the different ways on how the certificates are checked.

The proxy code has been factored out to make to prepare further
authentication methods.  The proxy_info_t was introduced for the same
reason.

Tested against gnutls and ntbtls builds.  No proxy tests yet done,
because we need more sophisticated tests anyway.

GnuPG-bug-id: 5768
2023-09-26 13:58:31 +02:00
NIIBE Yutaka
26939ea222
Use gpgrt_b64* API of libgpg-error.
* common/Makefile.am (common_sources): Remove b64enc.c and b64dec.c.
(module_maint_tests): Remove t-b64.
(t_b64_LDADD): Remove.
* common/util.h: Remove the internal API.
* common/ssh-utils.c (get_fingerprint): Use the gpgrt_b64 API.
(ssh_public_key_in_base64): Likewise.
* dirmngr/crlfetch.c (my_es_read, crl_close_reader): Likewise.
* dirmngr/dirmngr-client.c (data_cb, do_lookup): Likewise.
* dirmngr/misc.c (armor_data): Likewise.
* g10/export.c (export_one_ssh_key, export_secret_ssh_key): Likewise.
* tools/gpg-card.c (cmd_writecert): Likewise.
* tools/mime-parser.c (parse_message_cb, mime_parser_release)
(process_part_data): Likewise.
* tools/wks-util.c (wks_armor_key): Likewise.

--

GnuPG-bug-id: 6734
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-09-26 13:34:50 +09:00
Werner Koch
4fc745bc43
dirmngr: Relax the detection of the "none" keyserver.
* dirmngr/server.c (cmd_keyserver): Ignore also hkps://none.
(ensure_keyserver): Better ignore also "none" with a hkp or hpks
scheme.
--

GnuPG-bug-id: 6708
2023-09-11 11:24:00 +02:00
Werner Koch
0aa32e2429
dirmngr: Allow conf files to disable default keyservers.
* dirmngr/server.c (ensure_keyserver): Detect special value "none"
(cmd_keyserver): Ignore "none" and "hkp://none".
--

GnuPG-bug-id: 6708
2023-09-06 09:50:28 +02:00
Werner Koch
a430f22549
common: Prepare for more flags in start_new_service.
* common/asshelp.h (ASSHELP_FLAG_AUTOSTART): New.
* common/asshelp.c (start_new_service): Rename arg autostart to flags
and adjust checks.
(start_new_gpg_agent): Likewise.  Change all callers.
(start_new_keyboxd): Likewise.  Change all callers.
(start_new_dirmngr): Likewise.  Change all callers.
--

It is easier to have a generic flags arg instead of adding more and
more dedicated args.  verbose and debug are kept as they are because
they are not boolean.
2023-08-29 13:18:13 +02:00
Werner Koch
32c55603df
dirmngr: Fix LDAP time parser.
* dirmngr/ldap-misc.c (rfc4517toisotime): Correct index.
--

Obviously the parser assumes the standard ISO format with the 'T'
before the hour.  That is not correct here.  We need this parser for
the modifyTimestamp thingy.
2023-08-24 11:25:30 +02:00
NIIBE Yutaka
0821ceebfb
agent,dirmgr,gpg,g13,kbx,scd,sm,tmp2d: Remove ASSUAN_SYSTEM_NPTH.
* agent/gpg-agent.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* dirmngr/dirmngr.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(thread_init): Don't call assuan_set_system_hooks.
* g10/gpg.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* g13/g13.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Set the syscall clamp with gpgrt_set_syscall_clamp.
Don't call assuan_set_system_hooks.
* kbx/keyboxd.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(initialize_modules): Don't call assuan_set_system_hooks.
(main): Don't call assuan_sock_set_system_hooks.
* scd/scdaemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* sm/gpgsm.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.
* tpm2d/tpm2daemon.c (ASSUAN_SYSTEM_NPTH_IMPL): Remove.
(main): Don't call assuan_set_system_hooks.

--

GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-08-03 16:34:00 +09:00
NIIBE Yutaka
5cad5f903e
agent,dirmngr,kbx,scdaemon: Use assuan_sock_accept.
* agent/gpg-agent.c (handle_connections): Use assuan_sock_accept.
* dirmngr/dirmngr.c (handle_connections): Ditto.
* kbx/keyboxd.c (handle_connections): Ditto.
* scd/scdaemon.c (handle_connections): Ditto.
* tpm2d/tpm2daemon.c (handle_connections): Ditto.

--

GnuPG-bug-id: 6599
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-08-03 16:33:51 +09:00
Andre Heinecke
083a16ae08
dirmngr: Add doc for faked-system-time
* dirmngr/dirmngr.c (gpgrt_opt_t): Use string for oFakedSystemTime.
(oFakedSystemTime): Use similar conversion as gpgsm has.
* dirmngr/dirmngr.texi (faked-system-time): Document it.

--
For testing X509 certificates this is usually required and
then confusing that the example from the gpgsm man page
does not work for dirmngr.
2023-07-21 10:26:44 +02:00
NIIBE Yutaka
30fc365124
dirmngr: Silence compiler when it's without LDAP.
* dirmngr/ks-action.c [!USE_LDAP] (ks_action_get): NEWER is not used.
* ks_action_query [!USE_LDAP] (ks_action_query): Ignore unused args.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-21 14:27:57 +09:00
Andre Heinecke
6e2412e74a
dirmngr: Add doc for faked-system-time
* dirmngr/dirmngr.c (gpgrt_opt_t): Use string for oFakedSystemTime.
(oFakedSystemTime): Use similar conversion as gpgsm has.
* dirmngr/dirmngr.texi (faked-system-time): Document it.

--
For testing X509 certificates this is usually required and
then confusing that the example from the gpgsm man page
does not work for dirmngr.
2023-07-19 11:27:08 +02:00
NIIBE Yutaka
ea1935252e
commond: Introduce FD2NUM to express conversion to number of fds.
* common/sysutils.h (FD2NUM): New.
* agent/call-pinentry.c (watch_sock): Use FD2NUM.
* agent/gpg-agent.c (handle_connections): Likewise.
* dirmngr/dirmngr.c (handle_connections): Likewise.
* dirmngr/http.c (connect_with_timeout): Likewise.
* kbx/keyboxd.c (handle_connections): Likewise.
* scd/scdaemon.c (handle_connections): Likewise.
* tpm2d/tpm2daemon.c (handle_connections): Likewise.

--

GnuPG-bug-id: 6598
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-18 14:43:36 +09:00
NIIBE Yutaka
81055baf5c
dirmngr,kbk,tools: Fix type casting.
* dirmngr/http.c (send_request): Remove cast which is not needed.
* kbx/kbx-client-util.c (prepare_data_pipe): Cast to HANDLE.
* tools/gpg-connect-agent.c (do_open): Ditto.

--

GnuPG-bug-id: 6508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-18 12:07:25 +09:00
NIIBE Yutaka
b849c930e9
common: Introduce FD_DBG to display gnupg_fd_t value.
* common/sysutils.h (FD_DBG): New.
* agent/gpg-agent.c (check_nonce): Use FD_DBG.
(do_start_connection_thread, start_connection_thread_ssh): Likewise.
* common/iobuf.c (fd_cache_close, file_filter, do_open): Likewise.
(do_iobuf_fdopen): Likewise.
* dirmngr/dirmngr.c (check_nonce, start_connection_thread)
(handle_connections): Likewise.
* dirmngr/http.c (_my_socket_new, _my_socket_ref): Likewise.
(_my_socket_unref): Likewise.
* g10/decrypt.c (decrypt_message_fd): Likewise.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/openfile.c (open_outfile): Likewise.
* g10/plaintext.c (get_output_file, hash_datafile_by_fd): Likewise.
* g10/verify.c (gpg_verify): Likewise.
* kbx/keyboxd.c (check_nonce, do_start_connection_thread): Likewise.
* scd/scdaemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.
* sm/gpgsm.c (open_es_fread, open_es_fwrite): Likewise.
* tpm2d/tpm2daemon.c (start_connection_thread): Likewise.
(handle_connections): Likewise.

--

GnuPG-bug-id: 6597
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-18 11:54:16 +09:00
NIIBE Yutaka
9ae3cfcabe
dirmngr: Enable the call of ks_ldap_help_variables when USE_LDAP.
* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.

--

Cherry-pick master commit of:
	dc13361524c1477b2106c7385f2059f9ea111b84

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-05 10:46:45 +09:00
NIIBE Yutaka
dc13361524
dirmngr: Enable the call of ks_ldap_help_variables when USE_LDAP.
* dirmngr/server.c [USE_LDAP] (cmd_ad_query): Conditionalize.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-05 09:29:54 +09:00
Werner Koch
334f5d95c8
Merge branch 'STABLE-BRANCH-2-4' into master 2023-07-04 17:37:54 +02:00
zhangguangzhi
be77c05532
delete redundant characters
--

GnuPG-bug-id: 6482
Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
2023-06-20 09:08:29 +09:00
zhangguangzhi
40090dbbf9
delete redundant characters
--

GnuPG-bug-id: 6482
Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
2023-06-20 09:08:14 +09:00
Werner Koch
b1ecc8353a
dirmngr: New option --ignore-crl-extensions.
* dirmngr/dirmngr.c (oIgnoreCRLExtension): New.
(opts): Add --ignore-crl-extension.
(parse_rereadable_options): Add to list/
* dirmngr/dirmngr.h (opt): Add ignored_crl_extensions.
* dirmngr/crlcache.c (crl_cache_insert): Implement option.
--

This option is is useful for debugging problems with new CRL
extensions.  It is similar to --ignore-cert-extension.

GnuPG-bug-id: 6545
2023-06-19 14:25:47 +02:00
Werner Koch
701a8b30f0
gpgsm: Support SENDCERT_SKI for --call-dirmngr
* sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI.

* dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with
the unknown OID nortice.
2023-06-19 14:05:22 +02:00
Werner Koch
0a63afc79a
dirmngr: Disable the HTTP redirect rewriting.
* dirmngr/http.h (struct http_redir_info_s): Add restrict_redir.
* dirmngr/ks-engine-hkp.c (send_request): Set it depending on flags.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http-basic.c (test_http_prepare_redirect): Always set it.
* dirmngr/http.c (http_prepare_redirect): Remove location rewriting
unless the flag is set.
--

GnuPG-bug-id: 6477
2023-06-15 15:06:21 +02:00
Werner Koch
bf04b07327
dirmngr: New option --compatibility-flags.
* dirmngr/dirmngr.c (oCompatibilityFlags): NEw.
(opts): Add option --compatibility-flags.
(compatibility_flags): New.
(parse_rereadable_options): Parse them.
2023-06-15 15:00:28 +02:00
Werner Koch
207c99567c
dirmngr: Extend the AD_QUERY command.
* dirmngr/server.c (cmd_ad_query): Add options --help and --subst.
(cmd_getinfo): Add sub-command "sid".
* dirmngr/ks-engine.h (KS_GET_FLAG_SUBST): New.
* dirmngr/ks-engine-ldap.c (ks_ldap_help_variables): New.
(getval_for_filter): New.
(map_rid_to_dn): New.
(ks_ldap_query): Support variables.
--

The new variables features makes it easier to write AD queries without
requiring domain specific expressions.
2023-06-07 10:03:48 +02:00
NIIBE Yutaka
f15a643a2d
agent,dirmngr: Shutdown fix for supervised mode.
* agent/gpg-agent.c (handle_connections): Break if supervised.
* dirmngr/dirmngr.c (is_supervised): New.
(handle_connections): Break if supervised.

--

For supervised agent/dirmngr, 'systemctl stop' behaves just like
'gpgconf --kill', ignoring existing connections.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-26 15:28:13 +09:00
Werner Koch
8295fb3f0b
w32: Add missing supportedOS Ids for Windows-10
--
2023-05-24 14:17:06 +02:00
Werner Koch
6657230f9e
w32: Add missing supportedOS Ids for Windows-10
--
2023-05-24 14:16:10 +02:00
Werner Koch
3a438a1cc3
w32: Add missing manifests and set a requestedExecutionLevel.
* agent/gpg-agent.w32-manifest.in: New.
* dirmngr/dirmngr-client-w32info.rc: New.
* dirmngr/dirmngr-client.w32-manifest.in: New.
* dirmngr/dirmngr-w32info.rc: New.
* dirmngr/dirmngr.w32-manifest.in: New.
* dirmngr/dirmngr_ldap-w32info.rc: New.
* dirmngr/dirmngr_ldap.w32-manifest.in: New.
* g10/gpgv-w32info.rc: New.
* g10/gpgv.w32-manifest.in: New.
* kbx/keyboxd.w32-manifest.in: New.
* scd/scdaemon.w32-manifest.in: New.
* sm/gpgsm.w32-manifest.in: New.
--

This avoids the use of the VirtualStore uner Windows.

GnuPG-bug-id: 6503
2023-05-24 12:14:06 +02:00