1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1081 Commits

Author SHA1 Message Date
NIIBE Yutaka
709ab03bc2
common: Fix parsing ECC key.
* common/sexputil.c (get_ecc_q_from_canon_sexp): Initialize ECC_Q_LEN.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-05-10 10:09:55 +02:00
Werner Koch
2630872cff
scd,openpgp: Switch key attributes between RSA and ECC in writekey.
* common/sexputil.c (get_rsa_pk_from_canon_sexp): Also allow private
keys.
(pubkey_algo_string): Ditto.
* scd/app-openpgp.c (do_writekey): Switch key attributes
--

The scd WRITEKEY command for OpenPGP cards missed proper support to
aautomagically switch key attributes based on the new key.  We had
this only in GENKEY.

GnuPG-bug-id: 6378
2023-03-14 16:16:40 +01:00
Werner Koch
aecebdf705
gpg: Replace --override-compliance-check by a real fix.
* common/compliance.c (gnupg_pk_is_allowed): Handle EdDSA.
* g10/gpg.c (oOverrideComplianceCheck): Remove.
(opts): Turn --override-compliance-check into a dummy option.
* g10/options.h (opt): Remove override_compliance_check.
* g10/sig-check.c (check_key_verify_compliance): Remove use of that
option.
--

The introduction of --override-compliance-check actually hid the real
cause for the signature verification problem in de-vs mode for the
Ed25519 key.  The real fix is to handle the EdDSA algorithm in
gnupg_pk_is_allowed.

Fixes-commit: 773b8fbbe915449c723302f5268d7906b40d84d3
GnuPG-bug-id: 5655
2023-01-20 11:12:13 +01:00
Werner Koch
6df8a513dc
common: Detect PNG and JPEG file formats.
* common/miscellaneous.c (is_file_compressed): Add detect code.
--

GnuPG-bug-id: 6332
2023-01-19 16:14:31 +01:00
Werner Koch
ce8ffd71b7
gpg: Detect already compressed data also when using a pipe.
* common/iobuf.c (file_filter_ctx_t): Add fields for the peek feature.
(file_filter): Implement peeking.
(iobuf_ioctl): Add new IOBUF_IOCTL_PEEK.
* common/iobuf.h (IOBUF_IOCTL_PEEK, IOBUFCTRL_PEEK): New.
* common/miscellaneous.c (is_file_compressed): Rewrite.  Detect PDF.
* g10/encrypt.c (encrypt_simple): Peek before detecting compression.
(encrypt_crypt): Ditto.
* g10/sign.c (sign_file): Also detect already compressed data.

* g10/options.h (opt): Add explicit_compress_option.
* g10/gpg.c (main): Set opt.explicit_compress_option for -z.

--

Note that this patch also introduces a compression check for signing
which was never done in the past.

GnuPG-bug-id: 6332
Backported-from-master: 60963d98cfd8e60f88ee43c2d992f6dd3bbbd74c

Note that sign.c (sign_file) has been re-indented to ease future
backports.
2023-01-19 16:14:03 +01:00
Werner Koch
ca822a2339
common: Replace all assert in iobuf by log_assert.
--
2023-01-19 16:14:02 +01:00
Werner Koch
841c691128
Update copyright notices
--
2023-01-16 13:25:22 +01:00
Werner Koch
210ba98355
scd:openpgp: Allow auto-changing of the key attributes in genkey.
* scd/app-openpgp.c (struct app_local_s): Add field keyalgo.
(parse_algorithm_attribute): Store the new keyalgo field.
(change_keyattr): Change info message.
(change_keyattr_from_string): Rewrite to also accept a keyref and a
keyalgo string.
(do_genkey): Change the keyattr if a keyalgo string is given.
* scd/command.c (cmd_genkey): Add option --algo.
--

Having this feature makes it easier to use OpenPGP cards in a similar
way to other cards.  Note that the explicit changing via SETATTR is
still supported.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d7d75da50543bc7259c5a6e6367b58cbca7f1b7b)
(cherry picked from commit b349adc5c0d00d2fc405a45bd078f1580b5610cc)
2023-01-13 14:54:23 +01:00
Werner Koch
2e39fed109
common: New function get_keyalgo_string.
* common/openpgp-oid.c (struct keyalgo_string_s): New.
(keyalgo_strings): New.
(keyalgo_strings_size, keyalgo_strings_used): New.
(openpgp_oid_or_name_to_curve): New.
(get_keyalgo_string): New.
--

This function is intended as a more general version of gpg's
pubkey_string function.  It has the advantage to avoid mallocs and
uses static table of algorithm strings instead.  There should be only
a few dozen of such strings (if at all) and thus all those allocations
we do internally in gpg's pubkey_string and the static buffers all
over the place are not too nice.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3a1fa13eedb969b561bae18cd3d7c2fb0b63d6ab)
(cherry picked from commit 332a72f7340895e7db1e9c5f89046f722bb7465b)
2023-01-13 14:54:20 +01:00
Werner Koch
f2d25b04d7
sm: Fix compliance checking for ECC signature verification.
* common/compliance.c (gnupg_pk_is_compliant): Also consider the
gcrypt vids for ECDSA et al.
(gnupg_pk_is_allowed): Ditto.
* sm/verify.c (gpgsm_verify): Consider the curve.  Print a compliance
notice for a non-compliant key.

* sm/certchain.c (gpgsm_validate_chain): Silence the "switching to
chain model".
--

Backported-from-master: 338a5ecaa1f11abf24514c8df994170bdb1018f4
2023-01-12 20:58:21 +01:00
Werner Koch
f618731f7e
w32: Make sure DEP is enabled.
* common/init.c (_init_common_subsystems): Test and set the DEP
Policy.
--

Note that this change will now definitely require Windows XP SP3.
2023-01-11 10:04:08 +01:00
NIIBE Yutaka
561dafa85b
w32: Exclude tests with HOME.
* common/t-session-env.c [HAVE_W32_SYSTEM] (test_all): HOME is not
defined, so, exclude the tests.

--

Backport master commit of:
	b47a23f5fac551727d24f65765e21485ed2bb02c

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-22 10:38:38 +09:00
NIIBE Yutaka
a27e6505da
w32: Fix for make check.
* common/Makefile.am (module_tests): Exclude t-exechelp and
t-exectool.
* common/t-stringhelp.c (mygetcwd): Convert '\' to '/'.
* tests/gpgme/Makefile.am: Add $(EXEEXT).
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.

--

Backport master commit of:
	39d478f5ba5d74cdd1d2e40311ff120c932bac37

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-11-22 10:37:15 +09:00
Werner Koch
0a355b2fe7
gpg: Add compatibility flag "vsd-allow-ocb"
* common/compliance.h (enum gnupg_co_extra_infos): New.
* common/compliance.c (vsd_allow_ocb): New.
(gnupg_cipher_is_compliant): Allow OCB if flag is set.
(gnupg_cipher_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): Change to take two args.  Adjust
callers.
* g10/gpg.c (compatibility_flags): Add "vsd-allow-ocb".
(main): And set it.
* g10/options.h (COMPAT_VSD_ALLOW_OCB): NEw.
--

This is a temporary flag until the new mode has been evaluated and can
always be enabled.

GnuPG-bug-id: 6263
2022-10-31 17:23:41 +01:00
Werner Koch
a545e14e8a
gpg: Support OCB encryption.
* g10/build-packet.c (do_encrypted_aead): New.
(do_symkey_enc): Handle version 5.
(build_packet): Support the ENCRYPTED_AEAD packet.
* g10/cipher.c (MIN_PARTIAL_SIZE): Remove unused macro.
(AEAD_ENC_BUFFER_SIZE): New macro.
(my_iobuf_write): New.
(write_header): Rename to write_cfb_header.  Adjust caller.
(set_ocb_nonce_and_ad): New.
(write_ocb_header): New.
(write_ocb_auth_tag): New.
(write_ocb_final_chunk): New.
(do_ocb_flush): New.
(do_ocb_free): New.
(cipher_filter_ocb): New.
* g10/filter.h (cipher_filter_context_t): Add fields for AEAD.
* g10/encrypt.c (encrypt_symmetric): For the use of a session key in
OCB mode.
(encrypt_seskey): Revamp to support OCB.
(use_aead): New.
(encrypt_simple): Support OCB.
(write_symkey_enc): Ditto.
(encrypt_crypt): Ditto.
(encrypt_filter): Handle OCB.
* g10/options.h (opt): Add field force_ocb.
* g10/gpg.c (oForceOCB): New.
(opts): New option "--force-ocb".
(main): Set force_ocb option.
* g10/gpgcompose.c (encrypt_seskey): New.
* g10/keygen.c (aead_available): New global var.
(keygen_set_std_prefs): Set AEAD feature by default in GNUPG mode. Add
parings of aead feature flag.
(keygen_get_std_prefs): Set aead flag.
(add_feature_aead): New.
(keygen_upd_std_prefs): Set OCB as preference if AEAD is enabled.
* g10/pkclist.c (select_aead_from_pklist): New.
(warn_missing_aead_from_pklist): New.
(select_mdc_from_pklist): Remove this unused function.
--

This extends the long available OCB and EAX decryption feature.  Due
to the meanwhile expired patent on OCB there is no more reason for
using EAX.  Thus we forcefully use OCB if the AEAD feature flag is set
on a key.

In GNUPG mode new keys are now created with the AEAD feature flag set.
Option --rfc4880 is one way to disable this.

GnuPG-bug-id: 6263
2022-10-31 14:33:10 +01:00
Werner Koch
c300253181
common: Protect against a theoretical integer overflow in tlv.c
* common/tlv.c (parse_ber_header): Protect agains integer overflow.
--

Although there is no concrete case where we use the (nhdr + length),
it is better to protect against this already here.
2022-10-07 14:21:20 +02:00
Werner Koch
8c22b00268
common: Make nvc_lookup more robust.
* common/name-value.c (nvc_first): Allow for NULL arg.
(nvc_lookup): Allow for PK being NULL.
--

GnuPG-bug-id: 6176
2022-09-01 17:35:41 +02:00
Werner Koch
0b91fa0f13
common,w32: Fix an encoding problem of the printed timezone.
* common/gettime.c (w32_strftime) [W32]: New function.
(strftime) [W32]: New refinition macro.
--

GnuPG-bug-id: 5073
2022-08-31 17:32:45 +02:00
Werner Koch
aa0c942521
gpg: Fix assertion failure due to errors in encrypt_filter.
* common/iobuf.c (iobuf_copy): Use log_assert.  Explicitly cast error
return value.
* g10/build-packet.c (do_plaintext): Check for iobuf_copy error.

* g10/encrypt.c (encrypt_filter): Immediately set header_okay.
--

Fixes-commit: 8066f8a3470f9d2f3682a28641a7b09eca29a105
which caused the assertion failure on error.

The second fix avoids repeated error message about non-compliant keys.

GnuPG-bug-id: 6174
2022-08-31 13:35:41 +02:00
Werner Koch
77b6896f7a
gpgsm: New option --compatibility-flags.
* sm/gpgsm.c (oCompatibilityFlags): New option.
(compatibility_flags): new.
(main): Parse and print them in verbose mode.
* sm/gpgsm.h (opt): Add field compat_glags.:
(COMPAT_ALLOW_KA_TO_ENCR): New.
* sm/keylist.c (print_capabilities): Take care of the new flag.
* sm/certlist.c (cert_usage_p): Ditto.

* common/miscellaneous.c (parse_compatibility_flags): New.
* common/util.h (struct compatibility_flags_s): New.
--

Backported-from-master: f0b373cec93bb01f02b9c0a3ab1f3e242b381c3f
Backported-from-master: ce63eaa4f8f3f41aafcaddd8d658dacd522334a8
2022-08-19 10:49:20 +02:00
Werner Koch
12ad952978
common: In private key mode write "Key:" always last in name-value.
* common/name-value.c (nvc_write): Take care of Key. Factor some code
out to ...
(write_one_entry): new.
--

The key item is in general not manual editable thus we put it at the
end of a file.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit c9fa28bfad297b17e76341ffb40383ce92da5d44)
2022-08-16 10:02:59 +02:00
Werner Koch
706adf6691
common: New function nve_set.
* common/name-value.c (nve_set): New.
(nvc_set): Use nve_set.
(nvc_delete_named): New.
(nvc_get_string): New.
(nvc_get_boolean): New.
--

This function is required to allow updating a specific line.  The
other new functions are backported from master
2022-08-15 12:14:44 +02:00
Werner Koch
6583abedf3
common: Silence warnings from AllowSetForegroundWindow.
* common/sysutils.c (gnupg_allow_set_foregound_window): Print warning
only with debug flag set.
2022-08-03 11:12:16 +02:00
Werner Koch
6bc9592318
gpgconf: Improve registry dumping.
* common/w32-reg.c (read_w32_registry_string): Map REG_DWORD to a
string.
(read_w32_reg_string): Add arg r_hklm_fallback and change all callers.
(show_configs): Indicate whether the HKLM fallback was used.
* tools/gpgconf.c (show_other_registry_entries): Fix the Outlook Addin
Registry key.  Indicate whether the HKLM fallback was used.
2022-08-02 12:25:23 +02:00
Werner Koch
d21ced1e35
common: Add an easy to use DER builder.
* common/tlv-builder.c: New.
* common/tlv.c: Remove stuff only used by GnuPG 1.
(put_tlv_to_membuf, get_tlv_length): Move to ...
* common/tlv-builder.c: here.
* common/tlv.h (tlv_builder_t): New.
--

Such code should actually go into libksba and we will eventually do
that.  However, for now it is easier to keep it here.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 5ea878274ef51c819368f021c69c518b9aef6f82)

- Add coverity meta comment from
  commit a95ddffdcd58383cce93677be5e7e11c5c229a98
2022-06-20 15:54:29 +02:00
Werner Koch
dfc01118ce
w32: Avoid warning about not including winsock2.h after windows.h
* common/dynload.h: Include winsock2.h first.
2022-06-03 15:00:20 +02:00
Werner Koch
10db566489
w32: Allow Unicode filenames for iobuf_cancel.
* common/iobuf.c (iobuf_cancel): Use gnupg_remove
* common/mischelp.c (same_file_p): Allow for Unicode names.
--

Note that the second patch is used to handle Unicode filenames which
are symbolic links.
2022-06-03 11:19:09 +02:00
NIIBE Yutaka
d9a8d3353a common,unix: Backport dotlock changes from GnuPG 2.3.
* common/dotlock.c (read_lockfile): Return FD in R_FD.
(dotlock_take_unix): Fix a race condition by new read_lockfile and
checking with fstat.  Describe one race condition in comment.
(dotlock_release_unix): Follow the change of read_lockfile.

--

GnuPG-bug-id: 5884
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-03-29 11:24:23 +09:00
Werner Koch
c145366549
common: New function map_static_strings
* common/mapstrings.c (struct intmapping_s): New.
(map_static_strings): New.
* common/stringhelp.c (do_strconcat): Rename to ...
(vstrconcat): this and make global.

* common/t-mapstrings.c (test_map_static_strings): New test.
2022-03-18 13:47:10 +01:00
Werner Koch
7ba44d15ca
common: New flags for gnupg_spawn_process
* common/exechelp.h (GNUPG_SPAWN_KEEP_STDIN): New.
(GNUPG_SPAWN_KEEP_STDOUT): New.
(GNUPG_SPAWN_KEEP_STDERR): New.
* common/exechelp-posix.c (do_exec): Add arg flags and implement new
flags.
* common/exechelp-w32.c (gnupg_spawn_process): Implement new flags.
2022-03-15 09:47:45 +01:00
Werner Koch
4122896a39
common,w32: Support file names longer than MAX_PATH in iobuf.
* common/iobuf.c (direct_open): Use gpgrt_fname_to_wchar.
(any8bitchar): Remove.
2022-03-04 14:54:26 +01:00
Werner Koch
ce6e0b172e
Update copyright notices.
--

Note that for this LTS version we now print g10 Code as the first
copyright holder with --version.  This is to avoid confusion at our
customers, now that we also provide a Linux^WGNU/Linux version of
GnuPG VS-Desktop and the Windows version has always shown g10 Code.
2022-02-07 18:22:30 +01:00
Werner Koch
7d1215cb9c
common: Fix creation of Windows socket directories.
* common/homedir.c (w32_try_mkdir): Remove.
(standard_homedir): Use gnupg_mkdir instead of w32_try_mkdir.
(_gnupg_socketdir_internal): Ditto.
--

The w32_try_mkdir was once introduced for WindowsCE and unfortunately
at a too brief inspection it looks like it does the utf8->wchar
conversion.  Which it does not.  Thus I obviously never tested the
switch to from APPDATA to LOCAL_APPDATA with a non-ascii account name.
That might have been due to the use of the very same code for the
homedir - but there is other code in gpg to create the homedir; thus a
failure here is mostly fixed later.

The missing error diagnostic was - and is - on purpose to avoid such
error messages due to a race between several running gpg instances.

GnuPG-bug-id: 5537
2022-02-07 17:59:22 +01:00
Werner Koch
eefa2d19ee
gpgconf: Some more fixes for the backported stuff.
* agent/gpg-agent.c (main) <gpgconf_list>: Keep only those option which
have a default.  Remove runtime flag.
* common/gc-opt-flags.h (GC_OPT_FLAG_RUNTIME): Move to ...
* tools/gpgconf-comp.c: here because it is now inetrnal to gpgconf.
(known_options_gpg_agent): Add a few missing runtime flags.  Remove
"options".  Add "check-sym-passphrase-pattern".
(known_options_scdaemon, known_options_gpgsm): Remove "options".
(dirmngr): Ditto.

* tools/gpgconf-comp.c (is_known_option): Return only options having a
value for name.  Thus we list list options from the known_options
tables.
2022-01-26 16:43:46 +01:00
Werner Koch
d8e6d1e9ed
common: Fix returning of option attributes for options with args.
* common/argparse.c (gnupg_argparse): Set attribute flags
--
GnuPG-bug-id: 5799

This is a backport from the fix in libgpg-error in case gnupg 2.2 is
build against an older version of libgpg-error.
2022-01-25 19:05:16 +01:00
Werner Koch
96db487a4d
common,w32: Improve HKCU->HKLM fallback
* common/w32-reg.c (read_w32_registry_string): Add another fallback.
--

We use the same method in gpgme and libgpg-error since 2017 - should
be done here as well.  Thus the fallback also happens if the key
exists but not the actual entry.
2022-01-12 14:48:55 +01:00
Werner Koch
f0d034ebf4
common: New function xreallocarray
* common/miscellaneous.c (gnupg_reallocarray): New.
(xreallocarray): New.
--

Taken from libgpg-error so that we can build with older versions of
libgpg-error.
2021-12-29 09:21:00 +01:00
Werner Koch
1af559a9a2
common,w32: Sync read_w32_registry_string with the gpgrt version
* common/w32-reg.c (get_root_key): Add short version of the root
classes.
--

The code here is only used by gpgconf's new --show-configs command.
Usually on Windows the code from gpgrt is used for reading the
registry.  This one here is an exception and when backporting it I
missed to add the HKCU etc al string.

Fixes-commit: 6c6c404883e52545ed38293384c95fdacb7227c4
GnuPG-bug-id: 5724
2021-12-13 19:25:48 +01:00
Werner Koch
6c6c404883
common,w32: New function read_w32_reg_string.
* common/w32-reg.c (read_w32_reg_string): New.

* common/t-w32-reg.c (test_read_registry): Add another test.
2021-11-18 21:45:02 +01:00
Werner Koch
6ee01c1d26
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 21:11:10 +01:00
Werner Koch
006131f628
common: Support MYPROC_SELF_EXE for Solaris
* common/homedir.c (MYPROC_SELF_EXE): Add case for SunOS.
--

GnuPG-bug-id: 5671
2021-11-02 20:57:10 +01:00
Werner Koch
bcd8f0239d
common: Silence warning from unix_rootdir on systems w/o /proc
* common/homedir.c (unix_rootdir): Silence diagnostic in the common
case.
(MYPROC_SELF_EXE): Support NetBSD.
--

GnuPG-bug-id: 5656
2021-11-02 20:57:03 +01:00
Ingo Klöcker
947fedf0e7
common: Respect gpgconf.ctl when looking up translations
* common/i18n.c (i18n_init): Use gnupg_localedir() instead of LOCALEDIR.
(i18n_localegettext): Ditto.
* tools/gpgconf-comp.c (my_dgettext): Ditto.
--

On Unix, gnupg_localedir() returns the locale directory relative to
the root directory of the gnupg installation if specified in the
gpgconf.ctl. Otherwise, it returns the built-in LOCALEDIR.

GnuPG-bug-id: 5999
2021-11-02 20:56:25 +01:00
Werner Koch
49d589c409
common: Support gpgconf.ctl also for BSDs.
* common/homedir.c (MYPROC_SELF_EXE): New.
(unix_rootdir): Use it here.  Also support GNUPG_BUILD_ROOT as
fallback.
--

In addition this adds a fallback method for AIX etc which do not have
an easy way to get the info.
2021-11-02 20:55:24 +01:00
Werner Koch
3828dd7a40
common: Add keyword sysconfdir to the optional gpgconf.ctl file.
* common/homedir.c (unix_rootdir): Add arg want_sysconfdir.
(gnupg_sysconfdir): Return it.
--

Our regression test suite has the problem that we can't disable the
use of the global config files or test them using the regualr
binaries.  This new keyword will allow us to overcome the problem.
2021-11-02 20:55:20 +01:00
Werner Koch
82328165cf
common: Support a gpgconf.ctl file under Unix.
* common/homedir.c (unix_rootdir): New.
(gnupg_bindir): Use it.
(gnupg_libexecdir): Use it.
(gnupg_libdir): Use it.
(gnupg_datadir): Use it.
(gnupg_localedir): Use it.
--

This feature is useful for building and using an AppImage version of
gnupg and probably also for some other use cases.

GnuPG-bug-id: 5999

Here is a sample gpgconf.ctl file
--8<---------------cut here---------------start------------->8---
# gpgconf.ctl
#
# This file is used to change the directories where the gpg components
# are installed.  It does not change the configuration directories.
# The file is expected in the same directory as gpgconf.  The physical
# installation directories are evaluated and no symlinks.  Blank lines
# and lines starting with pound signed are ignored.  No errors are
# printed for unknown keywords or commands.  The only defined key for
# now is "rootdir" which must be followed by one optional space, an
# equal sign, and the value for the root directory.  Environment
# variables are substituted in standard shell manner, the final value
# must start with a slash, trailing slashed are stripped.

rootdir = $APPDIR/gnupg
--8<---------------cut here---------------end--------------->8---
2021-11-02 20:55:04 +01:00
Werner Koch
f0162afb6b
common: New function substitute_envvars.
* common/stringhelp.c (substitute_envvars): New.  Based on code in
gpg-connect-agent.
* common/t-stringhelp.c: Include sysutils.h.
(test_substitute_envvars): New.
--

GnuPG-bug-id: 5599
2021-11-02 20:54:03 +01:00
Werner Koch
a756a61f19
common,w32: Do not always print "Garbled console data" warning.
* common/init.c (_init_common_subsystems): Silence message.
--
2021-11-02 20:50:34 +01:00
Werner Koch
323a20399d
dirmngr: New option --ignore-cert
* dirmngr/dirmngr.h (struct fingerprint_list_s): Add field binlen.
(opt): Add field ignored_certs.
* dirmngr/dirmngr.c: Add option --ignore-cert
(parse_rereadable_options): Handle that option.
(parse_ocsp_signer): Rename to ...
(parse_fingerprint_item): this and add two args.
* dirmngr/certcache.c (put_cert): Ignore all to be igored certs.
Change callers to handle the new error return.
--

This option is useful as a workaround in case we ill run into other
chain validation errors like what we fixed in
GnuPG-bug-id: 5639
Backported-from-master: 4b3e9a44b58e74b3eb4a59f88ee017fe7483a17d
2021-10-06 11:06:01 +02:00
Werner Koch
117afec018
common: New envvar GNUPG_EXEC_DEBUG_FLAGS.
* common/exechelp-w32.c (gnupg_spawn_process_detached): Silence
breakaway messages and turn them again into debug messages.
2021-09-13 17:12:23 +02:00