* scd/scdaemon.c (oDebugAssuanLogCats): New.
(opts): Add option --debug-assuan-log-cats.
(main): Implement option.
* common/asshelp.c (set_libassuan_log_cats): New.
--
The old way of setting the logging categories with an environment
variable is awkward if sdaemon is spawned from a running gpg-agent.
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. Change
iobuf arg to a estream-t. Rewrite function to make use of estream
instead of iobuf. Require all parameters. Return an gpg_error_t
error instead of the type. Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
Current makeinfo versions allow to indent the texinfo source. However
yat2m had no support for this. With this patch it is now possible to
use a simple indentation style while keeping man pages readable.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.
Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file. An example parameter file
is
Key-Type: RSA
Key-Length: 1024
Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
Key-Usage: sign, encrypt
Serial: random
Name-DN: CN=some test key
Name-Email: foo@example.org
Name-Email: bar@exmaple.org
Hash-Algo: SHA384
not-after: 2038-01-16 12:44
This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm. The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
This solves a problem where ccid was used, the card unplugged and then
scdaemon tries to find a new (plugged in) reader and thus will
eventually try PC/SC over and over again.
Also added an explicit --kill command to gpgconf.
DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and
the MDC method. This will be emitted even if the decryption
fails.
* exec.c: Fix function name indentation.
(expand_args): Simplify by using membuf functions.
(exec_write): Fix memory leak on error.
(w32_system): Use DETACHED_PROCESS so
that a new console is not created.
