1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

76 Commits

Author SHA1 Message Date
Werner Koch
df58e024e7 * gpgsm.c: New option --auto-issuer-key-retrieve.
* certpath.c (find_up): Try to retrieve an issuer key from an
external source and from the ephemeral key DB.
(find_up_store_certs_cb): New.

* keydb.c (keydb_set_ephemeral): Does now return the old
state.  Call the backend only when required.

* call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
(lookup_status_cb): Issue status only when CTRL is not NULL.
(gpgsm_dirmngr_lookup): Document that CTRL is optional.

* call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
2002-06-29 14:01:53 +00:00
Werner Koch
9c70a2ed20 * server.c (cmd_recipient): Add more reason codes. 2002-06-28 14:04:46 +00:00
Werner Koch
ad4d81f528 * gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
* call-agent.c (start_agent): Create and pass the list of FD to
keep in the child to assuan.
* call-dirmngr.c (start_dirmngr): Ditto.

* scdaemon.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.

* assuan-pipe-connect.c (assuan_pipe_connect): No special handling
for the log_fd and stderr.  Connect stderr to /dev/null if it
should not be retained.
2002-06-27 07:29:57 +00:00
Werner Koch
738e6d8212 * import.c (gpgsm_import): Print an STATUS_IMPORTED.
* gpgsm.c: --debug-no-path-validation does not take an argument.
2002-06-26 12:51:34 +00:00
Werner Koch
5c5a3f689a * certdump.c (print_dn_part): Always print a leading slash,
removed NEED_DELIM arg and changed caller.

* export.c (gpgsm_export): Print LFs to FP and not stdout.
(print_short_info): Ditto.  Make use of gpgsm_print_name.

* server.c (cmd_export): Use output-fd instead of data lines; this
was actually the specified way.
2002-06-25 09:34:10 +00:00
Werner Koch
640688c4e2 * gpgsm.c, gpgsm.h: New option --debug-no-path-validation.
* certpath.c (gpgsm_validate_path): Use it here instead of the
debug flag hack.

* certpath.c (check_cert_policy): Return No_Policy_Match if the
policy file could not be opened.
2002-06-24 14:34:52 +00:00
Werner Koch
42cf865350 * certlist.c (gpgsm_add_to_certlist): Fixed locating of a
certificate with the required key usage.

* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.

* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped.  Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2002-06-20 10:43:02 +00:00
Werner Koch
52146943d1 * call-agent.c (learn_cb): Use log_info instead of log_error on
successful import.

* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.

* gpgsm.c (main): New command --list-external-keys.
2002-06-19 08:30:10 +00:00
Werner Koch
dfcdec0db2 * certreqgen.c (read_parameters): Improved error handling.
(gpgsm_genkey): Print error message.
2002-06-17 10:11:50 +00:00
Werner Koch
4e13426c92 * gpgsm.c (main): New option --log-file. 2002-06-13 11:45:36 +00:00
Werner Koch
312ee41ff7 * call-dirmngr.c (lookup_status_cb): New.
(gpgsm_dirmngr_lookup): Use the status CB.  Add new arg CTRL and
changed caller to pass it.
2002-06-12 14:35:41 +00:00
Werner Koch
7ca4df0a9a * gpgsm.c (open_fwrite): New.
(main): Allow --output for --verify.
2002-06-12 10:33:40 +00:00
Werner Koch
0dec11fbe7 * sign.c (hash_and_copy_data): New.
(gpgsm_sign): Implemented normal (non-detached) signatures.
* gpgsm.c (main): Ditto.

* certpath.c (gpgsm_validate_path): Special error handling for
no policy match.

* configure.ac (NEED_LIBKSBA_VERSION): We need 0.4.3 now.
2002-06-12 09:54:57 +00:00
Werner Koch
c6416080a2 * gpgsm.c (main): New command --list-sigs
* keylist.c (list_cert_std): New.  Use it whenever colon mode is
not used.
(list_cert_chain): New.
2002-06-04 09:41:59 +00:00
Werner Koch
a3aa9e386b * gpgsm.c (main): Don't print the "go ahead" message for an
invalid command.
2002-05-31 15:20:22 +00:00
Werner Koch
8bb265d502 * import.c (gpgsm_import): Add error messages. 2002-05-23 13:57:19 +00:00
Werner Koch
ad6abe7913 * keylist.c (list_internal_keys): Renamed from gpgsm_list_keys.
(list_external_keys): New.
(gpgsm_list_keys): Dispatcher for above.
* call-dirmngr.c (lookup_cb,pattern_from_strlist)
(gpgsm_dirmngr_lookup): New.
* server.c (option_handler): Handle new option --list-mode.
(do_listkeys): Handle options and actually use the mode argument.
(get_status_string): New code TRUNCATED.
2002-05-21 19:20:40 +00:00
Werner Koch
4f7330e0bb * import.c (gpgsm_import): Try to identify the type of input and
handle certs-only messages.

* maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors.
(map_ksba_err): Add a few mappings.

* configure.ac: We now require libgcrypt 1.1.7 and libksba 0.4.2.
2002-05-21 08:29:17 +00:00
Werner Koch
c7ceb874c2 sm/
* gpgsm.c: New option --faked-system-time
* sign.c (gpgsm_sign): And use it here.
* certpath.c (gpgsm_validate_path): Ditto.
common/
* gettime.c: New.
agent/
* cache.c (housekeeping, agent_put_cache): Use our time() wrapper.
/
* doc/: New
* configure.ac, Makefile.am:  Added doc/
2002-05-14 16:51:00 +00:00
Werner Koch
a64b3686b4 * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
all callers.
* verify.c (gpgsm_verify): Tweaked usage of log_debug and
log_error.  Return EXPSIG status and add expiretime to VALIDSIG.
2002-05-03 20:18:54 +00:00
Werner Koch
0ec648b71f Debug message cleanups. 2002-04-27 13:50:16 +00:00
Werner Koch
a2176634ae * call-agent.c (start_agent): Make copies of old locales and check
for setlocale.

* configure.ac: Check for setlocale.
2002-04-25 08:31:48 +00:00
Marcus Brinkmann
b107b6d795 2002-04-25 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c (start_agent): Fix error handling logic so the
	locale is always correctly reset.
2002-04-24 22:23:06 +00:00
Marcus Brinkmann
898dda02e4 2002-04-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (option_handler): Accept display, ttyname, ttytype,
	lc_ctype and lc_messages options.
	* gpgsm.c (main): Allocate memory for these options.
	* gpgsm.h (struct opt): Make corresponding members non-const.
2002-04-24 22:08:35 +00:00
Marcus Brinkmann
ee6bb32a8b 2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: Check for locale.h.

agent/
2002-04-24  Marcus Brinkmann  <marcus@g10code.de>

	* agent.h (struct opt): Add members display, ttyname, ttytype,
	lc_ctype, and lc_messages.
	* gpg-agent.c (enum cmd_and_opt_values): Add oDisplay, oTTYname,
	oTTYtype, oLCctype, and LCmessages.
	(main): Handle these options.
	* command.c (option_handler): New function.
	(register_commands): Register option handler.
	* query.c (start_pinentry): Pass the various display and tty
	options to the pinentry.

sm/
2002-04-24  Marcus Brinkmann  <marcus@g10code.de>

	* gpgsm.h (struct opt): New members display, ttyname, ttytype,
	lc_ctype, lc_messages.
	* gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
	oTTYname, oTTYtype, oLCctype, oLCmessages.
	(opts): New entries for these options.
	(main): Handle these new options.
	* call-agent.c (start_agent): Set the various display and tty
	parameter after resetting.
2002-04-24 21:52:47 +00:00
Werner Koch
7cadd7c840 * certreqgen.c (gpgsm_genkey): Write status output on success. 2002-04-18 13:06:18 +00:00
Werner Koch
8992de3bf6 * gpgsm.c (main): Check ksba version. 2002-04-15 16:57:15 +00:00
Werner Koch
73e738388c * certpath.c (find_up): New to use the authorithKeyIdentifier.
Use it in all other functions to locate the signing cert..
2002-04-15 13:18:44 +00:00
Werner Koch
7e07a397a0 * certlist.c (cert_usable_p): New.
(gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
(gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
(gpgsm_add_to_certlist): Check the key usage.
* sign.c (gpgsm_sign): Ditto.
* verify.c (gpgsm_verify): Print a message wehn an unsuitable
certificate was used.
* decrypt.c (gpgsm_decrypt): Ditto
* keylist.c (print_capabilities): Determine values from the cert.
2002-04-12 18:54:34 +00:00
Werner Koch
d5a95ff130 * certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on
common errors.
2002-03-28 17:21:54 +00:00
Werner Koch
f63676f9ac * keylist.c (list_cert_colon): Fixed listing of crt record; the
issuer is not at the right place.  Print a chainingID.
2002-03-28 16:36:25 +00:00
Werner Koch
208b08af79 * export.c: New.
* gpgsm.c: Add command --export.
* server.c (cmd_export): New.
2002-03-21 14:42:14 +00:00
Werner Koch
c6736b6435 * decrypt.c (gpgsm_decrypt): Allow multiple recipients. 2002-03-13 10:19:50 +00:00
Werner Koch
8337455483 * verify.c (gpgsm_verify): Detect certs-only message. 2002-03-12 13:36:29 +00:00
Werner Koch
c1791a8d15 * server.c (cmd_listkeys, cmd_listsecretkeys): Divert to
(do_listkeys): new.  Add pattern parsing.
* keylist.c (gpgsm_list_keys): Handle selection pattern.
2002-03-06 16:13:47 +00:00
Werner Koch
4e637f2285 sm/
* gpgsm.c: New command --learn-card
* call-agent.c (learn_cb,gpgsm_agent_learn): New.
* gpgsm.c (main): Print error messages for non-implemented commands.
agent/
* learncard.c: New.
* divert-scd.c (ask_for_card): The serial number is binary so
convert it to hex here.
* findkey.c (agent_write_private_key): New.
* genkey.c (store_key): And use it here.
scd/
* pkdecrypt.c (agent_pkdecrypt): Changed the way the diversion is done.
* divert-scd.c (divert_pkdecrypt): Changed interface and
implemented it.
2002-03-06 14:16:37 +00:00
Werner Koch
303b4bd636 Decryption using a Cryptoflex card does now work. 2002-03-06 09:01:12 +00:00
Werner Koch
c8454f792d * gpgsm.c, gpgsm.h: Add local_user.
* sign.c (gpgsm_get_default_cert): New.
(get_default_signer): Use the new function if local_user is not
set otherwise used that value.
* encrypt.c (get_default_recipient): Removed.
(gpgsm_encrypt): Use gpgsm_get_default_cert.
* verify.c (gpgsm_verify): Better error text for a bad signature
found by comparing the hashs.
2002-03-05 15:56:46 +00:00
Werner Koch
56341c289c Changes needed to support smartcards. Well, only _support_. There is
no real code yet.
2002-02-28 11:07:59 +00:00
Werner Koch
04f49d973b * server.c (option_handler): Allow to use -2 for "send all certs
except the root cert".
* sign.c (add_certificate_list): Implement it here.
* certpath.c (gpgsm_is_root_cert): New.
2002-02-25 18:18:40 +00:00
Werner Koch
488243f56e * certpath.c (check_cert_policy): New.
(gpgsm_validate_path): And call it from here.
* gpgsm.c (main): New options --policy-file,
--disable-policy-checks and --enable-policy-checks.
* gpgsm.h (opt): Added policy_file, no_policy_checks.
2002-02-19 17:39:05 +00:00
Werner Koch
5dac4711f9 * certpath.c (gpgsm_validate_path): Ask the agent to add the
certificate into the trusted list.
* call-agent.c (gpgsm_agent_marktrusted): New.
2002-02-18 20:47:29 +00:00
Werner Koch
2a28f5d0ae * certlist.c (gpgsm_add_to_certlist): Check that the specified
name identifies a certificate unambiguously.
(gpgsm_find_cert): Ditto.
* server.c (cmd_listkeys): Check that the data stream is available.
(cmd_listsecretkeys): Ditto.
(has_option): New.
(cmd_sign): Fix ambiguousity in option recognition.
* gpgsm.c (main): Enable --logger-fd.
* encrypt.c (gpgsm_encrypt): Increased buffer size for better
performance.
* call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from
the agent.
* keylist.c (list_cert_colon): Filter out control characters.
2002-02-07 18:43:22 +00:00
Werner Koch
6aa7267865 * decrypt.c (gpgsm_decrypt): Bail out after an decryption error.
* server.c (reset_notify): Close input and output FDs.
(cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import)
(cmd_genkey): Close the FDs and release the recipient list even in
the error case.
2002-02-06 14:52:03 +00:00
Marcus Brinkmann
a34a03def9 2002-02-01 Marcus Brinkmann <marcus@g10code.de>
* sign.c (gpgsm_sign): Do not release certificate twice.
2002-02-01 18:08:32 +00:00
Werner Koch
cd30feaa8e * call-agent.c (gpgsm_agent_havekey): New.
* keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs"
when we know that the secret key is available.
(gpgsm_list_keys): New arg MODE, check whether a secret key is
available.  Changed all callers.
* gpgsm.c (main): New command --list-secret-keys.
* server.c (cmd_listsecretkeys): New.
(cmd_listkeys): Return secret keys with "crs" record.
2002-01-29 10:05:24 +00:00
Werner Koch
fc8d8e9987 * certreqgen.c (create_request): Store the email address in the req.
Note, that I have not yet achieved to generate a cert with the
subjectAltName using OpenSSL.  It seems that openssl requires the
email address to be part of the subject DN (subjectAltName=email:copy)
but this is something we don't want to do.
2002-01-28 14:23:18 +00:00
Werner Koch
151deac0df * gpgsm.c (main): Disable core dumps.
* sign.c (add_certificate_list): New.
(gpgsm_sign): Add the certificates to the CMS object.
* certpath.c (gpgsm_walk_cert_chain): New.
* gpgsm.h (server_control_s): Add included_certs.
* gpgsm.c: Add option --include-certs.
(gpgsm_init_default_ctrl): New.
(main): Call it.
* server.c (gpgsm_server): Ditto.
(option_handler): Support --include-certs.
2002-01-25 16:41:13 +00:00
Werner Koch
d9a4ccf94e * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
* certdump.c (gpgsm_dump_string): New.
(print_dn): Replaced by above.
2002-01-23 13:40:38 +00:00
Werner Koch
4f39f92eff * certpath.c (unknown_criticals): New.
(allowed_ca): New.
(gpgsm_validate_path): Check validity, CA attribute, path length
and unknown critical extensions.
2002-01-22 13:32:48 +00:00