1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
gnupg/sm/ChangeLog
2006-10-16 17:33:03 +00:00

1731 lines
54 KiB
Plaintext

2006-10-16 Werner Koch <wk@g10code.com>
* certchain.c (already_asked_marktrusted)
(set_already_asked_marktrusted): New.
(gpgsm_validate_chain) <not trusted>: Keep track of certificates
we already asked for.
2006-10-11 Werner Koch <wk@g10code.com>
* certreqgen.c (proc_parameters, create_request): Allow for
creation directly from a card.
* call-agent.c (gpgsm_agent_readkey): New arg FROMCARD.
(gpgsm_scd_pksign): New.
2006-10-06 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
(gpgsm_LDADD): Ditto.
2006-10-05 Werner Koch <wk@g10code.com>
* certcheck.c (do_encode_md): Check that the has algo is valid.
2006-10-02 Marcus Brinkmann <marcus@g10code.de>
* server.c (register_commands): New commands DUMPKEYS and
DUMPSECRETKEYS.
(cmd_dumpkeys, cmd_dumpsecretkeys): New functions.
(option_handler): Support with-key-data option.
2006-09-26 Werner Koch <wk@g10code.com>
* certchain.c (gpgsm_validate_chain): More changes for the relax
feature. Use certificate reference counting instead of the old
explicit tests. Added a missing free.
2006-09-25 Werner Koch <wk@g10code.com>
* gpgsm.h (struct rootca_flags_s): New.
* call-agent.c (istrusted_status_cb): New.
(gpgsm_agent_istrusted): New arg ROOTCA_FLAGS.
* keylist.c (list_cert_colon): Use dummy for new arg.
* certchain.c (gpgsm_validate_chain): Make use of the relax flag
for root certificates.
(unknown_criticals): Ignore a GPG_ERR_NO_VALUE.
2006-09-20 Werner Koch <wk@g10code.com>
* gpgsm.c: Add alias command --dump-cert.
* Makefile.am: Changes to allow parallel make runs.
2006-09-18 Werner Koch <wk@g10code.com>
* gpgsm.c (main): Use this to import standard certificates.
* keydb.c (keydb_add_resource): New arg AUTO_CREATED.
2006-09-14 Werner Koch <wk@g10code.com>
Replaced all call gpg_error_from_errno(errno) by
gpg_error_from_syserror().
2006-09-13 Werner Koch <wk@g10code.com>
* keylist.c (list_internal_keys): Print marker line to FP and not
to stdout.
* gpgsm.c (main): All list key list commands now make ose of
--output. Cleaned up calls to list modes. New command
--dump-chain. Renamed --list-sigs to --list-chain and added an
alias for the old one.
* server.c (cmd_message): Changed to use assuan_command_parse_fd.
(option_handler): New option list-to-output.
(do_listkeys): Use it.
2006-09-06 Werner Koch <wk@g10code.com>
* gpgsm.h (OUT_OF_CORE): Removed and changed all callers to
out_of_core.
(CTRL): Removed and changed everywhere to ctrl_t.
(CERTLIST): Ditto.
Replaced all Assuan error codes by libgpg-error codes. Removed
all map_to_assuan_status and map_assuan_err.
* gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan
switch to gpg-error codes.
* server.c (set_error): Adjusted.
2006-08-29 Werner Koch <wk@g10code.com>
* call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
complete S-expressions as implemented by the current gpg-agent.
* gpgsm.c (main): Implement --output for encrypt, decrypt, sign
and export.
2006-07-03 Werner Koch <wk@g10code.com>
* certreqgen.c (proc_parameters): Print the component label of a
faulty DN.
2006-06-26 Werner Koch <wk@g10code.com>
* certdump.c (gpgsm_cert_log_name): New.
* certchain.c (is_cert_still_valid): Log the name of the certificate.
2006-06-20 Werner Koch <wk@g10code.com>
* gpgsm.c (gpgsm_init_default_ctrl): Take care of the command line
option --include-certs.
* keylist.c (list_cert_raw): Print the certid.
2006-05-23 Werner Koch <wk@g10code.com>
* keydb.c (hextobyte): Deleted as it is now defined in jnlib.
* Makefile.am (gpgsm_LDADD): Include ZLIBS.
2006-05-19 Marcus Brinkmann <marcus@g10code.de>
* keydb.c (keydb_insert_cert): Do not lock here, but only check if
it is locked.
(keydb_store_cert): Lock here.
* keydb.h (keydb_delete): Accept new argument UNLOCK.
* keydb.c (keydb_delete): Likewise. Only unlock if this is set.
* delete.c (delete_one): Add new argument to invocation of
keydb_delete.
2006-05-15 Werner Koch <wk@g10code.com>
* keylist.c (print_names_raw): Sanitize URI.
2006-03-21 Werner Koch <wk@g10code.com>
* certchain.c (get_regtp_ca_info): New.
(allowed_ca): Use it.
2006-03-20 Werner Koch <wk@g10code.com>
* qualified.c (gpgsm_is_in_qualified_list): New optional arg COUNTRY.
2006-02-17 Werner Koch <wk@g10code.com>
* call-dirmngr.c (start_dirmngr): Print name of dirmngr to be started.
2005-11-23 Werner Koch <wk@g10code.com>
* gpgsm.h: New member QUALSIG_APPROVAL.
* sign.c (gpgsm_sign): Print a warning if a certificate is not
qualified.
* qualified.c (gpgsm_qualified_consent): Include a note that this
is not approved software.
(gpgsm_not_qualified_warning): New.
* gpgsm.c (main): Prepared to print a note whether the software
has been approved.
2005-11-13 Werner Koch <wk@g10code.com>
* call-agent.c (gpgsm_agent_get_confirmation): New.
* keylist.c (list_cert_std): Print qualified status.
* qualified.c: New.
* certchain.c (gpgsm_validate_chain): Check for qualified
certificates.
* certchain.c (gpgsm_basic_cert_check): Release keydb handle when
no-chain-validation is used.
2005-11-11 Werner Koch <wk@g10code.com>
* keylist.c (print_capabilities): Print is_qualified status.
2005-10-28 Werner Koch <wk@g10code.com>
* certdump.c (pretty_print_sexp): New.
(gpgsm_print_name2): Use it here. This allows proper printing of
DNS names as used with server certificates.
2005-10-10 Werner Koch <wk@g10code.com>
* keylist.c: Add pkaAdress OID as reference.
2005-10-08 Marcus Brinkmann <marcus@g10code.de>
* Makefile.am (gpgsm_LDADD): Add ../gl/libgnu.a after
../common/libcommon.a.
2005-09-13 Werner Koch <wk@g10code.com>
* verify.c (gpgsm_verify): Print a note if the unknown algorithm
is MD2.
* sign.c (gpgsm_sign): Ditto.
* certcheck.c (gpgsm_check_cert_sig): Ditto.
2005-09-08 Werner Koch <wk@g10code.com>
* export.c (popen_protect_tool): Add option --have-cert. We
probably lost this option with 1.9.14 due to restructuring of
export.c.
2005-07-21 Werner Koch <wk@g10code.com>
* gpgsm.c (main): New options --no-log-file and --debug-none.
* certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg
to allow enumeration. Changed all callers.
(create_request): Process DNS and URI parameters.
2005-07-20 Werner Koch <wk@g10code.com>
* keylist.c (email_kludge): Reworked.
* certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf
arg to unsigned.
* call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto
2005-07-19 Werner Koch <wk@g10code.com>
* fingerprint.c (gpgsm_get_certid): Cast printf arg to unsigned.
Bug accidently introduced while solving the #$%^& gcc
signed/unsigned char* warnings.
2005-06-15 Werner Koch <wk@g10code.com>
* delete.c (delete_one): Changed FPR to unsigned.
* encrypt.c (encrypt_dek): Made ENCVAL unsigned.
(gpgsm_encrypt): Ditto.
* sign.c (gpgsm_sign): Made SIGVAL unsigned.
* base64.c (base64_reader_cb): Need to use some casting to get
around signed/unsigned char* warnings.
* certcheck.c (gpgsm_check_cms_signature): Ditto.
(gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*.
(do_encode_md): Made NFRAME a size_t.
* certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning.
(gpgsm_dump_serial): Ditto.
(gpgsm_format_serial): Ditto.
(gpgsm_dump_string): Ditto.
(gpgsm_dump_cert): Ditto.
(parse_dn_part): Ditto.
(gpgsm_print_name2): Ditto.
* keylist.c (email_kludge): Ditto.
* certreqgen.c (proc_parameters, create_request): Ditto.
(create_request): Ditto.
* call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned.
(struct cipher_parm_s): Made CIPHERTEXT unsigned.
(struct genkey_parm_s): Ditto.
* server.c (strcpy_escaped_plus): Made arg S signed char*.
* fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned.
(gpgsm_get_keygrip): Ditto.
* keydb.c (keydb_insert_cert): Made DIGEST unsigned.
(keydb_update_cert): Ditto.
(classify_user_id): Apply cast to signed/unsigned assignment.
(hextobyte): Ditto.
2005-06-01 Werner Koch <wk@g10code.com>
* misc.c: Include setenv.h.
2005-04-21 Werner Koch <wk@g10code.com>
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.
* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature
verification an expired key is fine whereas a revoked one is not.
2005-04-20 Werner Koch <wk@g10code.com>
* Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks.
2005-04-19 Werner Koch <wk@g10code.com>
* certchain.c (check_cert_policy): Print the diagnostic for a open
failure of policies.txt only in verbose mode or when it is not
ENOENT.
2005-04-17 Werner Koch <wk@g10code.com>
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
this filter. Changed all callers.
* certchain.c (find_up_search_by_keyid): New helper.
(find_up): Also try using the AKI.keyIdentifier.
(find_up_external): Ditto.
2005-04-15 Werner Koch <wk@g10code.com>
* keylist.c (list_cert_raw): Print the subjectKeyIdentifier as
well as the keyIdentifier part of the authorityKeyIdentifier.
2005-03-31 Werner Koch <wk@g10code.com>
* call-dirmngr.c (start_dirmngr): Use PATHSEP_C instead of ':'.
* call-agent.c (start_agent): Ditto.
2005-03-17 Werner Koch <wk@g10code.com>
* certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509.
* certchain.c (gpgsm_basic_cert_check): Dump certificates after a
failed gcry_pk_verify.
(find_up): Do an external lookup also for an authorityKeyIdentifier
lookup. Factored external lookup code out to ..
(find_up_external): .. new.
2005-03-03 Werner Koch <wk@g10code.com>
* Makefile.am (gpgsm_LDADD): Added PTH_LIBS. Noted by Kazu Yamamoto.
2005-01-13 Werner Koch <wk@g10code.com>
* certreqgen.c (proc_parameters): Cast printf arg.
2004-12-22 Werner Koch <wk@g10code.com>
* gpgsm.c (set_binary): New.
(main, open_read, open_fwrite): Use it.
2004-12-21 Werner Koch <wk@g10code.com>
* gpgsm.c (main): Use default_homedir().
(main) [W32]: Default to disabled CRL checks.
2004-12-20 Werner Koch <wk@g10code.com>
* call-agent.c (start_agent): Before starting a pipe server start
to connect to a server on the standard socket. Use PATHSEP
* call-dirmngr.c (start_dirmngr): Use PATHSEP.
* import.c: Include unistd.h for dup and close.
2004-12-18 Werner Koch <wk@g10code.com>
* gpgsm.h (map_assuan_err): Define in terms of
map_assuan_err_with_source.
* call-agent.c (start_agent): Pass error source to
send_pinentry_environment.
2004-12-17 Werner Koch <wk@g10code.com>
* call-dirmngr.c (isvalid_status_cb, lookup_status_cb)
(run_command_status_cb): Return cancel status if gpgsm_status
returned an error.
* server.c (gpgsm_status, gpgsm_status2)
(gpgsm_status_with_err_code): Return an error code.
(gpgsm_status2): Always call va_end().
2004-12-15 Werner Koch <wk@g10code.com>
* call-dirmngr.c (lookup_status_cb): Send progress messages
upstream.
(isvalid_status_cb): Ditto.
(gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters.
(gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to
status callback and handle PROGRESS.
* misc.c (setup_pinentry_env) [W32]: Don't use it.
* gpgsm.c (main) [W32]: Init Pth because we need it for the socket
operations and to resolve libassuan symbols.
(run_protect_tool) [W32]: Disable it.
* Makefile.am (gpgsm_LDADD): Move LIBASSUAN_LIBS more to the end.
2004-12-07 Werner Koch <wk@g10code.com>
* Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because
under W32 we need the w32 pth code from jnlib.
* misc.c (setup_pinentry_env) [W32]: Disabled.
2004-12-06 Werner Koch <wk@g10code.com>
* gpgsm.c (run_protect_tool) [_WIN32]: Disabled.
* import.c (popen_protect_tool): Simplified by making use of
gnupg_spawn_process.
(parse_p12): Likewise, using gnupg_wait_process.
* export.c (popen_protect_tool): Ditto.
(export_p12): Ditto.
* keydb.c: Don't define DIRSEP_S here.
2004-12-02 Werner Koch <wk@g10code.com>
* certchain.c (gpgsm_basic_cert_check): Dump certs with bad
signature for debugging.
(gpgsm_validate_chain): Ditto.
2004-11-29 Werner Koch <wk@g10code.com>
* gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and
DEBUG_VALUE.
(main): Made DEBUG_LEVEL global and introduced DEBUG_VALUE. This
now allows to add debug flags on top of a debug-level setting.
2004-11-23 Werner Koch <wk@g10code.com>
* gpgsm.c: New option --prefer-system-dirmngr.
* call-dirmngr.c (start_dirmngr): Implement this option.
2004-10-22 Werner Koch <wk@g10code.com>
* certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate
request PEM header. This is according to the Sphinx standard.
2004-10-08 Moritz Schulte <moritz@g10code.com>
* certchain.c (gpgsm_validate_chain): Do not use keydb_new() in
case the no_chain_validation-return-short-cut is used (fixes
memory leak).
2004-10-04 Werner Koch <wk@g10code.com>
* misc.c (setup_pinentry_env): Try hard to set a default for GPG_TTY.
2004-09-30 Werner Koch <wk@g10code.com>
* gpgsm.c (i18n_init): Always use LC_ALL.
* certdump.c (gpgsm_format_name): Factored code out to ..
(gpgsm_format_name2): .. new.
(gpgsm_print_name): Factored code out to ..
(gpgsm_print_name2): .. new.
(print_dn_part): New arg TRANSLATE. Changed all callers.
(print_dn_parts): Ditto.
(gpgsm_format_keydesc): Do not translate the SUBJECT; we require
it to stay UTF-8 but we still want to filter out bad control
characters.
* Makefile.am: Adjusted for gettext 0.14.
* keylist.c (list_cert_colon): Make sure that the expired flag has
a higher precedence than the invalid flag.
2004-09-29 Werner Koch <wk@g10code.com>
* import.c (parse_p12): Write an error status line for bad
passphrases. Add new arg CTRL and changed caller.
* export.c (export_p12): Likewise.
2004-09-14 Werner Koch <wk@g10code.com>
* certchain.c (gpgsm_validate_chain): Give expired certificates a
higher error precedence and don't bother to check any CRL in that
case.
2004-08-24 Werner Koch <wk@g10code.de>
* certlist.c: Fixed typo in ocsp OID.
2004-08-18 Werner Koch <wk@g10code.de>
* certlist.c (gpgsm_cert_use_ocsp_p): New.
(cert_usage_p): Support it here.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here.
2004-08-17 Marcus Brinkmann <marcus@g10code.de>
* import.c: Fix typo in last change.
2004-08-17 Werner Koch <wk@g10code.de>
* import.c (check_and_store): Do a full validation if
--with-validation is set.
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
messages.
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
PKALGO. Changed all callers to pass it.
(pk_algo_from_sexp): New.
2004-08-16 Werner Koch <wk@g10code.de>
* gpgsm.c: New option --fixed-passphrase.
* import.c (popen_protect_tool): Pass it to the protect-tool.
* server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist
for encrypt-to keys.
2004-08-06 Werner Koch <wk@g10code.com>
* gpgsm.c: New option --with-ephemeral-keys.
* keylist.c (list_internal_keys): Set it here.
(list_cert_raw): And indicate those keys. Changed all our callers
to pass the new arg HD through.
2004-07-23 Werner Koch <wk@g10code.de>
* certreqgen.c (proc_parameters): Do not allow key length below
1024.
2004-07-22 Werner Koch <wk@g10code.de>
* keylist.c (list_cert_raw): Print the keygrip.
2004-07-20 Werner Koch <wk@gnupg.org>
* certchain.c (gpgsm_validate_chain): The trust check didn't
worked anymore, probably due to the changes at 2003-03-04. Fixed.
2004-06-06 Werner Koch <wk@gnupg.org>
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.
2004-05-12 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.
* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA. We use shared error codes anyway.
* export.c (export_p12): Removed debugging code.
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
2004-05-11 Werner Koch <wk@gnupg.org>
* sign.c (gpgsm_sign): Include the error source in the final error
message.
* decrypt.c (gpgsm_decrypt): Ditto.
* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.
(list_cert_colon): Reorganized to be able to tell whether a root
certificate is trusted.
* gpgsm.c: New option --debug-allow-core-dump.
* gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.
* server.c (gpgsm_server): Print some additional information with
the hello in verbose mode.
2004-04-30 Werner Koch <wk@gnupg.org>
* import.c (check_and_store): Do not update the stats for hidden
imports of issuer certs.
(popen_protect_tool): Request statusmessages from the protect-tool.
(parse_p12): Detect status messages. Add new arg STATS and update them.
(print_imported_summary): Include secret key stats.
2004-04-28 Werner Koch <wk@gnupg.org>
* gpgsm.c: New command --keydb-clear-some-cert-flags.
* keydb.c (keydb_clear_some_cert_flags): New.
(keydb_update_keyblock, keydb_set_flags): Change error code
CONFLICT to NOT_LOCKED.
2004-04-26 Werner Koch <wk@gnupg.org>
* gpgsm.c (main) <gpgconf>: Do not use /dev/null as default config
filename.
* call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt)
(gpgsm_agent_genkey, gpgsm_agent_istrusted)
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
(start_agent): New arg CTRL. Send progress item when starting a
new agent.
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
CTRL to be passed down to the agent function.
* decrypt.c (prepare_decryption): Ditto.
* certreqgen.c (proc_parameters, read_parameters): Ditto.
* certcheck.c (gpgsm_create_cms_signature): Ditto.
2004-04-23 Werner Koch <wk@gnupg.org>
* keydb.c (keydb_add_resource): Try to compress the file on init.
* keylist.c (oidtranstbl): New. OIDs collected from several sources.
(print_name_raw, print_names_raw, list_cert_raw): New.
(gpgsm_list_keys): Check the dump mode and pass it down as
necessary.
2004-04-22 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): New commands --dump-keys, --dump-external-keys,
--dump-secret-keys.
2004-04-13 Werner Koch <wk@gnupg.org>
* misc.c (setup_pinentry_env): New.
* import.c (popen_protect_tool): Call it.
* export.c (popen_protect_tool): Call it.
2004-04-08 Werner Koch <wk@gnupg.org>
* decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a
encrypted message.
2004-04-07 Werner Koch <wk@gnupg.org>
* gpgsm.c: New option --force-crl-refresh.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr.
2004-04-05 Werner Koch <wk@gnupg.org>
* server.c (get_status_string): Add STATUS_NEWSIG.
* verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.
* certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
not just warn if a cert is not suitable; bail out immediately.
2004-04-01 Werner Koch <wk@gnupg.org>
* call-dirmngr.c (isvalid_status_cb): New.
(unhexify_fpr): New. Taken from ../g10/call-agent.c
(gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
it thru. Detect need to check the respondert cert and do that.
* certchain.c (gpgsm_validate_chain): Add new arg FLAGS. Changed
all callers.
2004-03-24 Werner Koch <wk@gnupg.org>
* sign.c (gpgsm_sign): Include a short list of capabilities.
2004-03-17 Werner Koch <wk@gnupg.org>
* gpgsm.c (main) <gpgconf>: Fixed default value quoting.
2004-03-16 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Implemented --gpgconf-list.
2004-03-15 Werner Koch <wk@gnupg.org>
* keylist.c (list_cert_colon): Hack to set the expired flag.
2004-03-09 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Correctly intitialze USE_OCSP flag.
* keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/
2004-03-04 Werner Koch <wk@gnupg.org>
* call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT.
* certchain.c (is_cert_still_valid): New. Code moved from ...
(gpgsm_validate_chain): ... here because we now need to check at
two places and at a later stage, so that we can pass the issuer
cert down to the dirmngr.
2004-03-03 Werner Koch <wk@gnupg.org>
* call-agent.c (start_agent): Replaced pinentry setup code by a
call to a new common function.
* certdump.c (gpgsm_format_keydesc): Make sure the string is
returned as utf-8.
* export.c (gpgsm_export): Make sure that we don't export more
than one certificate.
2004-03-02 Werner Koch <wk@gnupg.org>
* export.c (create_duptable, destroy_duptable)
(insert_duptable): New.
(gpgsm_export): Avoid duplicates.
2004-02-26 Werner Koch <wk@gnupg.org>
* certchain.c (compare_certs): New.
(gpgsm_validate_chain): Fixed infinite certificate checks after
bad signatures.
2004-02-24 Werner Koch <wk@gnupg.org>
* keylist.c (list_cert_colon): Print the fingerprint as the
cert-id for root certificates.
2004-02-21 Werner Koch <wk@gnupg.org>
* keylist.c (list_internal_keys): Return error codes.
(list_external_keys, gpgsm_list_keys): Ditto.
* server.c (do_listkeys): Ditto.
* gpgsm.c (main): Display a key description for --passwd.
* call-agent.c (gpgsm_agent_passwd): New arg DESC.
2004-02-20 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): New option --debug-ignore-expiration.
* certchain.c (gpgsm_validate_chain): Use it here.
* certlist.c (cert_usage_p): Apply extKeyUsage.
2004-02-19 Werner Koch <wk@gnupg.org>
* export.c (export_p12, popen_protect_tool)
(gpgsm_p12_export): New.
* gpgsm.c (main): New command --export-secret-key-p12.
2004-02-18 Werner Koch <wk@gnupg.org>
* gpgsm.c (set_debug): Set the new --debug-level flags.
(main): New option --gpgconf-list.
(main): Do not setup -u and -r keys when not required.
(main): Setup the used character set.
* keydb.c (keydb_add_resource): Print a hint to start the
gpg-agent.
2004-02-17 Werner Koch <wk@gnupg.org>
* gpgsm.c: Fixed value parsing for --with-validation.
* call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO.
* call-dirmngr.c (start_dirmngr): Likewise for DIRMNGR_INFO.
* gpgsm.c: New option --with-md5-fingerprint.
* keylist.c (list_cert_std): Print MD5 fpr.
* gpgsm.c: New options --with-validation.
* server.c (option_handler): New option "with-validation".
* keylist.c (list_cert_std, list_internal_keys): New args CTRL and
WITH_VALIDATION. Changed callers to set it.
(list_external_cb, list_external_keys): Pass CTRL to the callback.
(list_cert_colon): Add arg CTRL. Check validation if requested.
* certchain.c (unknown_criticals, allowed_ca, check_cert_policy)
(gpgsm_validate_chain): New args LISTMODE and FP.
(do_list): New helper for info output.
(find_up): New arg FIND_NEXT.
(gpgsm_validate_chain): After a bad signature try again with other
CA certificates.
* import.c (print_imported_status): New arg NEW_CERT. Print
additional STATUS_IMPORT_OK becuase that is what gpgme expects.
(check_and_store): Always call above function after import.
* server.c (get_status_string): Added STATUS_IMPORT_OK.
2004-02-13 Werner Koch <wk@gnupg.org>
* certcheck.c (gpgsm_create_cms_signature): Format a description
for use by the pinentry.
* decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
* certdump.c (format_name_cookie, format_name_writer)
(gpgsm_format_name): New.
(gpgsm_format_serial): New.
(gpgsm_format_keydesc): New.
* call-agent.c (gpgsm_agent_pksign): New arg DESC.
(gpgsm_agent_pkdecrypt): Ditto.
* encrypt.c (init_dek): Check for too weak algorithms.
* import.c (parse_p12, popen_protect_tool): New.
* base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
Changed all callers.
(base64_reader_cb): Handle it here.
(gpgsm_reader_eof_seen): New.
(base64_reader_cb): Set a flag for EOF.
(simple_reader_cb): Ditto.
2004-02-12 Werner Koch <wk@gnupg.org>
* gpgsm.h, gpgsm.c: New option --protect-tool-program.
* gpgsm.c (run_protect_tool): Use it.
2004-02-11 Werner Koch <wk@gnupg.org>
* Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this
will allow to override directory names at make time.
2004-02-02 Werner Koch <wk@gnupg.org>
* import.c (check_and_store): Import certificates even with
missing issuer's cert. Fixed an "depending on the verbose
setting" bug.
* certchain.c (gpgsm_validate_chain): Mark revoked certs in the
keybox.
* keylist.c (list_cert_colon): New arg VALIDITY; use it to print a
revoked flag.
(list_internal_keys): Retrieve validity flag.
(list_external_cb): Pass 0 as validity flag.
* keydb.c (keydb_get_flags, keydb_set_flags): New.
(keydb_set_cert_flags): New.
(lock_all): Return a proper error code.
(keydb_lock): New.
(keydb_delete): Don't lock but check that it has been locked.
(keydb_update_keyblock): Ditto.
* delete.c (delete_one): Take a lock.
2004-01-30 Werner Koch <wk@gnupg.org>
* certchain.c (check_cert_policy): Fixed read error checking.
(check_cert_policy): With no critical policies issue only a
warning if the policy file does not exists.
* sign.c (add_certificate_list): Decrement N for the first cert.
2004-01-29 Werner Koch <wk@gnupg.org>
* certdump.c (parse_dn_part): Map common OIDs to human readable
labels. Make sure that a value won't get truncated if it includes
a Nul.
2004-01-28 Werner Koch <wk@gnupg.org>
* certchain.c (gpgsm_validate_chain): Changed the message printed
for an untrusted root certificate.
2004-01-27 Werner Koch <wk@gnupg.org>
* certdump.c (parse_dn_part): Pretty print the nameDistinguisher OID.
(print_dn_part): Do not delimit multiple RDN by " + ". Handle
multi-valued RDNs in a special way, i.e. in the order specified by
the certificate.
(print_dn_parts): Simplified.
2004-01-16 Werner Koch <wk@gnupg.org>
* sign.c (gpgsm_sign): Print an error message on all failures.
* decrypt.c (gpgsm_decrypt): Ditto.
2003-12-17 Werner Koch <wk@gnupg.org>
* server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
(cmd_encrypt): Add all enrypt-to marked certs to the list.
* encrypt.c (gpgsm_encrypt): Check that real recipients are
available.
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
options work. Pass the list of recients to gpgsm_server.
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
(opt): Add NO_ENCRYPT_TO.
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
Changed all callers and ignore duplicate entries.
(is_cert_in_certlist): New.
(gpgsm_add_cert_to_certlist): New.
* certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
(gpgsm_dump_serial): Ditto.
* decrypt.c (gpgsm_decrypt): Replaced ERR by RC.
2003-12-16 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Set the prefixes for assuan logging.
* sign.c (gpgsm_sign): Add validation checks for the default
certificate.
* gpgsm.c: Add -k as alias for --list-keys and -K for
--list-secret-keys.
2003-12-15 Werner Koch <wk@gnupg.org>
* encrypt.c (init_dek): Use gry_create_nonce for the IV; there is
not need for real strong random here and it even better protect
the random bits used for the key.
2003-12-01 Werner Koch <wk@gnupg.org>
* gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
(gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
* certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
proceed accordingly.
2003-11-19 Werner Koch <wk@gnupg.org>
* verify.c (gpgsm_verify): Use "0" instead of an empty string for
the VALIDSIG status.
2003-11-18 Werner Koch <wk@gnupg.org>
* verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info.
* certchain.c (unknown_criticals): Fixed an error code test.
2003-11-12 Werner Koch <wk@gnupg.org>
Adjusted for API changes in Libksba.
2003-10-31 Werner Koch <wk@gnupg.org>
* certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
* verify.c (strtimestamp_r, gpgsm_verify): Ditto.
* sign.c (gpgsm_sign): Ditto.
* keylist.c (print_time, list_cert_std, list_cert_colon): Ditto.
* certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):
Ditto.
2003-10-25 Werner Koch <wk@gnupg.org>
* certreqgen.c (read_parameters): Fixed faulty of !spacep().
2003-08-20 Marcus Brinkmann <marcus@g10code.de>
* encrypt.c (encode_session_key): Allocate enough space. Cast key
byte to unsigned char to prevent sign extension.
(encrypt_dek): Check return value before error.
2003-08-14 Timo Schulz <twoaday@freakmail.de>
* encrypt.c (encode_session_key): Use new Libgcrypt interface.
2003-07-31 Werner Koch <wk@gnupg.org>
* Makefile.am (gpgsm_LDADD): Added INTLLIBS.
2003-07-29 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Add secmem features and set the random seed file.
(gpgsm_exit): Update the random seed file and enable debug output.
2003-07-27 Werner Koch <wk@gnupg.org>
Adjusted for gcry_mpi_print and gcry_mpi_scan API change.
2003-06-24 Werner Koch <wk@gnupg.org>
* server.c (gpgsm_status_with_err_code): New.
* verify.c (gpgsm_verify): Use it here instead of the old
tokenizing version.
* verify.c (strtimestamp): Renamed to strtimestamp_r
Adjusted for changes in the libgcrypt API. Some more fixes for the
libgpg-error stuff.
2003-06-04 Werner Koch <wk@gnupg.org>
* call-agent.c (init_membuf,put_membuf,get_membuf): Removed.
Include new membuf header and changed used type.
Renamed error codes from INVALID to INV and removed _ERROR suffixes.
2003-06-03 Werner Koch <wk@gnupg.org>
Changed all error codes in all files to the new libgpg-error scheme.
* gpgsm.h: Include gpg-error.h .
* Makefile.am: Link with libgpg-error.
2003-04-29 Werner Koch <wk@gnupg.org>
* Makefile.am: Use libassuan. Don't override LDFLAGS anymore.
* server.c (register_commands): Adjust for new Assuan semantics.
2002-12-03 Werner Koch <wk@gnupg.org>
* call-agent.c (gpgsm_agent_passwd): New.
* gpgsm.c (main): New command --passwd and --call-protect-tool
(run_protect_tool): New.
2002-11-25 Werner Koch <wk@gnupg.org>
* verify.c (gpgsm_verify): Handle content-type attribute.
2002-11-13 Werner Koch <wk@gnupg.org>
* call-agent.c (start_agent): Try to use $GPG_TTY instead of
ttyname. Changed ttyname to test stdin becuase it can be assumed
that output redirection is more common that input redirection.
2002-11-12 Werner Koch <wk@gnupg.org>
* gpgsm.c: New command --call-dirmngr.
* call-dirmngr.c (gpgsm_dirmngr_run_command)
(run_command_inq_cb,run_command_cb)
(run_command_status_cb): New.
2002-11-11 Werner Koch <wk@gnupg.org>
* certcheck.c (gpgsm_check_cms_signature): Don't double free
s_sig but free s_pkey at leave.
2002-11-10 Werner Koch <wk@gnupg.org>
* gpgsm.c: Removed duplicate --list-secret-key entry.
2002-09-19 Werner Koch <wk@gnupg.org>
* certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging.
* certchain.c (find_up): Print info when the cert was not found
by the autorithyKeyIdentifier.
2002-09-03 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Disable the internal libgcrypt locking.
2002-08-21 Werner Koch <wk@gnupg.org>
* import.c (print_imported_summary): Cleaned up. Print new
not_imported value.
(check_and_store): Update non_imported counter.
(print_import_problem): New.
(check_and_store): Print error status message.
* server.c (get_status_string): Added STATUS_IMPORT_PROBLEM.
2002-08-20 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Use the log file only in server mode.
* import.c (print_imported_summary): New.
(check_and_store): Update the counters, take new argument.
(import_one): Factored out core of gpgsm_import.
(gpgsm_import): Print counters.
(gpgsm_import_files): New.
* gpgsm.c (main): Use the new function for import.
2002-08-19 Werner Koch <wk@gnupg.org>
* decrypt.c (gpgsm_decrypt): Return a better error status token.
* verify.c (gpgsm_verify): Don't error on messages with no signing
time or no message digest. This is only the case for messages
without any signed attributes.
2002-08-16 Werner Koch <wk@gnupg.org>
* certpath.c: Renamed to ..
* certchain.c: this. Renamed all all other usages of "path" in the
context of certificates to "chain".
* call-agent.c (learn_cb): Special treatment when the issuer
certificate is missing.
2002-08-10 Werner Koch <wk@gnupg.org>
* Makefile.am (INCLUDES): Add definition for localedir.
* keylist.c (list_cert_colon): Print the short fingerprint in the
key ID field.
* fingerprint.c (gpgsm_get_short_fingerprint): New.
* verify.c (gpgsm_verify): Print more verbose info for a good
signature.
2002-08-09 Werner Koch <wk@gnupg.org>
* decrypt.c (prepare_decryption): Hack to detected already
unpkcsedone keys.
* gpgsm.c (emergency_cleanup): New.
(main): Initialize the signal handler.
* sign.c (gpgsm_sign): Reset the hash context for subsequent
signers and release it at the end.
2002-08-05 Werner Koch <wk@gnupg.org>
* server.c (cmd_signer): New command "SIGNER"
(register_commands): Register it.
(cmd_sign): Pass the signer list to gpgsm_sign.
* certlist.c (gpgsm_add_to_certlist): Add SECRET argument, check
for secret key if set and changed all callers.
* sign.c (gpgsm_sign): New argument SIGNERLIST and implemt
multiple signers.
* gpgsm.c (main): Support more than one -u.
* server.c (cmd_recipient): Return reason code 1 for No_Public_Key
which is actually what gets returned from add_to_certlist.
2002-07-26 Werner Koch <wk@gnupg.org>
* certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup.
(gpgsm_check_cms_signature): Ditto.
2002-07-22 Werner Koch <wk@gnupg.org>
* keydb.c (keydb_add_resource): Register a lock file.
(lock_all, unlock_all): Implemented.
* delete.c: New.
* gpgsm.c: Made --delete-key work.
* server.c (cmd_delkeys): New.
(register_commands): New command DELKEYS.
* decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is
used and a STATUS_ERROR with the algorithm oid.
2002-07-03 Werner Koch <wk@gnupg.org>
* server.c (gpgsm_status2): Insert a blank between all optional
arguments when using assuan.
* server.c (cmd_recipient): No more need for extra blank in constants.
* import.c (print_imported_status): Ditto.
* gpgsm.c (main): Ditto.
2002-07-02 Werner Koch <wk@gnupg.org>
* verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with
the fingerprint.
* certpath.c (check_cert_policy): Don't use log_error to print a
warning.
* keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
all callers.
* call-agent.c (learn_cb): Print info message only for real imports.
* import.c (gpgsm_import): Moved duplicated code to ...
(check_and_store): new function. Added magic to import the entire
chain. Print status only for real imports and moved printing code
to ..
(print_imported_status): New.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr
call in very verbose mode.
* gpgsm.c (main): Use the same error codes for STATUS_INV_RECP as
with the server mode.
2002-06-29 Werner Koch <wk@gnupg.org>
* gpgsm.c: New option --auto-issuer-key-retrieve.
* certpath.c (find_up): Try to retrieve an issuer key from an
external source and from the ephemeral key DB.
(find_up_store_certs_cb): New.
* keydb.c (keydb_set_ephemeral): Does now return the old
state. Call the backend only when required.
* call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
(lookup_status_cb): Issue status only when CTRL is not NULL.
(gpgsm_dirmngr_lookup): Document that CTRL is optional.
* call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.
2002-06-28 Werner Koch <wk@gnupg.org>
* server.c (cmd_recipient): Add more reason codes.
2002-06-27 Werner Koch <wk@gnupg.org>
* certpath.c (gpgsm_basic_cert_check): Use
--debug-no-path-validation to also bypass this basic check.
* gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.
* call-agent.c (start_agent): Create and pass the list of FD to
keep in the child to assuan.
* call-dirmngr.c (start_dirmngr): Ditto.
2002-06-26 Werner Koch <wk@gnupg.org>
* import.c (gpgsm_import): Print an STATUS_IMPORTED.
* gpgsm.c: --debug-no-path-validation does not take an argument.
2002-06-25 Werner Koch <wk@gnupg.org>
* certdump.c (print_dn_part): Always print a leading slash,
removed NEED_DELIM arg and changed caller.
* export.c (gpgsm_export): Print LFs to FP and not stdout.
(print_short_info): Ditto. Make use of gpgsm_print_name.
* server.c (cmd_export): Use output-fd instead of data lines; this
was actually the specified way.
2002-06-24 Werner Koch <wk@gnupg.org>
* gpgsm.c: Removed duped help entry for --list-keys.
* gpgsm.c, gpgsm.h: New option --debug-no-path-validation.
* certpath.c (gpgsm_validate_path): Use it here instead of the
debug flag hack.
* certpath.c (check_cert_policy): Return No_Policy_Match if the
policy file could not be opened.
2002-06-20 Werner Koch <wk@gnupg.org>
* certlist.c (gpgsm_add_to_certlist): Fixed locating of a
certificate with the required key usage.
* gpgsm.c (main): Fixed a segv when using --outfile without an
argument.
* keylist.c (print_capabilities): Also check for non-repudiation
and data encipherment.
* certlist.c (cert_usage_p): Test for signing and encryption was
swapped. Add a case for certification usage, handle
non-repudiation and data encipherment.
(gpgsm_cert_use_cert_p): New.
(gpgsm_add_to_certlist): Added a CTRL argument and changed all
callers to pass it.
* certpath.c (gpgsm_validate_path): Use it here to print a status
message. Added a CTRL argument and changed all callers to pass it.
* decrypt.c (gpgsm_decrypt): Print a status message for wrong key
usage.
* verify.c (gpgsm_verify): Ditto.
* keydb.c (classify_user_id): Allow a colon delimited fingerprint.
2002-06-19 Werner Koch <wk@gnupg.org>
* call-agent.c (learn_cb): Use log_info instead of log_error on
successful import.
* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.
* gpgsm.c (main): New command --list-external-keys.
2002-06-17 Werner Koch <wk@gnupg.org>
* certreqgen.c (read_parameters): Improved error handling.
(gpgsm_genkey): Print error message.
2002-06-13 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): New option --log-file.
2002-06-12 Werner Koch <wk@gnupg.org>
* call-dirmngr.c (lookup_status_cb): New.
(gpgsm_dirmngr_lookup): Use the status CB. Add new arg CTRL and
changed caller to pass it.
* gpgsm.c (open_fwrite): New.
(main): Allow --output for --verify.
* sign.c (hash_and_copy_data): New.
(gpgsm_sign): Implemented normal (non-detached) signatures.
* gpgsm.c (main): Ditto.
* certpath.c (gpgsm_validate_path): Special error handling for
no policy match.
2002-06-10 Werner Koch <wk@gnupg.org>
* server.c (get_status_string): Add STATUS_ERROR.
* certpath.c (gpgsm_validate_path): Tweaked the error checking to
return error codes in a more sensitive way.
* verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad
CA certificate and when the certificate has been revoked. Issue
TRUST_FULLY even when the cert has expired. Append an error token
to these status lines. Issue the new generic error status when a
cert was not found and when leaving the function.
2002-06-04 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): New command --list-sigs
* keylist.c (list_cert_std): New. Use it whenever colon mode is
not used.
(list_cert_chain): New.
2002-05-31 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Don't print the "go ahead" message for an
invalid command.
2002-05-23 Werner Koch <wk@gnupg.org>
* import.c (gpgsm_import): Add error messages.
2002-05-21 Werner Koch <wk@gnupg.org>
* keylist.c (list_internal_keys): Renamed from gpgsm_list_keys.
(list_external_keys): New.
(gpgsm_list_keys): Dispatcher for above.
* call-dirmngr.c (lookup_cb,pattern_from_strlist)
(gpgsm_dirmngr_lookup): New.
* server.c (option_handler): Handle new option --list-mode.
(do_listkeys): Handle options and actually use the mode argument.
(get_status_string): New code TRUNCATED.
* import.c (gpgsm_import): Try to identify the type of input and
handle certs-only messages.
2002-05-14 Werner Koch <wk@gnupg.org>
* gpgsm.c: New option --faked-system-time
* sign.c (gpgsm_sign): And use it here.
* certpath.c (gpgsm_validate_path): Ditto.
2002-05-03 Werner Koch <wk@gnupg.org>
* certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
all callers.
* verify.c (gpgsm_verify): Tweaked usage of log_debug and
log_error. Return EXPSIG status and add expiretime to VALIDSIG.
2002-04-26 Werner Koch <wk@gnupg.org>
* gpgsm.h (DBG_AGENT,DBG_AGENT_VALUE): Replaced by DBG_ASSUAN_*.
Changed all users.
* call-agent.c (start_agent): Be more silent without -v.
* call-dirmngr.c (start_dirmngr): Ditto.
2002-04-25 Werner Koch <wk@gnupg.org>
* call-agent.c (start_agent): Make copies of old locales and check
for setlocale.
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c (start_agent): Fix error handling logic so the
locale is always correctly reset.
2002-04-25 Marcus Brinkmann <marcus@g10code.de>
* server.c (option_handler): Accept display, ttyname, ttytype,
lc_ctype and lc_messages options.
* gpgsm.c (main): Allocate memory for these options.
* gpgsm.h (struct opt): Make corresponding members non-const.
2002-04-24 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.h (struct opt): New members display, ttyname, ttytype,
lc_ctype, lc_messages.
* gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
oTTYname, oTTYtype, oLCctype, oLCmessages.
(opts): New entries for these options.
(main): Handle these new options.
* call-agent.c (start_agent): Set the various display and tty
parameter after resetting.
2002-04-18 Werner Koch <wk@gnupg.org>
* certreqgen.c (gpgsm_genkey): Write status output on success.
2002-04-15 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Check ksba version.
* certpath.c (find_up): New to use the authorithKeyIdentifier.
Use it in all other functions to locate the signing cert..
2002-04-11 Werner Koch <wk@gnupg.org>
* certlist.c (cert_usable_p): New.
(gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
(gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
(gpgsm_add_to_certlist): Check the key usage.
* sign.c (gpgsm_sign): Ditto.
* verify.c (gpgsm_verify): Print a message wehn an unsuitable
certificate was used.
* decrypt.c (gpgsm_decrypt): Ditto
* keylist.c (print_capabilities): Determine values from the cert.
2002-03-28 Werner Koch <wk@gnupg.org>
* keylist.c (list_cert_colon): Fixed listing of crt record; the
issuer is not at the right place. Print a chainingID.
* certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on
common errors.
2002-03-21 Werner Koch <wk@gnupg.org>
* export.c: New.
* gpgsm.c: Add command --export.
* server.c (cmd_export): New.
2002-03-13 Werner Koch <wk@gnupg.org>
* decrypt.c (gpgsm_decrypt): Allow multiple recipients.
2002-03-12 Werner Koch <wk@gnupg.org>
* certpath.c (check_cert_policy): Print the policy list.
* verify.c (gpgsm_verify): Detect certs-only message.
2002-03-11 Werner Koch <wk@gnupg.org>
* import.c (gpgsm_import): Print a notice about imported certificates
when in verbose mode.
* gpgsm.c (main): Print INV_RECP status.
* server.c (cmd_recipient): Ditto.
* server.c (gpgsm_status2): New. Allows for a list of strings.
(gpgsm_status): Divert to gpgsm_status2.
* encrypt.c (gpgsm_encrypt): Don't use a default key when no
recipients are given. Print a NO_RECP status.
2002-03-06 Werner Koch <wk@gnupg.org>
* server.c (cmd_listkeys, cmd_listsecretkeys): Divert to
(do_listkeys): new. Add pattern parsing.
* keylist.c (gpgsm_list_keys): Handle selection pattern.
* gpgsm.c: New command --learn-card
* call-agent.c (learn_cb,gpgsm_agent_learn): New.
* gpgsm.c (main): Print error messages for non-implemented commands.
* base64.c (base64_reader_cb): Use case insensitive compare of the
Content-Type string to detect plain base-64.
2002-03-05 Werner Koch <wk@gnupg.org>
* gpgsm.c, gpgsm.h: Add local_user.
* sign.c (gpgsm_get_default_cert): New.
(get_default_signer): Use the new function if local_user is not
set otherwise used that value.
* encrypt.c (get_default_recipient): Removed.
(gpgsm_encrypt): Use gpgsm_get_default_cert.
* verify.c (gpgsm_verify): Better error text for a bad signature
found by comparing the hashs.
2002-02-27 Werner Koch <wk@gnupg.org>
* call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses
of assuan_transact.
2002-02-25 Werner Koch <wk@gnupg.org>
* server.c (option_handler): Allow to use -2 for "send all certs
except the root cert".
* sign.c (add_certificate_list): Implement it here.
* certpath.c (gpgsm_is_root_cert): New.
2002-02-19 Werner Koch <wk@gnupg.org>
* certpath.c (check_cert_policy): New.
(gpgsm_validate_path): And call it from here.
* gpgsm.c (main): New options --policy-file,
--disable-policy-checks and --enable-policy-checks.
* gpgsm.h (opt): Added policy_file, no_policy_checks.
2002-02-18 Werner Koch <wk@gnupg.org>
* certpath.c (gpgsm_validate_path): Ask the agent to add the
certificate into the trusted list.
* call-agent.c (gpgsm_agent_marktrusted): New.
2002-02-07 Werner Koch <wk@gnupg.org>
* certlist.c (gpgsm_add_to_certlist): Check that the specified
name identifies a certificate unambiguously.
(gpgsm_find_cert): Ditto.
* server.c (cmd_listkeys): Check that the data stream is available.
(cmd_listsecretkeys): Ditto.
(has_option): New.
(cmd_sign): Fix ambiguousity in option recognition.
* gpgsm.c (main): Enable --logger-fd.
* encrypt.c (gpgsm_encrypt): Increased buffer size for better
performance.
* call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from
the agent.
* keylist.c (list_cert_colon): Filter out control characters.
2002-02-06 Werner Koch <wk@gnupg.org>
* decrypt.c (gpgsm_decrypt): Bail out after an decryption error.
* server.c (reset_notify): Close input and output FDs.
(cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import)
(cmd_genkey): Close the FDs and release the recipient list even in
the error case.
2002-02-01 Marcus Brinkmann <marcus@g10code.de>
* sign.c (gpgsm_sign): Do not release certificate twice.
2002-01-29 Werner Koch <wk@gnupg.org>
* call-agent.c (gpgsm_agent_havekey): New.
* keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs"
when we know that the secret key is available.
(gpgsm_list_keys): New arg MODE, check whether a secret key is
available. Changed all callers.
* gpgsm.c (main): New command --list-secret-keys.
* server.c (cmd_listsecretkeys): New.
(cmd_listkeys): Return secret keys with "crs" record.
2002-01-28 Werner Koch <wk@gnupg.org>
* certreqgen.c (create_request): Store the email address in the req.
2002-01-25 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Disable core dumps.
* sign.c (add_certificate_list): New.
(gpgsm_sign): Add the certificates to the CMS object.
* certpath.c (gpgsm_walk_cert_chain): New.
* gpgsm.h (server_control_s): Add included_certs.
* gpgsm.c: Add option --include-certs.
(gpgsm_init_default_ctrl): New.
(main): Call it.
* server.c (gpgsm_server): Ditto.
(option_handler): Support --include-certs.
2002-01-23 Werner Koch <wk@gnupg.org>
* certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
* certdump.c (gpgsm_dump_string): New.
(print_dn): Replaced by above.
2002-01-22 Werner Koch <wk@gnupg.org>
* certpath.c (unknown_criticals): New.
(allowed_ca): New.
(gpgsm_validate_path): Check validity, CA attribute, path length
and unknown critical extensions.
2002-01-21 Werner Koch <wk@gnupg.org>
* gpgsm.c: Add option --enable-crl-checks.
* call-agent.c (start_agent): Implemented socket based access.
* call-dirmngr.c (start_dirmngr): Ditto.
2002-01-20 Werner Koch <wk@gnupg.org>
* server.c (option_handler): New.
(gpgsm_server): Register it with assuan.
2002-01-19 Werner Koch <wk@gnupg.org>
* server.c (gpgsm_server): Use assuan_deinit_server and setup
assuan logging if enabled.
* call-agent.c (inq_ciphertext_cb): Don't show the session key in
an Assuan log file.
* gpgsm.c (my_strusage): Take bugreport address from configure.ac
2002-01-15 Werner Koch <wk@gnupg.org>
* import.c (gpgsm_import): Just do a basic cert check before
storing it.
* certpath.c (gpgsm_basic_cert_check): New.
* keydb.c (keydb_store_cert): New.
* import.c (store_cert): Removed and change all caller to use
the new function.
* verify.c (store_cert): Ditto.
* certlist.c (gpgsm_add_to_certlist): Validate the path
* certpath.c (gpgsm_validate_path): Check the trust list.
* call-agent.c (gpgsm_agent_istrusted): New.
2002-01-14 Werner Koch <wk@gnupg.org>
* call-dirmngr.c (inq_certificate): Changed for new interface semantic.
* certlist.c (gpgsm_find_cert): New.
2002-01-13 Werner Koch <wk@gnupg.org>
* fingerprint.c (gpgsm_get_certid): Print the serial and not the
hash after the dot.
2002-01-11 Werner Koch <wk@gnupg.org>
* call-dirmngr.c: New.
* certpath.c (gpgsm_validate_path): Check the CRL here.
* fingerprint.c (gpgsm_get_certid): New.
* gpgsm.c: New options --dirmngr-program and --disable-crl-checks.
2002-01-10 Werner Koch <wk@gnupg.org>
* base64.c (gpgsm_create_writer): Allow to set the object name
2002-01-08 Werner Koch <wk@gnupg.org>
* keydb.c (spacep): Removed because it is now in util.c
* server.c (cmd_genkey): New.
* certreqgen.c: New. The parameter handling code has been taken
from gnupg/g10/keygen.c version 1.0.6.
* call-agent.c (gpgsm_agent_genkey): New.
2002-01-02 Werner Koch <wk@gnupg.org>
* server.c (rc_to_assuan_status): Removed and changed all callers
to use map_to_assuan_status.
2001-12-20 Werner Koch <wk@gnupg.org>
* verify.c (gpgsm_verify): Implemented non-detached signature
verification. Add OUT_FP arg, initialize a writer and changed all
callers.
* server.c (cmd_verify): Pass an out_fp if one has been set.
* base64.c (base64_reader_cb): Try to detect an S/MIME body part.
* certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
global.
(print_time): Renamed to gpgsm_dump_time, made global.
(gpgsm_dump_serial): Take a real S-Expression as argument and
print the first item.
* keylist.c (list_cert_colon): Ditto.
* keydb.c (keydb_search_issuer_sn): Ditto.
* decrypt.c (print_integer_sexp): Removed and made callers
use gpgsm_dump_serial.
* verify.c (print_time): Removed, made callers use gpgsm_dump_time.
2001-12-19 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c (start_agent): Add new argument to assuan_pipe_connect.
2001-12-18 Werner Koch <wk@gnupg.org>
* verify.c (print_integer_sexp): Renamed from print_integer and
print the serial number according to the S-Exp rules.
* decrypt.c (print_integer_sexp): Ditto.
2001-12-17 Werner Koch <wk@gnupg.org>
* keylist.c (list_cert_colon): Changed for new return value of
get_serial.
* keydb.c (keydb_search_issuer_sn): Ditto.
* certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp
returingin functions.
* fingerprint.c (gpgsm_get_keygrip): Ditto.
* encrypt.c (encrypt_dek): Ditto
* certcheck.c (gpgsm_check_cms_signature): Ditto
* decrypt.c (prepare_decryption): Ditto.
* call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen,
use KsbaSexp type and calculate the length.
* certdump.c (print_sexp): Remaned from print_integer, changed caller.
* Makefile.am: Use the LIBGCRYPT and LIBKSBA variables.
* fingerprint.c (gpgsm_get_keygrip): Use the new
gcry_pk_get_keygrip to calculate the grip - note the algorithm and
therefore the grip values changed.
2001-12-15 Werner Koch <wk@gnupg.org>
* certcheck.c (gpgsm_check_cms_signature): Removed the faked-key
kludge.
(gpgsm_create_cms_signature): Removed the commented fake key
code. This makes the function pretty simple.
* gpgsm.c (main): Renamed the default key database to "keyring.kbx".
* decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*.
* sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED.
2001-12-14 Werner Koch <wk@gnupg.org>
* keylist.c (list_cert_colon): Kludge to show an email address
encoded in the subject's DN.
* verify.c (gpgsm_verify): Add hash debug helpers
* sign.c (gpgsm_sign): Ditto.
* base64.c (base64_reader_cb): Reset the linelen when we need to
skip the line and adjusted test; I somehow forgot about DeMorgan.
* server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify)
(cmd_import): Close the FDs on success.
(close_message_fd): New.
(input_notify): Setting autodetect_encoding to 0 after initializing
it to 0 is pretty pointless. Easy to fix.
* gpgsm.c (main): New option --debug-wait n, so that it is
possible to attach gdb when used in server mode.
* sign.c (get_default_signer): Use keydb_classify_name here.
2001-12-14 Marcus Brinkmann <marcus@g10code.de>
* call-agent.c (LINELENGTH): Removed.
(gpgsm_agent_pksign): Use ASSUAN_LINELENGTH, not LINELENGTH.
(gpgsm_agent_pkdecrypt): Likewise.
2001-12-13 Werner Koch <wk@gnupg.org>
* keylist.c (list_cert_colon): Print alternative names of subject
and a few other values.
2001-12-12 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): New options --assume-{armor,base64,binary}.
* base64.c (base64_reader_cb): Fixed non-autodetection mode.
2001-12-04 Werner Koch <wk@gnupg.org>
* call-agent.c (read_from_agent): Check for inquire responses.
(request_reply): Handle them using a new callback arg, changed all
callers.
(gpgsm_agent_pkdecrypt): New.
2001-11-27 Werner Koch <wk@gnupg.org>
* base64.c: New. Changed all other functions to use this instead
of direct creation of ksba_reader/writer.
* gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used.
2001-11-26 Werner Koch <wk@gnupg.org>
* gpgsm.c: New option --agent-program
* call-agent.c (start_agent): Allow to override the default path
to the agent.
* keydb.c (keydb_add_resource): Create keybox
* keylist.c (gpgsm_list_keys): Fixed non-server keylisting.
* server.c (rc_to_assuan_status): New. Use it for all commands.
Copyright 2001, 2002, 2003, 2004, 2005,
2006 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
modifications, as long as this notice is preserved.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.