gnupg/dirmngr at cc056eb534c1b8f7d1a90af3b9ecb9d6b2f322fa - gnupg - Nils’ gitea instance

security-and-privacy/gnupg

mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

History

Werner Koch cc056eb534

dirmngr: Do not store the useless pgpSignerID in the LDAP.

* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.
--

The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was
              /* This bit is really for the benefit of people who
                 store their keys in LDAP servers.  It makes it easy
                 to do queries for things like "all keys signed by
                 Isabella".  */
See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5

I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures.  Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.

Signed-off-by: Werner Koch <wk@gnupg.org>

2020-12-14 19:29:49 +01:00

..

cdb.h

headers: fix spelling

2018-10-25 16:53:05 -04:00

cdblib.c

all: fix spelling and typos

2018-10-24 15:56:18 -04:00

certcache.c

common: New functions gnupg_opendir et al.

2020-10-21 17:00:32 +02:00

certcache.h

dirmngr: Use system certs if --hkp-cacert is not used.

2017-09-18 22:49:05 +02:00

ChangeLog-2011

Fix spelling.

2017-02-21 13:11:46 -05:00

ChangeLog-2011-ks

Remove the obsolete keyserver directory from the repo.

2015-04-20 18:20:45 +02:00

crlcache.c

common: New functions gnupg_opendir et al.

2020-10-21 17:00:32 +02:00

crlcache.h

move some file encodings to UTF-8

2016-09-17 15:57:31 +09:00

crlfetch.c

dirmngr: Minor cleanup for better readability.

2020-10-05 17:25:42 +02:00

crlfetch.h

dirmngr: Minor cleanup for better readability.

2020-10-05 17:25:42 +02:00

dirmngr_ldap.c

Use gpgrt's new option parser for the remaining daemons.

2020-02-21 21:45:13 +01:00

dirmngr-client.c

w32: Replace some fopen by es_fopen.

2020-11-11 15:23:22 +01:00

dirmngr-err.h

Some work on porting dirmngr (unfinished)

2010-07-16 13:19:45 +00:00

dirmngr-status.h

dirmngr: Print a WARNING status for DNS config problems.

2018-07-25 14:35:04 +02:00

dirmngr.c

gpgconf: Also print revision of libksba.

2020-11-19 09:09:31 +01:00

dirmngr.h

build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.

2020-02-10 16:50:47 +01:00

dns-stuff.c

Silence compiler warnings.

2020-08-19 13:21:32 +09:00

dns-stuff.h

dirmngr: Use IPv4 or IPv6 interface only if available.

2019-11-12 20:35:12 +01:00

dns.c

dns: Fix memory use-after-free.

2020-08-19 15:16:34 +09:00

dns.h

dirmngr: dns: Fix allocation of string buffer in stack.

2020-05-20 19:44:38 +09:00

domaininfo.c

dirmngr: Improve domaininfo cache update algorithm.

2019-04-02 13:22:32 +02:00

http-common.c

dirmngr: Fix commit de6d8313

2017-03-03 17:17:26 +01:00

http-common.h

dirmngr: Rearrange files to fix de6d831.

2017-03-02 18:35:03 +01:00

http-ntbtls.c

dirmngr: Align the gnutls use of CAs with the ntbtls code.

2020-09-10 10:50:39 +02:00

http.c

Replace all calls to access by gnupg_access

2020-10-20 12:15:55 +02:00

http.h

dirmngr: Rework of the LDAP code, part 1.

2019-11-26 13:09:35 +01:00

ks-action.c

dirmngr: Do not store the useless pgpSignerID in the LDAP.

2020-12-14 19:29:49 +01:00

ks-action.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

ks-engine-finger.c

dirmngr: Print a WARNING status for DNS config problems.

2018-07-25 14:35:04 +02:00

ks-engine-hkp.c

dirmngr: Fix the pool keyserver case for a single host in the pool.

2020-09-10 10:50:40 +02:00

ks-engine-http.c

dirmngr,gpg: Better diagnostic in case of bad TLS certificates.

2019-11-18 18:26:55 +01:00

ks-engine-kdns.c

Remove -I option to common.

2017-03-07 20:25:54 +09:00

ks-engine-ldap.c

dirmngr: Do not store the useless pgpSignerID in the LDAP.

2020-12-14 19:29:49 +01:00

ks-engine.h

dirmngr: Allow redirection from https to http for CRLs

2018-04-25 12:38:04 +02:00

ldap-parse-uri.c

dirmngr: Rework of the LDAP code, part 1.

2019-11-26 13:09:35 +01:00

ldap-parse-uri.h

Remove -I option to common.

2017-03-07 20:25:54 +09:00

ldap-url.c

dirmngr: Simplify strtok macro.

2014-03-07 19:00:31 +01:00

ldap-url.h

Merged Dirmngr with GnuPG.

2010-06-09 16:53:51 +00:00

ldap-wrapper.c

Spelling cleanup.

2020-02-18 18:07:46 -05:00

ldap-wrapper.h

dirmngr: Remove cruft from dirmngr_ldap

2019-11-11 20:49:04 +01:00

ldap.c

dirmngr: Minor cleanup for better readability.

2020-10-05 17:25:42 +02:00

ldapserver.c

gpgsm: Allow sepcification of ldaps servers.

2019-11-09 11:29:59 +01:00

ldapserver.h

dirmngr: Rename an enum value for clarity.

2019-11-11 09:45:01 +01:00

loadswdb.c

common,agent,dirmngr,g10,tools: Fix split_fields API.

2020-09-18 10:20:23 +09:00

Makefile.am

build: New configure option --disable-tests

2020-08-20 10:54:17 +02:00

misc.c

dirmngr: Fix LDAP port parsing.

2018-11-05 09:00:02 +01:00

misc.h

dirmngr: Rearrange files to fix de6d831.

2017-03-02 18:35:03 +01:00

OAUTHORS

Nuked almost all trailing white space.

2011-02-04 12:57:53 +01:00

ocsp.c

sm: Support rsaPSS verification also for CMS signatures.

2020-04-14 15:46:04 +02:00

ocsp.h

Merged Dirmngr with GnuPG.

2010-06-09 16:53:51 +00:00

ONEWS

Nuked almost all trailing white space.

2011-02-04 12:57:53 +01:00

server.c

dirmngr: Do not store the useless pgpSignerID in the LDAP.

2020-12-14 19:29:49 +01:00

sks-keyservers.netCA.pem

dirmngr: Add support for hkps keyservers.

2014-05-05 16:23:37 +02:00

t-dns-stuff.c

dirmngr: Print a WARNING status for DNS config problems.

2018-07-25 14:35:04 +02:00

t-http-basic.c

dirmngr: Avoid possible CSRF attacks via http redirects.

2018-11-22 22:36:07 +01:00

t-http.c

dirmngr: Rework of the LDAP code, part 1.

2019-11-26 13:09:35 +01:00

t-ldap-parse-uri.c

dirmngr: Rework of the LDAP code, part 1.

2019-11-26 13:09:35 +01:00

t-support.c

dirmngr: Print a WARNING status for DNS config problems.

2018-07-25 14:35:04 +02:00

t-support.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

tls-ca.pem

Move http module from common/ to dirmngr/.

2015-10-18 20:08:26 +02:00

validate.c

sm,dirmngr: Restrict allowed parameters used with rsaPSS.

2020-04-15 11:06:59 +02:00

validate.h

dirmngr: Add special treatment for the standard hkps pool to ntbtls.

2017-02-21 14:55:04 +01:00

w32-ldap-help.h

Change all http://www.gnu.org in license notices to https://

2016-11-05 12:02:19 +01:00

workqueue.c

Spelling cleanup.

2020-02-18 18:07:46 -05:00