security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10
History
Werner Koch d9c7935188
dirmngr,gpg: Better diagnostic in case of bad TLS certificates. 
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--

For example a

  gpg -v --locate-external-keys dd9jn@posteo.net

now yields

  gpg: Note: server uses an invalid certificate
  gpg: (further info: bad cert for 'posteo.net': \
                      Hostname does not match the certificate)
  gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
  gpg: error reading key: Wrong name

(without -v the "further info" line is not shown).  Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses.  Anyway, this help to show the feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
 		2019-11-18 18:26:55 +01:00
..
ChangeLog-2011 Spelling: correct spelling of "passphrase". 2016-11-02 12:53:58 +01:00
Makefile.am Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
all-tests.scm tests: Make it possible to run all tests using our infrastructure. 2017-05-11 18:12:37 +02:00
armor.c g10: Fix possible null dereference. 2019-05-14 11:20:07 +09:00
build-packet.c gpg: Rework the signature subpacket iteration function. 2019-09-05 20:38:23 +02:00
call-agent.c gpg: New option --use-only-openpgp-card 2019-08-21 14:13:51 +02:00
call-agent.h card: Fix showing KDF object attribute. 2019-07-19 13:26:49 +09:00
call-dirmngr.c dirmngr,gpg: Better diagnostic in case of bad TLS certificates. 2019-11-18 18:26:55 +01:00
call-dirmngr.h gpg: Store key origin info for new DANE and WKD retrieved keys. 2017-07-24 20:09:52 +02:00
call-keyboxd.c gpg: Read the UBID from the keybox and detect wrong blob type. 2019-10-01 20:11:54 +02:00
card-util.c gpg: Use modern spelling for the female salutation. 2019-08-22 10:24:16 +02:00
cipher-aead.c g10: Fix log_debug formatting. 2018-11-08 12:14:23 +09:00
cipher-cfb.c gpg: Remove MDC options 2018-05-29 12:42:52 +02:00
compress-bz2.c g10,tools: Fix bzlib.h include order. 2017-04-11 13:52:19 +09:00
compress.c gpg: Fix minor memory leak in the compress filter. 2018-05-02 20:15:10 +02:00
cpr.c spelling: Fix "synchronize" 2019-06-23 20:21:02 -04:00
dearmor.c Revert "g10: Always save standard revocation certificate in file." 2017-08-01 19:08:16 +02:00
decrypt-data.c common: Allow a readlimit for iobuf_esopen. 2019-09-10 15:45:58 +02:00
decrypt.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:40:24 +02:00
dek.h gpg: More check for symmetric key encryption. 2019-07-18 11:02:34 +09:00
delkey.c gpg: Remove an unused variable. 2019-11-06 14:47:29 +01:00
distsigkey.gpg build: Update distsigkey.gpg 2017-11-22 20:54:47 +01:00
ecdh.c Fix the previous commit. 2019-03-14 08:23:38 +09:00
encrypt.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
exec.c gpg: photoid: Move functions from exec.c. 2019-07-25 11:21:58 +09:00
exec.h gpg: photoid: Move functions from exec.c. 2019-07-25 11:21:58 +09:00
expand-group.c gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
export.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
filter.h g10/armor: use libgcrypt's CRC24 implementation 2018-11-08 21:31:12 +02:00
free-packet.c gpg: Fix possible double free of the card serialno. 2017-07-21 17:49:10 +02:00
getkey.c gpg: More fix of get_best_pubkey_byname. 2019-10-17 10:46:34 +09:00
gpg-w32info.rc w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpg.c gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
gpg.h gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
gpg.w32-manifest.in w32: Add manifest to gpg. 2015-02-04 09:15:34 +01:00
gpgcompose.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
gpgsql.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
gpgsql.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
gpgv.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
helptext.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
import.c gpg: Fix a potential loss of key sigs during import with self-sigs-only. 2019-11-07 15:07:25 +01:00
kbnode.c gpg: Avoid importing secret keys if the keyblock is not valid. 2019-03-15 20:41:38 +01:00
key-check.c gpg: Improve import's repair-key duplicate signature detection. 2018-06-07 18:41:17 +02:00
key-check.h gpg: Avoid output to the tty during import. 2017-07-27 11:38:57 +02:00
key-clean.c gpg: Rework the signature subpacket iteration function. 2019-09-05 20:38:23 +02:00
key-clean.h headers: fix spelling 2018-10-25 16:53:05 -04:00
keydb-private.h gpg: Read the UBID from the keybox and detect wrong blob type. 2019-10-01 20:11:54 +02:00
keydb.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keydb.h gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
keyedit.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keyedit.h gpg: During secret key import print "sec" instead of "pub". 2019-03-15 19:14:34 +01:00
keygen.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keyid.c gpg: Cache a once computed fingerprint in PKT_public_key. 2019-04-12 11:11:09 +02:00
keylist.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keyring.c gpg: Fix keyring retrieval. 2019-07-10 15:06:54 +09:00
keyring.h gpg: Pass CTRL to many more functions. 2017-03-31 20:07:20 +02:00
keyserver-internal.h gpg: Pass key origin values to import functions. 2017-07-13 18:29:01 +02:00
keyserver.c gpg: Fix --recv-key in case of a given fingerprint. 2019-09-30 18:03:31 +02:00
main.h gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
mainproc.c gpg: Rework the signature subpacket iteration function. 2019-09-05 20:38:23 +02:00
mdfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
migrate.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
misc.c gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
objcache.c doc: Minor doc updates and a typo fix. 2019-09-25 16:21:30 +02:00
objcache.h gpg: Fix getting User ID. 2019-07-11 12:32:44 +09:00
openfile.c gpg: Rename a misnomed arg in open_outfile. 2018-01-28 18:59:18 +01:00
options.h gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
packet.h gpg: Rework the signature subpacket iteration function. 2019-09-05 20:38:23 +02:00
parse-packet.c gpg: Fix a recently introduced printf format buglet. 2019-09-27 15:57:52 +02:00
passphrase.c gpg: Move S2K encoding function to a shared file. 2019-01-26 23:10:38 +01:00
photoid.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
photoid.h gpg: A little clean up. 2019-07-23 12:04:21 +09:00
pkclist.c gpg: Fix expand GPG groups when resolving a key 2019-09-30 14:08:13 +02:00
pkglue.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pkglue.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
plaintext.c gpg: Fix using --decrypt along with --use-embedded-filename. 2019-05-17 13:40:24 +02:00
progress.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
pubkey-enc.c gpg: Return the last error for pubkey decryption. 2019-07-05 15:16:08 +09:00
pubring.asc Update copyright notices for 2017. 2017-01-23 19:16:55 +01:00
revoke.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
rmd160.c Clean up word replication. 2017-02-21 13:11:46 -05:00
rmd160.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
seckey-cert.c More change for common. 2017-03-07 20:32:09 +09:00
server.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
seskey.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
sig-check.c gpg: Add option --allow-weak-key-signatures. 2019-11-07 10:36:17 +01:00
sign.c gpg: Forbid the creation of SHA-1 third-party key signatures. 2019-11-11 11:41:00 +01:00
skclist.c gpg: Improve the code to decrypt using PIV cards. 2019-04-03 17:45:35 +02:00
t-keydb-get-keyblock.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-keydb-get-keyblock.gpg gpg: Correctly handle keyblocks followed by legacy keys. 2015-11-17 14:53:03 +01:00
t-keydb-keyring.kbx g10: Add test for keydb as well as new testing infrastructure. 2015-09-02 15:08:57 +02:00
t-keydb.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
t-rmd160.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
t-stutter-data.asc gpg: Add a new test. 2016-03-08 14:08:49 +01:00
t-stutter.c g10: Stop compiler warning for t-stutter. 2017-05-10 11:13:03 +09:00
tdbdump.c Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
tdbio.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
tdbio.h gpg: Pass CTRL arg to get_trusthashrec. 2018-03-26 18:06:43 +02:00
test-stubs.c g10: Change decryption key selection for public key encryption. 2018-08-27 13:12:31 +09:00
test.c tests: Locate resources and scripts relative to top source dir. 2017-04-24 14:14:05 +02:00
textfilter.c Remove -I option to common. 2017-03-07 20:25:54 +09:00
tofu.c gpg: New option --use-keyboxd. 2019-09-09 15:01:47 +02:00
tofu.h g10: Remove dead code. 2016-12-06 12:16:56 +01:00
trust.c gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
trustdb.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
trustdb.h gpg: Move key cleaning functions to a separate file. 2018-07-06 11:40:16 +02:00
verify.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
zlib-riscos.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00