mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
818e9bad58
stable version 0.1.x. * scdaemon.texi (Card applications): New section. * scdaemon.c (main): New option --disable-application. * app.c (is_app_allowed): New. (select_application): Use it to check for disabled applications. * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version of libusb. (ccid_get_atr): Handle short messages. * apdu.c (my_rapdu_get_status): Implemented.
104 lines
3.3 KiB
Plaintext
104 lines
3.3 KiB
Plaintext
-*- outline -*-
|
|
|
|
|
|
* src/base64
|
|
** Make parsing more robust
|
|
Currently we don't cope with overlong lines in the best way.
|
|
|
|
* sm/call-agent.c
|
|
** The protocol uses an incomplete S-expression
|
|
We should always use valid S-Exp and not just parts.
|
|
** Some code should go into import.c
|
|
** When we allow concurrent service request in gpgsm, we
|
|
might want to have an agent context for each service request
|
|
(i.e. Assuan context).
|
|
|
|
* sm/certreqgen.c
|
|
** Improve error reporting
|
|
** Do some basic checks on the supplied DNs
|
|
|
|
* sm/certchain.c
|
|
** When a certificate chain was sucessfully verified, make ephemeral certs used in this chain permanent.
|
|
** figure out how to auto retrieve a key by serialno+issuer.
|
|
Dirmngr is currently not able to parse more than the CN.
|
|
|
|
* sm/decrypt.c
|
|
** replace leading zero in integer hack by a cleaner solution
|
|
|
|
* sm/gpgsm.c
|
|
** Support --output for all commands
|
|
** mark all unimplemented commands and options.
|
|
** Print a hint when MD2 is the cause for a problem.
|
|
** Implement --default-key
|
|
** Using --export-secret-key-p12 with a non-pth agent
|
|
This leads to a lockup because gpgsm is still accessing the agent
|
|
while gpg-protect-tool wants to pop up the pinentry. Solution is
|
|
to release the connection. This is not trivial, thus we are going
|
|
to do that while changing gpgsm to allow concurrent operations.
|
|
|
|
* sm/keydb.c
|
|
** Check file permissions
|
|
** Check that all error code mapping is done.
|
|
** Remove the inter-module dependencies between gpgsm and keybox
|
|
** Add an source_of_key field
|
|
|
|
* agent/gpg-agent.c
|
|
** A SIGHUP should also restart the scdaemon
|
|
But do this only after all connections terminated.
|
|
As of now we only send a RESET.
|
|
|
|
* agent/command.c
|
|
** Make sure that secure memory is used where appropriate
|
|
|
|
* agent/pkdecrypt.c, agent/pksign.c
|
|
** Don't use stdio to return results.
|
|
|
|
* agent/divert-scd.c
|
|
Remove the agent_reset_scd kludge.
|
|
|
|
* Move pkcs-1 encoding into libgcrypt.
|
|
|
|
* Use a MAC to protect some files.
|
|
|
|
* sm/export.c
|
|
** Return an error code or a status info per user ID.
|
|
|
|
* Where is http.c, regcomp.c, srv.c, w32reg.c ?
|
|
|
|
* scd/sc-investigate
|
|
** Enhance with card compatibility check
|
|
|
|
* tests
|
|
** Makefile.am
|
|
We use printf(1) to setup the library path, this is not portable.
|
|
Furthermore LD_LIBRARY_PATH is not used on all systems. It doesn't
|
|
matter for now, because we use some GNU/*BSDish features anyway.
|
|
|
|
** Add a test to check the extkeyusage.
|
|
|
|
* doc/
|
|
** Explain how to setup a root CA key as trusted
|
|
** Explain how trustlist.txt might be managed.
|
|
|
|
|
|
* Requirements by the BSI
|
|
** Support authorityKeyIdentifier.keyIdentifier
|
|
This needs support in libksba/src/cert.c as well as in sm/*.c.
|
|
Need test certs as well. Same goes for CRL authorityKeyIdentifier.
|
|
|
|
** For pkcs#10 request header.
|
|
We use "NEW CERTIFICATE REQUEST" the specs say "CERTIFICATE
|
|
REQUEST" should be used. However it seems that their CA software
|
|
is also able to use our header. Binary pkcs#10 request are not
|
|
allowed.
|
|
|
|
** Dirmngr: name subordination (nameRelativeToCRLIssuer)
|
|
is not yet supported by Dirmngr.
|
|
|
|
** Dirmngr: CRL DP URI
|
|
The CRL DP shall use an URI for LDAP without a host name. The host
|
|
name shall be looked by using the DN in the URI. We don't implement
|
|
this yet. Solution is to have a mapping DN->host in our ldapservers
|
|
configuration file.
|
|
|