diff options
| author | Werner Koch <wk@gnupg.org> | 2022-02-03 14:14:14 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2022-02-03 14:17:10 +0100 |
| commit | e23dc755fa725877ce96eb5a6a6f5788457267f4 (patch) | |
| tree | d0c1a1c26a0e2424fe91f4266b4216eb8a2dd7f2 /doc | |
| parent | gpg: Fix for -Wformat when using uint64_t. (diff) | |
| download | gnupg2-e23dc755fa725877ce96eb5a6a6f5788457267f4.tar.xz gnupg2-e23dc755fa725877ce96eb5a6a6f5788457267f4.zip | |
sm: New option --ignore-cert-with-oid.
* sm/gpgsm.c (oIgnoreCertWithOID): New.
(opts): Add option.
(main): Store its value.
* sm/call-agent.c (learn_cb): Test against that list.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gpgsm.texi | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index ee5a63861..8c139c7d4 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -699,6 +699,16 @@ This option adjusts the compliance mode "de-vs" for stricter key size requirements. For example, a value of 3000 turns rsa2048 and dsa2048 keys into non-VS-NfD compliant keys. +@item --ignore-cert-with-oid @var{oid} +@opindex ignore-cert-with-oid +Add @var{oid} to the list of OIDs to be checked while reading +certificates from smartcards. The @var{oid} is expected to be in +dotted decimal form, like @code{2.5.29.3}. This option may be used +more than once. As of now certificates with an extended key usage +matching one of those OIDs are ignored during a @option{--learn-card} +operation and not imported. This option can help to keep the local +key database clear of unneeded certificates stored on smartcards. + @item --faked-system-time @var{epoch} @opindex faked-system-time This option is only useful for testing; it sets the system time back or |