| Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
* doc/com-certs.pem: Install it when creating a keybox.
|
|
|
|
* configure.ac: Require Libassuan 2.0.3.
* agent/call-scd.c (ASSUAN_CONVEY_COMMENTS): Remove macro replacement.
* agent/command.c (cmd_killagent) [ASSUAN_FORCE_CLOSE]: Remove
dependency.
(cmd_killagent) [ASSUAN_FORCE_CLOSE]: Ditto.
* scd/command.c (cmd_killscd) [ASSUAN_FORCE_CLOSE]: Ditto.
|
|
* scd/apdu.c (pcsc_keypad_verify): Add debug log and error log.
(pcsc_keypad_modify): Likewise.
|
|
* scd/apdu.c (apdu_connect): Do not test for zero atrlen.
--
When gpg-agent prompts for insertion of a card this error would be
returned.
Co-authored-by: Ben Kibbey <bjk@luxsci.net>
|
|
* agent/call-pinentry.c (agent_popup_message_stop): To pinentry, send
SIGINT (was: SIGKILL).
|
|
* photoid.c (generate_photo_id): Check for the JPEG magic numbers
instead of JFIF since some programs generate an EXIF header first.
|
|
* scd/app.c (select_application): Reorder application tests.
--
Although the DINSIG application is available on most German cards, it
is in reality not used. Thus showing the Geldkarte application is
more desirable for a good user experience.
|
|
* scd/atr.c: Rewrite.
* scd/Makefile.am (scdaemon_SOURCES): Add atr.c and atr.h.
* scd/command.c (cmd_apdu): Add option --dump-atr.
|
|
* common/estream.c (cookie_ioctl_function_t): New type.
(es_fclose_snatch): New function.
(COOKIE_IOCTL_SNATCH_BUFFER): New constant.
(struct estream_internal): Add field FUNC_IOCTL.
(es_initialize): Clear FUNC_IOCTL.
(es_func_mem_ioctl): New function.
(es_fopenmem, es_fopenmem_init): Init FUNC_IOCTL.
|
|
* scd/app.c (select_application): Skip serial number reading.
|
|
|
|
* scd/app.c (select_application): Implement the "undefined"
application.
|
|
* agent/call-scd.c (pass_status_thru): Pass comment lines verbatim.
* tools/gpg-connect-agent.c (help_cmd_p): New.
(main): Treat an "SCD HELP" the same as "HELP".
|
|
* scd/command.c (update_card_removed): Do no act on an invalid VRDR.
(do_reset): Ignore apdu_reset error codes for no and inactive card.
Close the reader before setting the slot to -1.
(update_reader_status_file): Notify the application before closing the
reader.
--
With this change the scd now works as it did in the past. In
particular there is no more endless loop trying to open the reader by
the update_reader_status_file ticker function. That bug basically
blocked all card operations until the scdaemon was killed.
|
|
* scd/scdaemon.h (DBG_READER_VALUE, DBG_READER): New.
* scd/apdu.c (apdu_open_reader, apdu_close_reader)
(apdu_shutdown_reader, apdu_connect, apdu_disconnect)
(apdu_reset, apdu_get_atr, apdu_get_status): Add debug code.
(apdu_activate): Remove this unused function.
|
|
* scd/scdaemon.c (oDebugAssuanLogCats): New.
(opts): Add option --debug-assuan-log-cats.
(main): Implement option.
* common/asshelp.c (set_libassuan_log_cats): New.
--
The old way of setting the logging categories with an environment
variable is awkward if sdaemon is spawned from a running gpg-agent.
|
|
The vreader table makes the code more clear by explicitly talking
about APDU slots and reader indices. It also accommodates for future
extensions.
* scd/scdaemon.h (server_control_s): Remove READER_SLOT.
* scd/scdaemon.c (scd_init_default_ctrl): Do not init READER_SLOT.
* scd/app.c (check_application_conflict): Add arg SLOT.
* scd/command.c (slot_status_s): Rename to vreader_s.
(server_local_s): Add field VREADER_IDX as replacement for
the READER_SLOT in server_control_s. Change all users.
(slot_table): Rename to vreader_table. Change all users.
(vreader_slot): New.
(do_reset, cmd_apdu): Map vreader to apdu slot.
(get_reader_slot): Rename to get_current_reader. Return -1 on error.
(open_card): Map vreader toapdu slot. Pass slot to
check_application_conflict.
(scd_command_handler): Init VREADER_IDX.
(update_reader_status_file): Reset SLOT field on error.
|
|
* scd/command.c (cmd_serialno): Retry once for an inactive card.
|
|
* scd/apdu.c (apdu_connect): Return status codes for no card available
and inactive card.
* scd/command.c (TEST_CARD_REMOVAL): Also test for GPG_ERR_CARD_RESET.
(open_card): Map apdu_connect status to GPG_ERR_CARD_RESET.
|
|
* scripts/gitlog-to-changelog: Add option --tear-off.
* Makefile.am (gen-ChangeLog): Use that option.
|
|
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute. Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--
This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html . The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known). Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
|
|
* Makefile.am (gen-ChangeLog): Supply --append-dot.
|
|
* scripts/gitlog-to-changelog: Ignore lines after a "--" line.
--
The first line with two dashes at the start of a line (optionally
followed by white space) stops copying the commit log lines to the
ChangeLog entry in "make dist". This is useful to allow adding
comments to the log which are not useful in a ChangeLog.
|
|
* sm/certreqgen.c (pAUTHKEYID): New.
(read_parameters): Add keyword Authority-Key-Id.
(proc_parameters): Check its value.
(create_request): Insert an Authority-Key-Id.
|
|
* sm/certreqgen.c (pSUBJKEYID, pEXTENSION): New.
(read_parameters): Add new keywords.
(proc_parameters): Check values of new keywords.
(create_request): Add SubjectKeyId and extensions.
(parse_parameter_usage): Support "cert" and the encrypt alias "encr".
|
|
* sm/certreqgen.c (create_request): Fix hex-bin conversion.
|
|
* agent/command.c (start_command_handler): Remove use of removed var.
|
|
* agent/command.c (server_local_s): Remove unused field MESSAGE_FD.
|
|
* scd/ccid-driver.c (SCM_SCR331, SCM_SCR331DI, SCM_SCR335)
(SCM_SCR3320, SCM_SPR532, CHERRY_ST2000): New constants.
(parse_ccid_descriptor): Use them.
(scan_or_find_usb_device, ccid_transceive_secure): Handle Cherry
ST-2000. Suggested by Matthias-Christian Ott.
|
|
* g10/export.c (transfer_format_to_openpgp): Avoid possible double
free of LIST. Reported by NIIBE Yutaka.
|
|
* apdu.c (pcsc_keypad_verify): Have dummy Lc field with value 0.
(pcsc_keypad_modify): Likewise.
(pcsc_keypad_modify): It's only for ISO7816_CHANGE_REFERENCE_DATA.
bConfirmPIN value is determined by the parameter p0.
* app-openpgp.c (do_change_pin): The flag use_keypad should be 0 when
reset_mode is on, or resetcode is on. use_keypad only makes sense for
iso7816_change_reference_data_kp.
* iso7816.h (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
* iso7816.c (iso7816_put_data_kp): Remove.
(iso7816_reset_retry_counter_kp): Remove.
(iso7816_reset_retry_counter_with_rc_kp): Remove.
(iso7816_change_reference_data_kp): Add an argument: IS_EXCHANGE.
|
|
* autogen.sh: Install commit-msg hook for git.
|
|
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
|
|
|
|
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. Change
iobuf arg to a estream-t. Rewrite function to make use of estream
instead of iobuf. Require all parameters. Return an gpg_error_t
error instead of the type. Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
|
|
* common/estream.h (es_fopenmem_init): New.
|
|
* estream.c (func_mem_create): Don't set FUNC_REALLOC if GROW is not
set. Require FUNC_REALLOC if DATA is NULL and FUNC_FREE is given.
|
|
|
|
|
|
|
|
* common/t-dns-cert.c (main): Increase MAX_SIZE to 64k.
* g10/keyserver.c (DEFAULT_MAX_CERT_SIZE): Increase from 16k to 64k.
|
|
* dns-cert.c (get_dns_cert): Factor test code out to ...
* t-dns-cert.c: new file.
|
|
admin).
|
|
|
|
|
|
Run this script in the parent directory of the working copies. It
does a VPATH build in ~/tmp/gpg-tmp/b in the right order and installs
everything below ~/tmp/gpg-tmp/.
Based on a script by Jim Meyering.
|
|
* m4/gpg-error.m4: Update from git master.
|