| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--
See the code for a description of the problem. Tested using the certs
from the bug report and various command lines
gpgsm --faked-system-time=XXXX --disable-crl-checks \
-ea -v --debug x509 -r 0x95599828
with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired
The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.
GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/server.c (proc_wkd_get): Print new NOTE status
"wkd_cached_result".
* g10/call-dirmngr.c (ks_status_cb): Detect this and print a not ein
verbose mode.
--
This little patch is helpful to see why a WKD change still does not
work after it has been updated on the server.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/getkey.c (get_pubkey_byname): Extend is_mbox checking.
(get_best_pubkey_byname): Ditto.
--
With this patch it is now possible to use
gpg -e -r '<foo@example.org>'
and auto key locate will find the key. Without that a plain mail
address; i.e.
gpg -e -r 'foo@example.org'
was required.
GnuPG-bug-id: 4726
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): Increase by one.
* g10/keyid.c (format_hexfingerprint): Change v5 key formatting.
--
The new format are groups of 5 letters to resemble the CW speed
measurement rules. Many hams are used to such blocks from their CW
lessons. Note that there is no double blank in the middle as with the
v4 keys.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/call-keyboxd.c (struct store_parm_s): New.
(store_inq_cb): New.
(keydb_update_keyblock): Implement the keyboxd part.
(keydb_insert_keyblock): Ditto.
(keydb_delete_keyblock): Ditto.
(keydb_search_reset): Clear ubid flag. Also use the correct union
member for building the search string.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* kbx/kbxserver.c (cmd_delete): New.
* kbx/frontend.c (kbxd_delete): New.
* kbx/backend-kbx.c (be_kbx_delete): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* common/util.h (UBID_LEN): New. Use it at all places.
* kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
* kbx/keybox-dump.c (print_ubib): Remove.
(_keybox_dump_blob): Do not print the now removed ubid flag.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
for the size of the ubid and grip.
* kbx/keybox-search.c (blob_cmp_ubid): New.
(has_ubid): Make it a simple wrapper around blob_cmp_ubid.
(keybox_get_data): Add arg 'r_ubid'.
* kbx/frontend.h (enum kbxd_store_modes): New.
* kbx/kbxserver.c (cmd_store): Add new option --insert.
* kbx/backend-cache.c (be_cache_initialize): New.
(be_cache_add_resource): Call it here.
* kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
(be_kbx_search): Get the UBID from keybox_get_data.
* kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
(be_ubid_from_blob): new. Change all callers.
* kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
use the new cache init function.
(kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the
ubid. Take care of the mode.
--
It turned out that using the hash of the entire blob was not helpful.
Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint
of the blob. In case this is a v5 OpenPGP key a left truncated
version of the SHA-256 hash is used; in all other cases the full SHA-1
hash. Using a SHA-256 hash does not make sense because v4 keys are
and will for some time be the majority of keys and thus padding them
with zeroes won't make any difference. Even if fingerprint collisions
can eventually be created we will assume that the keys are bogus and
that it does not make sense to store its twin also in our key storage.
We can also easily extend the update code to detect a collision and
reject the update.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/dirmngr.c (time_for_housekeeping_p): Build with --fwrapv.
Replace protecting macro.
--
I once replaced all JNLIB macros by GPGRT macros. However, I missed
to get this right for the push pragma test and used
GPGRT_GCC_HAVE_PUSH_PRAGMA
instead of the correct
GPGRT_HAVE_PRAGMA_GCC_PUSH
Now after fixing this it turned out that no-strict-overflow is not
anymore supported as oprimize pragma and thus I replaced that too
according to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58454 .
Tested with 32 bit Windows but the real test will be in 2038.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/keydb.c (build_keyblock_image): Move to ...
* g10/build-packet.c (build_keyblock_image): here.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/http.h (struct parsed_uri_s): Add flag is_ldap.
* dirmngr/http.c (do_parse_uri): Set flag. Do not error out for a
missing slashes in an http scheme if NO_SCHEME_CHECK is active.
* dirmngr/t-http.c (main): Print new flag.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Use flag instead of
checking the scheme.
* dirmngr/ldap-parse-uri.c (ldap_uri_p): Re-implement using
http_parse_uri.
* dirmngr/t-ldap-parse-uri.c (main): Add option --verbose.
--
This patch merely remove the separate parser for checking for an LDAP
scheme. It is better to let our generic URI parser handle this. Also
fixes this bug
|| url[4] == 'i' || url[4] == 'i')
to make the rarely used ldapi scheme case-insensitive.
More changes to the LDAP code are planned.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* configure.ac: Do not build dirmngr if no TLS is available.
* dirmngr/http.c: Remove all uses of the USE_TLS macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* kbx/keybox.h: Fix naming of arguments.
* scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note
that this is anyway an impossible case.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* agent/call-pinentry.c (atfork_cb): Factor code out to ...
(atfork_core): new.
--
We convey certain envvars directly via the environment to Pinentry and
thus they don't show up in the Assuan logging. Because we better
don't call a logging function in an atfork handle, this patch splits
the code up and uses the same code to display what was done in at fork
after the connection has been established.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tools/wks-util.c (ensure_policy_file): New.
(wks_cmd_install_key): Call it.
--
GnuPG-bug-id: 4753
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* po/POTFILES.in: Update.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* doc/DETAILS: Specify new status code "NOTE".
* dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a
bad TLS certificate.
* g10/call-dirmngr.c (ks_status_cb): Detect this status.
--
For example a
gpg -v --locate-external-keys dd9jn@posteo.net
now yields
gpg: Note: server uses an invalid certificate
gpg: (further info: bad cert for 'posteo.net': \
Hostname does not match the certificate)
gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name
gpg: error reading key: Wrong name
(without -v the "further info" line is not shown). Note that even
after years Posteo is not able to provide a valid certificate for
their .net addresses. Anyway, this help to show the feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/http.c: Include dirmngr-status.h
(http_prepare_redirect): Emit WARNING status lines for redirection
problems.
* dirmngr/http.h: Include fwddecl.h.
(struct http_redir_info_s): Add field ctrl.
* dirmngr/ks-engine-hkp.c (send_request): Set it.
* dirmngr/ks-engine-http.c (ks_http_fetch): Set it.
* g10/call-dirmngr.c (ks_status_cb): Detect the two new warnings.
--
This should make it easier to diagnose problems with bad WKD servers.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* scd/ccid-driver.c (ccid_transceive_secure): When not supported,
return CCID_DRIVER_ERR_NOT_SUPPORTED.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* dirmngr/dns-stuff.c (cached_inet_support): New variable.
(dns_stuff_housekeeping): New.
(check_inet_support): New.
* dirmngr/http.c (connect_server): Use only detected interfaces.
* dirmngr/dirmngr.c (housekeeping_thread): Flush the new cache.
--
This currently works only for Windows but that is where users really
ran into problems. The old workaround was to configure disable-ipv4
or disable-ipv6.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/dirmngr.c (parse_ldapservers_file): Tune down error
in case no such file exists.
--
This is hardly an error because by default such a file
does not exist. This caused trouble in support because
people think "Oh the system prints an error".
GnuPG-Bug-Id: T3539
|
|
* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff. Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--
Note that the ldap_sslinit stuff for Windows has not been tested.
This patch removes the whole wrapper-but-linked business because we do
not need it anymore. WindowsCE for which we used it is pretty dead.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/sign.c (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): New.
(do_sign): Add arg signhints and inhibit SHA-1 signatures. Change
callers to pass 0.
(complete_sig): Add arg signhints and pass on.
(make_keysig_packet, update_keysig_packet): Set signhints.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* dirmngr/ldapserver.h: Rename LDAPSERVER_OPT.
--
Using _OPT is not good because it does not describe for what this
configuration group is used. _SESSION immediately shows the purpose.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.
* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.
* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--
There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option. This
patch fixes this. Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it. For backward
compatibility we do not yet do that.
Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used. Thus the
patch also detects an ldaps scheme and uses this. That part has not
been tested, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
Also fix a few related entries.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
GnuPG-bug-id: 4741
|
|
* g10/import.c (import_one_real): Don't do the final clean in the
merge case.
--
This fixes a regression introduced with self-sigs-only.
GnuPG-bug-id: 4628
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/gpg.c (main): Change condition for an info diagnostic.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* g10/delkey.c (do_delete_key): here.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/gpg.c (main): Remove a long standing FIXME.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* scd/ccid-driver.c (ccid_transceive_secure): Fix for 08e6:34c2.
Fixes-commit: c933c15d587a1c0df3f4b3bf37d8d15164dd318f
GnuPG-bug-id: 4654
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/getkey.c (get_best_pubkey_byname): Remove useless req_usage
setting of CTX.
Fixes-commit: f2734381ae1431e395a0bed16df2f4d5d13aa2c5
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/getkey.c (pubkey_cmp): Handle a primary key with
PUBKEY_USAGE_ENC, and make sure new key is for encryption.
(get_best_pubkey_byname): Add comment for ranking.
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* doc/gpg.texi (--locate-keys): Remove mentioning signing keys.
--
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/getkey.c (get_best_pubkey_byname): Always use PK0 to search
by get_pubkey_byname. Add initial call to pubkey_cmp to fill
BEST at first before the loop.
--
Fixes-commit: 44604209c1cfe18532d13eda63d8c1f86a6e12ec
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/delkey.c (do_delete_key): Simplify and correct subkey deletion.
--
GnuPG-bug-id: 4665, 4457
Fixes-commit: cc6069ac6ecd57dcbb808f28d54fd9f89dc55014
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/getkey.c (get_best_pubkey_byname): After the call of
get_pubkey_byname, set up CTX with KEYDB_SEARCH_MODE_LONG_KID to enter
the loop.
--
Fixes-commit: 7535f1d47a35e30f736f0e842844555f7a4a9841
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* scd/ccid-driver.c (ccid_transceive_secure): Add pinpad support
for 08e6:34c2 which supports extended APDU exchange.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
--
Reported-by: Steve McIntyre
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/getkey.c (get_best_pubkey_byname): Handle the first key
as the initial candidate for the selection.
--
GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* kbx/backend-kbx.c (be_kbx_update): New.
* kbx/frontend.c (kbxd_store): Call it.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/getkey.c (get_best_pubkey_byname): Free the public key parts.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
and remove debug output.
--
With 2.2 we do not not support SHA-1 key signatures anymore even if
that means that the WoT shrinks.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* g10/sig-check.c (check_signature_over_key_or_uid): Reject cewrtain
SHA-1 based signatures.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
