gnupg2 - gnupg2

	Commit message (Collapse)	Author	Age	Files	Lines
*	dirmngr: Use system certs if --hkp-cacert is not used.	Werner Koch	2017-09-18	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/certcache.c (any_cert_of_class): New var. (put_cert): Set it. (cert_cache_deinit): Clear it. (cert_cache_any_in_class): New func. * dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to override empty list of HKP certs. -- This patch carries the changes for GNUTLS from commit 7c1613d41566f7d8db116790087de323621205fe over to NTBTLS. NTBTLS works quite different and thus we need to do it this way. Signed-off-by: Werner Koch <wk@gnupg.org>
*	dirmngr: Load --hkp-cacert values into the certificate cache.	Werner Koch	2017-02-21	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/dirmngr.c (hkp_cacert_filenames): New var. (parse_rereadable_options): Store filenames from --hkp-cacert in the new var. (main, dirmngr_sighup_action): Pass that var to cert_cache_init. * dirmngr/certcache.c (cert_cache_init): Add arg 'hkp_cacert' and load those certs. (load_certs_from_file): Use autodetect so that PEM and DER encodings are possible. Signed-off-by: Werner Koch <wk@gnupg.org>
*	dirmngr: Implement trust classes for the cert cache.	Werner Koch	2017-02-21	1	-3/+12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/certcache.h (CERTTRUST_CLASS_SYSTEM): New. (CERTTRUST_CLASS_CONFIG): New. (CERTTRUST_CLASS_HKP): New. (CERTTRUST_CLASS_HKPSPOOL): New. * dirmngr/certcache.c (MAX_EXTRA_CACHED_CERTS): Rename to ... (MAX_NONPERM_CACHED_CERTS): this. (total_extra_certificates): Rename to ... (total_nonperm_certificates): this. (total_config_certificates): Remove. (total_trusted_certificates): Remove. (total_system_trusted_certificates): Remove. (cert_item_s): Remove field 'flags'. Add fields 'permanent' and 'trustclasses'. (clean_cache_slot): Clear new fields. (put_cert): Change for new cert_item_t structure. (load_certs_from_dir): Rename arg 'are_trusted' to 'trustclass' (load_certs_from_file): Use CERTTRUST_CLASS_ value for put_cert. (load_certs_from_w32_store): Ditto. (cert_cache_init): Ditto. (cert_cache_print_stats): Rewrite. (is_trusted_cert): Replace arg 'with_systrust' by 'trustclasses'. Chnage the test. * dirmngr/validate.c (allowed_ca): Pass CERTTRUST_CLASS_CONFIG to is_trusted_cert. (validate_cert_chain): Pass CERTTRUST_CLASS_ values to is_trusted_cert. -- These trust classes make it easier to select certain sets of root certificates. Signed-off-by: Werner Koch <wk@gnupg.org>
*	dirmngr: Add options --tls and --systrust to the VALIDATE cmd.	Werner Koch	2017-02-17	1	-1/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* dirmngr/certcache.h (certlist_s, certlist_t): New. * dirmngr/certcache.c (read_certlist_from_stream): New. (release_certlist): New. * dirmngr/server.c (MAX_CERTLIST_LENGTH): New. (cmd_validate): Add options --tls and --systrust. Implement them using a kludge for now. * dirmngr/validate.c (validate_cert_chain): Support systrust checking. Add kludge to disable the CRL checking for tls mode. -- This can now be used to test a list of certificates as returned by TLS. Put the certs PEM encoded into a a file certlist.pem with the target certificate being the first. Then run gpg-connect-agent --dirmngr \ '/definqfile CERTLIST wiki-gnupg-chain.pem' \ 'validate --systrust --tls' /bye CRLS check has been disabled becuase we can't yet pass the systrust flag to the CRL checking code. Signed-off-by: Werner Koch <wk@gnupg.org>
*	dirmngr: Load all system provided certificates.	Werner Koch	2017-02-16	1	-3/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* configure.ac: Add option --default-trust-store. (DEFAULT_TRUST_STORE_FILE): New ac_define. * dirmngr/certcache.c: Include ksba-io-support.h. (total_trusted_certificates, total_system_trusted_certificates): New. (put_cert): Manage the new counters. (cert_cache_deinit): Reset them. (cert_cache_print_stats): Print them. (is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass false. (load_certs_from_file): New. (load_certs_from_system): New. (cert_cache_init): Load system certificates. -- Note that this code does not yet allow to load the system certificates on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
*	Nuked almost all trailing white space.post-nuke-of-trailing-ws	Werner Koch	2011-02-04	1	-1/+1
\| \| \| \| \| \| \| \|	We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
*	Merged Dirmngr with GnuPG.	Werner Koch	2010-06-09	1	-0/+103
	A few code changes to support dirmngr.