summaryrefslogtreecommitdiffstats
path: root/dirmngr (follow)
Commit message (Collapse)AuthorAgeFilesLines
* dirmngr: Return modifyTimestamp and add server option --newer.Werner Koch2023-04-047-27/+195
| | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --newer. (cmd_ad_query): Ditto. * dirmngr/ldap-misc.c (isotime2rfc4517): New. (rfc4517toisotime): New. * dirmngr/ks-action.c (ks_action_get): Add arg newer and pass on. (ks_action_query): Ditto. * dirmngr/ks-engine-ldap.c (extract_keys): Print new "chg" record. (ks_ldap_get): Add arg newer. Modify filter with newer arg. (ks_ldap_search): Print the modifyTimestamp. (ks_ldap_query): Add arg newer. Modify filter with newer arg. -- Note that the modifyTimestamp is also available on Windows, where its value is more commonly known as whenChanged. Both are constructed attributes. Note that the --newer option is a bit of a misnomer because LDAP has only a greater-or-equal and no greater-than operator.
* dirmngr: New command AD_QUERY.Werner Koch2023-03-208-138/+758
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dirmngr.h: Include name-value.h (struct server_control_s): Add rootdse and rootdse_tried. * dirmngr/dirmngr.c (dirmngr_deinit_default_ctrl): Release them. * dirmngr/ks-engine.h (KS_GET_FLAG_ROOTDSE): Add two new flags. * dirmngr/ks-engine-ldap.c: Include ks-action.h (SERVERINFO_GENERIC): New. (struct ks_engine_ldap_local_s): Add scope. (ks_ldap_new_state): Set a default scope. (ks_ldap_clear_state): Ditto. (my_ldap_connect): Add flag generic. (return_all_attributes): New. (fetch_rootdse): New. (basedn_from_rootdse): New. (ks_ldap_get): Move some code out to ... (ks_ldap_prepare_my_state): New. (ks_ldap_query): New. * dirmngr/ks-action.c (ks_action_parse_uri): Factored out from server.c (ks_action_query): New. * dirmngr/server.c (make_keyserver_item): Factored most code out to ks_action_parse_uri. (cmd_ad_query): New. -- This command allows to query the Windows Active directory.
* dirmngr: Add framework to implement a fake CRL feature.Werner Koch2023-03-166-2/+87
| | | | | | | | | * dirmngr/fakecrl.c: New. * dirmngr/dirmngr.h (opt): Add fake_crl. * dirmngr/dirmngr.c (enum cmd_and_opt_values): Add oFakeCRL. (opts): Add "fake-crl" (parse_rereadable_options): Set opt.fake_crl. * dirmngr/server.c (cmd_isvalid): Take care of fakce CRLs.
* dirmngr: Add command "GETINFO stats".Werner Koch2023-03-107-35/+56
| | | | | | | | | | | * dirmngr/server.c (cmd_getinfo): New sub-command "stats". (dirmngr_status_helpf): Allow for a CTRL of NULL. * dirmngr/certcache.c (cert_cache_print_stats): Add arg ctrl and use dirmngr_status_helpf. Adjust all callers. * dirmngr/domaininfo.c (domaininfo_print_stats): Ditto. * sm/certchain.c (ask_marktrusted): Flush stdout before printing the fingerprint.
* dirmngr: Distinguish between "no crl" and "crl not trusted".Werner Koch2023-03-095-11/+29
| | | | | | | | | | | | | | | | | * dirmngr/crlcache.h (CRL_CACHE_NOTTRUSTED): New. * dirmngr/crlcache.c (cache_isvalid): Set this status. (crl_cache_cert_isvalid): Map it to GPG_ERR_NOT_TRUSTED. (crl_cache_reload_crl): Move diagnostic to ... * dirmngr/crlfetch.c (crl_fetch): here. * dirmngr/server.c (cmd_isvalid): Map it to GPG_ERR_NOT_TRUSTED. * dirmngr/validate.c (check_revocations): Handle new status. Improve diagnostics. * common/status.c (get_inv_recpsgnr_code): Map INV_CRL_OBJ. * common/audit.c (proc_type_verify): Ditto. -- This avoids repeated loading of CRLs in case of untrusted root certificates.
* dirmngr: Minor code cleanup in the CRL cache.Werner Koch2023-03-081-10/+25
| | | | | | | * dirmngr/crlcache.c (INVCRL_TOO_OLD): New. (INVCRL_UNKNOWN_EXTN, INVCRL_GENERAL): New. (open_dir, crl_cache_insert): Use the new constants. (list_one_crl_entry): Make diagnostics robust for new INVCRL codes.
* doc: Typo fixes and new notes in DETAILSWerner Koch2023-03-031-1/+1
| | | | --
* dirmngr: New debug flag "keeptmp".Werner Koch2023-02-232-1/+4
| | | | | | | | | * dirmngr/dirmngr.c (debug_flags): Add "keeptmp". (set_debug): Don't set in with "guru". * dirmngr/dirmngr.h (DBG_KEEPTMP_VALUE): New. -- Note that flag is not yet used.
* dirmngr: Cleanup of the no-Tor check with --gpgconf-* commandsWerner Koch2023-01-111-8/+15
| | | | | | | | * dirmngr/dirmngr.c (post_option_parsing): Add arg CMD. (main): Pass the current command. -- Updates-commit: 9f37e93dd741a5436ff412955628806ae84725ca
* build: Remove Windows CE support.NIIBE Yutaka2022-12-091-2/+2
| | | | | | | | | | | | | | | | * agent/Makefile.am [HAVE_W32CE_SYSTEM]: Remove. * am/cmacros.am [HAVE_W32CE_SYSTEM]: Remove. * autogen.sh: Remove W32ce_ variables. * configure.ac: Likewise. * dirmngr/Makefile.am (extra_bin_ldflags): Remove. * g10/Makefile.am [HAVE_W32CE_SYSTEM]: Remove. * kbx/Makefile.am: Likewise. * sm/Makefile.am (extra_bin_ldflags): Remove. * tools/Makefile.am (extra_bin_ldflags): Remove. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* gpgsm: Print revocation date and reason in cert listings.Werner Koch2022-12-053-25/+70
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/ocsp.c (ocsp_isvalid): Add args r_revoked_at and r_revocation_reason. * dirmngr/server.c (cmd_isvalid): Emit a new REVOCATIONINFO status. (cmd_checkocsp): Ditto. * sm/call-dirmngr.c (struct isvalid_status_parm_s): Add new fields. (isvalid_status_cb): Parse REVOCATIONINFO. (gpgsm_dirmngr_isvalid): Add args r_revoked_at and r_revocation_reason. * sm/gpgsm.h (struct server_control_s): Add fields revoked_art and revocation_reason. * sm/keylist.c (list_cert_raw): Print revocation date. (list_cert_std): Ditto. -- Note that for now we do this only for OCSP because it is an important piece of information when using the chain model. For a sample key see commit 7fa1d3cc821dca1ea8e1c80a0bdd527177c185ee.
* doc: Comment typo fixWerner Koch2022-11-291-2/+2
| | | | --
* dirmngr: Silence ocsp debug output.Werner Koch2022-11-251-2/+5
| | | | | | | * dirmngr/ocsp.c (check_signature_core): No debug output -- Also typo and doc fixes.
* dirmngr: Fix verification of ECDSA signed CRLs.Werner Koch2022-11-152-3/+4
| | | | | | | | * dirmngr/crlcache.c (finish_sig_check): Use raw value for the data. -- This had the usual signed/unsigned problem. By using the modern form we enforce Libgcrypt internal parsing as unsigned integer.
* agent,common,dirmngr,tests,tools: Remove spawn PREEXEC argument.NIIBE Yutaka2022-10-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | * common/exechelp-posix.c (do_exec): Remove PREEXEC argument. (gnupg_spawn_process): Likewise. (gnupg_spawn_process_fd): Follow the change of do_exec. (gnupg_spawn_process_detached): Likewise. * common/exechelp-w32.c (gnupg_spawn_process): Remove PREEXEC. * common/exechelp.h (gnupg_spawn_process): Remove PREEXEC. * agent/genkey.c (do_check_passphrase_pattern): Follow the change. * common/exectool.c (gnupg_exec_tool_stream): Likewise. * dirmngr/ldap-wrapper.c (ldap_wrapper): Likewise. * tests/gpgscm/ffi.c (do_spawn_process): Likewise. * tools/gpgconf-comp.c (gc_component_check_options): Likewise. (retrieve_options_from_program): Likewise. * tools/gpgconf.c (show_versions_via_dirmngr): Likewise. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. -- PREEXEC is not portable feature and it's not used. GnuPG-bug-id: 6249 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Fix build with no LDAP support.NIIBE Yutaka2022-10-141-0/+2
| | | | | | | | | * dirmngr/server.c [USE_LDAP] (start_command_handler): Conditionalize. -- GnuPG-bug-id: 6239 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Support paged LDAP mode for KS_GETWerner Koch2022-10-053-37/+214
| | | | | | | | | | | | | | | | | | | | * dirmngr/ks-engine-ldap.c (PAGE_SIZE): New. (struct ks_engine_ldap_local_s): Add several new fields. (ks_ldap_clear_state): Release them. (search_and_parse): Factored out from ks_ldap_get and extended to support the paged mode. (ks_ldap_get): Implement the pages mode for --first and --next. * dirmngr/server.c (cmd_ks_get): Provide a dummy passphrase in --first mode. * dirmngr/Makefile.am (dirmngr_LDADD): Add LBER_LIBS. -- The paged mode allows to retrieve more items than the servers usually limit (e.g. 1000 for an LDS). This patch also allows to use --first without a patter to retrieve all keyblocks (except for disabled and revoked keys). GnuPG-bug-id: 6224
* dirmngr: New options --first and --next for KS_GET.Werner Koch2022-10-046-133/+345
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/server.c (cmd_ks_get): Add option --first and --next. (start_command_handler): Free that new ldap state. * dirmngr/ks-engine-ldap.c (struct ks_engine_ldap_local_s): New. (ks_ldap_new_state, ks_ldap_clear_state): New. (ks_ldap_free_state): New. (return_one_keyblock): New. Mostly factored out from .... (ks_ldap_get): here. Implement --first/--next feature. * dirmngr/ks-action.c (ks_action_get): Rename arg ldap_only to ks_get_flags. * dirmngr/ks-engine.h (KS_GET_FLAG_ONLY_LDAP): New. (KS_GET_FLAG_FIRST): New. (KS_GET_FLAG_NEXT): New. * dirmngr/dirmngr.h (struct server_control_s): Add member ks_get_state. (struct ks_engine_ldap_local_s): New forward reference. -- This feature allows to fetch keyblock by keyblock from an LDAP server. This way tools can process and maybe filter each keyblock in a more flexible way. Here is an example where two keyblocks for one mail address are returned: $ gpg-connect-agent --dirmngr > ks_get --ldap --first <foo@example.org> [... First keyblock is returned ] OK > ks_get --next [ ... Next keyblock is returned ] OK > ks_get --next ERR 167772218 No data <Dirmngr> GnuPG_bug_id: 6224
* dirmngr: Minor fix for baseDN fallback.Werner Koch2022-09-291-37/+22
| | | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): Avoid passing data behind the EOS. (interrogate_ldap_dn): Stylistic change. -- This also updates the my_ldap_connect description. GnuPG-bug-id: 6047
* dirnmgr: Fix the function prototype.NIIBE Yutaka2022-09-291-1/+1
| | | | | | | | | * dirmngr/ldap-wrapper.c (ldap_wrapper_wait_connections): It's with no arguments. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Change interrogate_ldap_dn for better memory semantics.NIIBE Yutaka2022-09-291-28/+12
| | | | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): Return BASEDN found, memory allocated. (my_ldap_connect): Follow the change, removing needless allocation. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Interrogate LDAP server when base DN specified.Joey Berkovitz2022-09-291-7/+26
| | | | | | | | | | * dirmngr/ks-engine-ldap.c (my_ldap_connect): interrogate LDAP server when basedn specified. -- GnuPG-bug-id: 6047 Signed-off-by: Joey Berkovitz <joeyberkovitz@gmail.com>
* dirmngr: Fix lost flags during LDAP uploadWerner Koch2022-09-282-15/+18
| | | | | | | | | | * dirmngr/ldapserver.c (ldapserver_parse_one): Turn LINE into a const. Use strtokenize instead of strtok style parsing. -- This fixes a problem with resulted in a General Error for the second key to be uploaded in the same session. But only if the colon format to specify a keyserver with flags was used.
* dirmngr: New server flag "areconly" (A-record-only)Werner Koch2022-09-285-3/+48
| | | | | | | | | | | | | | | * dirmngr/dirmngr.h (struct ldap_server_s): Add field areconly. * dirmngr/ldapserver.c (ldapserver_parse_one): Parse "areconly" * dirmngr/ks-engine-ldap.c (my_ldap_connect): Implement this flag. * dirmngr/dirmngr_ldap.c: Add option --areconly (connect_ldap): Implement option. * dirmngr/ldap.c (run_ldap_wrapper): Add and pass that option. -- This flag is used to pass the Windows specific option LDAP_OPT_AREC_EXCLUSIVE. It is ignored on other systems. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr: Support gpgMailbox for mode MAILSUB and MAILEND.Werner Koch2022-09-261-2/+8
| | | | | * dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Use gpgMailbox if server supports this.
* dirmngr: Factor out interrogate_ldap_dn function.NIIBE Yutaka2022-09-261-66/+69
| | | | | | | | | * dirmngr/ks-engine-ldap.c (interrogate_ldap_dn): New. -- GnuPG-bug-id: 6047 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Fix CRL DP error fallback to other schemes.Werner Koch2022-09-161-28/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlcache.c (crl_cache_reload_crl): Rework the double loop. Remove the unused issuername_uri stuff. -- It is quite common that LDAP servers are blocked and thuis the HTTP access point should be used instead. This worked well for certificates where the DP are given in this form: crlDP: ldap://x500.bund.de/[...] http://x500.bund.de/[...] issuer: none but it failed for this form crlDP: ldap://x500.bund.de/[...] issuer: none crlDP: http://x500.bund.de/[...] issuer: none because the LAST_ERR thing terminated the outer loop. This pacth fixes this and also cleans up the code to be more robust. Note that the common workaround of using --ignore-ldap-dp will now only be needed if the firewall uses packet dropping instead of proper ICMP rejects.
* dirmngr:dns,doc,gpg: Fix for noreturn for C11.NIIBE Yutaka2022-09-161-1/+1
| | | | | | | | | | | * dirmngr/dns.c: Use __noreturn__. * doc/yat2m.c: Likewise. * g10/main.h: Likewise. -- GnuPG-bug-id: 4002 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Fix for USE_LDAP.NIIBE Yutaka2022-09-142-0/+7
| | | | | | | | | | * dirmngr/ks-action.c [USE_LDAP] (ks_action_help): Recover variables. * dirmngr/server.c [USE_LDAP] (dirmngr/server.c): Likewise. -- Fixes-commit: 3d7dbf16618db4d0dc602daadbde098d4a14b528 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr:dns: Fixes for function prototypes.NIIBE Yutaka2022-09-141-59/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/dns.c (dns_a_parse0, dns_a_push0, dns_a_cmp0): New. (dns_a_print0, dns_aaaa_parse0, dns_aaaa_cmp0): New. (dns_aaaa_print0, dns_mx_parse0, dns_mx_push0, dns_mx_cmp0): New. (dns_mx_print0, dns_mx_cname0, dns_ns_parse0, dns_ns_push0): New. (dns_ns_cmp0, dns_ns_print0, dns_ns_cname0, dns_cname_parse0): New. (dns_cname_push0, dns_cname_cmp0, dns_cname_print0): New. (dns_cname_cname0, dns_soa_parse0, dns_soa_push0): New. (dns_soa_cmp0, dns_soa_print0, dns_srv_parse0, dns_srv_push0): New. (dns_srv_cmp0, dns_srv_print0, dns_srv_cname0, dns_opt_parse0): New. (dns_opt_push0, dns_opt_cmp0, dns_opt_print0, dns_ptr_parse0): New. (dns_ptr_push0, dns_ptr_cmp0, dns_ptr_print0, dns_ptr_cname0): New. (dns_sshfp_parse0, dns_sshfp_push0, dns_sshfp_cmp0): New. (dns_sshfp_print0, dns_txt_parse0, dns_txt_push0, dns_txt_cmp0): New. (struct dns_rrtype): Add function prototypes. (dns_rrtypes): Use "0" variant of functions. (DNS_PRAGMA_PUSH, DNS_PRAGMA_POP): Remove. -- Original code was pretty badly written ignoring the type system of C, but modern compiler encourages use of the type system. No architectural changes, but only things mechanically possible. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent,dirmngr,gpg,scd: Clean up for modern compiler.NIIBE Yutaka2022-09-144-6/+4
| | | | | | | | | | | | | | | | | | * agent/protect.c (agent_get_shadow_info_type): It's a write only variable, useful for debugging. * g10/key-check.c (key_check_all_keysigs): Likewise. * g10/keyedit.c (show_basic_key_info, menu_expire): Likewise. * scd/app-sc-hsm.c (read_ef_prkd): Likewise. * dirmngr/crlfetch.c (fetch_next_ksba_cert): Initialize the vars. * dirmngr/ks-action.c (ks_action_help): Remove unused variables. * dirmngr/server.c (make_keyserver_item): Likewise. * dirmngr/validate.c (check_cert_sig): Initialize the variable. * scd/app-p15.c (select_and_read_record): Likewise. * tests/gpgscm/scheme.c (scheme_init_new): A function with no args. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: New option --debug-cache-expired-certs.Werner Koch2022-08-313-3/+14
| | | | | | | | * dirmngr/dirmngr.h (opt): Add debug_cache_expired_certs: * dirmngr/dirmngr.c (oDebugCacheExpiredCerts): New. (opts): Add option. (parse_rereadable_options): Set option. * dirmngr/certcache.c (put_cert): Handle the option.
* dirmngr: Reject certificate which is not valid into cache.NIIBE Yutaka2022-08-261-0/+14
| | | | | | | | | | | | | | | | * dirmngr/certcache.c (put_cert): When PERMANENT, reject the certificate which is obviously invalid. -- With this change, invalid certificates from system won't be registered into cache. Then, an intermediate certificate which is issued by an entity certified by such an invalid certificate will be also rejected with GPG_ERR_INV_CERT_OBJ. With less invalid certificates in cache, it helps the validate_cert_chain function work better. GnuPG-bug-id: 6142 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Fix NTBTLS include for testAndre Heinecke2022-08-161-1/+2
| | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add NTBTLS. -- This fixes the build in case every lib is installed into its own prefix.
* dirmngr: Fix failed malloc error message.Werner Koch2022-08-031-2/+5
| | | | * dirmngr/ocsp.c (check_signature): Fix error printing of xtrymalloc.
* dirmngr: Fix a wrong compiler warning.Werner Koch2022-06-131-1/+1
| | | | | | | -- validate.c:1103:13: warning: ‘saltlen’ may be used uninitialized in this function [-Wmaybe-uninitialized]
* dirmngr: Fix for Windows.NIIBE Yutaka2022-05-101-4/+38
| | | | | | | | | | | | | * dirmngr/http.c (EHOSTUNREACH, EAFNOSUPPORT): Define when not available. [HTTP_USE_GNUTLS] (my_gnutls_read): Use recv for Windows. [HTTP_USE_GNUTLS] (my_gnutls_write): Use send for Windows. -- Reported-by: Eli Zaretskii GnuPG-bug-id: 5899 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Fix for C90 compiler.NIIBE Yutaka2022-04-261-1/+2
| | | | | | | | * dirmngr/dirmngr.c (main): Declaration before a statement. -- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* Deprecate the --supervised options.Werner Koch2022-04-251-1/+4
| | | | | | | | * agent/gpg-agent.c (main): Mark --supervised as deprecated. * dirmngr/dirmngr.c (main): Ditto. -- The supervised thing causes more trouble than it pretends to solve.
* dirmngr: Fix MakefileWerner Koch2022-04-211-1/+1
| | | | | -- Fixes-commit: 89dc9f1e6916ebd123852534b8cada2fc3555688
* dirmngr: Changes to the linking order.Werner Koch2022-04-201-11/+15
| | | | | | * dirmngr/Makefile.am: Tweak library order. -- (cherry picked from commit 3c79ff34c417bfc392008eca1970b86bec54d6c3)
* sm: Print diagnostic about CRL problems due to Tor mode.Werner Koch2022-04-113-23/+39
| | | | | | | | | | | | | | | | | | | | | | * dirmngr/crlfetch.c (crl_fetch, crl_fetch_default) (ca_cert_fetch, start_cert_fetch): Factor Tor error out to ... (no_crl_due_to_tor): new. Print status note. * dirmngr/ks-engine-ldap.c (ks_ldap_get) (ks_ldap_search, ks_ldap_put): Factor Tor error out to ... (no_ldap_due_to_tor): new. Print status note. * dirmngr/ocsp.c (do_ocsp_request): Print status note. * sm/misc.c (gpgsm_print_further_info): New. * sm/call-dirmngr.c (warning_and_note_printer): New. (isvalid_status_cb): Call it. (lookup_status_cb): Ditto. (run_command_status_cb): Ditto. * common/asshelp2.c (vprint_assuan_status): Strip a possible trailing LF. --
* dirmngr: Fix for SOCK.NIIBE Yutaka2022-03-301-1/+1
| | | | | | | | | | * dirmngr/http.c (connect_with_timeout): Use FD2INT to unwrap SOCK. -- GnuPG-bug-id: 5899 Reported-by: Eli Zaretskii Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Clean up for not supporting WindowsCE.NIIBE Yutaka2022-03-293-174/+1
| | | | | | | | | | | * dirmngr/Makefile.am (dirmngr_SOURCES): Remove w32-ldap-help.h. * dirmngr/cdblib.c (cdb_init): Remove for __MINGW32CE__. * dirmngr/w32-ldap-help.h: Remove. -- Fixes-commit: 4c295646ba0e175743e6be13457308c1e6d21dd3 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Escape more characters in WKD requests.Werner Koch2022-03-281-1/+1
| | | | | | * dirmngr/server.c (proc_wkd_get): Also escape '#' and '+' -- GnuPG-bug-id: 5902
* dirmngr: Workaround for a certain broken LDAP URLWerner Koch2022-03-251-3/+19
| | | | | | | | | | | | | | | | * dirmngr/ldap.c (url_fetch_ldap): Detect and replace. -- The actual URL causing this is ldap://ldap.dgnservice.de:389/CN=CRL-1,O=DGN%20Service%20GmbH,\ C=DE?certificateRevocationList?base?objectClass=cRLDistributionPoint It is actually not very helpful because I had problems finding the issuer cert: CN=dgnservice CRL2101 13:PN,O=DGN Deutsches Gesundheitsnetz \ Service GmbH,C=DE
* dirmngr: Suppress error message on trial reading as PEM format.NIIBE Yutaka2022-03-251-5/+7
| | | | | | | | | | | * dirmngr/dirmngr-client.c (read_pem_certificate): Add NO_ERRMSG argument to suppress the error message. (read_certificate, squid_loop_body): Follow the change. -- GnuPG-bug-id: 5531 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Clear the error count to try certificate as binary.NIIBE Yutaka2022-03-241-0/+2
| | | | | | | | | | * dirmngr/dirmngr-client.c (read_certificate): Call log_get_errorcount. -- GnuPG-bug-id: 5531 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr: Make WKD_GET work even for servers not handling SRV RRs.Werner Koch2022-03-211-1/+8
| | | | | | | | | | | * dirmngr/server.c (proc_wkd_get): Take care of DNS server failures -- Unfortunately there are resolver setups which don't handle SRV records but return a server error. We let a not found error pass, because that merely means the domain does not exists. GnuPG-bug-id: 4729
* dimngr: Do not check the self-signature of a root CA cert.Werner Koch2022-02-271-8/+8
| | | | * dirmngr/validate.c (validate_cert_chain): Comment out that code.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 03:31:35 +0100