summaryrefslogtreecommitdiffstats
path: root/doc/DETAILS (follow)
Commit message (Collapse)AuthorAgeFilesLines
* indent: Fix spellingDaniel Kahn Gillmor2024-05-311-7/+7
| | | | | | | | | | | | | -- These are non-substantive corrections for minor spelling mistakes within the GnuPG codebase. With something like this applied to the codebase, and a judiciously tuned spellchecker integrated as part of a standard test suite, it should be possible to keep a uniform orthography within the project. GnuPG-bug-id: 7116
* gpg: Support dual keygrips.Werner Koch2024-04-051-7/+5
| | | | | | | | | | | | | | | | | * g10/keyid.c (keygrip_from_pk): Add arg get_second to support dual algos. Implement for Kyber. (hexkeygrip_from_pk): Extend for dual algos. * g10/call-agent.c (agent_keytotpm): Bail out for dual algos. (agent_keytocard): Ditto. (agent_probe_secret_key): Handle dual algos. (agent_probe_any_secret_key): Ditto. (agent_get_keyinfo): Allow for dual algos but take only the first key. * g10/export.c (do_export_one_keyblock): Bail out for dual algos. -- This also adds some fixmes which we eventually need to address. GnuPG-bug-id: 6815
* Merge branch 'STABLE-BRANCH-2-4'Werner Koch2024-03-121-0/+6
|\ | | | | | | | | | | | | | | -- Resolved conflicts: NEWS common/exechelp-w32.c configure.ac
| * gpg: Add option --assert-pubkey_algo.Werner Koch2024-02-101-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
* | doc: Document the "grp" record in colon listings.Werner Koch2024-02-221-3/+8
|/ | | | --
* gpg: New option --assert-signer.Werner Koch2023-04-051-0/+5
| | | | | | | | | | | | | | | | | | | | | * g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner. (opts): Add "assert-signer". (main): Set option. (assert_signer_true): New var. (g10_exit): Evaluate new var. * g10/main.h (assert_signer_true): Declare new var. * common/status.h (STATUS_ASSERT_SIGNER): New. * g10/options.h (opt): Add field assert_signer_list. * g10/verify.c (is_fingerprint): New. (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call that function. Clear assert_signer_true on a warning. * g10/gpgv.c: Add dummy function and vars. * g10/t-keydb-get-keyblock.c: Ditto. * g10/t-keydb.c: Ditto. * g10/t-stutter.c: Ditto. --
* gpgsm: Remove conditional compilation for older libksba versions.Werner Koch2023-03-311-0/+25
| | | | | | | | | * sm/sign.c (add_signed_attribute): Return an error because the option --attribute is not yet working. -- We require libskba 1.6 anyway.
* gpgtar: Print a result status with skiupped files.Werner Koch2023-03-151-0/+11
| | | | | | | * tools/gpgtar.h (struct tarinfo_s): Add new fields. * tools/gpgtar-extract.c (check_suspicious_name): Add arg info. (extract_regular): Count files. (gpgtar_extract): Print stats.
* doc: Typo fixes and new notes in DETAILSWerner Koch2023-03-031-0/+6
| | | | --
* gpg: Allow adding of Additional Decryption Subkeys.Werner Koch2023-03-011-11/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * g10/free-packet.c (copy_public_key): Factor some code out to ... (copy_public_key_basics): new. * g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints. * g10/packet.h (PUBKEY_USAGE_RENC): Fix value. (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c. (SIGNHINT_ADSK): New. (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK. (make_keysig_packet): Ditto. (do_sign): No time warp check in ADSK mode. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/keygen.c (struct opaque_data_usage_and_pk): Remove. (write_keybinding): Do not use the removed struct. (do_add_key_flags): Support PUBKEY_USAGE_RENC and others. (keygen_add_key_flags_and_expire): Rewrite and make public. * g10/keyedit.c (enum cmdids): Add cmdADDADSK. (keyedit_menu): Add command "addadsk". (menu_addadsk): New. -- This makes use of a new encryption flag: The "restricted encryption key" (2nd,0x04) does not take part in any automatic selection of encryption keys. It is only found on a subkey signature (type 0x18), one that refers to the key the flag applies to. Followup patches will add encryption support and a --quick command. GnuPG-bug-id: 6395
* gpgtar: Emit progress status lines in create mode.Werner Koch2023-01-301-1/+7
| | | | | | | | | | | | | | | | | * tools/gpgtar.h (opt): Add field status_stream. * tools/gpgtar.c (main): Set status_stream. * tools/gpgtar-create.c (global_header_count): Rename to global_total_files. (global_written_files): New. (global_total_data, global_written_data): New. (struct scanctrl_s): Add field file_count. (write_progress): New. (write_file): Add arg skipped_open. Don't bail out immediatly on open error. Write progress lines. (gpgtar_create): Write progress lines. Print info aout skipped files. -- GnuPG-bug-id: 6363
* gpg: New export option "mode1003".Werner Koch2022-12-021-0/+8
| | | | | | | | | | | | | | | | | | | | | | * agent/command.c (cmd_export_key): Add option --mode1003. (command_has_option): Ditto. * g10/build-packet.c (do_key): Implement mode 1003. * g10/parse-packet.c (parse_key): Ditto. * g10/options.h (EXPORT_MODE1003): New.o * g10/call-agent.c (agent_export_key): Add arg mode1003. * g10/export.c (parse_export_options): Add "mode1003" (secret_key_to_mode1003): New. (receive_seckey_from_agent): Add arg mode1003. (do_export_one_keyblock): Pass option down. -- This option allows to export a secret key in GnuPG's native format. Thus no re-encryption is required and further the public key parameters are also authenticated if a protection passphrase has been used. Note that --import is not yet able to handle this new mode. Although old version of GnuPG will bail out with "invalid packet" if a mode1003 exported secret key is seen.
* dirmngr: Silence ocsp debug output.Werner Koch2022-11-251-0/+4
| | | | | | | * dirmngr/ocsp.c (check_signature_core): No debug output -- Also typo and doc fixes.
* agent: Allow trustlist on Windows in Unicode homedirs.Werner Koch2022-11-101-8/+13
| | | | * agent/trustlist.c (agent_marktrusted): Use gnupg_access.
* doc: Keep list of RFCs only in DETAILSWerner Koch2022-09-161-1/+9
| | | | --
* gpg: Support key flags for RENC, TIME, and GROUP.Werner Koch2022-09-071-0/+17
| | | | | | | | | | | | | | | | | | * g10/packet.h (PUBKEY_USAGE_RENC): New. (PUBKEY_USAGE_TIME): New. (PUBKEY_USAGE_GROUP): New. * g10/getkey.c (parse_key_usage): Set the new key flags. * g10/keyedit.c (show_key_with_all_names_colon): Show the new key flags. * g10/keyid.c (usagestr_from_pk): Ditto * g10/keylist.c (print_capabilities): Ditto. * g10/keygen.c (parse_usagestr): Parse line and set new flags. (quickgen_set_para): Show flags. -- See draft-koch-openpgp-2015-rfc4880bis-00 for the current version. Actually these flags have been in the draft for years now. This patch is a first step to make use of them.
* dirmngr: Support ECDSA for OCSP.Werner Koch2022-02-271-0/+2
| | | | | | | | | | | | * dirmngr/validate.c (pk_algo_from_sexp): Make public. Support ECC. * dirmngr/ocsp.c (check_signature): Remove hash preparation out to ... (check_signature_core): here. This changes the arg s_hash to md. Support ECDSA. -- The test was done with my qualified signature certificate from the Telesec and their responder http://tqrca1.ocsp.telesec.de/ocspr . See also libksba commit rK24992a4a7a61d93759e1dbd104b845903d4589bf
* gpg: Remove stale ultimately trusted keys from the trustdb.Werner Koch2021-11-131-1/+1
| | | | | | | | | | | | | | | | * g10/tdbdump.c (export_ownertrust): Skip records marked with the option --trusted-key. (import_ownertrust): Clear the trusted-key flag. * g10/tdbio.h (struct trust_record): Add field flags. * g10/tdbio.c (tdbio_dump_record): Improve output. (tdbio_read_record, tdbio_write_record): Handle flags. * g10/trustdb.c (verify_own_keys): Clear stale trusted-keys and set the flag for new --trusted-keys. (tdb_update_ownertrust): Add arg as_trusted_key. Update callers. -- GnuPG-bug-id: 5685 Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Support AES-GCM decryption.Werner Koch2021-06-021-0/+2
| | | | | | | | | | | | * tests/cms/samplemsgs/: Add sample messages. * sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error. * sm/decrypt.c (decrypt_gcm_filter): New. (gpgsm_decrypt): Use this filter if requested. Check authtag. -- Note that the sample message pwri-sample.gcm.p7m is broken: The authtag is duplicated to the authEncryptedContentInfo. I used a temporary code during testing hack to that test message out.
* A few minor code cleanups and typo fixes.Werner Koch2021-05-111-0/+1
| | | | | | | | | | * agent/command-ssh.c (ssh_handler_request_identities): Remove double check of ERR. * g10/getkey.c (get_pubkey_byname): Remove double use of break. * g10/pkglue.c (pk_encrypt): Handle possible NULL-ptr access due to failed malloc. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd:p15: Fix last commit and improve D-TRUST detection.Werner Koch2021-04-251-1/+3
| | | | | | | | * scd/app-p15.c (read_p15_info): Improve D-TRUST card detection. (do_getattr): Fix faulty code for the last commit. Append the product name to MANUFACTURER. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Typo fixWerner Koch2021-04-231-1/+1
| | | | --
* scd:p15: Support attribute KEY-FPR.Werner Koch2021-04-161-0/+3
| | | | | | | | | | | | | * scd/app-p15.c: Include openpgpdefs.h. (struct prkdf_object_s): Add fields have_keytime and ecdh_kdf. (read_p15_info): Set ecdh_kdf. (keygrip_from_prkdf): Flag that we have the keytime. (send_keypairinfo): Send the key time only if valid. (send_key_fpr_line): New. (send_key_fpr): New. (do_getattr): Add KEY-FPR. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Add some error locations to DETAILS.Werner Koch2021-04-061-0/+18
| | | | | | | -- This should actually be enhanced to describe all error locations as known by GPGME.
* scd:p15: Return labels for keys and certificates.Werner Koch2021-03-301-6/+28
| | | | | | | * scd/app-p15.c (send_certinfo): Extend certinfo. (do_getattr): Support KEY-LABEL. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd:p15: Return the creation time of the keys.Werner Koch2021-03-301-0/+7
| | | | | | | | * scd/app-p15.c (struct prkdf_object_s): Add keytime and keyalgostr. (keygrip_from_prkdf): Set them. (send_keypairinfo): Extend KEYPAIRINFO. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Always use --edit-key and not just the --edit abbreviation.Werner Koch2021-03-111-1/+1
| | | | | | -- Reported-by: Carl Michael Skog
* scd:p15: Support special extended usage flags for OpenPGP keys.Werner Koch2021-03-101-0/+5
| | | | | | | | | | | | | | | | | | * scd/app-p15.c (struct gpgusage_flags_s): New. (struct prkdf_object_s): Add field gpgusage. (struct app_local_s): Add field any_gpgusage. (dump_gpgusage_flags): New. (read_p15_info): Parse athe gpgusage flags. (do_getattr): Take care of the gpgusage flags. -- This features allows to mark keys to be used for OpenPGP. This is done by putting additional extended key infos into the certificate stored on the cards. Only if any such extended key usage is detected for a stored certificate this new mode chimes in. This feature gives the card issuer a high flexibility on how to make sure certain keys are used with OpenPGP.
* dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.Werner Koch2021-02-171-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | * dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds extension. * dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with hostname - which is NULL and thus the same if not given. Fix minor error in error code handling. -- Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet been officially regisetered. Thus for correctness the OID can be used: 1.3.6.1.4.1.11591.2.5 LDAP URL extensions 1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user) Note that the value must be 1; all other values won't enable AD authentication and are resevered for future use. This has been cherry-picked from the 2.2 branch, commit 55f46b33df08e8e0ea520ade5f73b321bc01d705 Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Run factory-reset in locked stated.Werner Koch2020-11-091-0/+1
| | | | | | | | | | | | | | | | * scd/command.c (reset_notify): Add option --keep-lock. (do_reset): Add arg keep_lock. (cmd_lock): Send progress status. * g10/call-agent.c (agent_scd_apdu): Add more pseudo APDUs. * g10/card-util.c (send_apdu): Ditto. (factory_reset): Use lock commands. -- This is required so that for example Kleopatra does not detect the RESET and issues a SERIALNO of its own, thus conflicting with our SERIALNO undefined. Signed-off-by: Werner Koch <wk@gnupg.org>
* keyboxd: Extend PUBKEY_INFO status line with an uid ordinal.Werner Koch2020-09-221-1/+5
| | | | | | | | | | | | | | | | | | | | * kbx/backend-sqlite.c (table_definitions): Add column UINO to userids. (be_sqlite_local_s): Add fields select_col_uidno and select_col_subkey. (run_select_statement): Also select subkey or uidno column. (be_sqlite_search): Return their values. (store_into_userid): Store the UIDNO. * kbx/backend-support.c (be_return_pubkey): Extend PUBKEY_INFO. -- For an existing database adding the new column to the table userid is straightforward. However if the original version of the schema used an integer for the keyid column, that column has likely be renamed. Make sure that the NOT NULL constraint has also be removed; check the SQLite documentation on how this can be done. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd: Extend KEYPAIRINFO with an algorithm string.Werner Koch2020-09-211-4/+5
| | | | | | | | | | | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Emit the algo string as part of a KEYPAIRINFO. * scd/command.c (do_readkey): Ditto. * scd/app-piv.c (do_readkey): Ditto. * scd/app-nks.c (do_learn_status_core): Ditto. (struct fid_cache_s): Add field algostr. (flush_fid_cache): Release it. (keygripstr_from_pk_file): Fill it and add it to the cache. Use a single exit label. * scd/app-help.c (app_help_get_keygrip_string_pk): Add new arg r_algostr. Change all callers. -- This is helpful so that callers do not need to parse the key for this basic information. Use "scd readkey --info-only" to return the info status line instead of the key material; using just --info returns the info in addition to the key material. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Some documentation updates.Werner Koch2020-09-211-0/+6
| | | | | | -- Also fixed some typos and documented soon to be used OIDs
* keyboxd: Add ephemeral and revoked flag to the sqlite backend.Werner Koch2020-09-111-1/+5
| | | | | | | | | | | | | | | | * kbx/backend-support.c (be_return_pubkey): Add args is_ephemeral and is_revoked. Adjust callers. * kbx/backend-sqlite.c: Alter table pubkey to add new columns. (run_select_statement): Add new column to all selects. (be_sqlite_search): Return the new flags. -- For existing test databases the new column can be added with: alter table pubkey add ephemeral integer not null default 0; alter table pubkey add revoked integer not null default 0; Signed-off-by: Werner Koch <wk@gnupg.org>
* scd: Parse "Algorithm Information" data object in scdaemon.NIIBE Yutaka2020-09-041-0/+6
| | | | | | | | * scd/app-openpgp.c (data_objects): 0x00FA for binary data. (do_getattr): Parse the data and send it in status lines. (get_algorithm_attribute_string): New. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* doc: Fix typosGavin L. Rebeiro2020-08-281-1/+1
| | | | --
* doc: Add a list of RFCS to DETAIL.Werner Koch2020-08-131-0/+13
| | | | --
* gpgconf: New option --chuid.Werner Koch2020-08-061-1/+1
| | | | | | | | * tools/gpgconf.c (oChUid, opts): New option --chuid. (main): Implement. -- Signed-off-by: Werner Koch <wk@gnupg.org>
* sm: Also show the SHA-256 fingerprint.Werner Koch2020-08-041-2/+3
| | | | | | | | * sm/keylist.c (list_cert_colon): Emit a new "fp2" record. (list_cert_raw): Print the SHA2 fingerprint. (list_cert_std): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg: Extend the TRUST_ status lines.Werner Koch2020-06-091-11/+32
| | | | | | | | | * g10/pkclist.c (write_trust_status): Add arg mbox. (check_signatures_trust): Appenmd mbox to the status lines. -- GnuPG-bug-id: 4735 Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Allow to store and retrieve keyblocks in OpenPGP cards.Werner Koch2020-05-281-0/+2
| | | | | | | | | | | | * tools/gpg-card.c: Include tlv.h. (cmd_writecert): Add option --openpgp. (cmd_readcert): Ditto. -- We use the CERT object for this and encapsulate the key block in a CMS object. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd:openpgp: New KEY-STATUS attribute.Werner Koch2020-05-271-0/+8
| | | | * scd/app-openpgp.c (do_getattr): Return KEY-STATUS
* sm: Print the key types as standard key algorithm strings.Werner Koch2020-05-071-2/+2
| | | | | | | | | | | | | | | | * sm/fingerprint.c (gpgsm_get_key_algo_info): Factor code out to ... (gpgsm_get_key_algo_info2): new. (gpgsm_pubkey_algo_string): New. * sm/keylist.c (list_cert_colon): Put curve into field 17 (list_cert_raw): Print the unified key algotithm string instead of the algo and size. (list_cert_std): Ditto. -- It is important to known whether a 256 bit ECC uses a NIST or a Brainpool curve. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd: Factor common PIN status check out.Werner Koch2020-04-071-1/+1
| | | | | | | | | | | | | | * scd/iso7816.h (ISO7816_VERIFY_ERROR): New. (ISO7816_VERIFY_NO_PIN): New. (ISO7816_VERIFY_BLOCKED): New. (ISO7816_VERIFY_NULLPIN): New. (ISO7816_VERIFY_NOT_NEEDED): New. * scd/iso7816.c (iso7816_verify_status): New. * scd/app-nks.c (get_chv_status): Use new function. * scd/app-piv.c (get_chv_status): Ditto. (verify_chv): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
* scd:openpgp: New attribute "MANUFACTURER".Werner Koch2020-04-031-0/+7
| | | | | | | | | | | | * scd/app-openpgp.c (get_manufacturer): New.. (do_getattr): Add new attribute "MANUFACTURER". (do_learn_status): Always print it. -- This will make it easy to maintain the list of OpenPGP vendors at just one place. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Correction of typo in documentation of KEY_CONSIDEREDNick Piper2020-02-191-1/+1
| | | | Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* scd:openpgp: Return key creation time as part of KEYPARIINFO.Werner Koch2020-02-131-0/+14
| | | | | | | | | | | | | * scd/app-openpgp.c (send_keypair_info): Reaturn the key creation time as part of a KEYPAIRINFO. (do_readkey): Do not return the KEY-TIME anymore. -- Sending the KEY_TIME status as part of a READKEY command was only recently added. It is better to merge that into the KEYPAIRINFO line. Another patch with chnage this for the consumers of that info. Signed-off-by: Werner Koch <wk@gnupg.org>
* kbx: Redefine the UBID which is now the primary fingerprint.Werner Koch2019-11-281-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/util.h (UBID_LEN): New. Use it at all places. * kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item. * kbx/keybox-dump.c (print_ubib): Remove. (_keybox_dump_blob): Do not print the now removed ubid flag. * kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants for the size of the ubid and grip. * kbx/keybox-search.c (blob_cmp_ubid): New. (has_ubid): Make it a simple wrapper around blob_cmp_ubid. (keybox_get_data): Add arg 'r_ubid'. * kbx/frontend.h (enum kbxd_store_modes): New. * kbx/kbxserver.c (cmd_store): Add new option --insert. * kbx/backend-cache.c (be_cache_initialize): New. (be_cache_add_resource): Call it here. * kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'. (be_kbx_search): Get the UBID from keybox_get_data. * kbx/backend-support.c (be_fingerprint_from_blob): Replace by ... (be_ubid_from_blob): new. Change all callers. * kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but use the new cache init function. (kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the ubid. Take care of the mode. -- It turned out that using the hash of the entire blob was not helpful. Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint of the blob. In case this is a v5 OpenPGP key a left truncated version of the SHA-256 hash is used; in all other cases the full SHA-1 hash. Using a SHA-256 hash does not make sense because v4 keys are and will for some time be the majority of keys and thus padding them with zeroes won't make any difference. Even if fingerprint collisions can eventually be created we will assume that the keys are bogus and that it does not make sense to store its twin also in our key storage. We can also easily extend the update code to detect a collision and reject the update. Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr,gpg: Better diagnostic in case of bad TLS certificates.Werner Koch2019-11-181-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | * doc/DETAILS: Specify new status code "NOTE". * dirmngr/ks-engine-http.c (ks_http_fetch): Print a NOTE status for a bad TLS certificate. * g10/call-dirmngr.c (ks_status_cb): Detect this status. -- For example a gpg -v --locate-external-keys dd9jn@posteo.net now yields gpg: Note: server uses an invalid certificate gpg: (further info: bad cert for 'posteo.net': \ Hostname does not match the certificate) gpg: error retrieving 'dd9jn@posteo.net' via WKD: Wrong name gpg: error reading key: Wrong name (without -v the "further info" line is not shown). Note that even after years Posteo is not able to provide a valid certificate for their .net addresses. Anyway, this help to show the feature. Signed-off-by: Werner Koch <wk@gnupg.org>
* doc: Improved description of status PLAINTEXT_LENGTH.Werner Koch2019-11-071-1/+4
| | | | | | -- GnuPG-bug-id: 4741
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 06:13:36 +0100