[svn] GnuPG - r4624 - in trunk: . doc sm

svn author wk cvs at cvs.gnupg.org
Mon Nov 19 17:32:15 CET 2007 

Author: wk
Date: 2007-11-19 17:32:05 +0100 (Mon, 19 Nov 2007)
New Revision: 4624

Modified:
   trunk/TODO
   trunk/doc/ChangeLog
   trunk/doc/DETAILS
   trunk/doc/gpgsm.texi
   trunk/sm/ChangeLog
   trunk/sm/certlist.c
   trunk/sm/server.c
Log:
Document --auto-issuer-key-retrieve.


Modified: trunk/TODO
===================================================================
--- trunk/TODO	2007-11-19 16:03:50 UTC (rev 4623)
+++ trunk/TODO	2007-11-19 16:32:05 UTC (rev 4624)
@@ -129,3 +129,12 @@
   This may happen and lead to an Ambiguous Name error.  Solution is to
   check the certs for identity before throwing this error.
 
+* Gpg-Agent Locale
+  Although we pass LC_MESSAGE from gpgsm et al. to Pinentry, this has
+  only an effect on the stock GTK strings (e.g. "OK") and not on any
+  strings gpg-agent generates and passes to Pinentry.  This defeats
+  our design goal to allow changing the locale without changing
+  gpg-agent's default locale (e.g. by the command updatestartuptty).
+
+
+

Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2007-11-19 16:03:50 UTC (rev 4623)
+++ trunk/doc/ChangeLog	2007-11-19 16:32:05 UTC (rev 4624)
@@ -1,3 +1,8 @@
+2007-11-19  Werner Koch  <wk at g10code.com>
+
+	* gpgsm.texi (Certificate Options): Document
+	--auto-issuer-key-retrieve.
+
 2007-11-15  Werner Koch  <wk at g10code.com>
 
 	* gpg.texi (GPG Configuration): Add PINENTRY_USER_DATA.

Modified: trunk/doc/DETAILS
===================================================================
--- trunk/doc/DETAILS	2007-11-19 16:03:50 UTC (rev 4623)
+++ trunk/doc/DETAILS	2007-11-19 16:32:05 UTC (rev 4624)
@@ -554,6 +554,7 @@
           8 := "Policy mismatch"
           9 := "Not a secret key"
 	 10 := "Key not trusted"
+         11 := "Missing certifciate"  (e.g. intermediate or root cert.)
 
         Note that this status is also used for gpgsm's SIGNER command
         where it relates to signer's of course.

Modified: trunk/doc/gpgsm.texi
===================================================================
--- trunk/doc/gpgsm.texi	2007-11-19 16:03:50 UTC (rev 4623)
+++ trunk/doc/gpgsm.texi	2007-11-19 16:32:05 UTC (rev 4624)
@@ -405,7 +405,7 @@
 @itemx --disable-ocsp
 @opindex enable-ocsp
 @opindex disable-ocsp
-Be default @acronym{OCSP} checks are disabled.  The enable opton may
+Be default @acronym{OCSP} checks are disabled.  The enable option may
 be used to enable OCSP checks via Dirmngr.  If @acronym{CRL} checks
 are also enabled, CRLs will be used as a fallback if for some reason an
 OCSP request won't succeed.  Note, that you have to allow OCSP
@@ -413,7 +413,18 @@
 @option{--allow-ocsp} and configure dirmngr properly.  If you don't do
 so you will get the error code @samp{Not supported}.
 
+ at item --auto-issuer-key-retrieve
+ at opindex auto-issuer-key-retrieve
+If a required certificate is missing while validating the chain of
+certificates, try to load that certificate from an external location.
+This usually means that Dirmngr is employed t search for the
+certificate.  Note that this option makes a "web bug" like behavior
+possible.  LDAP server operators can see which keys you request, so by
+sending you a message signed by a brand new key (which you naturally
+will not have on your local keybox), the operator can tell both your IP
+address and the time when you verified the signature.
 
+
 @item --validation-model @var{name}
 @opindex validation-model
 This option changes the default validation model.  The only possible

Modified: trunk/sm/ChangeLog
===================================================================
--- trunk/sm/ChangeLog	2007-11-19 16:03:50 UTC (rev 4623)
+++ trunk/sm/ChangeLog	2007-11-19 16:32:05 UTC (rev 4624)
@@ -1,5 +1,7 @@
 2007-11-19  Werner Koch  <wk at g10code.com>
 
+	* server.c (cmd_recipient, cmd_signer): Add error reason 11.
+
 	* gpgsm.c (main): Print a warning if --audit-log is used.
 
 2007-11-15  Werner Koch  <wk at g10code.com>

Modified: trunk/sm/certlist.c
===================================================================
--- trunk/sm/certlist.c	2007-11-19 16:03:50 UTC (rev 4623)
+++ trunk/sm/certlist.c	2007-11-19 16:32:05 UTC (rev 4624)
@@ -359,7 +359,7 @@
                 {
                   ksba_cert_t cert2 = NULL;
                   
-                  /* If this is the first possible duplicate, add thye orginal 
+                  /* If this is the first possible duplicate, add the original 
                      certificate to our list of duplicates.  */
                   if (!dup_certs)
                     gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0);

Modified: trunk/sm/server.c
===================================================================
--- trunk/sm/server.c	2007-11-19 16:03:50 UTC (rev 4623)
+++ trunk/sm/server.c	2007-11-19 16:32:05 UTC (rev 4624)
@@ -380,6 +380,7 @@
                    r == GPG_ERR_NO_CRL_KNOWN?    "6":
                    r == GPG_ERR_CRL_TOO_OLD?     "7":
                    r == GPG_ERR_NO_POLICY_MATCH? "8":
+                   r == GPG_ERR_MISSING_CERT?   "11":
                    "0",
                    line, NULL);
     }
@@ -425,6 +426,7 @@
                    r == GPG_ERR_CRL_TOO_OLD?         "7":
                    r == GPG_ERR_NO_POLICY_MATCH?     "8":
                    r == GPG_ERR_NO_SECKEY?           "9":
+                   r == GPG_ERR_MISSING_CERT?       "11":
                    "0",
                   line, NULL);
     }

More information about the Gnupg-commits mailing list