diff options
| author | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:24 +0900 |
|---|---|---|
| committer | DongHun Kwak <dh0128.kwak@samsung.com> | 2021-02-09 16:00:24 +0900 |
| commit | 7c0714a17893a9adad202982ad5b70f69f00b195 (patch) | |
| tree | f5271889815ab9d162d1f4c2133010bc81eacdfe /sm | |
| parent | 5ce840383da7cf82ffa7dfaeda187f3fe3d591a7 (diff) | |
| download | gpg2-7c0714a17893a9adad202982ad5b70f69f00b195.tar.gz gpg2-7c0714a17893a9adad202982ad5b70f69f00b195.tar.bz2 gpg2-7c0714a17893a9adad202982ad5b70f69f00b195.zip | |
Imported Upstream version 2.1.23upstream/2.1.23
Diffstat (limited to 'sm')
| -rw-r--r-- | sm/call-agent.c | 7 | ||||
| -rw-r--r-- | sm/call-dirmngr.c | 7 | ||||
| -rw-r--r-- | sm/decrypt.c | 19 | ||||
| -rw-r--r-- | sm/keylist.c | 14 |
4 files changed, 33 insertions, 14 deletions
diff --git a/sm/call-agent.c b/sm/call-agent.c index ba8fb12..772c9c3 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -108,6 +108,13 @@ warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx, else { log_info (_("WARNING: %s\n"), warn); + if (!opt.quiet) + { + log_info (_("Note: Outdated servers may lack important" + " security fixes.\n")); + log_info (_("Note: Use the command \"%s\" to restart them.\n"), + "gpgconf --kill all"); + } gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0", warn, NULL); xfree (warn); diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 5ee15b7..9301940 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -175,6 +175,13 @@ warn_version_mismatch (ctrl_t ctrl, assuan_context_t ctx, else { log_info (_("WARNING: %s\n"), warn); + if (!opt.quiet) + { + log_info (_("Note: Outdated servers may lack important" + " security fixes.\n")); + log_info (_("Note: Use the command \"%s\" to restart them.\n"), + "gpgconf --kill all"); + } gpgsm_status2 (ctrl, STATUS_WARNING, "server_version_mismatch 0", warn, NULL); xfree (warn); diff --git a/sm/decrypt.c b/sm/decrypt.c index cdce1d4..60ed14a 100644 --- a/sm/decrypt.c +++ b/sm/decrypt.c @@ -480,19 +480,22 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) unsigned int nbits; int pk_algo = gpgsm_get_key_algo_info (cert, &nbits); - /* Print compliance warning. */ - if (! gnupg_pk_is_compliant (opt.compliance, - pk_algo, NULL, nbits, NULL)) + /* Check compliance. */ + if (!gnupg_pk_is_allowed (opt.compliance, + PK_USE_DECRYPTION, + pk_algo, NULL, nbits, NULL)) { char kidstr[10+1]; snprintf (kidstr, sizeof kidstr, "0x%08lX", gpgsm_get_short_fingerprint (cert, NULL)); log_info - (_("Note: key %s is not suitable for encryption" + (_("key %s is not suitable for decryption" " in %s mode\n"), kidstr, gnupg_compliance_option_string (opt.compliance)); + rc = gpg_error (GPG_ERR_PUBKEY_ALGO); + goto oops; } /* Check that all certs are compliant with CO_DE_VS. */ @@ -504,9 +507,11 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp) oops: if (rc) - /* We cannot check compliance of certs that we - * don't have. */ - is_de_vs = 0; + { + /* We cannot check compliance of certs that we + * don't have. */ + is_de_vs = 0; + } xfree (issuer); xfree (serial); ksba_cert_release (cert); diff --git a/sm/keylist.c b/sm/keylist.c index abec049..24c86e1 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -541,16 +541,16 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, xfree (fpr); fpr = NULL; chain_id = NULL; xfree (chain_id_buffer); chain_id_buffer = NULL; - if (opt.with_key_data) + /* Always print the keygrip. */ + if ( (p = gpgsm_get_keygrip_hexstring (cert))) { - if ( (p = gpgsm_get_keygrip_hexstring (cert))) - { - es_fprintf (fp, "grp:::::::::%s:\n", p); - xfree (p); - } - print_key_data (cert, fp); + es_fprintf (fp, "grp:::::::::%s:\n", p); + xfree (p); } + if (opt.with_key_data) + print_key_data (cert, fp); + kludge_uid = NULL; for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++) { |