Page MenuHome GnuPG
Files F20064408

No OneTemporary
Actions

View Options

diff --git a/src/conf/smimevalidationconfigurationwidget.cpp b/src/conf/smimevalidationconfigurationwidget.cpp
index 4f3a285d9..bd3e6e0c2 100644
--- a/src/conf/smimevalidationconfigurationwidget.cpp
+++ b/src/conf/smimevalidationconfigurationwidget.cpp
@@ -1,382 +1,398 @@
/* -*- mode: c++; c-basic-offset:4 -*-
conf/smimevalidationconfigurationwidget.cpp
This file is part of Kleopatra, the KDE keymanager
SPDX-FileCopyrightText: 2008 Klarälvdalens Datakonsult AB
SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config-kleopatra.h>
#include "smimevalidationconfigurationwidget.h"
#include "ui_smimevalidationconfigurationwidget.h"
+#include "dialogs/certificateselectiondialog.h"
#include "labelledwidget.h"
#include "smimevalidationpreferences.h"
#include <Libkleo/Compat>
+#include <Libkleo/Formatting>
+#include <Libkleo/KeyCache>
#include <QGpgME/CryptoConfig>
+#include <gpgme++/key.h>
+
#include "kleopatra_debug.h"
#include <KLocalizedString>
#if HAVE_QDBUS
#include <QDBusConnection>
#endif
using namespace Kleo;
using namespace Kleo::Config;
using namespace QGpgME;
+using namespace Dialogs;
class SMimeValidationConfigurationWidget::Private
{
friend class ::Kleo::Config::SMimeValidationConfigurationWidget;
SMimeValidationConfigurationWidget *const q;
public:
explicit Private(SMimeValidationConfigurationWidget *qq)
: q(qq)
, ui(qq)
{
#if HAVE_QDBUS
QDBusConnection::sessionBus().connect(QString(), QString(), QStringLiteral("org.kde.kleo.CryptoConfig"), QStringLiteral("changed"), q, SLOT(load()));
#endif
auto changedSignal = &SMimeValidationConfigurationWidget::changed;
connect(ui.intervalRefreshCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.intervalRefreshSB, &QSpinBox::valueChanged, q, changedSignal);
connect(ui.OCSPCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.OCSPResponderURL, &QLineEdit::textChanged, q, changedSignal);
-
- auto certRequesterSignal = &KleopatraClientCopy::Gui::CertificateRequester::selectedCertificatesChanged;
- connect(ui.OCSPResponderSignature, certRequesterSignal, q, changedSignal);
-
connect(ui.doNotCheckCertPolicyCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.neverConsultCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.fetchMissingCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.ignoreServiceURLCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.ignoreHTTPDPCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.disableHTTPCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.honorHTTPProxyRB, &QRadioButton::toggled, q, changedSignal);
connect(ui.useCustomHTTPProxyRB, &QRadioButton::toggled, q, changedSignal);
connect(ui.customHTTPProxy, &QLineEdit::textChanged, q, changedSignal);
connect(ui.ignoreLDAPDPCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.disableLDAPCB, &QCheckBox::toggled, q, changedSignal);
connect(ui.customLDAPProxy, &QLineEdit::textChanged, q, changedSignal);
auto enableDisableSlot = [this]() {
enableDisableActions();
};
connect(ui.useCustomHTTPProxyRB, &QRadioButton::toggled, q, enableDisableSlot);
connect(ui.disableHTTPCB, &QCheckBox::toggled, q, enableDisableSlot);
}
bool customHTTPProxyWritable = false;
+ QString ocspResponderSignatureFingerprint;
private:
void enableDisableActions()
{
ui.customHTTPProxy->setEnabled(ui.useCustomHTTPProxyRB->isChecked() && !ui.disableHTTPCB->isChecked() && customHTTPProxyWritable);
}
private:
struct UI : Ui_SMimeValidationConfigurationWidget {
- LabelledWidget<KleopatraClientCopy::Gui::CertificateRequester> labelledOCSPResponderSignature;
+ LabelledWidget<QLabel> labelledOCSPResponderSignature;
LabelledWidget<QLineEdit> labelledOCSPResponderURL;
explicit UI(SMimeValidationConfigurationWidget *q)
: Ui_SMimeValidationConfigurationWidget()
{
setupUi(q);
labelledOCSPResponderURL.setWidgets(OCSPResponderURL, OCSPResponderURLLabel);
labelledOCSPResponderSignature.setWidgets(OCSPResponderSignature, OCSPResponderSignatureLabel);
- OCSPResponderSignature->setOnlyX509CertificatesAllowed(true);
- OCSPResponderSignature->setOnlySigningCertificatesAllowed(true);
- OCSPResponderSignature->setMultipleCertificatesAllowed(false);
- // OCSPResponderSignature->setAllowedKeys( KeySelectionDialog::TrustedKeys|KeySelectionDialog::ValidKeys );
+ connect(ocspSelectButton, &QPushButton::clicked, q, [q, this]() {
+ auto dialog = new CertificateSelectionDialog{q};
+ dialog->setAttribute(Qt::WA_DeleteOnClose);
+ dialog->setOptions(CertificateSelectionDialog::Options( //
+ CertificateSelectionDialog::SignOnly | //
+ CertificateSelectionDialog::optionsFromProtocol(GpgME::Protocol::CMS)));
+ dialog->setStringFilter(q->d->ocspResponderSignatureFingerprint);
+
+ q->connect(dialog, &QDialog::accepted, q, [this, dialog, q]() {
+ OCSPResponderSignature->setText(Formatting::summaryLine(dialog->selectedCertificate()));
+ q->d->ocspResponderSignatureFingerprint = QString::fromLatin1({dialog->selectedCertificate().primaryFingerprint()});
+ Q_EMIT q->changed();
+ });
+ dialog->open();
+ });
}
} ui;
};
SMimeValidationConfigurationWidget::SMimeValidationConfigurationWidget(QWidget *p, Qt::WindowFlags f)
: QWidget(p, f)
, d(new Private(this))
{
}
SMimeValidationConfigurationWidget::~SMimeValidationConfigurationWidget()
{
}
static void disableDirmngrWidget(QWidget *w)
{
w->setEnabled(false);
w->setWhatsThis(i18n("This option requires dirmngr >= 0.9.0"));
}
static void initializeDirmngrCheckbox(QCheckBox *cb, CryptoConfigEntry *entry)
{
if (entry) {
cb->setChecked(entry->boolValue());
}
if (!entry || entry->isReadOnly()) {
disableDirmngrWidget(cb);
}
}
struct SMIMECryptoConfigEntries {
enum ShowError {
DoNotShowError,
DoShowError,
};
SMIMECryptoConfigEntries(CryptoConfig *config)
: mConfig(config)
// Checkboxes
, mCheckUsingOCSPConfigEntry(configEntry("gpgsm", "enable-ocsp", CryptoConfigEntry::ArgType_None))
, mEnableOCSPsendingConfigEntry(configEntry("dirmngr", "allow-ocsp", CryptoConfigEntry::ArgType_None))
, mDoNotCheckCertPolicyConfigEntry(configEntry("gpgsm", "disable-policy-checks", CryptoConfigEntry::ArgType_None))
, mNeverConsultConfigEntry(configEntry("gpgsm", "disable-crl-checks", CryptoConfigEntry::ArgType_None))
, mFetchMissingConfigEntry(configEntry("gpgsm", "auto-issuer-key-retrieve", CryptoConfigEntry::ArgType_None))
// dirmngr-0.9.0 options
, mIgnoreServiceURLEntry(configEntry("dirmngr", "ignore-ocsp-service-url", CryptoConfigEntry::ArgType_None))
, mIgnoreHTTPDPEntry(configEntry("dirmngr", "ignore-http-dp", CryptoConfigEntry::ArgType_None))
, mDisableHTTPEntry(configEntry("dirmngr", "disable-http", CryptoConfigEntry::ArgType_None))
, mHonorHTTPProxy(configEntry("dirmngr", "honor-http-proxy", CryptoConfigEntry::ArgType_None))
, mIgnoreLDAPDPEntry(configEntry("dirmngr", "ignore-ldap-dp", CryptoConfigEntry::ArgType_None))
, mDisableLDAPEntry(configEntry("dirmngr", "disable-ldap", CryptoConfigEntry::ArgType_None))
// Other widgets
, mOCSPResponderURLConfigEntry(configEntry("dirmngr", "ocsp-responder", CryptoConfigEntry::ArgType_String))
, mOCSPResponderSignature(configEntry("dirmngr", "ocsp-signer", CryptoConfigEntry::ArgType_String))
, mCustomHTTPProxy(configEntry("dirmngr", "http-proxy", CryptoConfigEntry::ArgType_String))
, mCustomLDAPProxy(configEntry("dirmngr", "ldap-proxy", CryptoConfigEntry::ArgType_String))
{
}
CryptoConfigEntry *configEntry(const char *componentName, const char *entryName, int argType, ShowError showError = DoShowError);
CryptoConfig *const mConfig;
// Checkboxes
CryptoConfigEntry *const mCheckUsingOCSPConfigEntry;
CryptoConfigEntry *const mEnableOCSPsendingConfigEntry;
CryptoConfigEntry *const mDoNotCheckCertPolicyConfigEntry;
CryptoConfigEntry *const mNeverConsultConfigEntry;
CryptoConfigEntry *const mFetchMissingConfigEntry;
// dirmngr-0.9.0 options
CryptoConfigEntry *const mIgnoreServiceURLEntry;
CryptoConfigEntry *const mIgnoreHTTPDPEntry;
CryptoConfigEntry *const mDisableHTTPEntry;
CryptoConfigEntry *const mHonorHTTPProxy;
CryptoConfigEntry *const mIgnoreLDAPDPEntry;
CryptoConfigEntry *const mDisableLDAPEntry;
// Other widgets
CryptoConfigEntry *const mOCSPResponderURLConfigEntry;
CryptoConfigEntry *const mOCSPResponderSignature;
CryptoConfigEntry *const mCustomHTTPProxy;
CryptoConfigEntry *const mCustomLDAPProxy;
};
void SMimeValidationConfigurationWidget::defaults()
{
qCDebug(KLEOPATRA_LOG) << "not implemented";
}
void SMimeValidationConfigurationWidget::load()
{
const SMimeValidationPreferences preferences;
const unsigned int refreshInterval = preferences.refreshInterval();
d->ui.intervalRefreshCB->setChecked(refreshInterval > 0);
d->ui.intervalRefreshSB->setValue(refreshInterval);
const bool isRefreshIntervalImmutable = preferences.isImmutable(QStringLiteral("RefreshInterval"));
d->ui.intervalRefreshCB->setEnabled(!isRefreshIntervalImmutable);
d->ui.intervalRefreshSB->setEnabled(!isRefreshIntervalImmutable);
CryptoConfig *const config = QGpgME::cryptoConfig();
if (!config) {
setEnabled(false);
return;
}
#if 0
// crashes other pages' save() by nuking the CryptoConfigEntries under their feet.
// This was probably not a problem in KMail, where this code comes
// from. But here, it's fatal.
// Force re-parsing gpgconf data, in case e.g. kleopatra or "configure backend" was used
// (which ends up calling us via D-Bus)
config->clear();
#endif
// Create config entries
// Don't keep them around, they'll get deleted by clear(), which could be
// done by the "configure backend" button even before we save().
const SMIMECryptoConfigEntries e(config);
// Initialize GUI items from the config entries
if (e.mCheckUsingOCSPConfigEntry) {
d->ui.OCSPCB->setChecked(e.mCheckUsingOCSPConfigEntry->boolValue());
}
d->ui.OCSPCB->setEnabled(e.mCheckUsingOCSPConfigEntry && !e.mCheckUsingOCSPConfigEntry->isReadOnly());
d->ui.OCSPGroupBox->setEnabled(d->ui.OCSPCB->isChecked());
if (e.mDoNotCheckCertPolicyConfigEntry) {
d->ui.doNotCheckCertPolicyCB->setChecked(e.mDoNotCheckCertPolicyConfigEntry->boolValue());
}
d->ui.doNotCheckCertPolicyCB->setEnabled(e.mDoNotCheckCertPolicyConfigEntry && !e.mDoNotCheckCertPolicyConfigEntry->isReadOnly());
if (e.mNeverConsultConfigEntry) {
d->ui.neverConsultCB->setChecked(e.mNeverConsultConfigEntry->boolValue());
}
d->ui.neverConsultCB->setEnabled(e.mNeverConsultConfigEntry && !e.mNeverConsultConfigEntry->isReadOnly());
if (e.mFetchMissingConfigEntry) {
d->ui.fetchMissingCB->setChecked(e.mFetchMissingConfigEntry->boolValue());
}
d->ui.fetchMissingCB->setEnabled(e.mFetchMissingConfigEntry && !e.mFetchMissingConfigEntry->isReadOnly());
if (e.mOCSPResponderURLConfigEntry) {
d->ui.OCSPResponderURL->setText(e.mOCSPResponderURLConfigEntry->stringValue());
}
d->ui.labelledOCSPResponderURL.setEnabled(e.mOCSPResponderURLConfigEntry && !e.mOCSPResponderURLConfigEntry->isReadOnly());
- if (e.mOCSPResponderSignature) {
- d->ui.OCSPResponderSignature->setSelectedCertificate(e.mOCSPResponderSignature->stringValue());
+ if (e.mOCSPResponderSignature && !e.mOCSPResponderSignature->stringValue().isEmpty()) {
+ d->ocspResponderSignatureFingerprint = e.mOCSPResponderSignature->stringValue();
+ d->ui.OCSPResponderSignature->setText(
+ Formatting::summaryLine(KeyCache::instance()->findByFingerprint(e.mOCSPResponderSignature->stringValue().toLatin1().data())));
}
d->ui.labelledOCSPResponderSignature.setEnabled(e.mOCSPResponderSignature && !e.mOCSPResponderSignature->isReadOnly());
// dirmngr-0.9.0 options
initializeDirmngrCheckbox(d->ui.ignoreServiceURLCB, e.mIgnoreServiceURLEntry);
initializeDirmngrCheckbox(d->ui.ignoreHTTPDPCB, e.mIgnoreHTTPDPEntry);
initializeDirmngrCheckbox(d->ui.disableHTTPCB, e.mDisableHTTPEntry);
initializeDirmngrCheckbox(d->ui.ignoreLDAPDPCB, e.mIgnoreLDAPDPEntry);
initializeDirmngrCheckbox(d->ui.disableLDAPCB, e.mDisableLDAPEntry);
if (e.mCustomHTTPProxy) {
QString systemProxy = QString::fromLocal8Bit(qgetenv("http_proxy"));
if (systemProxy.isEmpty()) {
systemProxy = i18n("no proxy");
}
d->ui.systemHTTPProxy->setText(i18n("(Current system setting: %1)", systemProxy));
const bool honor = e.mHonorHTTPProxy && e.mHonorHTTPProxy->boolValue();
d->ui.honorHTTPProxyRB->setChecked(honor);
d->ui.useCustomHTTPProxyRB->setChecked(!honor);
d->ui.customHTTPProxy->setText(e.mCustomHTTPProxy->stringValue());
}
d->customHTTPProxyWritable = e.mCustomHTTPProxy && !e.mCustomHTTPProxy->isReadOnly();
if (!d->customHTTPProxyWritable) {
disableDirmngrWidget(d->ui.honorHTTPProxyRB);
disableDirmngrWidget(d->ui.useCustomHTTPProxyRB);
disableDirmngrWidget(d->ui.systemHTTPProxy);
disableDirmngrWidget(d->ui.customHTTPProxy);
}
if (e.mCustomLDAPProxy) {
d->ui.customLDAPProxy->setText(e.mCustomLDAPProxy->stringValue());
}
if (!e.mCustomLDAPProxy || e.mCustomLDAPProxy->isReadOnly()) {
disableDirmngrWidget(d->ui.customLDAPProxy);
disableDirmngrWidget(d->ui.customLDAPLabel);
}
d->enableDisableActions();
}
static void saveCheckBoxToKleoEntry(QCheckBox *cb, CryptoConfigEntry *entry)
{
const bool b = cb->isChecked();
if (entry && entry->boolValue() != b) {
entry->setBoolValue(b);
}
}
void SMimeValidationConfigurationWidget::save() const
{
CryptoConfig *const config = QGpgME::cryptoConfig();
if (!config) {
return;
}
{
SMimeValidationPreferences preferences;
preferences.setRefreshInterval(d->ui.intervalRefreshCB->isChecked() ? d->ui.intervalRefreshSB->value() : 0);
preferences.save();
}
// Create config entries
// Don't keep them around, they'll get deleted by clear(), which could be done by the
// "configure backend" button.
const SMIMECryptoConfigEntries e(config);
const bool b = d->ui.OCSPCB->isChecked();
if (e.mCheckUsingOCSPConfigEntry && e.mCheckUsingOCSPConfigEntry->boolValue() != b) {
e.mCheckUsingOCSPConfigEntry->setBoolValue(b);
}
// Set allow-ocsp together with enable-ocsp
if (e.mEnableOCSPsendingConfigEntry && e.mEnableOCSPsendingConfigEntry->boolValue() != b) {
e.mEnableOCSPsendingConfigEntry->setBoolValue(b);
}
saveCheckBoxToKleoEntry(d->ui.doNotCheckCertPolicyCB, e.mDoNotCheckCertPolicyConfigEntry);
saveCheckBoxToKleoEntry(d->ui.neverConsultCB, e.mNeverConsultConfigEntry);
saveCheckBoxToKleoEntry(d->ui.fetchMissingCB, e.mFetchMissingConfigEntry);
QString txt = d->ui.OCSPResponderURL->text();
if (e.mOCSPResponderURLConfigEntry && e.mOCSPResponderURLConfigEntry->stringValue() != txt) {
e.mOCSPResponderURLConfigEntry->setStringValue(txt);
}
- txt = d->ui.OCSPResponderSignature->selectedCertificate();
+ txt = d->ocspResponderSignatureFingerprint;
if (e.mOCSPResponderSignature && e.mOCSPResponderSignature->stringValue() != txt) {
e.mOCSPResponderSignature->setStringValue(txt);
}
// dirmngr-0.9.0 options
saveCheckBoxToKleoEntry(d->ui.ignoreServiceURLCB, e.mIgnoreServiceURLEntry);
saveCheckBoxToKleoEntry(d->ui.ignoreHTTPDPCB, e.mIgnoreHTTPDPEntry);
saveCheckBoxToKleoEntry(d->ui.disableHTTPCB, e.mDisableHTTPEntry);
saveCheckBoxToKleoEntry(d->ui.ignoreLDAPDPCB, e.mIgnoreLDAPDPEntry);
saveCheckBoxToKleoEntry(d->ui.disableLDAPCB, e.mDisableLDAPEntry);
if (e.mCustomHTTPProxy) {
const bool honor = d->ui.honorHTTPProxyRB->isChecked();
if (e.mHonorHTTPProxy && e.mHonorHTTPProxy->boolValue() != honor) {
e.mHonorHTTPProxy->setBoolValue(honor);
}
const QString chosenProxy = d->ui.customHTTPProxy->text();
if (chosenProxy != e.mCustomHTTPProxy->stringValue()) {
e.mCustomHTTPProxy->setStringValue(chosenProxy);
}
}
txt = d->ui.customLDAPProxy->text();
if (e.mCustomLDAPProxy && e.mCustomLDAPProxy->stringValue() != txt) {
e.mCustomLDAPProxy->setStringValue(d->ui.customLDAPProxy->text());
}
config->sync(true);
}
CryptoConfigEntry *
SMIMECryptoConfigEntries::configEntry(const char *componentName, const char *entryName, int /*CryptoConfigEntry::ArgType*/ argType, ShowError showError)
{
CryptoConfigEntry *const entry = getCryptoConfigEntry(mConfig, componentName, entryName);
if (!entry) {
if (showError == DoShowError) {
qCWarning(KLEOPATRA_LOG) << QStringLiteral("Backend error: gpgconf doesn't seem to know the entry for %1/%2")
.arg(QLatin1StringView(componentName), QLatin1StringView(entryName));
}
return nullptr;
}
if (entry->argType() != argType || entry->isList()) {
if (showError == DoShowError) {
qCWarning(KLEOPATRA_LOG) << QStringLiteral("Backend error: gpgconf has wrong type for %1/%2: %3 %4")
.arg(QLatin1StringView(componentName), QLatin1StringView(entryName))
.arg(entry->argType())
.arg(entry->isList());
}
return nullptr;
}
return entry;
}
#include "moc_smimevalidationconfigurationwidget.cpp"
diff --git a/src/conf/smimevalidationconfigurationwidget.ui b/src/conf/smimevalidationconfigurationwidget.ui
index c5f825d16..3e9e95c6c 100644
--- a/src/conf/smimevalidationconfigurationwidget.ui
+++ b/src/conf/smimevalidationconfigurationwidget.ui
@@ -1,464 +1,467 @@
<ui version="4.0" >
<class>Kleo::Config::SMimeValidationConfigurationWidget</class>
<widget class="QWidget" name="Kleo::Config::SMimeValidationConfigurationWidget" >
<property name="geometry" >
<rect>
<x>0</x>
<y>0</y>
<width>502</width>
<height>603</height>
</rect>
</property>
<layout class="QVBoxLayout" name="verticalLayout" >
<item>
<layout class="QHBoxLayout" name="horizontalLayout" >
<item>
<widget class="QCheckBox" name="intervalRefreshCB" >
<property name="whatsThis" >
<string>This option enables interval checking of certificate validity. You can also choose the checking interval (in hours). Note that validation is performed implicitly whenever significant files in ~/.gnupg change. This option therefore only affects external factors of certificate validity.</string>
</property>
<property name="text" >
<string>Check certificate validity every</string>
</property>
</widget>
</item>
<item>
<widget class="QSpinBox" name="intervalRefreshSB" >
<property name="enabled" >
<bool>false</bool>
</property>
<property name="whatsThis" >
<string>This option enables interval checking of certificate validity. You can also choose the checking interval (in hours). Note that validation is performed implicitly whenever significant files in ~/.gnupg change. This option therefore only affects external factors of certificate validity.</string>
</property>
<property name="alignment" >
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="specialValueText" >
<string>hour</string>
</property>
<property name="suffix" >
<string> hours</string>
</property>
<property name="minimum" >
<number>1</number>
</property>
<property name="maximum" >
<number>24</number>
</property>
</widget>
</item>
<item>
<spacer name="horizontalSpacer" >
<property name="orientation" >
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0" >
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
</layout>
</item>
<item>
<widget class="QCheckBox" name="OCSPCB" >
<property name="whatsThis" >
<string>If this option is selected, S/MIME certificates are validated online using the Online Certificates Status Protocol (OCSP). Fill in the URL of the OCSP responder below.</string>
</property>
<property name="text" >
<string>Validate certificates online (OCSP)</string>
</property>
</widget>
</item>
<item>
<widget class="QGroupBox" name="OCSPGroupBox" >
<property name="enabled" >
<bool>false</bool>
</property>
<property name="title" >
<string>Online Certificate Validation</string>
</property>
<layout class="QGridLayout" >
<item row="0" column="0" >
<widget class="QLabel" name="OCSPResponderURLLabel" >
<property name="text" >
<string>OCSP responder URL:</string>
</property>
<property name="wordWrap" >
<bool>false</bool>
</property>
</widget>
</item>
<item row="0" column="1" >
<widget class="QLineEdit" name="OCSPResponderURL" >
<property name="whatsThis" >
<string>Enter here the address of the server for online validation of certificates (OCSP responder). The URL is usually starting with http://.</string>
</property>
</widget>
</item>
<item row="1" column="0" >
<widget class="QLabel" name="OCSPResponderSignatureLabel" >
<property name="text" >
<string>OCSP responder signature:</string>
</property>
<property name="wordWrap" >
<bool>false</bool>
</property>
</widget>
</item>
<item row="2" column="0" colspan="2" >
<widget class="QCheckBox" name="ignoreServiceURLCB" >
<property name="text" >
<string>Ignore service URL of certificates</string>
</property>
</widget>
</item>
<item row="1" column="1" >
- <widget class="KleopatraClientCopy::Gui::CertificateRequester" native="1" name="OCSPResponderSignature" >
- <property name="whatsThis" >
- <string>Choose here the certificate with which the OCSP server signs its replies.</string>
- </property>
- </widget>
+ <layout class="QHBoxLayout">
+ <item>
+ <widget class="QLabel" native="1" name="OCSPResponderSignature" >
+ <property name="whatsThis" >
+ <string>Choose here the certificate with which the OCSP server signs its replies.</string>
+ </property>
+ </widget>
+ </item>
+ <item>
+ <widget class="QPushButton" name="ocspSelectButton" >
+ <property name="text" >
+ <string>Change Certificate…</string>
+ </property>
+ </widget>
+ </item>
+ </layout>
</item>
</layout>
</widget>
</item>
<item>
<widget class="QCheckBox" name="doNotCheckCertPolicyCB" >
<property name="whatsThis" >
<string>By default, GnuPG uses the file ~/.gnupg/policies.txt to check if a certificate policy is allowed. If this option is selected, policies are not checked.</string>
</property>
<property name="text" >
<string>Do not check certificate policies</string>
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="neverConsultCB" >
<property name="whatsThis" >
<string>If this option is checked, Certificate Revocation Lists are never used to validate S/MIME certificates.</string>
</property>
<property name="text" >
<string>Never consult a CRL</string>
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="allowMarkTrustedCB" >
<property name="whatsThis" >
<string>If this option is checked while a root CA certificate is being imported, you will be asked to confirm its fingerprint and to state whether or not you consider this root certificate to be trusted. A root certificate needs to be trusted before the certificates it certified become trusted, but lightly allowing trusted root certificates into your certificate store will undermine the security of the system.</string>
</property>
<property name="text" >
<string>Allow to mark root certificates as trusted</string>
</property>
</widget>
</item>
<item>
<widget class="QCheckBox" name="fetchMissingCB" >
<property name="whatsThis" >
<string>If this option is checked, missing issuer certificates are fetched when necessary (this applies to both validation methods, CRLs and OCSP).</string>
</property>
<property name="text" >
<string>Fetch missing issuer certificates</string>
</property>
</widget>
</item>
<item>
<widget class="QTabWidget" name="requestsTabs" >
<widget class="QWidget" name="tabHTTP" >
<attribute name="title" >
<string>&amp;HTTP Requests</string>
</attribute>
<layout class="QGridLayout" >
<item row="0" column="0" colspan="2" >
<widget class="QCheckBox" name="disableHTTPCB" >
<property name="whatsThis" >
<string>Entirely disables the use of HTTP for S/MIME.</string>
</property>
<property name="text" >
<string>Do not perform any HTTP requests</string>
</property>
</widget>
</item>
<item row="1" column="0" colspan="2" >
<widget class="QCheckBox" name="ignoreHTTPDPCB" >
<property name="whatsThis" >
<string>When looking for the location of a CRL, the to-be-tested certificate usually contains what are known as "CRL Distribution Point" (DP) entries, which are URLs describing the way to access the CRL. The first-found DP entry is used. With this option, all entries using the HTTP scheme are ignored when looking for a suitable DP.</string>
</property>
<property name="text" >
<string>Ignore HTTP CRL distribution point of certificates</string>
</property>
</widget>
</item>
<item row="2" column="0" >
<widget class="QRadioButton" name="honorHTTPProxyRB" >
<property name="whatsThis" >
<string>If this option is selected, the value of the HTTP proxy shown on the right (which comes from the environment variable http_proxy) will be used for any HTTP request.</string>
</property>
<property name="text" >
<string>Use system HTTP proxy:</string>
</property>
</widget>
</item>
<item row="2" column="1" >
<widget class="QLabel" name="systemHTTPProxy" >
<property name="text" >
<string>no proxy</string>
</property>
<property name="wordWrap" >
<bool>false</bool>
</property>
</widget>
</item>
<item row="3" column="0" >
<widget class="QRadioButton" name="useCustomHTTPProxyRB" >
<property name="text" >
<string>Use this proxy for HTTP requests: </string>
</property>
</widget>
</item>
<item row="3" column="1" >
<widget class="QLineEdit" name="customHTTPProxy" >
<property name="whatsThis" >
<string>&lt;p&gt;If no system proxy is set, or you need to use a different proxy for GpgSM, you can enter its location here.&lt;/p&gt;&lt;p&gt;It will be used for all HTTP requests relating to S/MIME.&lt;/p&gt;&lt;p&gt;The syntax is host:port, for instance myproxy.nowhere.com:3128.&lt;/p&gt;</string>
</property>
</widget>
</item>
<item row="4" column="0" colspan="2" >
<spacer>
<property name="orientation" >
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0" >
<size>
<width>320</width>
<height>16</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
<widget class="QWidget" name="tabLDAP" >
<attribute name="title" >
<string>&amp;LDAP Requests</string>
</attribute>
<layout class="QGridLayout" >
<item row="0" column="0" colspan="2" >
<widget class="QCheckBox" name="disableLDAPCB" >
<property name="whatsThis" >
<string>Entirely disables the use of LDAP for S/MIME.</string>
</property>
<property name="text" >
<string>Do not perform any LDAP requests</string>
</property>
</widget>
</item>
<item row="1" column="0" colspan="2" >
<widget class="QCheckBox" name="ignoreLDAPDPCB" >
<property name="whatsThis" >
<string>When looking for the location of a CRL, the to-be-tested certificate usually contains what are known as "CRL Distribution Point" (DP) entries, which are URLs describing the way to access the CRL. The first found DP entry is used. With this option, all entries using the LDAP scheme are ignored when looking for a suitable DP.</string>
</property>
<property name="text" >
<string>Ignore LDAP CRL distribution point of certificates</string>
</property>
</widget>
</item>
<item row="2" column="0" >
<widget class="QLabel" name="customLDAPLabel" >
<property name="text" >
<string>Primary host for LDAP requests:</string>
</property>
<property name="wordWrap" >
<bool>false</bool>
</property>
</widget>
</item>
<item row="2" column="1" >
<widget class="QLineEdit" name="customLDAPProxy" >
<property name="whatsThis" >
<string>Entering an LDAP server here will make all LDAP requests go to that server first. More precisely, this setting overrides any specified host and port part in a LDAP URL and will also be used if host and port have been omitted from the URL. Other LDAP servers will be used only if the connection to the "proxy" failed.
The syntax is "HOST" or "HOST:PORT". If PORT is omitted, port 389 (standard LDAP port) is used.</string>
</property>
</widget>
</item>
<item row="3" column="0" colspan="2" >
<spacer>
<property name="orientation" >
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0" >
<size>
<width>320</width>
<height>16</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
</widget>
</item>
</layout>
</widget>
- <customwidgets>
- <customwidget>
- <class>KleopatraClientCopy::Gui::CertificateRequester</class>
- <extends>QWidget</extends>
- <header>libkleopatraclient/gui/certificaterequester.h</header>
- <container>1</container>
- </customwidget>
- </customwidgets>
<includes>
<include location="local" >libkleo/keyrequester.h</include>
</includes>
<resources/>
<connections>
<connection>
<sender>OCSPCB</sender>
<signal>toggled(bool)</signal>
<receiver>OCSPGroupBox</receiver>
<slot>setEnabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>20</x>
<y>20</y>
</hint>
<hint type="destinationlabel" >
<x>29</x>
<y>99</y>
</hint>
</hints>
</connection>
<connection>
<sender>useCustomHTTPProxyRB</sender>
<signal>toggled(bool)</signal>
<receiver>customHTTPProxy</receiver>
<slot>setEnabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>44</x>
<y>542</y>
</hint>
<hint type="destinationlabel" >
<x>481</x>
<y>542</y>
</hint>
</hints>
</connection>
<connection>
<sender>disableLDAPCB</sender>
<signal>toggled(bool)</signal>
<receiver>ignoreLDAPDPCB</receiver>
<slot>setDisabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>190</x>
<y>440</y>
</hint>
<hint type="destinationlabel" >
<x>188</x>
<y>471</y>
</hint>
</hints>
</connection>
<connection>
<sender>disableLDAPCB</sender>
<signal>toggled(bool)</signal>
<receiver>customLDAPLabel</receiver>
<slot>setDisabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>136</x>
<y>440</y>
</hint>
<hint type="destinationlabel" >
<x>146</x>
<y>508</y>
</hint>
</hints>
</connection>
<connection>
<sender>disableLDAPCB</sender>
<signal>toggled(bool)</signal>
<receiver>customLDAPProxy</receiver>
<slot>setDisabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>328</x>
<y>440</y>
</hint>
<hint type="destinationlabel" >
<x>481</x>
<y>508</y>
</hint>
</hints>
</connection>
<connection>
<sender>disableHTTPCB</sender>
<signal>toggled(bool)</signal>
<receiver>ignoreHTTPDPCB</receiver>
<slot>setDisabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>338</x>
<y>440</y>
</hint>
<hint type="destinationlabel" >
<x>338</x>
<y>471</y>
</hint>
</hints>
</connection>
<connection>
<sender>disableHTTPCB</sender>
<signal>toggled(bool)</signal>
<receiver>honorHTTPProxyRB</receiver>
<slot>setDisabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>116</x>
<y>440</y>
</hint>
<hint type="destinationlabel" >
<x>126</x>
<y>507</y>
</hint>
</hints>
</connection>
<connection>
<sender>disableHTTPCB</sender>
<signal>toggled(bool)</signal>
<receiver>useCustomHTTPProxyRB</receiver>
<slot>setDisabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>92</x>
<y>440</y>
</hint>
<hint type="destinationlabel" >
<x>98</x>
<y>542</y>
</hint>
</hints>
</connection>
<connection>
<sender>intervalRefreshCB</sender>
<signal>toggled(bool)</signal>
<receiver>intervalRefreshSB</receiver>
<slot>setEnabled(bool)</slot>
<hints>
<hint type="sourcelabel" >
<x>282</x>
<y>243</y>
</hint>
<hint type="destinationlabel" >
<x>334</x>
<y>245</y>
</hint>
</hints>
</connection>
</connections>
</ui>

File Metadata

Mime Type
text/x-diff
Expires
Sun, Feb 23, 7:09 PM (8 m, 27 s)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
2d/a2/0bc5175aa43f822e159d1ea56932

Event Timeline