From c33b2a86d47a536b20bce8cb15ee5c23dd9eaec7 Mon Sep 17 00:00:00 2001
From: Jameson Rollins <jrollins@finestructure.net>
Date: Mon, 8 Mar 2010 23:36:45 -0500
Subject: fix my email address

---
 src/share/ma/list_certifiers | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/share')

diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers
index 38a3222..789eb9d 100644
--- a/src/share/ma/list_certifiers
+++ b/src/share/ma/list_certifiers
@@ -4,7 +4,7 @@
 # Monkeysphere authentication list-certifiers subcommand
 #
 # The monkeysphere scripts are written by:
-# Jameson Rollins <jrollins@fifthhorseman.net>
+# Jameson Rollins <jrollins@finestructure.net>
 # Jamie McClelland <jm@mayfirst.org>
 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 #
-- 
cgit v1.2.3


From 24da4d0207c8d3c7586871dac3eea9d2a0b864c3 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 03:06:32 -0400
Subject: enable use of hkps (closes: MS #1749)

---
 man/man8/monkeysphere-authentication.8 | 5 +++++
 src/share/ma/setup                     | 1 +
 2 files changed, 6 insertions(+)

(limited to 'src/share')

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 8732157..ea9debd 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -177,6 +177,11 @@ false may expose users to abuse by other users on the system. (true)
 /etc/monkeysphere/monkeysphere\-authentication.conf
 System monkeysphere-authentication config file.
 .TP
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+If monkeysphere-authentication is configured to query an hkps
+keyserver, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+.TP
 /var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
 .TP
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 6c75fef..f965487 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -43,6 +43,7 @@ EOF
 # Edits will be overwritten.
 no-greeting
 list-options show-uid-validity
+keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt
 EOF
 
     # make sure the monkeysphere user owns everything in the sphere
-- 
cgit v1.2.3


From dc52882f7ecf895377bfbf65833c6a699be4ab28 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Mar 2010 09:50:57 -0400
Subject: warn if keyserver query fails (Closes: MS #1750)

---
 src/share/common | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/share')

diff --git a/src/share/common b/src/share/common
index 37f5305..cabc378 100644
--- a/src/share/common
+++ b/src/share/common
@@ -581,6 +581,10 @@ gpg_fetch_userid() {
 	--search ="$userID" &>/dev/null
     returnCode="$?"
 
+    if [ "$returnCode" != 0 ] ; then
+        log error "Failure ($returnCode) searching keyserver $KEYSERVER for user id '$userID'"
+    fi
+
     return "$returnCode"
 }
 
-- 
cgit v1.2.3