mirror of https://gitee.com/openkylin/gnupg2.git
2408 lines
78 KiB
Plaintext
2408 lines
78 KiB
Plaintext
2011-12-01 Werner Koch <wk@g10code.com>
|
|
|
|
NB: ChangeLog files are no longer manually maintained. Starting
|
|
on December 1st, 2011 we put change information only in the GIT
|
|
commit log, and generate a top-level ChangeLog file from logs at
|
|
"make dist". See doc/HACKING for details.
|
|
|
|
2011-11-24 Werner Koch <wk@g10code.com>
|
|
|
|
* ks-engine-http.c (ks_http_help): Do not print help for hkp.
|
|
* ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
|
|
(send_request): Remove test code.
|
|
(map_host): Use xtrymalloc.
|
|
|
|
* certcache.c (classify_pattern): Remove unused variable and make
|
|
explicit substring search work.
|
|
|
|
2011-06-01 Marcus Brinkmann <mb@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_ldap_CFLAGS): Add $(LIBGCRYPT_CFLAGS),
|
|
which is needed by common/util.h.
|
|
|
|
2011-04-25 Werner Koch <wk@g10code.com>
|
|
|
|
* ks-engine-hkp.c (ks_hkp_search): Mark classify_user_id for use
|
|
with OpenPGP.
|
|
(ks_hkp_get): Ditto.
|
|
|
|
2011-04-12 Werner Koch <wk@g10code.com>
|
|
|
|
* ks-engine-hkp.c (ks_hkp_search, ks_hkp_get, ks_hkp_put): Factor
|
|
code out to ..
|
|
(make_host_part): new.
|
|
(hostinfo_s): New.
|
|
(create_new_hostinfo, find_hostinfo, sort_hostpool)
|
|
(select_random_host, map_host, mark_host_dead)
|
|
(ks_hkp_print_hosttable): New.
|
|
|
|
2011-02-23 Werner Koch <wk@g10code.com>
|
|
|
|
* certcache.c (get_cert_bysubject): Take care of a NULL argument.
|
|
(find_cert_bysubject): Ditto. Fixes bug#1300.
|
|
|
|
2011-02-09 Werner Koch <wk@g10code.com>
|
|
|
|
* ks-engine-kdns.c: New but only the framework.
|
|
|
|
* server.c (cmd_keyserver): Add option --help.
|
|
(dirmngr_status_help): New.
|
|
* ks-action.c (ks_print_help): New.
|
|
(ks_action_help): New.
|
|
* ks-engine-finger.c (ks_finger_help): New.
|
|
* ks-engine-http.c (ks_http_help): New.
|
|
* ks-engine-hkp.c (ks_hkp_help): New.
|
|
|
|
* ks-action.c (ks_action_fetch): Support http URLs.
|
|
* ks-engine-http.c: New.
|
|
|
|
* ks-engine-finger.c (ks_finger_get): Rename to ks_finger_fetch.
|
|
Change caller.
|
|
|
|
2011-02-08 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (cmd_ks_fetch): New.
|
|
* ks-action.c (ks_action_fetch): New.
|
|
* ks-engine-finger.c: New.
|
|
|
|
2011-02-03 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_LDADD): Remove -llber.
|
|
|
|
2011-01-25 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (handle_connections): Rewrite loop to use pth-select
|
|
so to sync timeouts to the full second.
|
|
(pth_thread_id): New.
|
|
(main) [W32CE]: Fix setting of default homedir.
|
|
|
|
* ldap-wrapper.c (ldap_wrapper_thread): Sync to the full second.
|
|
Increate pth_wait timeout from 1 to 2 seconds.
|
|
|
|
2011-01-20 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (release_ctrl_keyservers): New.
|
|
(cmd_keyserver, cmd_ks_seach, cmd_ks_get, cmd_ks_put): New.
|
|
* dirmngr.h (uri_item_t): New.
|
|
(struct server_control_s): Add field KEYSERVERS.
|
|
* ks-engine-hkp.c: New.
|
|
* ks-engine.h: New.
|
|
* ks-action.c, ks-action.h: New.
|
|
* server.c: Include ks-action.h.
|
|
(cmd_ks_search): New.
|
|
* Makefile.am (dirmngr_SOURCES): Add new files.
|
|
|
|
2011-01-19 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (main): Use es_printf for --gpgconf-list.
|
|
|
|
2010-12-14 Werner Koch <wk@g10code.com>
|
|
|
|
* cdb.h (struct cdb) [W32]: Add field CDB_MAPPING.
|
|
* cdblib.c (cdb_init) [W32]: Save mapping handle.
|
|
(cdb_free) [W32]: Don't leak the mapping handle from cdb_init by
|
|
using the saved one.
|
|
|
|
* crlcache.c (crl_cache_insert): Close unused matching files.
|
|
|
|
* dirmngr.c (main) [W32CE]: Change homedir in daemon mode to /gnupg.
|
|
|
|
2010-12-07 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (TIMERTICK_INTERVAL) [W32CE]: Change to 60s.
|
|
|
|
2010-11-23 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_LDFLAGS): Add extra_bin_ldflags.
|
|
(dirmngr_client_LDFLAGS): Ditto.
|
|
|
|
2010-10-21 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (main): Changed faked system time warning
|
|
|
|
2010-10-15 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (CLEANFILES): Add no-libgcrypt.c.
|
|
|
|
2010-09-16 Werner Koch <wk@g10code.com>
|
|
|
|
* validate.c (validate_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
|
|
|
|
2010-08-13 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_SOURCES): Add w32-ldap-help.h.
|
|
|
|
* dirmngr_ldap.c (fetch_ldap): Call ldap_unbind.
|
|
|
|
* w32-ldap-help.h: New.
|
|
* dirmngr_ldap.c [W32CE]: Include w32-ldap-help.h and use the
|
|
mapped ldap functions.
|
|
|
|
2010-08-12 Werner Koch <wk@g10code.com>
|
|
|
|
* crlcache.c (update_dir, crl_cache_insert): s/unlink/gnupg_remove/.
|
|
|
|
* dirmngr.c (dirmngr_sighup_action): New.
|
|
|
|
* server.c (cmd_killdirmngr, cmd_reloaddirmngr): New.
|
|
(struct server_local_s): Add field STOPME.
|
|
(start_command_handler): Act on STOPME.
|
|
|
|
2010-08-06 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro.
|
|
(main): Use SUN_LEN macro.
|
|
(main) [W32]: Allow EEXIST in addition to EADDRINUSE.
|
|
|
|
2010-08-05 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (set_error, leave_cmd): New.
|
|
(cmd_validate, cmd_ldapserver, cmd_isvalid, cmd_checkcrl)
|
|
(cmd_checkocsp, cmd_lookup, cmd_listcrls, cmd_cachecert): Use
|
|
leave_cmd.
|
|
(cmd_getinfo): New.
|
|
(data_line_cookie_write, data_line_cookie_close): New.
|
|
(cmd_listcrls): Replace assuan_get_data_fp by es_fopencookie.
|
|
|
|
* misc.c (create_estream_ksba_reader, my_estream_ksba_reader_cb): New.
|
|
* certcache.c (load_certs_from_dir): Use create_estream_ksba_reader.
|
|
* crlcache.c (crl_cache_load): Ditto.
|
|
|
|
2010-08-03 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr_ldap.c (pth_enter, pth_leave) [USE_LDAPWRAPPER]: Turn
|
|
into functions for use in a 'for' control stmt.
|
|
|
|
2010-07-26 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr_ldap.c (print_ldap_entries): Remove special fwrite case
|
|
for W32 because that is now handles by estream.
|
|
|
|
2010-07-25 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_SOURCES) [!USE_LDAPWRAPPER]: Build
|
|
ldap-wrapper-ce.
|
|
* ldap-wrapper-ce.c: New.
|
|
|
|
* dirmngr_ldap.c (opt): Remove global variable ...
|
|
(my_opt_t): ... and declare a type instead.
|
|
(main): Define a MY_OPT variable and change all references to OPT
|
|
to this.
|
|
(set_timeout, print_ldap_entries, fetch_ldap, process_url): Pass
|
|
MYOPT arg.
|
|
|
|
2010-07-24 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr_ldap.c (main): Init common subsystems. Call
|
|
es_set_binary.
|
|
|
|
2010-07-19 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c: Include ldap-wrapper.h.
|
|
(launch_reaper_thread): Move code to ...
|
|
* ldap-wrapper.c (ldap_wrapper_launch_thread): .. here. Change
|
|
callers.
|
|
(ldap_wrapper_thread): Rename to ...
|
|
(wrapper_thread): this and make local.
|
|
|
|
* ldap.c (destroy_wrapper, print_log_line)
|
|
(read_log_data, ldap_wrapper_thread)
|
|
(ldap_wrapper_wait_connections, ldap_wrapper_release_context)
|
|
(ldap_wrapper_connection_cleanup, reader_callback, ldap_wrapper):
|
|
Factor code out to ...
|
|
* ldap-wrapper.c: new.
|
|
(ldap_wrapper): Make public.
|
|
(read_buffer): Copy from ldap.c.
|
|
* ldap-wrapper.h: New.
|
|
* Makefile.am (dirmngr_SOURCES): Add new files.
|
|
|
|
2010-07-16 Werner Koch <wk@g10code.com>
|
|
|
|
* http.c, http.h: Remove.
|
|
|
|
* dirmngr-err.h: New.
|
|
* dirmngr.h: Include dirmngr-err.h instead of gpg-error.h
|
|
|
|
* cdblib.c: Replace assignments to ERRNO by a call to
|
|
gpg_err_set_errno. Include dirmngr-err.h.
|
|
(cdb_free) [__MINGW32CE__]: Do not use get_osfhandle.
|
|
|
|
* dirmngr.c [!HAVE_SIGNAL_H]: Don't include signal.h.
|
|
(USE_W32_SERVICE): New. Use this to control the use of the W32
|
|
service system.
|
|
|
|
2010-07-06 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (main): Print note on directory name changes.
|
|
|
|
Replace almost all uses of stdio by estream.
|
|
|
|
* b64dec.c, b64enc.c: Remove. They are duplicated in ../common/.
|
|
|
|
2010-06-28 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr_ldap.c (my_i18n_init): Remove.
|
|
(main): Call i18n_init instead of above function.
|
|
|
|
* dirmngr-client.c (my_i18n_init): Remove.
|
|
(main): Call i18n_init instead of above function.
|
|
|
|
* Makefile.am (dirmngr_LDADD): Add ../gl/libgnu.
|
|
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
|
|
|
|
2010-06-09 Werner Koch <wk@g10code.com>
|
|
|
|
* i18n.h: Remove.
|
|
|
|
* Makefile.am (no-libgcrypt.c): New rule.
|
|
|
|
* exechelp.h: Remove.
|
|
* exechelp.c: Remove.
|
|
(dirmngr_release_process): Change callers to use the gnupg func.
|
|
(dirmngr_wait_process): Likewise.
|
|
(dirmngr_kill_process): Likewise. This actually implements it for
|
|
W32.
|
|
* ldap.c (ldap_wrapper): s/get_dirmngr_ldap_path/gnupg_module_name/.
|
|
(ldap_wrapper_thread): Use gnupg_wait_process and adjust for
|
|
changed semantics.
|
|
(ldap_wrapper): Replace xcalloc by xtrycalloc. Replace spawn
|
|
mechanism.
|
|
|
|
* server.c (start_command_handler): Remove assuan_set_log_stream.
|
|
|
|
* validate.c: Remove gcrypt.h and ksba.h.
|
|
|
|
* ldapserver.c: s/util.h/dirmngr.h/.
|
|
|
|
* dirmngr.c (sleep) [W32]: Remove macro.
|
|
(main): s/sleep/gnupg_sleep/.
|
|
(pid_suffix_callback): Change arg type.
|
|
(my_gcry_logger): Remove.
|
|
(fixed_gcry_pth_init): New.
|
|
(main): Use it.
|
|
(FD2INT): Remove.
|
|
|
|
2010-06-08 Werner Koch <wk@g10code.com>
|
|
|
|
* misc.h (copy_time): Remove and replace by gnupg_copy_time which
|
|
allows to set a null date.
|
|
* misc.c (dump_isotime, get_time, get_isotime, set_time)
|
|
(check_isotime, add_isotime): Remove and replace all calls by the
|
|
versions from common/gettime.c.
|
|
|
|
* crlcache.c, misc.c, misc.h: s/dirmngr_isotime_t/gnupg_isotime_t/.
|
|
* server.c, ldap.c: Reorder include directives.
|
|
* crlcache.h, misc.h: Remove all include directives.
|
|
|
|
* certcache.c (cmp_simple_canon_sexp): Remove.
|
|
(compare_serialno): Rewrite using cmp_simple_canon_sexp from
|
|
common/sexputil.c
|
|
|
|
* error.h: Remove.
|
|
|
|
* dirmngr.c: Remove transitional option "--ignore-ocsp-servic-url".
|
|
(opts): Use ARGPARSE macros.
|
|
(i18n_init): Remove.
|
|
(main): Use GnuPG init functions.
|
|
|
|
* dirmngr.h: Remove duplicated stuff now taken from ../common.
|
|
|
|
* get-path.c, util.h: Remove.
|
|
|
|
* Makefile.am: Adjust to GnuPG system.
|
|
* estream.c, estream.h, estream-printf.c, estream-printf.h: Remove.
|
|
|
|
2010-06-07 Werner Koch <wk@g10code.com>
|
|
|
|
* OAUTHORS, ONEWS, ChangeLog.1: New.
|
|
|
|
* ChangeLog, Makefile.am, b64dec.c, b64enc.c, cdb.h, cdblib.c
|
|
* certcache.c, certcache.h, crlcache.c, crlcache.h, crlfetch.c
|
|
* crlfetch.h, dirmngr-client.c, dirmngr.c, dirmngr.h
|
|
* dirmngr_ldap.c, error.h, estream-printf.c, estream-printf.h
|
|
* estream.c, estream.h, exechelp.c, exechelp.h, get-path.c, http.c
|
|
* http.h, i18n.h, ldap-url.c, ldap-url.h, ldap.c, ldapserver.c
|
|
* ldapserver.h, misc.c, misc.h, ocsp.c, ocsp.h, server.c, util.h
|
|
* validate.c, validate.h: Imported from the current SVN of the
|
|
dirmngr package (only src/).
|
|
|
|
2010-03-13 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (int_and_ptr_u): New.
|
|
(pid_suffix_callback): Trick out compiler.
|
|
(start_connection_thread): Ditto.
|
|
(handle_connections): Ditto.
|
|
|
|
2010-03-09 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (set_debug): Allow numerical values.
|
|
|
|
2009-12-15 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c: Add option --ignore-cert-extension.
|
|
(parse_rereadable_options): Implement.
|
|
* dirmngr.h (opt): Add IGNORED_CERT_EXTENSIONS.
|
|
* validate.c (unknown_criticals): Handle ignored extensions.
|
|
|
|
2009-12-08 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds.
|
|
|
|
2009-11-25 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* server.c (start_command_handler): Use assuan_fd_t and
|
|
assuan_fdopen on fds.
|
|
|
|
2009-11-05 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* server.c (start_command_handler): Update use of
|
|
assuan_init_socket_server.
|
|
* dirmngr-client.c (start_dirmngr): Update use of
|
|
assuan_pipe_connect and assuan_socket_connect.
|
|
|
|
2009-11-04 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (register_commands): Add help arg to
|
|
assuan_register_command. Change all command comments to strings.
|
|
|
|
2009-11-02 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* server.c (reset_notify): Take LINE argument, return gpg_error_t.
|
|
|
|
2009-10-16 Marcus Brinkmann <marcus@g10code.com>
|
|
|
|
* Makefile.am: (dirmngr_LDADD): Link to $(LIBASSUAN_LIBS) instead
|
|
of $(LIBASSUAN_PTH_LIBS).
|
|
* dirmngr.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
|
|
(main): Call assuan_set_system_hooks and assuan_sock_init.
|
|
|
|
2009-09-22 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* dirmngr.c (main): Update to new Assuan interface.
|
|
* server.c (option_handler, cmd_ldapserver, cmd_isvalid)
|
|
(cmd_checkcrl, cmd_checkocsp, cmd_lookup, cmd_loadcrl)
|
|
(cmd_listcrls, cmd_cachecert, cmd_validate): Return gpg_error_t
|
|
instead int.
|
|
(register_commands): Likewise for member HANDLER.
|
|
(start_command_handler): Allocate context with assuan_new before
|
|
starting server. Release on error.
|
|
* dirmngr-client.c (main): Update to new Assuan interface.
|
|
(start_dirmngr): Allocate context with assuan_new before
|
|
connecting to server. Release on error.
|
|
|
|
2009-08-12 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr-client.c (squid_loop_body): Flush stdout. Suggested by
|
|
Philip Shin.
|
|
|
|
2009-08-07 Werner Koch <wk@g10code.com>
|
|
|
|
* crlfetch.c (my_es_read): Add explicit check for EOF.
|
|
|
|
* http.c (struct http_context_s): Turn IN_DATA and IS_HTTP_0_9 to
|
|
bit fields.
|
|
(struct cookie_s): Add CONTENT_LENGTH_VALID and CONTENT_LENGTH.
|
|
(parse_response): Parse the Content-Length header.
|
|
(cookie_read): Handle content length.
|
|
(http_open): Make NEED_HEADER the semi-default.
|
|
|
|
* http.h (HTTP_FLAG_IGNORE_CL): New.
|
|
|
|
2009-08-04 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (ldap_wrapper_thread): Factor some code out to ...
|
|
(read_log_data): ... new. Close the log fd on error.
|
|
(ldap_wrapper_thread): Delay cleanup until the log fd is closed.
|
|
(SAFE_PTH_CLOSE): New. Use it instead of pth_close.
|
|
|
|
2009-07-31 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (cmd_loadcrl): Add option --url.
|
|
* dirmngr-client.c (do_loadcrl): Make use of --url.
|
|
|
|
* crlfetch.c (crl_fetch): Remove HTTP_FLAG_NO_SHUTDOWN. Add
|
|
flag HTTP_FLAG_LOG_RESP with active DBG_LOOKUP.
|
|
|
|
* http.c: Require estream. Remove P_ES macro.
|
|
(write_server): Remove.
|
|
(my_read_line): Remove. Replace all callers by es_read_line.
|
|
(send_request): Use es_asprintf. Always store the cookie.
|
|
(http_wait_response): Remove the need to dup the socket. USe new
|
|
shutdown flag.
|
|
* http.h (HTTP_FLAG_NO_SHUTDOWN): Rename to HTTP_FLAG_SHUTDOWN.
|
|
|
|
* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
|
|
from current libestream. This is provide es_asprintf.
|
|
|
|
2009-07-20 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (pid_suffix_callback): New.
|
|
(main): Use log_set_pid_suffix_cb.
|
|
(start_connection_thread): Put the fd into the tls.
|
|
|
|
* ldap.c (ldap_wrapper_thread): Print ldap worker stati.
|
|
(ldap_wrapper_release_context): Print a debug info.
|
|
(end_cert_fetch_ldap): Release the reader. Might fix bug#999.
|
|
|
|
2009-06-17 Werner Koch <wk@g10code.com>
|
|
|
|
* util.h: Remove unused dotlock.h.
|
|
|
|
2009-05-26 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (ldap_wrapper): Show reader object in diagnostics.
|
|
* crlcache.c (crl_cache_reload_crl): Ditto. Change debug messages
|
|
to regular diagnostics.
|
|
* dirmngr_ldap.c (print_ldap_entries): Add extra diagnostics.
|
|
|
|
2009-04-03 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.h (struct server_local_s): Move back to ...
|
|
* server.c (struct server_local_s): ... here.
|
|
(get_ldapservers_from_ctrl): New.
|
|
* ldapserver.h (ldapserver_iter_begin): Use it.
|
|
|
|
2008-10-29 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* estream.c (es_getline): Add explicit cast to silence gcc -W
|
|
warning.
|
|
* crlcache.c (finish_sig_check): Likewise.
|
|
|
|
* dirmngr.c (opts): Add missing initializer to silence gcc
|
|
-W warning.
|
|
* server.c (register_commands): Likewise.
|
|
* dirmngr-client.c (opts): Likewise.
|
|
* dirmngr_ldap.c (opts): Likewise.
|
|
|
|
* dirmngr-client.c (status_cb, inq_cert, data_cb): Change return
|
|
type to gpg_error_t to silence gcc warning.
|
|
|
|
2008-10-21 Werner Koch <wk@g10code.com>
|
|
|
|
* certcache.c (load_certs_from_dir): Accept ".der" files.
|
|
|
|
* server.c (get_istrusted_from_client): New.
|
|
* validate.c (validate_cert_chain): Add new optional arg
|
|
R_TRUST_ANCHOR. Adjust all callers
|
|
* crlcache.c (crl_cache_entry_s): Add fields USER_TRUST_REQ
|
|
and CHECK_TRUST_ANCHOR.
|
|
(release_one_cache_entry): Release CHECK_TRUST_ANCHOR.
|
|
(list_one_crl_entry): Print info about the new fields.
|
|
(open_dir, write_dir_line_crl): Support the new U-flag.
|
|
(crl_parse_insert): Add arg R_TRUST_ANCHOR and set it accordingly.
|
|
(crl_cache_insert): Store trust anchor in entry object.
|
|
(cache_isvalid): Ask client for trust is needed.
|
|
|
|
* crlcache.c (open_dir): Replace xcalloc by xtrycalloc.
|
|
(next_line_from_file): Ditt. Add arg to return the gpg error.
|
|
Change all callers.
|
|
(update_dir): Replace sprintf and malloc by estream_asprintf.
|
|
(crl_cache_insert): Ditto.
|
|
(crl_cache_isvalid): Replace xmalloc by xtrymalloc.
|
|
(get_auth_key_id): Ditto.
|
|
(crl_cache_insert): Ditto.
|
|
|
|
* crlcache.c (start_sig_check): Remove HAVE_GCRY_MD_DEBUG test.
|
|
* validate.c (check_cert_sig): Ditto. Remove workaround for bug
|
|
in libgcrypt 1.2.
|
|
|
|
* estream.c, estream.h, estream-printf.c, estream-printf.h: Update
|
|
from current libestream (svn rev 61).
|
|
|
|
2008-09-30 Marcus Brinkmann <marcus@g10code.com>
|
|
|
|
* get-path.c (get_dirmngr_ldap_path): Revert last change.
|
|
Instead, use dirmngr_libexecdir().
|
|
(find_program_at_standard_place): Don't define for now.
|
|
|
|
2008-09-30 Marcus Brinkmann <marcus@g10code.com>
|
|
|
|
* get-path.c (dirmngr_cachedir): Make COMP a pointer to const to
|
|
silence gcc warning.
|
|
(get_dirmngr_ldap_path): Look for dirmngr_ldap in the installation
|
|
directory.
|
|
|
|
2008-08-06 Marcus Brinkmann <marcus@g10code.com>
|
|
|
|
* dirmngr.c (main): Mark the ldapserverlist-file option as
|
|
read-only.
|
|
|
|
2008-07-31 Werner Koch <wk@g10code.com>
|
|
|
|
* crlcache.c (start_sig_check) [!HAVE_GCRY_MD_DEBUG]: Use
|
|
gcry_md_start_debug
|
|
|
|
2008-06-16 Werner Koch <wk@g10code.com>
|
|
|
|
* get-path.c (w32_commondir): New.
|
|
(dirmngr_sysconfdir): Use it here.
|
|
(dirmngr_datadir): Ditto.
|
|
|
|
2008-06-12 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* Makefile.am (dirmngr_SOURCES): Add ldapserver.h and ldapserver.c.
|
|
* ldapserver.h, ldapserver.c: New files.
|
|
* ldap.c: Include "ldapserver.h".
|
|
(url_fetch_ldap): Use iterator to get session servers as well.
|
|
(attr_fetch_ldap, start_default_fetch_ldap): Likewise.
|
|
* dirmngr.c: Include "ldapserver.h".
|
|
(free_ldapservers_list): Removed. Change callers to
|
|
ldapserver_list_free.
|
|
(parse_ldapserver_file): Use ldapserver_parse_one.
|
|
* server.c: Include "ldapserver.h".
|
|
(cmd_ldapserver): New command.
|
|
(register_commands): Add new command LDAPSERVER.
|
|
(reset_notify): New function.
|
|
(start_command_handler): Register reset notify handler.
|
|
Deallocate session server list.
|
|
(lookup_cert_by_pattern): Use iterator to get session servers as well.
|
|
(struct server_local_s): Move to ...
|
|
* dirmngr.h (struct server_local_s): ... here. Add new member
|
|
ldapservers.
|
|
|
|
2008-06-10 Werner Koch <wk@g10code.com>
|
|
|
|
Support PEM encoded CRLs. Fixes bug#927.
|
|
|
|
* crlfetch.c (struct reader_cb_context_s): New.
|
|
(struct file_reader_map_s): Replace FP by new context.
|
|
(register_file_reader, get_file_reader): Adjust accordingly.
|
|
(my_es_read): Detect Base64 encoded CRL and decode if needed.
|
|
(crl_fetch): Pass new context to the callback.
|
|
(crl_close_reader): Cleanup the new context.
|
|
* b64dec.c: New. Taken from GnuPG.
|
|
* util.h (struct b64state): Add new fields STOP_SEEN and
|
|
INVALID_ENCODING.
|
|
|
|
2008-05-26 Marcus Brinkmann <marcus@g10code.com>
|
|
|
|
* dirmngr.c (main) [HAVE_W32_SYSTEM]: Switch to system
|
|
configuration on gpgconf related commands, and make all options
|
|
unchangeable.
|
|
|
|
2008-03-25 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* dirmngr_ldap.c (print_ldap_entries): Add code alternative for
|
|
W32 console stdout (unused at this point).
|
|
|
|
2008-03-21 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* estream.c (ESTREAM_MUTEX_DESTROY): New macro.
|
|
(es_create, es_destroy): Use it.
|
|
|
|
2008-02-21 Werner Koch <wk@g10code.com>
|
|
|
|
* validate.c (check_cert_sig) [HAVE_GCRY_MD_DEBUG]: Use new debug
|
|
function if available.
|
|
|
|
* crlcache.c (abort_sig_check): Mark unused arg.
|
|
|
|
* exechelp.c (dirmngr_release_process) [!W32]: Mark unsed arg.
|
|
|
|
* validate.c (is_root_cert): New. Taken from GnuPG.
|
|
(validate_cert_chain): Use it in place of the simple DN compare.
|
|
|
|
2008-02-15 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* dirmngr.c (main): Reinitialize assuan log stream if necessary.
|
|
|
|
* crlcache.c (update_dir) [HAVE_W32_SYSTEM]: Remove destination
|
|
file before rename.
|
|
(crl_cache_insert) [HAVE_W32_SYSTEM]: Remove destination file
|
|
before rename.
|
|
|
|
2008-02-14 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* validate.c (check_cert_policy): Use ksba_free instead of xfree.
|
|
(validate_cert_chain): Likewise. Free SUBJECT on error.
|
|
(cert_usage_p): Likewise.
|
|
|
|
* crlcache.c (finish_sig_check): Undo last change.
|
|
(finish_sig_check): Close md.
|
|
(abort_sig_check): New function.
|
|
(crl_parse_insert): Use abort_sig_check to clean up.
|
|
|
|
* crlcache.c (crl_cache_insert): Clean up CDB on error.
|
|
|
|
2008-02-13 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* crlcache.c (finish_sig_check): Call gcry_md_stop_debug.
|
|
* exechelp.h (dirmngr_release_process): New prototype.
|
|
* exechelp.c (dirmngr_release_process): New function.
|
|
* ldap.c (ldap_wrapper_thread): Release pid.
|
|
(destroy_wrapper): Likewise.
|
|
|
|
* dirmngr.c (launch_reaper_thread): Destroy tattr.
|
|
(handle_connections): Likewise.
|
|
|
|
2008-02-12 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* ldap.c (pth_close) [! HAVE_W32_SYSTEM]: New macro.
|
|
(struct wrapper_context_s): New member log_ev.
|
|
(destroy_wrapper): Check FDs for != -1 rather than != 0. Use
|
|
pth_close instead of close. Free CTX->log_ev.
|
|
(ldap_wrapper_thread): Rewritten to use pth_wait instead of
|
|
select. Also use pth_read instead of read and pth_close instead
|
|
of close.
|
|
(ldap_wrapper): Initialize CTX->log_ev.
|
|
(reader_callback): Use pth_close instead of close.
|
|
* exechelp.c (create_inheritable_pipe) [HAVE_W32_SYSTEM]: Removed.
|
|
(dirmngr_spawn_process) [HAVE_W32_SYSTEM]: Use pth_pipe instead.
|
|
* dirmngr_ldap.c [HAVE_W32_SYSTEM]: Include <fcntl.h>.
|
|
(main) [HAVE_W32_SYSTEM]: Set mode of stdout to binary.
|
|
|
|
2008-02-01 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c: Remove all ldap headers as they are unused.
|
|
|
|
* dirmngr_ldap.c (LDAP_DEPRECATED): New, to have OpenLDAP use the
|
|
old standard API.
|
|
|
|
2008-01-10 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr-client.c: New option --local.
|
|
(do_lookup): Use it.
|
|
|
|
* server.c (lookup_cert_by_pattern): Implement local lookup.
|
|
(return_one_cert): New.
|
|
* certcache.c (hexsn_to_sexp): New.
|
|
(classify_pattern, get_certs_bypattern): New.
|
|
|
|
* misc.c (unhexify): Allow passing NULL for RESULT.
|
|
(cert_log_subject): Do not call ksba_free on an unused variable.
|
|
|
|
2008-01-02 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* Makefile.am (dirmngr_LDADD, dirmngr_ldap_LDADD)
|
|
(dirmngr_client_LDADD): Add $(LIBICONV). Reported by Michael
|
|
Nottebrock.
|
|
|
|
2007-12-11 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (option_handler): New option audit-events.
|
|
* dirmngr.h (struct server_control_s): Add member AUDIT_EVENTS.
|
|
|
|
2007-11-26 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* get-path.c (dirmngr_cachedir): Create intermediate directories.
|
|
(default_socket_name): Use CSIDL_WINDOWS.
|
|
|
|
2007-11-21 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (lookup_cert_by_pattern): Add args SINGLE and CACHE_ONLY.
|
|
(cmd_lookup): Add options --single and --cache-only.
|
|
|
|
2007-11-16 Werner Koch <wk@g10code.com>
|
|
|
|
* certcache.c (load_certs_from_dir): Also log the subject DN.
|
|
* misc.c (cert_log_subject): New.
|
|
|
|
2007-11-14 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr-client.c: Replace --lookup-url by --url.
|
|
(main): Remove extra code for --lookup-url.
|
|
(do_lookup): Remove LOOKUP_URL arg and use the
|
|
global option OPT.URL.
|
|
|
|
* server.c (has_leading_option): New.
|
|
(cmd_lookup): Use it.
|
|
|
|
* crlfetch.c (fetch_cert_by_url): Use GPG_ERR_INV_CERT_OBJ.
|
|
(fetch_cert_by_url): Use gpg_error_from_syserror.
|
|
|
|
2007-11-14 Moritz <moritz@gnu.org> (wk)
|
|
|
|
* dirmngr-client.c: New command: --lookup-url <URL>.
|
|
(do_lookup): New parameter: lookup_url. If TRUE, include "--url"
|
|
switch in LOOKUP transaction.
|
|
(enum): New entry: oLookupUrl.
|
|
(opts): Likewise.
|
|
(main): Handle oLookupUrl. New variable: cmd_lookup_url, set
|
|
during option parsing, pass to do_lookup() and substitute some
|
|
occurences of "cmd_lookup" with "cmd_lookup OR cmd_lookup_url".
|
|
* crlfetch.c (fetch_cert_by_url): New function, uses
|
|
url_fetch_ldap() to create a reader object and libksba functions
|
|
to read a single cert from that reader.
|
|
* server.c (lookup_cert_by_url, lookup_cert_by_pattern): New
|
|
functions.
|
|
(cmd_lookup): Moved almost complete code ...
|
|
(lookup_cert_by_pattern): ... here.
|
|
(cmd_lookup): Support new optional argument: --url. Depending on
|
|
the presence of that switch, call lookup_cert_by_url() or
|
|
lookup_cert_by_pattern().
|
|
(lookup_cert_by_url): Heavily stripped down version of
|
|
lookup_cert_by_pattern(), using fetch_cert_by_url.
|
|
|
|
2007-10-24 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* exechelp.c (dirmngr_spawn_process): Fix child handles.
|
|
|
|
2007-10-05 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* dirmngr.h: Include assuan.h.
|
|
(start_command_handler): Change type of FD to assuan_fd_t.
|
|
* dirmngr.c: Do not include w32-afunix.h.
|
|
(socket_nonce): New global variable.
|
|
(create_server_socket): Use assuan socket wrappers. Remove W32
|
|
specific stuff. Save the server nonce.
|
|
(check_nonce): New function.
|
|
(start_connection_thread): Call it.
|
|
(handle_connections): Change args to assuan_fd_t.
|
|
* server.c (start_command_handler): Change type of FD to assuan_fd_t.
|
|
|
|
2007-09-12 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* dirmngr.c (main): Percent escape pathnames in --gpgconf-list output.
|
|
|
|
2007-08-27 Moritz Schulte <moritz@g10code.com>
|
|
|
|
* src/Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SOCKETDIR based on
|
|
$(localstatedir).
|
|
* src/get-path.c (default_socket_name): Use DIRMNGR_SOCKETDIR
|
|
instead of hard-coded "/var/run/dirmngr".
|
|
|
|
2007-08-16 Werner Koch <wk@g10code.com>
|
|
|
|
* get-path.c (get_dirmngr_ldap_path): Make PATHNAME const.
|
|
|
|
* dirmngr.c (my_ksba_hash_buffer): Mark unused arg.
|
|
(dirmngr_init_default_ctrl): Ditto.
|
|
(my_gcry_logger): Ditto.
|
|
* dirmngr-client.c (status_cb): Ditto.
|
|
* dirmngr_ldap.c (catch_alarm): Ditto.
|
|
* estream-printf.c (pr_bytes_so_far): Ditto.
|
|
* estream.c (es_func_fd_create): Ditto.
|
|
(es_func_fp_create): Ditto.
|
|
(es_write_hexstring): Ditto.
|
|
* server.c (cmd_listcrls): Ditto.
|
|
(cmd_cachecert): Ditto.
|
|
* crlcache.c (cache_isvalid): Ditto.
|
|
* ocsp.c (do_ocsp_request): Ditto.
|
|
* ldap.c (ldap_wrapper_thread): Ditto.
|
|
* http.c (http_register_tls_callback): Ditto.
|
|
(connect_server): Ditto.
|
|
(write_server) [!HTTP_USE_ESTREAM]: Don't build.
|
|
|
|
2007-08-14 Werner Koch <wk@g10code.com>
|
|
|
|
* get-path.c (dirmngr_cachedir) [W32]: Use CSIDL_LOCAL_APPDATA.
|
|
|
|
2007-08-13 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (handle_connections): Use a timeout in the accept
|
|
function. Block signals while creating a new thread.
|
|
(shutdown_pending): Needs to be volatile as also accessed bt the
|
|
service function.
|
|
(w32_service_control): Do not use the regular log fucntions here.
|
|
(handle_tick): New.
|
|
(main): With system_service in effect use aDaemon as default
|
|
command.
|
|
(main) [W32]: Only temporary redefine main for the sake of Emacs's
|
|
"C-x 4 a".
|
|
|
|
* dirmngr-client.c (main) [W32]: Initialize sockets.
|
|
(start_dirmngr): Use default_socket_name instead of a constant.
|
|
* Makefile.am (dirmngr_client_SOURCES): Add get-path.c
|
|
|
|
2007-08-09 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (parse_ocsp_signer): New.
|
|
(parse_rereadable_options): Set opt.ocsp_signer to this.
|
|
* dirmngr.h (fingerprint_list_t): New.
|
|
* ocsp.c (ocsp_isvalid, check_signature, validate_responder_cert):
|
|
Allow for several default ocscp signers.
|
|
(ocsp_isvalid): Return GPG_ERR_NO_DATA for an unknwon status.
|
|
|
|
* dirmngr-client.c: New option --force-default-responder.
|
|
|
|
* server.c (has_option, skip_options): New.
|
|
(cmd_checkocsp): Add option --force-default-responder.
|
|
(cmd_isvalid): Ditto. Also add option --only-ocsp.
|
|
|
|
* ocsp.c (ocsp_isvalid): New arg FORCE_DEFAULT_RESPONDER.
|
|
|
|
* dirmngr.c: New option --ocsp-max-period.
|
|
* ocsp.c (ocsp_isvalid): Implement it and take care that a missing
|
|
next_update is to be ignored.
|
|
|
|
* crlfetch.c (my_es_read): New. Use it instead of es_read.
|
|
|
|
* estream.h, estream.c, estream-printf.c: Updated from current
|
|
libestream SVN.
|
|
|
|
2007-08-08 Werner Koch <wk@g10code.com>
|
|
|
|
* crlcache.c (crl_parse_insert): Hack to allow for a missing
|
|
nextUpdate.
|
|
|
|
* dirmngr_ldap.c (print_ldap_entries): Strip the extension from
|
|
the want_attr.
|
|
|
|
* exechelp.c (dirmngr_wait_process): Reworked for clear error
|
|
semantics.
|
|
* ldap.c (ldap_wrapper_thread): Adjust for new
|
|
dirmngr_wait_process semantics.
|
|
|
|
2007-08-07 Werner Koch <wk@g10code.com>
|
|
|
|
* get-path.c (default_socket_name) [!W32]: Fixed syntax error.
|
|
|
|
* ldap.c (X509CACERT, make_url, fetch_next_cert_ldap): Support
|
|
x509caCert as used by the Bundesnetzagentur.
|
|
(ldap_wrapper): Do not pass the prgtram name as the first
|
|
argument. dirmngr_spawn_process takes care of that.
|
|
|
|
2007-08-04 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* dirmngr.h (opt): Add member system_service.
|
|
* dirmngr.c (opts) [HAVE_W32_SYSTEM]: New entry for option
|
|
--service.
|
|
(DEFAULT_SOCKET_NAME): Removed.
|
|
(service_handle, service_status,
|
|
w32_service_control) [HAVE_W32_SYSTEM]: New symbols.
|
|
(main) [HAVE_W32_SYSTEM]: New entry point for --service. Rename
|
|
old function to ...
|
|
(real_main) [HAVE_W32_SYSTEM]: ... this. Use default_socket_name
|
|
instead of DEFAULT_SOCKET_NAME, and similar for other paths.
|
|
Allow colons in Windows socket path name, and implement --service
|
|
option.
|
|
* util.h (dirmngr_sysconfdir, dirmngr_libexecdir, dirmngr_datadir,
|
|
dirmngr_cachedir, default_socket_name): New prototypes.
|
|
* get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir)
|
|
(dirmngr_datadir, dirmngr_cachedir, default_socket_name): New
|
|
functions.
|
|
(DIRSEP_C, DIRSEP_S): New macros.
|
|
|
|
2007-08-03 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* get-path.c: Really add the file this time.
|
|
|
|
2007-07-31 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* crlfetch.c: Include "estream.h".
|
|
(crl_fetch): Use es_read callback instead a file handle.
|
|
(crl_close_reader): Use es_fclose instead of fclose.
|
|
(struct file_reader_map_s): Change type of FP to estream_t.
|
|
(register_file_reader, crl_fetch, crl_close_reader): Likewise.
|
|
* ocsp.c: Include "estream.h".
|
|
(read_response): Change type of FP to estream_t.
|
|
(read_response, do_ocsp_request): Use es_* variants of I/O
|
|
functions.
|
|
|
|
* http.c: Include <pth.h>.
|
|
(http_wait_response) [HAVE_W32_SYSTEM]: Use DuplicateHandle.
|
|
(cookie_read): Use pth_read instead read.
|
|
(cookie_write): Use pth_write instead write.
|
|
|
|
2007-07-30 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr
|
|
invocation.
|
|
|
|
2007-07-27 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* estream.h, estream.c: Update from recent GnuPG.
|
|
|
|
* get-path.c: New file.
|
|
* Makefile.am (dirmngr_SOURCES): Add get-path.c.
|
|
* util.h (default_homedir, get_dirmngr_ldap_path): New prototypes.
|
|
* dirmngr.c (main): Use default_homedir().
|
|
* ldap-url.h: Remove japanese white space (sorry!).
|
|
|
|
2007-07-26 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* ldap.c (pth_yield): Remove macro.
|
|
|
|
* ldap.c (pth_yield) [HAVE_W32_SYSTEM]: Define to Sleep(0).
|
|
|
|
* dirmngr_ldap.c [HAVE_W32_SYSTEM]: Do not include <ldap.h>, but
|
|
<winsock2.h>, <winldap.h> and "ldap-url.h".
|
|
* ldap.c [HAVE_W32_SYSTEM]: Do not include <ldap.h>, but
|
|
<winsock2.h> and <winldap.h>.
|
|
|
|
* ldap-url.c: Do not include <ldap.h>, but <winsock2.h>,
|
|
<winldap.h> and "ldap-url.h".
|
|
(LDAP_P): New macro.
|
|
* ldap-url.h: New file.
|
|
* Makefile.am (ldap_url): Add ldap-url.h.
|
|
|
|
* Makefile.am (ldap_url): New variable.
|
|
(dirmngr_ldap_SOURCES): Add $(ldap_url).
|
|
(dirmngr_ldap_LDADD): Add $(LIBOBJS).
|
|
* ldap-url.c: New file, excerpted from OpenLDAP.
|
|
* dirmngr.c (main) [HAVE_W32_SYSTEM]: Avoid the daemonization.
|
|
* dirmngr_ldap.c: Include "util.h".
|
|
(main) [HAVE_W32_SYSTEM]: Don't set up alarm.
|
|
(set_timeout) [HAVE_W32_SYSTEM]: Likewise.
|
|
* ldap.c [HAVE_W32_SYSTEM]: Add macros for setenv and pth_yield.
|
|
* no-libgcrypt.h (NO_LIBGCRYPT): Define.
|
|
* util.h [NO_LIBGCRYPT]: Don't include <gcrypt.h>.
|
|
|
|
2007-07-23 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* Makefile.am (dirmngr_SOURCES): Add exechelp.h and exechelp.c.
|
|
* exechelp.h, exechelp.c: New files.
|
|
* ldap.c: Don't include <sys/wait.h> but "exechelp.h".
|
|
(destroy_wrapper, ldap_wrapper_thread,
|
|
ldap_wrapper_connection_cleanup): Use dirmngr_kill_process instead
|
|
of kill.
|
|
(ldap_wrapper_thread): Use dirmngr_wait_process instead of
|
|
waitpid.
|
|
(ldap_wrapper): Use dirmngr_spawn_process.
|
|
|
|
2007-07-20 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* certcache.c (cert_cache_lock): Do not initialize statically.
|
|
(init_cache_lock): New function.
|
|
(cert_cache_init): Call init_cache_lock.
|
|
|
|
* estream.h, estream.c, estream-printf.h, estream-printf.c: New
|
|
files.
|
|
* Makefile.am (dirmngr_SOURCES): Add estream.c, estream.h,
|
|
estream-printf.c, estream-printf.h.
|
|
|
|
* http.c: Update to latest version from GnuPG.
|
|
|
|
* Makefile.am (cdb_sources)
|
|
* cdblib.c: Port to windows (backport from tinycdb 0.76).
|
|
|
|
* crlcache.c [HAVE_W32_SYSTEM]: Don't include sys/utsname.h.
|
|
[MKDIR_TAKES_ONE_ARG]: Define mkdir as a macro for such systems.
|
|
(update_dir, crl_cache_insert) [HAVE_W32_SYSTEM]: Don't get uname.
|
|
* server.c (start_command_handler) [HAVE_W32_SYSTEM]: Don't log
|
|
peer credentials.
|
|
|
|
* dirmngr.c [HAVE_W32_SYSTEM]: Do not include sys/socket.h or
|
|
sys/un.h, but ../jnlib/w32-afunix.h.
|
|
(sleep) [HAVE_W32_SYSTEM]: New macro.
|
|
(main) [HAVE_W32_SYSTEM]: Don't mess with SIGPIPE. Use W32 socket
|
|
API.
|
|
(handle_signal) [HAVE_W32_SYSTEM]: Deactivate the bunch of the
|
|
code.
|
|
(handle_connections) [HAVE_W32_SYSTEM]: don't handle signals.
|
|
|
|
2006-11-29 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (my_strusage): Use macro for the bug report address
|
|
and the copyright line.
|
|
* dirmngr-client.c (my_strusage): Ditto.
|
|
* dirmngr_ldap.c (my_strusage): Ditto.
|
|
|
|
* Makefile.am: Do not link against LIBICONV.
|
|
|
|
2006-11-19 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c: Include i18n.h.
|
|
|
|
2006-11-17 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_LDADD): Use LIBASSUAN_PTH_LIBS.
|
|
|
|
2006-11-16 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (start_command_handler): Replaced
|
|
assuan_init_connected_socket_server by assuan_init_socket_server_ext.
|
|
|
|
* crlcache.c (update_dir): Put a diagnostic into DIR.txt.
|
|
(open_dir): Detect invalid and duplicate entries.
|
|
(update_dir): Fixed search for second field.
|
|
|
|
2006-10-23 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (main): New command --gpgconf-test.
|
|
|
|
2006-09-14 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (start_command_handler): In vebose mode print
|
|
information about the peer. This may later be used to restrict
|
|
certain commands.
|
|
|
|
2006-09-12 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (start_command_handler): Print a more informative hello
|
|
line.
|
|
* dirmngr.c: Moved config_filename into the opt struct.
|
|
|
|
2006-09-11 Werner Koch <wk@g10code.com>
|
|
|
|
Changed everything to use Assuan with gpg-error codes.
|
|
* maperror.c: Removed.
|
|
* server.c (map_to_assuan_status): Removed.
|
|
* dirmngr.c (main): Set assuan error source.
|
|
* dirmngr-client.c (main): Ditto.
|
|
|
|
2006-09-04 Werner Koch <wk@g10code.com>
|
|
|
|
* crlfetch.c (crl_fetch): Implement HTTP redirection.
|
|
* ocsp.c (do_ocsp_request): Ditto.
|
|
|
|
New HTTP code version taken from gnupg svn release 4236.
|
|
* http.c (http_get_header): New.
|
|
(capitalize_header_name, store_header): New.
|
|
(parse_response): Store headers away.
|
|
(send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
|
|
* http.h: New flag HTTP_FLAG_NEED_HEADER.
|
|
|
|
2006-09-01 Werner Koch <wk@g10code.com>
|
|
|
|
* crlfetch.c (register_file_reader, get_file_reader): New.
|
|
(crl_fetch): Register the file pointer for HTTP.
|
|
(crl_close_reader): And release it.
|
|
|
|
* http.c, http.h: Updated from GnuPG SVN trunk. Changed all users
|
|
to adopt the new API.
|
|
* dirmngr.h: Moved inclusion of jnlib header to ...
|
|
* util.h: .. here. This is required becuase http.c includes only
|
|
a file util.h but makes use of log_foo. Include gcrypt.h so that
|
|
gcry_malloc et al are declared.
|
|
|
|
2006-08-31 Werner Koch <wk@g10code.com>
|
|
|
|
* ocsp.c (check_signature): Make use of the responder id.
|
|
|
|
2006-08-30 Werner Koch <wk@g10code.com>
|
|
|
|
* validate.c (check_cert_sig): Workaround for rimemd160.
|
|
(allowed_ca): Always allow trusted CAs.
|
|
|
|
* dirmngr.h (cert_ref_t): New.
|
|
(struct server_control_s): Add field OCSP_CERTS.
|
|
* server.c (start_command_handler): Release new field
|
|
* ocsp.c (release_ctrl_ocsp_certs): New.
|
|
(check_signature): Store certificates in OCSP_CERTS.
|
|
|
|
* certcache.c (find_issuing_cert): Reset error if cert was found
|
|
by subject.
|
|
(put_cert): Add new arg FPR_BUFFER. Changed callers.
|
|
(cache_cert_silent): New.
|
|
|
|
* dirmngr.c (parse_rereadable_options): New options
|
|
--ocsp-max-clock-skew and --ocsp-current-period.
|
|
* ocsp.c (ocsp_isvalid): Use them here.
|
|
|
|
* ocsp.c (validate_responder_cert): New optional arg signer_cert.
|
|
(check_signature_core): Ditto.
|
|
(check_signature): Use the default signer certificate here.
|
|
|
|
2006-06-27 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr-client.c (inq_cert): Take care of SENDCERT_SKI.
|
|
|
|
2006-06-26 Werner Koch <wk@g10code.com>
|
|
|
|
* crlcache.c (lock_db_file): Count open files when needed.
|
|
(find_entry): Fixed deleted case.
|
|
|
|
2006-06-23 Werner Koch <wk@g10code.com>
|
|
|
|
* misc.c (cert_log_name): New.
|
|
|
|
* certcache.c (load_certs_from_dir): Also print certificate name.
|
|
(find_cert_bysn): Release ISSDN.
|
|
|
|
* validate.h: New VALIDATE_MODE_CERT.
|
|
* server.c (cmd_validate): Use it here so that no policy checks
|
|
are done. Try to validated a cached copy of the target.
|
|
|
|
* validate.c (validate_cert_chain): Implement a validation cache.
|
|
(check_revocations): Print more diagnostics. Actually use the
|
|
loop variable and not the head of the list.
|
|
(validate_cert_chain): Do not check revocations of CRL issuer
|
|
certificates in plain CRL check mode.
|
|
* ocsp.c (ocsp_isvalid): Make sure it is reset for a status of
|
|
revoked.
|
|
|
|
2006-06-22 Werner Koch <wk@g10code.com>
|
|
|
|
* validate.c (cert_use_crl_p): New.
|
|
(cert_usage_p): Add a mode 6 for CRL signing.
|
|
(validate_cert_chain): Check that the certificate may be used for
|
|
CRL signing. Print a note when not running as system daemon.
|
|
(validate_cert_chain): Reduce the maximum depth from 50 to 10.
|
|
|
|
* certcache.c (find_cert_bysn): Minor restructuring
|
|
(find_cert_bysubject): Ditto. Use get_cert_local when called
|
|
without KEYID.
|
|
* crlcache.c (get_crlissuer_cert_bysn): Removed.
|
|
(get_crlissuer_cert): Removed.
|
|
(crl_parse_insert): Use find_cert_bysubject and find_cert_bysn
|
|
instead of the removed functions.
|
|
|
|
2006-06-19 Werner Koch <wk@g10code.com>
|
|
|
|
* certcache.c (compare_serialno): Silly me. Using 0 as true is
|
|
that hard; tsss. Fixed call cases except for the only working one
|
|
which are both numbers of the same length.
|
|
|
|
2006-05-15 Werner Koch <wk@g10code.com>
|
|
|
|
* crlfetch.c (crl_fetch): Use no-shutdown flag for HTTP. This
|
|
seems to be required for "IBM_HTTP_Server/2.0.47.1 Apache/2.0.47
|
|
(Unix)".
|
|
|
|
* http.c (parse_tuple): Set flag to to indicate no value.
|
|
(build_rel_path): Take care of it.
|
|
|
|
* crlcache.c (crl_cache_reload_crl): Also iterate over all names
|
|
within a DP.
|
|
|
|
2005-09-28 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* Makefile.am (dirmngr_LDADD): Add @LIBINTL@ and @LIBICONV@.
|
|
(dirmngr_ldap_LDADD): Likewise.
|
|
(dirmngr_client_LDADD): Likewise.
|
|
|
|
2005-09-12 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c: Fixed description to match the one in gpgconf.
|
|
|
|
2005-06-15 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (cmd_lookup): Take care of NO_DATA which might get
|
|
returned also by start_cert_fetch().
|
|
|
|
2005-04-20 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (ldap_wrapper_wait_connections): Set a shutdown flag.
|
|
(ldap_wrapper_thread): Handle shutdown in a special way.
|
|
|
|
2005-04-19 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (get_cert_local, get_issuing_cert_local)
|
|
(get_cert_local_ski): Bail out if called without a local context.
|
|
|
|
2005-04-18 Werner Koch <wk@g10code.com>
|
|
|
|
* certcache.c (find_issuing_cert): Fixed last resort method which
|
|
should be finding by subject and not by issuer. Try to locate it
|
|
also using the keyIdentifier method. Improve error reporting.
|
|
(cmp_simple_canon_sexp): New.
|
|
(find_cert_bysubject): New.
|
|
(find_cert_bysn): Ask back to the caller before trying an extarnl
|
|
lookup.
|
|
* server.c (get_cert_local_ski): New.
|
|
* crlcache.c (crl_parse_insert): Also try to locate issuer
|
|
certificate using the keyIdentifier. Improved error reporting.
|
|
|
|
2005-04-14 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (start_cert_fetch_ldap): Really return ERR.
|
|
|
|
2005-03-17 Werner Koch <wk@g10code.com>
|
|
|
|
* http.c (parse_response): Changed MAXLEN and LEN to size_t to
|
|
match the requirement of read_line.
|
|
* http.h (http_context_s): Ditto for BUFFER_SIZE.
|
|
|
|
2005-03-15 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c: Included time.h. Reported by Bernhard Herzog.
|
|
|
|
2005-03-09 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c: Add a note to the help listing check the man page for
|
|
other options.
|
|
|
|
2005-02-01 Werner Koch <wk@g10code.com>
|
|
|
|
* crlcache.c (crl_parse_insert): Renamed a few variables and
|
|
changed diagnostic strings for clarity.
|
|
(get_issuer_cert): Renamed to get_crlissuer_cert. Try to locate
|
|
the certificate from the cache using the subject name. Use new
|
|
fetch function.
|
|
(get_crlissuer_cert_bysn): New.
|
|
(crl_parse_insert): Use it here.
|
|
* crlfetch.c (ca_cert_fetch): Changed interface.
|
|
(fetch_next_ksba_cert): New.
|
|
* ldap.c (run_ldap_wrapper): Add arg MULTI_MODE. Changed all
|
|
callers.
|
|
(start_default_fetch_ldap): New
|
|
* certcache.c (get_cert_bysubject): New.
|
|
(clean_cache_slot, put_cert): Store the subject DN if available.
|
|
(MAX_EXTRA_CACHED_CERTS): Increase limit of cachable certificates
|
|
to 1000.
|
|
(find_cert_bysn): Loop until a certificate with a matching S/N has
|
|
been found.
|
|
|
|
* dirmngr.c (main): Add honor-http-proxy to the gpgconf list.
|
|
|
|
2005-01-31 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c: Started to work on support for userSMIMECertificates.
|
|
|
|
* dirmngr.c (main): Make sure to always pass a server control
|
|
structure to the caching functions. Reported by Neil Dunbar.
|
|
|
|
2005-01-05 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr-client.c (read_pem_certificate): Skip trailing percent
|
|
escaped linefeeds.
|
|
|
|
2005-01-03 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr-client.c (read_pem_certificate): New.
|
|
(read_certificate): Divert to it depending on pem option.
|
|
(squid_loop_body): New.
|
|
(main): New options --pem and --squid-mode.
|
|
|
|
2004-12-17 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (launch_ripper_thread): Renamed to launch_reaper_thread.
|
|
(shutdown_reaper): New. Use it for --server and --daemon.
|
|
* ldap.c (ldap_wrapper_wait_connections): New.
|
|
|
|
2004-12-17 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_ldap_LDADD): Adjusted for new LDAP checks.
|
|
|
|
2004-12-16 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (ldap_wrapper): Peek on the output to detect empty output
|
|
early.
|
|
|
|
2004-12-15 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (ldap_wrapper): Print a diagnostic after forking for the
|
|
ldap wrapper.
|
|
* certcache.h (find_cert_bysn): Add this prototype.
|
|
* crlcache.c (start_sig_check): Write CRL hash debug file.
|
|
(finish_sig_check): Dump the signer's certificate.
|
|
(crl_parse_insert): Try to get the issuing cert by authKeyId.
|
|
Moved certificate retrieval after item processing.
|
|
|
|
2004-12-13 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr_ldap.c (catch_alarm, set_timeout): new.
|
|
(main): Install alarm handler. Add new option --only-search-timeout.
|
|
(print_ldap_entries, fetch_ldap): Use set_timeout ();
|
|
* dirmngr.h: Make LDAPTIMEOUT a simple unsigned int. Change all
|
|
initializations.
|
|
* ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout
|
|
option to the wrapper.
|
|
(INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT.
|
|
(run_ldap_wrapper): Add arg IGNORE_TIMEOUT.
|
|
(ldap_wrapper_thread): Check for special timeout exit code.
|
|
|
|
* dirmngr.c: Workaround a typo in gpgconf for
|
|
ignore-ocsp-service-url.
|
|
|
|
2004-12-10 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (url_fetch_ldap): Use TMP and not a HOST which is always
|
|
NULL.
|
|
* misc.c (host_and_port_from_url): Fixed bad encoding detection.
|
|
|
|
2004-12-03 Werner Koch <wk@g10code.com>
|
|
|
|
* crlcache.c (crl_cache_load): Re-implement it.
|
|
|
|
* dirmngr-client.c: New command --load-crl
|
|
(do_loadcrl): New.
|
|
|
|
* dirmngr.c (parse_rereadable_options, main): Make --allow-ocsp,
|
|
--ocsp-responder, --ocsp-signer and --max-replies re-readable.
|
|
|
|
* ocsp.c (check_signature): try to get the cert from the cache
|
|
first.
|
|
(ocsp_isvalid): Print the next and this update times on time
|
|
conflict.
|
|
|
|
* certcache.c (load_certs_from_dir): Print the fingerprint for
|
|
trusted certificates.
|
|
(get_cert_byhexfpr): New.
|
|
* misc.c (get_fingerprint_hexstring_colon): New.
|
|
|
|
2004-12-01 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_LDADD): Don't use LDAP_LIBS.
|
|
|
|
* validate.c (validate_cert_chain): Fixed test; as written in the
|
|
comment we want to do this only in daemon mode. For clarity
|
|
reworked by using a linked list of certificates and include root
|
|
and tragte certificate.
|
|
(check_revocations): Likewise. Introduced a recursion sentinel.
|
|
|
|
2004-11-30 Werner Koch <wk@g10code.com>
|
|
|
|
* crlfetch.c (ca_cert_fetch, crl_fetch_default): Do not use the
|
|
binary prefix as this will be handled in the driver.
|
|
|
|
* dirmngr_ldap.c: New option --log-with-pid.
|
|
(fetch_ldap): Handle LDAP_NO_SUCH_OBJECT.
|
|
* ldap.c (run_ldap_wrapper, start_cert_fetch_ldap): Use new log
|
|
option.
|
|
|
|
|
|
2004-11-25 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (dirmngr_ldap_CFLAGS): Added GPG_ERROR_CFLAGS.
|
|
Noted by Bernhard Herzog.
|
|
|
|
2004-11-24 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (ldap_wrapper): Fixed default name of the ldap wrapper.
|
|
|
|
* b64enc.c (b64enc_start, b64enc_finish): Use standard strdup/free
|
|
to manage memory.
|
|
|
|
* dirmngr.c: New options --ignore-http-dp, --ignore-ldap-dp and
|
|
--ignore-ocsp-service-url.
|
|
* crlcache.c (crl_cache_reload_crl): Implement them.
|
|
* ocsp.c (ocsp_isvalid): Ditto.
|
|
|
|
2004-11-23 Werner Koch <wk@g10code.com>
|
|
|
|
* ldap.c (ldap_wrapper_thread, reader_callback, ldap_wrapper):
|
|
Keep a timestamp and terminate the wrapper after some time of
|
|
inactivity.
|
|
|
|
* dirmngr-client.c (do_lookup): New.
|
|
(main): New option --lookup.
|
|
(data_cb): New.
|
|
* b64enc.c: New. Taken from GnuPG 1.9.
|
|
* no-libgcrypt.c (gcry_strdup): Added.
|
|
|
|
* ocsp.c (ocsp_isvalid): New arg CERT and lookup the issuer
|
|
certificate using the standard methods.
|
|
|
|
* server.c (cmd_lookup): Truncation is now also an indication for
|
|
error.
|
|
(cmd_checkocsp): Implemented.
|
|
|
|
* dirmngr_ldap.c (fetch_ldap): Write an error marker for a
|
|
truncated search.
|
|
* ldap.c (add_server_to_servers): Reactivated.
|
|
(url_fetch_ldap): Call it here and try all configured servers in
|
|
case of a failed lookup.
|
|
(fetch_next_cert_ldap): Detect the truncation error flag.
|
|
* misc.c (host_and_port_from_url, remove_percent_escapes): New.
|
|
|
|
2004-11-22 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr_ldap.c (main): New option --proxy.
|
|
* ocsp.c (do_ocsp_request): Take care of opt.disable_http.
|
|
* crlfetch.c (crl_fetch): Honor the --honor-http-proxy variable.
|
|
(crl_fetch): Take care of opt.disable_http and disable_ldap.
|
|
(crl_fetch_default, ca_cert_fetch, start_cert_fetch):
|
|
* ldap.c (run_ldap_wrapper): New arg PROXY.
|
|
(url_fetch_ldap, attr_fetch_ldap, start_cert_fetch_ldap): Pass it.
|
|
|
|
* http.c (http_open_document): Add arg PROXY.
|
|
(http_open): Ditto.
|
|
(send_request): Ditto and implement it as an override.
|
|
|
|
* ocsp.c (validate_responder_cert): Use validate_cert_chain.
|
|
|
|
* Makefile.am (AM_CPPFLAGS): Add macros for a few system
|
|
directories.
|
|
* dirmngr.h (opt): New members homedir_data, homedir_cache,
|
|
ldap_wrapper_program, system_daemon, honor_http_proxy, http_proxy,
|
|
ldap_proxy, only_ldap_proxy, disable_ldap, disable_http.
|
|
* dirmngr.c (main): Initialize new opt members HOMEDIR_DATA and
|
|
HOMEDIR_CACHE.
|
|
(parse_rereadable_options): New options --ldap-wrapper-program,
|
|
--http-wrapper-program, --disable-ldap, --disable-http,
|
|
--honor-http-proxy, --http-proxy, --ldap-proxy, --only-ldap-proxy.
|
|
(reread_configuration): New.
|
|
|
|
* ldap.c (ldap_wrapper): Use the correct name for the wrapper.
|
|
|
|
* crlcache.c (DBDIR_D): Make it depend on opt.SYSTEM_DAEMON.
|
|
(cleanup_cache_dir, open_dir, update_dir, make_db_file_name)
|
|
(crl_cache_insert, create_directory_if_needed): Use opt.HOMEDIR_CACHE
|
|
|
|
* validate.c (check_revocations): New.
|
|
* crlcache.c (crl_cache_isvalid): Factored most code out to
|
|
(cache_isvalid): .. new.
|
|
(crl_cache_cert_isvalid): New.
|
|
* server.c (cmd_checkcrl): Cleaned up by using this new function.
|
|
(reload_crl): Moved to ..
|
|
* crlcache.c (crl_cache_reload_crl): .. here and made global.
|
|
|
|
* certcache.c (cert_compute_fpr): Renamed from computer_fpr and
|
|
made global.
|
|
(find_cert_bysn): Try to lookup missing certs.
|
|
(cert_cache_init): Intialize using opt.HOMEDIR_DATA.
|
|
|
|
|
|
2004-11-19 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr-client.c (status_cb): New. Use it in very verbose mode.
|
|
|
|
* server.c (start_command_handler): Malloc the control structure
|
|
and properly release it. Removed the primary_connection
|
|
hack. Cleanup running wrappers.
|
|
(dirmngr_status): Return an error code.
|
|
(dirmngr_tick): Return an error code and detect a
|
|
cancellation. Use wall time and not CPU time.
|
|
* validate.c (validate_cert_chain): Add CTRL arg and changed callers.
|
|
* crlcache.c (crl_cache_isvalid):
|
|
* crlfetch.c (ca_cert_fetch, start_cert_fetch, crl_fetch_default)
|
|
(crl_fetch): Ditto.
|
|
* ldap.c (ldap_wrapper, run_ldap_wrapper, url_fetch_ldap)
|
|
(attr_fetch_ldap, start_cert_fetch_ldap): Ditto.
|
|
(ldap_wrapper_release_context): Reset the stored CTRL.
|
|
(reader_callback): Periodically call dirmngr_tick.
|
|
(ldap_wrapper_release_context): Print an error message for read
|
|
errors.
|
|
(ldap_wrapper_connection_cleanup): New.
|
|
|
|
2004-11-18 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (main): Do not cd / if not running detached.
|
|
|
|
* dirmngr-client.c: New options --cache-cert and --validate.
|
|
(do_cache, do_validate): New.
|
|
* server.c (cmd_cachecert, cmd_validate): New.
|
|
|
|
* crlcache.c (get_issuer_cert): Make use of the certificate cache.
|
|
(crl_parse_insert): Validate the issuer certificate.
|
|
|
|
* dirmngr.c (handle_signal): Reinitialize the certificate cache on
|
|
a HUP.
|
|
(struct opts): Add --homedir to enable the already implemented code.
|
|
(handle_signal): Print stats on SIGUSR1.
|
|
|
|
* certcache.c (clean_cache_slot, cert_cache_init)
|
|
(cert_cache_deinit): New.
|
|
(acquire_cache_read_lock, acquire_cache_write_lock)
|
|
(release_cache_lock): New. Use them where needed.
|
|
(put_cert): Renamed from put_loaded_cert.
|
|
(cache_cert): New.
|
|
(cert_cache_print_stats): New.
|
|
(compare_serialno): Fixed.
|
|
|
|
2004-11-16 Werner Koch <wk@g10code.com>
|
|
|
|
* Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SYSCONFDIR and
|
|
DIRMNGR_LIBEXECDIR.
|
|
|
|
* misc.c (dump_isotime, dump_string, dump_cert): New. Taken from
|
|
gnupg 1.9.
|
|
(dump_serial): New.
|
|
|
|
2004-11-15 Werner Koch <wk@g10code.com>
|
|
|
|
* validate.c: New. Based on gnupg's certchain.c
|
|
|
|
* ldap.c (get_cert_ldap): Removed.
|
|
(read_buffer): New.
|
|
(start_cert_fetch_ldap, fetch_next_cert_ldap)
|
|
(end_cert_fetch_ldap): Rewritten to make use of the ldap wrapper.
|
|
|
|
2004-11-12 Werner Koch <wk@g10code.com>
|
|
|
|
* http.c (insert_escapes): Print the percent sign too.
|
|
|
|
* dirmngr-client.c (inq_cert): Ignore "SENDCERT" and
|
|
"SENDISSUERCERT".
|
|
|
|
* server.c (do_get_cert_local): Limit the length of a returned
|
|
certificate. Return NULL without an error if an empry value has
|
|
been received.
|
|
|
|
* crlfetch.c (ca_cert_fetch): Use the ksba_reader_object.
|
|
(setup_funopen, fun_reader, fun_closer): Removed.
|
|
|
|
* crlcache.c (get_issuer_cert): Adjust accordingly.
|
|
|
|
* ldap.c (attr_fetch_ldap_internal, attr_fetch_fun_closer)
|
|
(attr_fetch_fun_reader, url_fetch_ldap_internal)
|
|
(get_attr_from_result_ldap): Removed.
|
|
(destroy_wrapper, print_log_line, ldap_wrapper_thread)
|
|
(ldap_wrapper_release_context, reader_callback, ldap_wrapper)
|
|
(run_ldap_wrapper): New.
|
|
(url_fetch_ldap): Make use of the new ldap wrapper and return a
|
|
ksba reader object instead of a stdio stream.
|
|
(attr_fetch_ldap): Ditto.
|
|
(make_url, escape4url): New.
|
|
|
|
2004-11-11 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr.c (launch_ripper_thread): New.
|
|
(main): Start it wheere appropriate. Always ignore SIGPIPE.
|
|
(start_connection_thread): Maintain a connection count.
|
|
(handle_signal, handle_connections): Use it here instead of the
|
|
thread count.
|
|
|
|
* crlcache.c (crl_cache_insert): Changed to use ksba reader
|
|
object. Changed all callers to pass this argument.
|
|
|
|
2004-11-08 Werner Koch <wk@g10code.com>
|
|
|
|
* dirmngr_ldap.c: New.
|
|
|
|
* crlcache.c (crl_cache_init): Don't return a cache object but
|
|
keep it module local. We only need one.
|
|
(crl_cache_deinit): Don't take cache object but work on existing
|
|
one.
|
|
(get_current_cache): New.
|
|
(crl_cache_insert, crl_cache_list, crl_cache_load): Use the global
|
|
cache object and removed the cache arg. Changed all callers.
|
|
|
|
* dirmngr-client.c: New option --ping.
|
|
|
|
* dirmngr.c (main): New option --daemon. Initialize PTH.
|
|
(handle_connections, start_connection_thread): New.
|
|
(handle_signal): New.
|
|
(parse_rereadable_options): New. Changed main to make use of it.
|
|
(set_debug): Don't bail out on invalid debug levels.
|
|
(main): Init the crl_chache for server and daemon mode.
|
|
|
|
* server.c (start_command_handler): New arg FD. Changed callers.
|
|
|
|
2004-11-06 Werner Koch <wk@g10code.com>
|
|
|
|
* server.c (map_assuan_err): Factored out to ..
|
|
* maperror.c: .. new file.
|
|
* util.h: Add prototype
|
|
|
|
2004-11-05 Werner Koch <wk@g10code.com>
|
|
|
|
* no-libgcrypt.c: New, used as helper for dirmngr-client which
|
|
does not need libgcrypt proper but jnlib references the memory
|
|
functions. Taken from gnupg 1.9.12.
|
|
|
|
* dirmngr.h: Factored i18n and xmalloc code out to ..
|
|
* i18n.h, util.h: .. New.
|
|
|
|
* dirmngr-client.c: New. Some code taken from gnupg 1.9.12.
|
|
* Makefile.am (bin_PROGRAMS) Add dirmngr-client.
|
|
|
|
2004-11-04 Werner Koch <wk@g10code.com>
|
|
|
|
* src/server.c (get_fingerprint_from_line, cmd_checkcrl)
|
|
(cmd_checkocsp): New.
|
|
(register_commands): Register new commands.
|
|
(inquire_cert_and_load_crl): Factored most code out to ..
|
|
(reload_crl): .. new function.
|
|
* src/certcache.h, src/certcache.c: New.
|
|
* src/Makefile.am (dirmngr_SOURCES): Add new files.
|
|
|
|
2004-11-04 Werner Koch <wk@g10code.com>
|
|
|
|
Please note that earlier entries are found in the top level
|
|
ChangeLog.
|
|
[Update after merge with GnuPG: These old ChangeLog entries are
|
|
found below up to ==END OLDEST CHANGELOG==]
|
|
|
|
==BEGIN OLDEST CHANGELOG==
|
|
|
|
2004-10-04 Werner Koch <wk@g10code.com>
|
|
|
|
* src/dirmngr.c: Changed an help entry description.
|
|
|
|
2004-09-30 Werner Koch <wk@g10code.com>
|
|
|
|
* src/dirmngr.c (i18n_init): Always use LC_ALL.
|
|
|
|
2004-09-28 Werner Koch <wk@g10code.com>
|
|
|
|
Released 0.5.6.
|
|
|
|
* config.guess, config.sub: Updated.
|
|
|
|
2004-06-21 Werner Koch <wk@g10code.com>
|
|
|
|
* src/crlfetch.c (crl_fetch): Bad hack to use the right attribute.
|
|
|
|
2004-05-13 Werner Koch <wk@gnupg.org>
|
|
|
|
Released 0.5.5.
|
|
|
|
* src/ldap.c (start_cert_fetch_ldap, start_cert_fetch_ldap): More
|
|
detailed error messages.
|
|
|
|
* src/crlcache.c (update_dir): Handle i-records properly.
|
|
|
|
2004-04-29 Werner Koch <wk@gnupg.org>
|
|
|
|
Released 0.5.4.
|
|
|
|
* src/crlcache.h (crl_cache_result_t): Add CRL_CACHE_CANTUSE.
|
|
* src/server.c (cmd_isvalid): Handle it here.
|
|
* src/crlcache.c (crl_cache_isvalid): Issue this code if the CRL
|
|
cant be used.
|
|
(open_dir): Parse new fields 8,9 and 10 as well as the invalid flag.
|
|
(write_dir_line_crl): Write new fields.
|
|
(get_crl_number, get_auth_key_id): New.
|
|
(crl_cache_insert): Fill new fields. Mark the entry invalid if
|
|
the CRL is too old after an update or an unknown critical
|
|
extension was seen.
|
|
(list_one_crl_entry): Print the new fields.
|
|
|
|
2004-04-28 Werner Koch <wk@gnupg.org>
|
|
|
|
* configure.ac: Requires libksba 0.9.6.
|
|
|
|
* src/dirmngr.c: New option --ocsp-signer.
|
|
* src/dirmngr.h (opt): Renamed member OCSP_REPONDERS to
|
|
OCSP_RESPONDER and made ist a simple string. Add OCSP_SIGNER.
|
|
* src/ocsp.c (ocsp_isvalid): Changed it accordingly.
|
|
(ocsp_isvalid): Pass the ocsp_signer to check_signature.
|
|
(check_signature): New arg SIGNER_FPR. Use it to retrieve the
|
|
certificate. Factored out common code to ..
|
|
(check_signature_core): .. New.
|
|
|
|
2004-04-27 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/server.c (start_command_handler): Keep track of the first
|
|
connection.
|
|
(dirmngr_tick): New.
|
|
* src/ldap.c (attr_fetch_fun_reader): Call it from time to time.
|
|
|
|
2004-04-23 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c (main): Removed the add-servers option from the
|
|
gpgconf list. It is not really useful.
|
|
|
|
2004-04-02 Thomas Schwinge <schwinge@nic-nac-project.de>
|
|
|
|
* autogen.sh: Added ACLOCAL_FLAGS.
|
|
|
|
2004-04-13 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlcache.c (update_dir): Do not double close FPOUT.
|
|
|
|
2004-04-09 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/cdblib.c (cdb_make_start): Wipeout the entire buffer to
|
|
shutup valgrind.
|
|
(ewrite): Fixed writing bad data on EINTR.
|
|
|
|
* src/ldap.c (get_attr_from_result_ldap): Fixed bad copy and
|
|
terminate of a string.
|
|
|
|
* src/crlfetch.c (crl_fetch): Fixed freeing of VALUE on error.
|
|
|
|
2004-04-07 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.h (server_control_s): Add member force_crl_refresh.
|
|
* src/server.c (option_handler): New.
|
|
(start_command_handler): Register option handler
|
|
* src/crlcache.c (crl_cache_isvalid): Add arg FORCE_REFRESH.
|
|
(crl_cache_insert): Record last refresh in memory.
|
|
|
|
* src/server.c (inquire_cert_and_load_crl): Renamed from
|
|
inquire_cert.
|
|
|
|
2004-04-06 Werner Koch <wk@gnupg.org>
|
|
|
|
Released 0.5.3
|
|
|
|
* doc/dirmngr.texi: Updated.
|
|
* doc/texinfo.tex: Updated.
|
|
|
|
2004-04-05 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/ocsp.c (ocsp_isvalid): Check THIS_UPDATE.
|
|
|
|
* src/misc.c (add_isotime): New.
|
|
(date2jd, jd2date, days_per_month, days_per_year): New. Taken from
|
|
my ancient (1988) code used in Wedit (time2.c).
|
|
|
|
2004-04-02 Werner Koch <wk@gnupg.org>
|
|
|
|
* autogen.sh: Check gettext version.
|
|
* configure.ac: Add AM_GNU_GETTEXT.
|
|
|
|
2004-04-02 gettextize <bug-gnu-gettext@gnu.org>
|
|
|
|
* Makefile.am (SUBDIRS): Add intl.
|
|
(EXTRA_DIST): Add config.rpath.
|
|
* configure.ac (AC_CONFIG_FILES): Add intl/Makefile,
|
|
|
|
2004-04-02 Werner Koch <wk@gnupg.org>
|
|
|
|
Add i18n at most places.
|
|
|
|
* src/dirmngr.c (i18n_init): New.
|
|
(main): Call it.
|
|
* src/dirmngr.h: Add i18n stuff.
|
|
|
|
2004-04-01 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/misc.c (get_fingerprint_hexstring): New.
|
|
|
|
* src/server.c (dirmngr_status): New.
|
|
|
|
2004-03-26 Werner Koch <wk@gnupg.org>
|
|
|
|
* configure.ac: Add AC_SYS_LARGEFILE.
|
|
|
|
* doc/dirmngr.texi: Changed the license to the GPL as per message
|
|
by Mathhias Kalle Dalheimer of Klaralvdalens-Datakonsult dated
|
|
Jan 7, 2004.
|
|
* doc/fdl.texi: Removed.
|
|
|
|
2004-03-25 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c (main): New command --fetch-crl.
|
|
|
|
2004-03-23 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c: New option --allow-ocsp.
|
|
* src/server.c (cmd_isvalid): Make use of allow_ocsp.
|
|
|
|
2004-03-17 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c (main) <gpgconf>: Fixed default value quoting.
|
|
|
|
2004-03-16 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c (main): Add ocsp-responder to the gpgconf list.
|
|
Add option --debug-level.
|
|
(set_debug): New.
|
|
|
|
2004-03-15 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/misc.c (canon_sexp_to_grcy): New.
|
|
|
|
2004-03-12 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlfetch.c (crl_fetch): Hack to substitute http for https.
|
|
|
|
2004-03-10 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c (parse_ldapserver_file): Don't skip the entire
|
|
file on errors.
|
|
|
|
2004-03-09 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c (my_ksba_hash_buffer): New.
|
|
(main): Initialize the internal libksba hashing.
|
|
|
|
* src/server.c (get_issuer_cert_local): Renamed to ...
|
|
(get_cert_local): ... this. Changed all callers. Allow NULL for
|
|
ISSUER to return the current target cert.
|
|
(get_issuing_cert_local): New.
|
|
(do_get_cert_local): Moved common code to here.
|
|
|
|
2004-03-06 Werner Koch <wk@gnupg.org>
|
|
|
|
Released 0.5.2.
|
|
|
|
* configure.ac: Fixed last change to check the API version of
|
|
libgcrypt.
|
|
|
|
2004-03-05 Werner Koch <wk@gnupg.org>
|
|
|
|
* configure.ac: Also check the SONAME of libgcrypt.
|
|
|
|
2004-03-03 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c: New option --ocsp-responder.
|
|
* src/dirmngr.h (opt): Add member OCSP_RESPONDERS.
|
|
|
|
2004-02-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* src/server.c (start_command_handler): Corrected typo and made
|
|
dirmngr output it's version in the greeting message.
|
|
|
|
2004-02-24 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* src/dirmngr.c (DEFAULT_ADD_SERVERS): Removed. If this were
|
|
true, there'd be no way to disable it.
|
|
(main): Dump options in new gpgconf format.
|
|
|
|
2004-02-11 Werner Koch <wk@gnupg.org>
|
|
|
|
* autogen.sh (check_version): Removed bashism and simplified.
|
|
|
|
2004-02-06 Moritz Schulte <mo@g10code.com>
|
|
|
|
* src/crlfetch.c (crl_fetch_default): Do not dereference VALUE,
|
|
when checking for non-zero.
|
|
|
|
2004-02-01 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* src/dirmngr.c (DEFAULT_ADD_SERVERS, DEFAULT_MAX_REPLIES)
|
|
(DEFAULT_LDAP_TIMEOUT): New macros.
|
|
(main): Use them.
|
|
(enum cmd_and_opt_values): New command aGPGConfList.
|
|
(main): Add handler here.
|
|
|
|
2004-01-17 Werner Koch <wk@gnupg.org>
|
|
|
|
* configure.ac: Added AC_CHECK_FUNCS tests again, because the
|
|
other test occurrences belong to the jnlib tests block.
|
|
|
|
2004-01-15 Moritz Schulte <mo@g10code.com>
|
|
|
|
* configure.ac: Fixed funopen replacement mechanism; removed
|
|
unnecessary AC_CHECK_FUNCS calls.
|
|
|
|
2004-01-14 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlcache.c (list_one_crl_entry): Don't use putchar.
|
|
|
|
* src/server.c (cmd_listcrls): New.
|
|
|
|
2003-12-23 Werner Koch <wk@gnupg.org>
|
|
|
|
Released 0.5.1.
|
|
|
|
2003-12-17 Werner Koch <wk@gnupg.org>
|
|
|
|
* configure.ac (CFLAGS): Add -Wformat-noliteral in gcc +
|
|
maintainer mode.
|
|
(NEED_LIBASSUAN_VERSION): Bump up to 0.6.2.
|
|
|
|
2003-12-16 Werner Koch <wk@gnupg.org>
|
|
|
|
* configure.ac: Update the tests for jnlib.
|
|
* src/dirmngr.c (main): Ignore SIGPIPE in server mode.
|
|
|
|
2003-12-12 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlcache.c (hash_dbfile): Also hash version info of the
|
|
cache file format.
|
|
|
|
* src/Makefile.am (dirmngr_SOURCES): Add http.h.
|
|
|
|
* configure.ac: Removed checking for DB2. Add checking for mmap.
|
|
* src/cdb.h, src/cdblib.h: New. Add a few comments from the
|
|
original man page and fixed typos.
|
|
* src/cdblib.c (cdb_findinit, cdb_findnext): Modified to allow
|
|
walking over all entries.
|
|
* src/crlcache.h: Removed DB2/4 cruft.
|
|
(release_one_cache_entry, lock_db_file, crl_parse_insert)
|
|
(crl_cache_insert, crl_cache_isvalid, list_one_crl_entry): Use the
|
|
new CDB interface.
|
|
|
|
* src/dirmngr.c: Beautified the help messages.
|
|
(wrong_args): New.
|
|
(main): new option --force. Revamped the command handling code.
|
|
Allow to pass multiple CRLS as well as stdin to --local-crl.
|
|
* src/crlcache.c (crl_cache_insert): Make --force work.
|
|
|
|
2003-12-11 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlfetch.c (crl_fetch): Enhanced to allow fetching binary
|
|
data using HTTP.
|
|
* src/http.c, src/http.h: Replaced by the code from gnupg 1.3 and
|
|
modified acording to our needs.
|
|
(read_line): New. Based on the code from GnuPG's iobuf_read_line.
|
|
* configure.ac: Check for getaddrinfo.
|
|
|
|
* src/dirmngr.c (parse_ldapserver_file): Close the stream.
|
|
(main): Free ldapfile.
|
|
|
|
* src/ocsp.c, src/ocsp.h: New. Albeit not functionality.
|
|
|
|
* src/server.c (inquire_cert): Catch EOF when reading dist points.
|
|
|
|
* src/crlcache.c (hash_dbfile, check_dbfile): New.
|
|
(lock_db_file, crl_cache_insert): Use them here to detect
|
|
corrupted CRL files.
|
|
(open_dir): Read the new dbfile hash field.
|
|
|
|
* src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to return
|
|
a stream.
|
|
(fun_reader, fun_closer, setup_funopen): New.
|
|
* src/server.c (inquire_cert): Changed to use the new stream interface
|
|
of crlfetch.c.
|
|
|
|
2003-12-10 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/funopen.c: New.
|
|
* configure.ac (funopen): Add test.
|
|
* src/Makefile.am (dirmngr_LDADD): Add LIBOBJS.
|
|
|
|
* src/crlcache.c (next_line_from_file): Remove the limit on the
|
|
line length.
|
|
(crl_cache_new): Removed.
|
|
(open_dbcontent): New.
|
|
(crl_cache_init): Use it here.
|
|
(crl_cache_flush): The DB content fie is now in the cache
|
|
directory, so we can simplify it.
|
|
(make_db_file_name, lock_db_file, unlock_db_file): New.
|
|
(release_cache): Close the cached DB files.
|
|
(crl_cache_isvalid): Make use of the new lock_db_file.
|
|
(crl_cache_insert): Changed to take a stream as argument.
|
|
(crl_parse_insert): Rewritten to use a temporary DB and to avoid
|
|
using up large amounts of memory.
|
|
(db_entry_new): Removed.
|
|
(release_cache,release_one_cache_entry): Splitted up.
|
|
(find_entry): Take care of the new deleted flag.
|
|
(crl_cache_load): Simplified becuase we can now pass a FP to the
|
|
insert code.
|
|
(save_contents): Removed.
|
|
(update_dir): New.
|
|
(open_dbcontent_file): Renamed to open_dir_file.
|
|
(check_dbcontent_version): Renamed to check_dir_version.
|
|
(open_dbcontent): Renamed to open_dir.
|
|
|
|
* src/dirmngr.c: New option --faked-system-time.
|
|
* src/misc.c (faked_time_p, set_time, get_time): New. Taken from GnuPG.
|
|
(check_isotime): New.
|
|
(unpercent_string): New.
|
|
|
|
2003-12-09 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlcache.h (DBDIR,DBCONTENTFILE): Changed value.
|
|
|
|
* autogen.sh: Reworked.
|
|
* README.CVS: New.
|
|
* configure.ac: Added min_automake_version.
|
|
|
|
2003-12-03 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/server.c (cmd_lookup): Send an END line after each
|
|
certificate.
|
|
|
|
2003-11-28 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/Makefile.am (dirmngr_LDADD): Remove DB_LIBS
|
|
because it never got defined and -ldb{2,4} is implictly set
|
|
by the AC_CHECK_LIB test in configure.
|
|
|
|
* src/crlcache.c (mydbopen): DB4 needs an extra parameter; I
|
|
wonder who ever tested DB4 support. Add an error statement in
|
|
case no DB support is configured.
|
|
|
|
* tests/Makefile.am: Don't use AM_CPPFLAGS but AM_CFLAGS, replaced
|
|
variables by configure templates.
|
|
* src/Makefile.am: Ditto.
|
|
|
|
2003-11-19 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlcache.c (list_one_crl_entry): Define X to nothing for non
|
|
DB4 systems. Thanks to Luca M. G. Centamore.
|
|
|
|
2003-11-17 Werner Koch <wk@gnupg.org>
|
|
|
|
Released 0.5.0
|
|
|
|
* src/crlcache.c (crl_cache_new): Fixed eof detection.
|
|
|
|
* src/server.c (cmd_loadcrl): Do the unescaping.
|
|
|
|
* doc/dirmngr.texi: Added a history section for this modified
|
|
version.
|
|
|
|
2003-11-14 Werner Koch <wk@gnupg.org>
|
|
|
|
* tests/asschk.c: New. Taken from GnuPG.
|
|
* tests/Makefile.am: Added asschk.
|
|
|
|
2003-11-13 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/ldap.c (fetch_next_cert_ldap): Get the pattern switching
|
|
right.
|
|
|
|
* tests/test-dirmngr.c: Replaced a couple of deprecated types.
|
|
|
|
* configure.ac (GPG_ERR_SOURCE_DEFAULT): Added.
|
|
(fopencookie, asprintf): Removed unneeded test.
|
|
(PRINTABLE_OS_NAME): Updated the test from gnupg.
|
|
(CFLAGS): Do full warnings only in maintainer mode. Add flag
|
|
--enable gcc-warnings to override it and to enable even more
|
|
warnings.
|
|
* acinclude.m4: Removed the libgcrypt test.
|
|
|
|
* src/ldap.c (get_attr_from_result_ldap): Simplified the binary
|
|
hack and return a proper gpg error.
|
|
(attr_fetch_ldap_internal): Changed error handling.
|
|
(attr_fetch_ldap): Reworked. Return configuration error if no
|
|
servers are configured.
|
|
(url_fetch_ldap, add_server_to_servers)
|
|
(url_fetch_ldap_internal): Reworked.
|
|
(struct cert_fetch_context_s): New to get rid of a global state.
|
|
(start_cert_fetch_ldap): Allocate context and do a bind with a
|
|
timeout. Parse pattern.
|
|
(end_cert_fetch_ldap): Take context and don't return anything.
|
|
(find_next_pattern): Removed.
|
|
(parse_one_pattern): Redone.
|
|
(get_cert_ldap): Redone.
|
|
* src/server.c (cmd_lookup): Changed for changed fetch functions.
|
|
|
|
* doc/dirmngr.texi: Reworked a bit to get rid of tex errors.
|
|
|
|
* configure.ac: Enable makeinfo test.
|
|
|
|
* src/crlcache.c (crl_cache_insert): Fixed for latest KSBA API
|
|
changes.
|
|
* tests/test-dirmngr.c (main): Ditto. Also added some more error
|
|
checking.
|
|
|
|
2003-11-11 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/cert.c (hashify_data, hexify_data, serial_hex)
|
|
(serial_to_buffer): Moved all to ...
|
|
* src/misc.c: .. here.
|
|
* src/Makefile.am (cert.c, cert.h): Removed.
|
|
* cert.c, cert.h: Removed.
|
|
|
|
* m4/: New.
|
|
* configure.ac, Makefile.am: Include m4 directory support, updated
|
|
required library versions.
|
|
|
|
* src/cert.c (make_cert): Removed.
|
|
|
|
* src/ldap.c (fetch_next_cert_ldap): Return a gpg style error.
|
|
|
|
* src/misc.h (copy_time): New.
|
|
* src/misc.c (get_isotime): New.
|
|
(iso_string2time, iso_time2string): Removed.
|
|
(unhexify): New.
|
|
|
|
* src/crlcache.h (DBCONTENTSVERSION): Bumbed to 0.6.
|
|
* src/crlcache.c (finish_sig_check): New. Factored out from
|
|
crl_parse_insert and entirely redone.
|
|
(do_encode_md): Removed.
|
|
(print_time): Removed
|
|
(crl_cache_isvalid): Reworked.
|
|
|
|
2003-11-10 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlcache.c (make_db_val, parse_db_val): Removed.
|
|
|
|
* src/cert.c (serial_to_buffer): New.
|
|
|
|
* src/server.c (get_issuer_cert_local): Rewritten.
|
|
|
|
* src/crlcache.c (crl_parse_insert): Rewritten. Takes now a CTRL
|
|
instead of the Assuan context. Changed caller accordingly.
|
|
(get_issuer_cert): Cleaned up.
|
|
|
|
* src/crlfetch.c (crl_fetch): Changed VALUE to unsigned char* for
|
|
documentation reasons. Make sure that VALUE is released on error.
|
|
(crl_fetch_default, ca_cert_fetch): Ditto.
|
|
|
|
* src/crlcache.c (release_cache): New.
|
|
(crl_cache_deinit): Use it here.
|
|
(crl_cache_flush): Redone.
|
|
(save_contents): Redone.
|
|
(crl_cache_list, list_one_crl_entry): Print error messages.
|
|
|
|
2003-11-06 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/crlcache.c (create_directory_if_needed, cleanup_cache_dir):
|
|
New. Factored out from crl_cache_new and mostly rewritten.
|
|
(crl_cache_new): Rewritten.
|
|
(next_line_from_file): New.
|
|
(find_entry): Cleaned up.
|
|
(crl_cache_deinit): Cleaned up.
|
|
|
|
* src/dirmngr.c (dirmngr_init_default_ctrl): New stub.
|
|
* src/dirmngr.h (ctrl_t): New.
|
|
(DBG_ASSUAN,...): Added the usual debug test macros.
|
|
* src/server.c: Removed the GET_PTR cruft, replaced it by ctrl_t.
|
|
Removed the recursion flag.
|
|
(get_issuer_cert_local): Allow for arbitary large
|
|
certificates. 4096 is definitely too small.
|
|
(inquire_cert): Ditto.
|
|
(start_command_handler): Set a hello line and call the default
|
|
init function.
|
|
(cmd_isvalid): Rewritten.
|
|
(inquire_cert): Removed unused arg LINE. General cleanup.
|
|
(map_assuan_err,map_to_assuan_status): New. Taken from gnupg 1.9.
|
|
(cmd_lookup): Rewritten.
|
|
(cmd_loadcrl): Started to rewrite it.
|
|
|
|
2003-10-29 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.c (parse_ldapserver_file): Entirely rewritten.
|
|
(cleanup): New.
|
|
(main): Cleaned up.
|
|
|
|
2003-10-28 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/dirmngr.h: Renamed dirmngr_opt to opt.
|
|
|
|
* src/dirmngr.c (parse_ldapserver_file, free_ldapservers_list):
|
|
Moved with this file. Cleaned up. Replaced too deep recursion in
|
|
the free function.
|
|
|
|
2003-10-21 Werner Koch <wk@gnupg.org>
|
|
|
|
Changed all occurrences of assuan.h to use use the system provided
|
|
one.
|
|
* src/server.c (register_commands): Adjusted for Assuan API change.
|
|
|
|
2003-08-14 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/Makefile.am: s/LIBKSBA_/KSBA_/. Changed for external Assuan lib.
|
|
* tests/Makefile.am: Ditto.
|
|
|
|
* configure.ac: Partly restructured, add standard checks for
|
|
required libraries, removed included libassuan.
|
|
* Makefile.am (SUBDIRS): Removed assuan becuase we now use the
|
|
libassuan package.
|
|
|
|
* src/dirmngr.c (main): Properly initialize Libgcrypt and libksba.
|
|
|
|
2003-08-13 Werner Koch <wk@gnupg.org>
|
|
|
|
* src/server.c (get_issuer_cert_local): Print error using
|
|
assuan_strerror.
|
|
|
|
* src/crlcache.c (do_encode_md, start_sig_check): Adjust for
|
|
changed Libgcrypt API.
|
|
|
|
2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* configure.ac: Upped version to 0.4.7-cvs.
|
|
|
|
2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* configure.ac: Release 0.4.6.
|
|
|
|
2003-06-17 Bernhard Reiter <bernhard@intevation.de>
|
|
|
|
* src/ldap.c (url_fetch_ldap()):
|
|
try other default servers when an url with hostname failed
|
|
* AUTHORS: added Steffen and Werner
|
|
* THANKS: Thanked people in the ChangeLog and the Ägypten-Team
|
|
|
|
|
|
2003-06-16 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* configure.ac, src/crlcache.h, src/crlcache.c: Added db4 support.
|
|
* src/Makefile.am, tests/Makefile.am: Removed automake warning.
|
|
* tests/test-dirmngr.c: Removed a warning.
|
|
|
|
2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* doc/Makefile.am: Added dirmngr.ops to DISTCLEANFILES.
|
|
* ChangeLog, doc/ChangeLog, src/ChangeLog: Merged dirmngr ChangeLogs
|
|
into one toplevel file.
|
|
* acinclude.m4, configure.ac: Renamed PFX to PATH for consistency.
|
|
|
|
2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* src/ldap.c: Fixed end-of-certificates-list indication.
|
|
|
|
2003-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* src/server.c: Fixed iteration over server list
|
|
|
|
2003-02-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* src/crlcache.h, src/crlcache.c, src/dirmngr.c: Implemented --flush command.
|
|
|
|
2003-02-07 Marcus Brinkmann <marcus@g10code.de>
|
|
|
|
* configure.ac: Release 0.4.4.
|
|
|
|
2003-02-05 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* src/ldap.c: Try harder with and without ";binary" in the
|
|
attribute name when fetching certificates.
|
|
* src/ldap.c, src/server.c: Support multiple userCertificate attributes
|
|
per entry.
|
|
|
|
2003-02-04 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* src/ldap.c: Include the sn attribute in the search filter.
|
|
Better log messages.
|
|
|
|
2002-11-20 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Doc updates (fixes #1373)
|
|
* Fix for #1419 (crash in free_ldapservers_list())
|
|
* Fix for #1375. Dirmngr now asks back with an INQUIRE SENDCERT before
|
|
querying the LDAP servers for an issuer certificate to validate a CRL
|
|
|
|
2002-11-12 Werner Koch <wk@gnupg.org>
|
|
|
|
* config.sub, config.guess: Updated from ftp.gnu.org/gnu/config
|
|
to version 2002-11-08.
|
|
|
|
2002-11-12 Werner Koch <wk@gnupg.org>
|
|
|
|
* dirmngr.c (main) <load_crl_filename>: Better pass NULL instead
|
|
of an unitialized Assuan context. Let's hope that the other
|
|
functions can cope with this.
|
|
|
|
2002-10-25 Bernhard Reiter <bernhard@intevation.de>
|
|
|
|
* src/ldap.c (get_attr_from_result_ldap()):
|
|
added value extraction retry for CRLs and Certs without ";binary"
|
|
* changed version number to reflect cvs status to "0.4.3-cvs"
|
|
|
|
2002-08-21 Werner Koch <wk@gnupg.org>
|
|
|
|
* dirmngr.c (main): Changed default homedir to .gnupg.
|
|
|
|
2002-08-07 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Added configure check to examine whether db2 cursor() uses 3 or
|
|
4 parameters.
|
|
|
|
2002-07-31 Werner Koch <wk@gnupg.org>
|
|
|
|
* doc/dirmngr.texi: Fixed the structure and added menu entries
|
|
for the other nodes.
|
|
|
|
2002-07-30 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Added doc dir and first steps towards manual.
|
|
|
|
2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Got rid of the default server for CRL lookup. We now use the
|
|
same list of servers that we use for cert. lookup.
|
|
|
|
2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* New option --add-servers to allow dirmngr to add LDAP servers
|
|
found in CRL distribution points to the list of servers it
|
|
searches. NOTE: The added servers are only active in the currently
|
|
running dirmngr -- the info isn't written to persistens storage.
|
|
|
|
2002-07-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Default LDAP timeout is 100 seconds now.
|
|
|
|
* Use DB2 instead of DB1. Check for libresolv, fixed bug when
|
|
libldap was found in the default search path.
|
|
|
|
2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Implemented --load-crl <filename> option. Also available as
|
|
LOADCRL assuan command when in server mode.
|
|
|
|
2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Implemented new option --ldaptimeout to specify the number of seconds to
|
|
wait for an LDAP request before timeout.
|
|
|
|
* Added --list-crls option to print the contents of the CRL cache
|
|
* Added some items to the dbcontents file to make printout nicer
|
|
and updated it's version number
|
|
|
|
2002-07-02 Werner Koch <wk@gnupg.org>
|
|
|
|
* crlcache.c (crl_parse_insert): Fixed log_debug format string.
|
|
|
|
2002-07-02 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* configure.ac: Use DB->get() return value correctly.
|
|
|
|
2002-06-28 Werner Koch <wk@gnupg.org>
|
|
|
|
* crlcache.c (crl_parse_insert): Keep track of newly allocated
|
|
ENTRY so that we don't free existing errors after a bad signature.
|
|
|
|
* dirmngr.h: Include prototype for start_command_handler.
|
|
|
|
* crlfetch.c, crlcache.c, http.c, cert.c, ldap.c: Include
|
|
config.h.
|
|
|
|
* crlcache.c (crl_parse_insert): Fixed format type specifiers for
|
|
time_t variables in log_debug.
|
|
|
|
* error.h: Use log_debug instead of dirmngr_debug. Changed all
|
|
callers.
|
|
* Makefile.am (dirmngr_SOURCES): Removed error.c
|
|
|
|
* dirmngr.c (main): Register gcrypt malloc functions with ksba so
|
|
that we don't run into problems by using the wrong free function.
|
|
The gcrypt malloc function have the additional benefit of a
|
|
providing allocation sanity checks when compiled with that
|
|
feature.
|
|
|
|
* crlcache.c (get_issuer_cert): Use xfree instead of ksba_free.
|
|
|
|
|
|
2002-06-27 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* ldap.c: Look for both userCertificate and caCertificate
|
|
|
|
2002-06-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* configure.ac: Upped version number to 0.3.1
|
|
|
|
2002-06-25 Werner Koch <wk@gnupg.org>
|
|
|
|
* server.c (cmd_lookup): Use assuan_write_status which ensures a
|
|
correct syntax.
|
|
|
|
2002-06-20 Werner Koch <wk@gnupg.org>
|
|
|
|
* crlcache.c (crl_cache_isvalid): Started with some nicer logging.
|
|
However, this will need a lot more work.
|
|
(get_issuer_cert): Ditto.
|
|
|
|
* dirmngr.c (main): Changed required libgcrypt version and don't
|
|
print the prefix when using a logfile.
|
|
|
|
2002-06-20 Werner Koch <wk@gnupg.org>
|
|
|
|
* tests/Makefile.am (TESTS): Removed test-dirmngr because it
|
|
is not a proper test program.
|
|
(EXTRA_DIST): Removed the non-existent test certificate.
|
|
|
|
2002-05-21 Werner Koch <wk@gnupg.org>
|
|
|
|
* server.c (start_command_handler): Enable assuan debugging.
|
|
|
|
2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Replaced gdbm check with db1 check
|
|
|
|
2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Replaced gdbm with db1, updated file format version
|
|
|
|
2002-03-01 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Added gdbm configure check
|
|
|
|
2002-01-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Return ASSUAN_CRL_Too_Old if the CRL is too old
|
|
|
|
|
|
2002-01-17 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
Added commandline options --ldapserver <host> --ldapport <port>
|
|
--ldapuser <user> --ldappassword <passwd>.
|
|
|
|
Cleaned up CRL parsing, signature evaluation a bit, changed
|
|
datetime format in config file to ISO, added version string to
|
|
contents format and cache file clean up code in case of mismatch.
|
|
|
|
2002-01-14 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
|
|
|
|
* Use dirmngr_opt.homedir for storing the db. Added Makefile.am to
|
|
tests, bugfixes.
|
|
|
|
* First code.
|
|
Things that work:
|
|
Loading/saving database (paths hardcoded)
|
|
Fetching CRL from hardcoded server, parsing and inserting in database
|
|
Answer ISVALID xxx.yyy requests
|
|
|
|
Things that are missing:
|
|
Some error-checking/handling
|
|
Proper autoconf handling of gdbm and OpenLDAP
|
|
Signature checking downloaded CRLs
|
|
Answer LOOKUP requests
|
|
...
|
|
|
|
How to test:
|
|
cd tests
|
|
ldapsearch -v -x -h www.trustcenter.de -b '<some-users-DN>' userCertificate -t
|
|
cp /tmp/<cert-file> testcert.der
|
|
./test-dirmngr
|
|
|
|
==END OLDEST CHANGELOG==
|
|
|
|
Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010,
|
|
2011 Free Software Foundation, Inc.
|
|
|
|
This file is free software; as a special exception the author gives
|
|
unlimited permission to copy and/or distribute it, with or without
|
|
modifications, as long as this notice is preserved.
|
|
|
|
This file is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
|
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
Local Variables:
|
|
buffer-read-only: t
|
|
End:
|