1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

tryu harder to ignore duplicate specified keyrings and -boxes.

Documentation updates.
This commit is contained in:
Werner Koch 2007-08-24 09:34:39 +00:00
parent 698ba5ae3c
commit 503f91e0ae
14 changed files with 137 additions and 16 deletions

5
NEWS
View File

@ -1,6 +1,11 @@
Noteworthy changes in version 2.0.7 Noteworthy changes in version 2.0.7
------------------------------------------------ ------------------------------------------------
* Fixed encryption problem if duplicate certificates are in the
keybox.
* Made it work on Windows Vista.
Noteworthy changes in version 2.0.6 (2007-08-16) Noteworthy changes in version 2.0.6 (2007-08-16)
------------------------------------------------ ------------------------------------------------

View File

@ -1,3 +1,8 @@
2007-08-24 Werner Koch <wk@g10code.com>
* debugging.texi (Common Problems): Add "A root certifciate does
not validate."
2007-08-14 Werner Koch <wk@g10code.com> 2007-08-14 Werner Koch <wk@g10code.com>
* glossary.texi (Glossary): Add a more items. * glossary.texi (Glossary): Add a more items.

View File

@ -77,6 +77,13 @@ are flagges as ephemeral, meaning that they are only temporary stored
provided by @command{gpgsm} or @command{gpg}. 81 certifcates are stored provided by @command{gpgsm} or @command{gpg}. 81 certifcates are stored
in a standard way and directly available from @command{gpgsm}. in a standard way and directly available from @command{gpgsm}.
@noindent
To find duplicated certificates and keyblocks in a keybox file (this
should not occur but sometimes things go wrong), run it using
@samp{kbxutil --find-dups ~/.gnupg/pubring.kbx}
@ -165,6 +172,18 @@ stored private keys because some private keys are used for Secure Shell
or other purposes and don't have a corresponding certificate. or other purposes and don't have a corresponding certificate.
@item A root certificate does not verify
A common problem is that the root certificate misses the required
basicConstrains attribute and thus @command{gpgsm} rejects this
certificate. An error message indicating ``no value'' is a sign for
such a certificate. You may use the @code{relax} flag in
@file{trustlist.txt} to accept the certificate anyway. Note that the
fingerprint and this flag may only be added manually to
@file{trustlist.txt}.
@end itemize @end itemize

View File

@ -502,7 +502,9 @@ caller:
@table @code @table @code
@item relax @item relax
Relax checking of some root certificate requirements. Relax checking of some root certificate requirements. This is for
example required if the certificate is missing the basicConstraints
attribute (despite that it is a MUST for CA certificates).
@item cm @item cm
If validation of a certificate finally issued by a CA with this flag set If validation of a certificate finally issued by a CA with this flag set

View File

@ -1,3 +1,7 @@
2007-08-24 Werner Koch <wk@g10code.com>
* keyring.c (keyring_register_filename): Use same_file_p().
2007-08-21 Werner Koch <wk@g10code.com> 2007-08-21 Werner Koch <wk@g10code.com>
* misc.c (openpgp_md_test_algo): Remove rfc2440bis hash algorithms. * misc.c (openpgp_md_test_algo): Remove rfc2440bis hash algorithms.

View File

@ -206,10 +206,10 @@ keyring_register_filename (const char *fname, int secret, void **ptr)
for (kr=kr_names; kr; kr = kr->next) for (kr=kr_names; kr; kr = kr->next)
{ {
if ( !compare_filenames (kr->fname, fname) ) if (same_file_p (kr->fname, fname))
{ {
*ptr=kr; *ptr=kr;
return 0; /* already registered */ return 0; /* Already registered. */
} }
} }

View File

@ -1,3 +1,9 @@
2007-08-24 Werner Koch <wk@g10code.com>
* mischelp.c (same_file_p): New.
(libjnlib_dummy_mischelp_func): Remove as we now always have one
function.
2007-08-09 Werner Koch <wk@g10code.com> 2007-08-09 Werner Koch <wk@g10code.com>
* argparse.c (show_help): Expand the @EMAIL@ macro in the package * argparse.c (show_help): Expand the @EMAIL@ macro in the package

View File

@ -1,5 +1,5 @@
/* mischelp.c - Miscellaneous helper functions /* mischelp.c - Miscellaneous helper functions
* Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc. * Copyright (C) 1998, 2000, 2001, 2006, 2007 Free Software Foundation, Inc.
* *
* This file is part of JNLIB. * This file is part of JNLIB.
* *
@ -21,16 +21,63 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
#ifdef HAVE_W32_SYSTEM
# define WIN32_LEAN_AND_MEAN
# include <windows.h>
#else /*!HAVE_W32_SYSTEM*/
# include <sys/types.h>
# include <sys/stat.h>
# include <unistd.h>
#endif /*!HAVE_W32_SYSTEM*/
#include "libjnlib-config.h" #include "libjnlib-config.h"
#include "stringhelp.h"
#include "mischelp.h" #include "mischelp.h"
/* A dummy function to prevent an empty compilation unit. Some
compilers bail out in this case. */ /* Check whether the files NAME1 and NAME2 are identical. This is for
time_t example achieved by comparing the inode numbers of the files. */
libjnlib_dummy_mischelp_func (void) int
same_file_p (const char *name1, const char *name2)
{ {
return time (NULL); int yes;
/* First try a shortcut. */
if (!compare_filenames (name1, name2))
yes = 1;
else
{
#ifdef HAVE_W32_SYSTEM
HANDLE file1, file2;
BY_HANDLE_FILE_INFORMATION info1, info2;
file1 = CreateFile (name1, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
if (file1 == INVALID_HANDLE_VALUE)
yes = 0; /* If we can't open the file, it is not the same. */
else
{
file2 = CreateFile (name2, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
if (file1 == INVALID_HANDLE_VALUE)
yes = 0; /* If we can't open the file, it is not the same. */
else
{
yes = (GetFileInformationByHandle (file1, &info1)
&& GetFileInformationByHandle (file2, &info2)
&& info1.dwVolumeSerialNumber==info2.dwVolumeSerialNumber
&& info1.nFileIndexHigh == info2.nFileIndexHigh
&& info1.nFileIndexLow == info2.nFileIndexLow);
CloseHandle (file2);
}
CloseHandle (file1);
}
#else /*!HAVE_W32_SYSTEM*/
struct stat info1, info2;
yes = (!stat (name1, &info1) && !stat (name2, &info2)
&& info1.st_dev == info2.st_dev && info1.st_ino == info2.st_ino);
#endif /*!HAVE_W32_SYSTEM*/
}
return yes;
} }

View File

@ -1,6 +1,6 @@
/* mischelp.h - Miscellaneous helper macros and functions /* mischelp.h - Miscellaneous helper macros and functions
* Copyright (C) 1999, 2000, 2001, 2002, 2003, * Copyright (C) 1999, 2000, 2001, 2002, 2003,
* 2006 Free Software Foundation, Inc. * 2006, 2007 Free Software Foundation, Inc.
* *
* This file is part of JNLIB. * This file is part of JNLIB.
* *
@ -22,6 +22,11 @@
#define LIBJNLIB_MISCHHELP_H #define LIBJNLIB_MISCHHELP_H
/* Check whether the files NAME1 and NAME2 are identical. This is for
example achieved by comparing the inode numbers of the files. */
int same_file_p (const char *name1, const char *name2);
#ifndef HAVE_TIMEGM #ifndef HAVE_TIMEGM
#include <time.h> #include <time.h>
time_t timegm (struct tm *tm); time_t timegm (struct tm *tm);

View File

@ -338,11 +338,14 @@ make_filename( const char *first_part, ... )
} }
/* Compare whether the filenames are identical. This is a
specialversion of strcmp() taking the semantics of filenames in
account. Note that this function works only on the supplied names
without considereing any context like the current directory. See
also same_file_p(). */
int int
compare_filenames (const char *a, const char *b) compare_filenames (const char *a, const char *b)
{ {
/* ? check whether this is an absolute filename and resolve
symlinks? */
#ifdef HAVE_DRIVE_LETTERS #ifdef HAVE_DRIVE_LETTERS
for ( ; *a && *b; a++, b++ ) for ( ; *a && *b; a++, b++ )
{ {

View File

@ -1,3 +1,7 @@
2007-08-24 Werner Koch <wk@g10code.com>
* keybox-init.c (keybox_register_file): Use same_file_p.
2007-08-23 Werner Koch <wk@g10code.com> 2007-08-23 Werner Koch <wk@g10code.com>
* kbxutil.c: New commands --find-dups and --cut. New options * kbxutil.c: New commands --find-dups and --cut. New options

View File

@ -24,10 +24,9 @@
#include <unistd.h> #include <unistd.h>
#include <assert.h> #include <assert.h>
#include "../jnlib/mischelp.h"
#include "keybox-defs.h" #include "keybox-defs.h"
#define compare_filenames strcmp
static KB_NAME kb_names; static KB_NAME kb_names;
@ -42,8 +41,8 @@ keybox_register_file (const char *fname, int secret)
for (kr=kb_names; kr; kr = kr->next) for (kr=kb_names; kr; kr = kr->next)
{ {
if ( !compare_filenames (kr->fname, fname) ) if (same_file_p (kr->fname, fname) )
return NULL; /* already registered */ return NULL; /* Already registered. */
} }
kr = xtrymalloc (sizeof *kr + strlen (fname)); kr = xtrymalloc (sizeof *kr + strlen (fname));

View File

@ -13,5 +13,8 @@ webderoot.der trust.web.de Root CA certificate [2004-02-17]
webdeca.der trust.web.de CA certificate [2004-02-17] webdeca.der trust.web.de CA certificate [2004-02-17]
gte.pem GTE CyberTrust Global Root

19
tests/samplekeys/gte.pem Normal file
View File

@ -0,0 +1,19 @@
Issuer ...: /CN=GTE CyberTrust Global Root/OU=GTE CyberTrust Solutions, Inc./O=GTE Corporation/C=US
Serial ...: 01A5
Subject ..: /CN=GTE CyberTrust Global Root/OU=GTE CyberTrust Solutions, Inc./O=GTE Corporation/C=US
-----BEGIN CERTIFICATE-----
MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
-----END CERTIFICATE-----