tryu harder to ignore duplicate specified keyrings and -boxes.

Documentation updates.
2024-12-22 10:19:57 +01:00 · 2007-08-24 09:34:39 +00:00 · 2007-08-24 09:34:39 +00:00 · 503f91e0ae
commit 503f91e0ae
parent 698ba5ae3c
14 changed files with 137 additions and 16 deletions
--- a/5
+++ b/5
@ -1,6 +1,11 @@
 Noteworthy changes in version 2.0.7
 ------------------------------------------------
 * Fixed encryption problem if duplicate certificates are in the
   keybox.
 * Made it work on Windows Vista.
 Noteworthy changes in version 2.0.6 (2007-08-16)
 ------------------------------------------------
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,8 @@
 2007-08-24  Werner Koch  <wk@g10code.com>
 	* debugging.texi (Common Problems): Add "A root certifciate does
 	not validate."
 2007-08-14  Werner Koch  <wk@g10code.com>
 	* glossary.texi (Glossary): Add a more items.
--- a/doc/debugging.texi
+++ b/doc/debugging.texi
@ -77,6 +77,13 @@ are flagges as ephemeral, meaning that they are only temporary stored
 provided by @command{gpgsm} or @command{gpg}. 81 certifcates are stored
 in a standard way and directly available from @command{gpgsm}.
@noindent
 To find duplicated certificates and keyblocks in a keybox file (this
 should not occur but sometimes things go wrong), run it using
@samp{kbxutil --find-dups ~/.gnupg/pubring.kbx}
@ -165,6 +172,18 @@ stored private keys because some private keys are used for Secure Shell
 or other purposes and don't have a corresponding certificate.
@item A root certificate does not verify
 A common problem is that the root certificate misses the required
 basicConstrains attribute and thus @command{gpgsm} rejects this
 certificate.  An error message indicating ``no value'' is a sign for
 such a certificate.  You may use the @code{relax} flag in
@file{trustlist.txt} to accept the certificate anyway.  Note that the
 fingerprint and this flag may only be added manually to
@file{trustlist.txt}.
@end itemize
--- a/doc/gpg-agent.texi
+++ b/doc/gpg-agent.texi
@ -502,7 +502,9 @@ caller:
@table @code
@item relax
-Relax checking of some root certificate requirements.
+Relax checking of some root certificate requirements.  This is for
 example required if the certificate is missing the basicConstraints
 attribute (despite that it is a MUST for CA certificates).
@item cm
 If validation of a certificate finally issued by a CA with this flag set
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,7 @@
 2007-08-24  Werner Koch  <wk@g10code.com>
 	* keyring.c (keyring_register_filename): Use same_file_p().
 2007-08-21  Werner Koch  <wk@g10code.com>
 	* misc.c (openpgp_md_test_algo): Remove rfc2440bis hash algorithms.
--- a/g10/keyring.c
+++ b/g10/keyring.c
@ -206,10 +206,10 @@ keyring_register_filename (const char *fname, int secret, void **ptr)
    for (kr=kr_names; kr; kr = kr->next)
      {
-        if ( !compare_filenames (kr->fname, fname) )
+        if (same_file_p (kr->fname, fname))
 	  {
            *ptr=kr;
-	    return 0; /* already registered */
+	    return 0; /* Already registered.  */
 	  }
      }
--- a/jnlib/ChangeLog
+++ b/jnlib/ChangeLog
@ -1,3 +1,9 @@
 2007-08-24  Werner Koch  <wk@g10code.com>
 	* mischelp.c (same_file_p): New.
 	(libjnlib_dummy_mischelp_func): Remove as we now always have one
 	function.
 2007-08-09  Werner Koch  <wk@g10code.com>
 	* argparse.c (show_help): Expand the @EMAIL@ macro in the package
--- a/jnlib/mischelp.c
+++ b/jnlib/mischelp.c
@ -1,5 +1,5 @@
 /* mischelp.c - Miscellaneous helper functions
- * Copyright (C) 1998, 2000, 2001, 2006 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 2000, 2001, 2006, 2007 Free Software Foundation, Inc.
 *
 * This file is part of JNLIB.
 *
@ -21,16 +21,63 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #ifdef HAVE_W32_SYSTEM
 # define WIN32_LEAN_AND_MEAN
 # include <windows.h>
 #else /*!HAVE_W32_SYSTEM*/
 # include <sys/types.h>
 # include <sys/stat.h>
 # include <unistd.h>
 #endif /*!HAVE_W32_SYSTEM*/
 #include "libjnlib-config.h"
 #include "stringhelp.h"
 #include "mischelp.h"
-/* A dummy function to prevent an empty compilation unit.  Some
+
-   compilers bail out in this case. */
+/* Check whether the files NAME1 and NAME2 are identical.  This is for
-time_t
+   example achieved by comparing the inode numbers of the files.  */
-libjnlib_dummy_mischelp_func (void)
+int
 same_file_p (const char *name1, const char *name2)
 {
-  return time (NULL);
+  int yes;
  /* First try a shortcut.  */
  if (!compare_filenames (name1, name2))
    yes = 1;
  else
    {
 #ifdef HAVE_W32_SYSTEM  
      HANDLE file1, file2;
      BY_HANDLE_FILE_INFORMATION info1, info2;
      file1 = CreateFile (name1, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
      if (file1 == INVALID_HANDLE_VALUE)
        yes = 0; /* If we can't open the file, it is not the same.  */
      else
        {
          file2 = CreateFile (name2, 0, 0, NULL, OPEN_EXISTING, 0, NULL);
          if (file1 == INVALID_HANDLE_VALUE)
            yes = 0; /* If we can't open the file, it is not the same.  */
          else
            {
              yes = (GetFileInformationByHandle (file1, &info1)
                     && GetFileInformationByHandle (file2, &info2)
                     && info1.dwVolumeSerialNumber==info2.dwVolumeSerialNumber
                     && info1.nFileIndexHigh == info2.nFileIndexHigh
                     && info1.nFileIndexLow == info2.nFileIndexLow);
              CloseHandle (file2);
            }
          CloseHandle (file1);
        }
 #else /*!HAVE_W32_SYSTEM*/
      struct stat info1, info2;
      yes = (!stat (name1, &info1) && !stat (name2, &info2)
             && info1.st_dev == info2.st_dev && info1.st_ino == info2.st_ino);
 #endif /*!HAVE_W32_SYSTEM*/
    }
  return yes;
 }
--- a/jnlib/mischelp.h
+++ b/jnlib/mischelp.h
@ -1,6 +1,6 @@
 /* mischelp.h - Miscellaneous helper macros and functions
 * Copyright (C) 1999, 2000, 2001, 2002, 2003,
- *               2006  Free Software Foundation, Inc.
+ *               2006, 2007  Free Software Foundation, Inc.
 *
 * This file is part of JNLIB.
 *
@ -22,6 +22,11 @@
 #define LIBJNLIB_MISCHHELP_H
 /* Check whether the files NAME1 and NAME2 are identical.  This is for
   example achieved by comparing the inode numbers of the files.  */
 int same_file_p (const char *name1, const char *name2);
 #ifndef HAVE_TIMEGM
 #include <time.h>
 time_t timegm (struct tm *tm);
--- a/jnlib/stringhelp.c
+++ b/jnlib/stringhelp.c
@ -338,11 +338,14 @@ make_filename( const char *first_part, ... )
 }
 /* Compare whether the filenames are identical.  This is a
   specialversion of strcmp() taking the semantics of filenames in
   account.  Note that this function works only on the supplied names
   without considereing any context like the current directory.  See
   also same_file_p(). */
 int
 compare_filenames (const char *a, const char *b)
 {
  /* ? check whether this is an absolute filename and resolve
     symlinks?  */
 #ifdef HAVE_DRIVE_LETTERS
  for ( ; *a && *b; a++, b++ ) 
    {
--- a/kbx/ChangeLog
+++ b/kbx/ChangeLog
@ -1,3 +1,7 @@
 2007-08-24  Werner Koch  <wk@g10code.com>
 	* keybox-init.c (keybox_register_file): Use same_file_p.
 2007-08-23  Werner Koch  <wk@g10code.com>
 	* kbxutil.c: New commands --find-dups and --cut.  New options
--- a/kbx/keybox-init.c
+++ b/kbx/keybox-init.c
@ -24,10 +24,9 @@
 #include <unistd.h>
 #include <assert.h>
 #include "../jnlib/mischelp.h"
 #include "keybox-defs.h"
 #define compare_filenames strcmp
 static KB_NAME kb_names;
@ -42,8 +41,8 @@ keybox_register_file (const char *fname, int secret)
  for (kr=kb_names; kr; kr = kr->next)
    {
-      if ( !compare_filenames (kr->fname, fname) )
+      if (same_file_p (kr->fname, fname) )
-        return NULL; /* already registered */
+        return NULL; /* Already registered. */
    }
  kr = xtrymalloc (sizeof *kr + strlen (fname));
--- a/tests/samplekeys/README
+++ b/tests/samplekeys/README
@ -13,5 +13,8 @@ webderoot.der      trust.web.de Root CA certificate [2004-02-17]
 webdeca.der        trust.web.de CA certificate [2004-02-17]
 gte.pem            GTE CyberTrust Global Root
--- a/tests/samplekeys/gte.pem
+++ b/tests/samplekeys/gte.pem
@ -0,0 +1,19 @@
 Issuer ...: /CN=GTE CyberTrust Global Root/OU=GTE CyberTrust Solutions, Inc./O=GTE Corporation/C=US
 Serial ...: 01A5
 Subject ..: /CN=GTE CyberTrust Global Root/OU=GTE CyberTrust Solutions, Inc./O=GTE Corporation/C=US
 -----BEGIN CERTIFICATE-----
 MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
 VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv
 bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv
 b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV
 UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU
 cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds
 b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH
 iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS
 r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4
 04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r
 GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
 3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
 lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
 -----END CERTIFICATE-----
`@ -13,5 +13,8 @@ webderoot.der trust.web.de Root CA certificate [2004-02-17]`
	`webdeca.der trust.web.de CA certificate [2004-02-17]`	`webdeca.der trust.web.de CA certificate [2004-02-17]`


		`gte.pem GTE CyberTrust Global Root`