mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
sm/
* server.c (skip_options): Skip leading spaces. (has_option): Honor "--". (cmd_export): Add option --data to do an inline export. Skip all options. * certdump.c (gpgsm_fpr_and_name_for_status): New. * verify.c (gpgsm_verify): Use it to print correct status messages. doc/ * gpgsm.texi (GPGSM EXPORT): Document changes.
This commit is contained in:
parent
f48d38e7df
commit
650293c4f6
@ -153,7 +153,7 @@ has_option_name (const char *line, const char *name)
|
||||
|
||||
/* Skip over options. It is assumed that leading spaces have been
|
||||
removed (this is the case for lines passed to a handler from
|
||||
assuan). Bkanls after the options are also removed. */
|
||||
assuan). Blanks after the options are also removed. */
|
||||
static char *
|
||||
skip_options (char *line)
|
||||
{
|
||||
|
@ -1,3 +1,7 @@
|
||||
2006-11-14 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gpgsm.texi (GPGSM EXPORT): Document changes.
|
||||
|
||||
2006-11-11 Werner Koch <wk@g10code.com>
|
||||
|
||||
* gnupg.texi (Top): Move gpg-agent part before gpg.
|
||||
|
59
doc/DETAILS
59
doc/DETAILS
@ -199,48 +199,62 @@ more arguments in future versions.
|
||||
is useful to define a context for parsing ERROR status
|
||||
messages. No arguments are currently defined.
|
||||
|
||||
GOODSIG <long keyid> <username>
|
||||
GOODSIG <long_keyid_or_fpr> <username>
|
||||
The signature with the keyid is good. For each signature only
|
||||
one of the three codes GOODSIG, BADSIG or ERRSIG will be
|
||||
emitted and they may be used as a marker for a new signature.
|
||||
The username is the primary one encoded in UTF-8 and %XX
|
||||
escaped.
|
||||
escaped. The fingerprint may be used instead of the long keyid
|
||||
if it is available. This is the case with CMS and might
|
||||
eventually also be available for OpenPGP.
|
||||
|
||||
EXPSIG <long keyid> <username>
|
||||
EXPSIG <long_keyid_or_fpr> <username>
|
||||
The signature with the keyid is good, but the signature is
|
||||
expired. The username is the primary one encoded in UTF-8 and
|
||||
%XX escaped.
|
||||
%XX escaped. The fingerprint may be used instead of the long
|
||||
keyid if it is available. This is the case with CMS and might
|
||||
eventually also be available for OpenPGP.
|
||||
|
||||
EXPKEYSIG <long keyid> <username>
|
||||
The signature with the keyid is good, but the signature was
|
||||
EXPKEYSIG <long_keyid_or_fpr> <username>
|
||||
The signature with the keyid is good, but the signature was
|
||||
made by an expired key. The username is the primary one
|
||||
encoded in UTF-8 and %XX escaped.
|
||||
encoded in UTF-8 and %XX escaped. The fingerprint may be used
|
||||
instead of the long keyid if it is available. This is the
|
||||
case with CMS and might eventually also be available for
|
||||
OpenPGP.
|
||||
|
||||
REVKEYSIG <long keyid> <username>
|
||||
REVKEYSIG <long_keyid_or_fpr> <username>
|
||||
The signature with the keyid is good, but the signature was
|
||||
made by a revoked key. The username is the primary one
|
||||
encoded in UTF-8 and %XX escaped.
|
||||
made by a revoked key. The username is the primary one encoded
|
||||
in UTF-8 and %XX escaped. The fingerprint may be used instead
|
||||
of the long keyid if it is available. This is the case with
|
||||
CMS and might eventually also be available for OpenPGP.
|
||||
|
||||
BADSIG <long keyid> <username>
|
||||
The signature with the keyid has not been verified okay.
|
||||
The username is the primary one encoded in UTF-8 and %XX
|
||||
escaped.
|
||||
BADSIG <long_keyid_or_fpr> <username>
|
||||
The signature with the keyid has not been verified okay. The
|
||||
username is the primary one encoded in UTF-8 and %XX
|
||||
escaped. The fingerprint may be used instead of the long keyid
|
||||
if it is available. This is the case with CMS and might
|
||||
eventually also be available for OpenPGP.
|
||||
|
||||
ERRSIG <long keyid> <pubkey_algo> <hash_algo> \
|
||||
ERRSIG <long_keyid_or_fpr> <pubkey_algo> <hash_algo> \
|
||||
<sig_class> <timestamp> <rc>
|
||||
It was not possible to check the signature. This may be
|
||||
caused by a missing public key or an unsupported algorithm.
|
||||
A RC of 4 indicates unknown algorithm, a 9 indicates a missing
|
||||
public key. The other fields give more information about
|
||||
this signature. sig_class is a 2 byte hex-value.
|
||||
caused by a missing public key or an unsupported algorithm. A
|
||||
RC of 4 indicates unknown algorithm, a 9 indicates a missing
|
||||
public key. The other fields give more information about this
|
||||
signature. sig_class is a 2 byte hex-value. The fingerprint
|
||||
may be used instead of the long keyid if it is available.
|
||||
This is the case with CMS and might eventually also be
|
||||
available for OpenPGP.
|
||||
|
||||
Note, that TIMESTAMP may either be a number with seconds since
|
||||
epoch or an ISO 8601 string which can be detected by the
|
||||
presence of the letter 'T' inside.
|
||||
|
||||
VALIDSIG <fingerprint in hex> <sig_creation_date> <sig-timestamp>
|
||||
<expire-timestamp> <sig-version> <reserved> <pubkey-algo>
|
||||
<hash-algo> <sig-class> <primary-key-fpr>
|
||||
<expire-timestamp> [ <sig-version> <reserved> <pubkey-algo>
|
||||
<hash-algo> <sig-class> <primary-key-fpr> ]
|
||||
|
||||
The signature with the keyid is good. This is the same as
|
||||
GOODSIG but has the fingerprint as the argument. Both status
|
||||
@ -255,6 +269,9 @@ more arguments in future versions.
|
||||
useful to get back to the primary key without running gpg
|
||||
again for this purpose.
|
||||
|
||||
The optional parameters are used for OpenPGP and are not
|
||||
available for CMS signatures.
|
||||
|
||||
Note, that *-TIMESTAMP may either be a number with seconds
|
||||
since epoch or an ISO 8601 string which can be detected by the
|
||||
presence of the letter 'T' inside.
|
||||
|
188
doc/announce-2.0.txt
Normal file
188
doc/announce-2.0.txt
Normal file
@ -0,0 +1,188 @@
|
||||
Hello!
|
||||
|
||||
The GNU project is pleased to announce the availability of a new
|
||||
stable GnuPG release: Version 2.0.0.
|
||||
|
||||
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
|
||||
and data storage. It can be used to encrypt data, create digital
|
||||
signatures, help authenticating using Secure Shell and to provide a
|
||||
framework for public key cryptography. It includes an advanced key
|
||||
management facility and is compliant with the OpenPGP and S/MIME
|
||||
standards.
|
||||
|
||||
GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.5) in that
|
||||
it splits up functionality into several modules. However, both
|
||||
versions may be installed alongside without any conflict. In fact,
|
||||
the gpg version from GnuPG-1 is able to make use of the gpg-agent as
|
||||
included in GnuPG-2 and allows for seamless passphrase caching. The
|
||||
advantage of GnuPG-1 is its smaller size and the lack of dependency on
|
||||
other modules at run and build time. We will keep maintaining GnuPG-1
|
||||
versions because they are very useful for small systems and for server
|
||||
based applications requiring only OpenPGP support.
|
||||
|
||||
GnuPG is distributed under the terms of the GNU General Public License
|
||||
(GPL). GnuPG-2 works best on GNU/Linux or *BSD systems. Other POSIX
|
||||
compliant systems are also supported but have not yet been tested very
|
||||
well.
|
||||
|
||||
|
||||
What's New in GnuPG-2
|
||||
=====================
|
||||
|
||||
* The *gpg-agent* is the central place to maintain private keys and
|
||||
to cache passphrases. It is implemented as a daemon to be started
|
||||
with a user session.
|
||||
|
||||
* *gpgsm* is an implementation of the X.509 and CMS standards and
|
||||
provides the cryptographic core to implement the S/MIME protocol.
|
||||
The command line interface is very similar to the one of gpg. This
|
||||
helps adding S/MIME to application currently providing OpenPGP
|
||||
support.
|
||||
|
||||
* *scdaemon* is a daemon run by gpg-agent to access different types
|
||||
of smart cards using a unified interface.
|
||||
|
||||
* *gpg-connect-agent* is a tool to help scripts directly accessing
|
||||
services of gpg-agent and scdaemon.
|
||||
|
||||
* *gpgconf* is a tool to maintain the configuration files of all
|
||||
modules using a well defined API.
|
||||
|
||||
* Support for Dirmngr, a separate package to maintain certificate
|
||||
revocation lists, do OCSP requests and to run LDAP queries.
|
||||
|
||||
* Support for the Secure Shell Agent protocol. In fact, gpg-agent
|
||||
may be used as full replacement of the commonly used ssh-agent
|
||||
daemon.
|
||||
|
||||
* Smart card support for the Secure Shell.
|
||||
|
||||
* Documentation is now done in Texinfo. Thus besides Info, HTML and
|
||||
PDF versions may easily be generated.
|
||||
|
||||
* Man pages for all tools.
|
||||
|
||||
|
||||
Getting the Software
|
||||
====================
|
||||
|
||||
Please follow the instructions found at http://www.gnupg.org/download/
|
||||
or read on:
|
||||
|
||||
GnuPG 2.0.0 may be downloaded from one of the GnuPG mirror sites or
|
||||
direct from ftp://ftp.gnupg.org/gcrypt/ . The list of mirrors can be
|
||||
found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not
|
||||
available at ftp.gnu.org.
|
||||
|
||||
On the mirrors you should find the following files in the *gnupg*
|
||||
directory:
|
||||
|
||||
gnupg-2.0.0.tar.bz2 (3.8M)
|
||||
gnupg-2.0.0.tar.bz2.sig
|
||||
|
||||
GnuPG source compressed using BZIP2 and OpenPGP signature.
|
||||
|
||||
Please try another mirror if exceptional your mirror is not yet up to
|
||||
date. GnuPG-2 requires a couple of libraries to be installed; see the
|
||||
README file or the output of the configure run for details.
|
||||
|
||||
|
||||
Checking the Integrity
|
||||
======================
|
||||
|
||||
In order to check that the version of GnuPG which you are going to
|
||||
install is an original and unmodified one, you can do it in one of
|
||||
the following ways:
|
||||
|
||||
* If you already have a trusted version of GnuPG installed, you
|
||||
can simply check the supplied signature. For example to check the
|
||||
signature of the file gnupg-2.0.0.tar.bz2 you would use this command:
|
||||
|
||||
gpg --verify gnupg-2.0.0.tar.bz2.sig
|
||||
|
||||
This checks whether the signature file matches the source file.
|
||||
You should see a message indicating that the signature is good and
|
||||
made by that signing key. Make sure that you have the right key,
|
||||
either by checking the fingerprint of that key with other sources
|
||||
or by checking that the key has been signed by a trustworthy other
|
||||
key. Note, that you can retrieve the signing key using the command
|
||||
|
||||
finger wk ,at' g10code.com
|
||||
|
||||
or using a key server like
|
||||
|
||||
gpg --recv-key 1CE0C630
|
||||
|
||||
The distribution key 1CE0C630 is signed by the well known key
|
||||
5B0358A2. If you get an key expired message, you should retrieve a
|
||||
fresh copy as the expiration date might have been prolonged.
|
||||
|
||||
NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE
|
||||
INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION!
|
||||
|
||||
* If you are not able to use an existing version of GnuPG, you have
|
||||
to verify the SHA-1 checksum. Assuming you downloaded the file
|
||||
gnupg-2.0.0.tar.bz2, you would run the sha1sum command like this:
|
||||
|
||||
sha1sum gnupg-2.0.0.tar.bz2
|
||||
|
||||
and check that the output matches this:
|
||||
|
||||
c335957368ea88bcb658922e7d3aae7e3ac6896d gnupg-2.0.0.tar.bz2
|
||||
|
||||
|
||||
Internationalization
|
||||
====================
|
||||
|
||||
GnuPG comes with support for 27 languages. Due to a lot of new and
|
||||
changed strings most translations are not entirely complete. However
|
||||
the Turkish and German translators have been very fast in completing
|
||||
their translations. The Russian one came in just a few hours too
|
||||
late. Updates of the other translations are expected for the next
|
||||
releases.
|
||||
|
||||
|
||||
Documentation
|
||||
=============
|
||||
|
||||
We are currently working on an installation guide to explain in more
|
||||
detail how to configure the new features. As of now the chapters on
|
||||
gpg-agent and gpgsm include brief information on how to set up the
|
||||
whole thing. Please watch the GnuPG website for updates of the
|
||||
documentation. In the meantime you may search the GnuPG mailing list
|
||||
archives or ask on the gnupg-users mailing lists for advise on how to
|
||||
solve problems. Many of the new features are around for several years
|
||||
and thus enough public knowledge is already available.
|
||||
|
||||
|
||||
Support
|
||||
=======
|
||||
|
||||
Improving GnuPG is costly, but you can help! We are looking for
|
||||
organizations that find GnuPG useful and wish to contribute back. You
|
||||
can contribute by reporting bugs, improve the software, or by donating
|
||||
money.
|
||||
|
||||
Commercial support contracts for GnuPG are available, and they help
|
||||
finance continued maintenance. g10 Code GmbH, a Duesseldorf based
|
||||
company owned and headed by GnuPG's principal author, is currently
|
||||
funding GnuPG development. We are always looking for interesting
|
||||
development projects.
|
||||
|
||||
A service directory is available at:
|
||||
|
||||
http://www.gnupg.org/service.html
|
||||
|
||||
|
||||
Thanks
|
||||
======
|
||||
|
||||
We have to thank all the people who helped with this release, be it
|
||||
testing, coding, translating, suggesting, auditing, administering the
|
||||
servers, spreading the word or answering questions on the mailing
|
||||
lists.
|
||||
|
||||
|
||||
Happy Hacking,
|
||||
|
||||
The GnuPG Team (David, Werner and all other contributors)
|
@ -1072,16 +1072,22 @@ Note that options are valid for the entire session.
|
||||
To export certificate from the internal key database the command:
|
||||
|
||||
@example
|
||||
EXPORT @var{pattern}
|
||||
EXPORT [--data [--armor] [--base64]] [--] @var{pattern}
|
||||
@end example
|
||||
|
||||
is used. To allow multiple patterns (which are ORed) quoting is
|
||||
required: Spaces are to be translated into "+" or into "%20"; in turn
|
||||
this requires that the usual escape quoting rules are done.
|
||||
|
||||
The format of the output depends on what was set with the OUTPUT
|
||||
command. When using @acronym{PEM} encoding a few informational lines
|
||||
are prepended.
|
||||
If the @option{--data} option has not been given, the format of the
|
||||
output depends on what was set with the OUTPUT command. When using
|
||||
@acronym{PEM} encoding a few informational lines are prepended.
|
||||
|
||||
If the @option{--data} has been given, a target set via OUTPUT is
|
||||
ignored and the data is returned inline using standard
|
||||
@code{D}-lines. This avoids the need for an extra file descriptor. In
|
||||
this case the options @option{--armor} and @option{--base64} may be used
|
||||
in the same way as with the OUTPUT command.
|
||||
|
||||
|
||||
@node GPGSM IMPORT
|
||||
|
@ -1,3 +1,7 @@
|
||||
2006-11-13 Werner Koch <wk@g10code.com>
|
||||
|
||||
* ru.po: Update from Maxim.
|
||||
|
||||
2006-11-10 Werner Koch <wk@g10code.com>
|
||||
|
||||
* de.po: Received complete update from Walter.
|
||||
|
14
sm/ChangeLog
14
sm/ChangeLog
@ -1,3 +1,17 @@
|
||||
2006-11-14 Werner Koch <wk@g10code.com>
|
||||
|
||||
* server.c (skip_options): Skip leading spaces.
|
||||
(has_option): Honor "--".
|
||||
(cmd_export): Add option --data to do an inline export. Skip all
|
||||
options.
|
||||
|
||||
* certdump.c (gpgsm_fpr_and_name_for_status): New.
|
||||
* verify.c (gpgsm_verify): Use it to print correct status messages.
|
||||
|
||||
2006-11-11 Werner Koch <wk@g10code.com>
|
||||
|
||||
* server.c (skip_options): New.
|
||||
|
||||
2006-10-24 Marcus Brinkmann <marcus@g10code.de>
|
||||
|
||||
* Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).
|
||||
|
@ -705,6 +705,59 @@ gpgsm_format_name (const char *name)
|
||||
}
|
||||
|
||||
|
||||
/* Return fingerprint and a percent escaped name in a human readable
|
||||
format suitable for status messages like GOODSIG. May return NULL
|
||||
on error (out of core). */
|
||||
char *
|
||||
gpgsm_fpr_and_name_for_status (ksba_cert_t cert)
|
||||
{
|
||||
char *fpr, *name, *p;
|
||||
char *buffer;
|
||||
|
||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||||
if (!fpr)
|
||||
return NULL;
|
||||
|
||||
name = ksba_cert_get_subject (cert, 0);
|
||||
if (!name)
|
||||
{
|
||||
xfree (fpr);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
p = gpgsm_format_name2 (name, 0);
|
||||
ksba_free (name);
|
||||
name = p;
|
||||
if (!name)
|
||||
{
|
||||
xfree (fpr);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
buffer = xtrymalloc (strlen (fpr) + 1 + 3*strlen (name) + 1);
|
||||
if (buffer)
|
||||
{
|
||||
const unsigned char *s;
|
||||
|
||||
p = stpcpy (stpcpy (buffer, fpr), " ");
|
||||
for (s = name; *s; s++)
|
||||
{
|
||||
if (*s < ' ')
|
||||
{
|
||||
sprintf (p, "%%%02X", *s);
|
||||
p += 3;
|
||||
}
|
||||
else
|
||||
*p++ = *s;
|
||||
}
|
||||
*p = 0;
|
||||
}
|
||||
xfree (fpr);
|
||||
xfree (name);
|
||||
return buffer;
|
||||
}
|
||||
|
||||
|
||||
/* Create a key description for the CERT, this may be passed to the
|
||||
pinentry. The caller must free the returned string. NULL may be
|
||||
returned on error. */
|
||||
@ -800,3 +853,4 @@ gpgsm_format_keydesc (ksba_cert_t cert)
|
||||
|
||||
return buffer;
|
||||
}
|
||||
|
||||
|
@ -241,6 +241,8 @@ char *gpgsm_format_serial (ksba_const_sexp_t p);
|
||||
char *gpgsm_format_name2 (const char *name, int translate);
|
||||
char *gpgsm_format_name (const char *name);
|
||||
|
||||
char *gpgsm_fpr_and_name_for_status (ksba_cert_t cert);
|
||||
|
||||
char *gpgsm_format_keydesc (ksba_cert_t cert);
|
||||
|
||||
|
||||
|
134
sm/server.c
134
sm/server.c
@ -74,6 +74,22 @@ strcpy_escaped_plus (char *d, const char *s)
|
||||
}
|
||||
|
||||
|
||||
/* Skip over options.
|
||||
Blanks after the options are also removed. */
|
||||
static char *
|
||||
skip_options (const char *line)
|
||||
{
|
||||
while (spacep (line))
|
||||
line++;
|
||||
while ( *line == '-' && line[1] == '-' )
|
||||
{
|
||||
while (*line && !spacep (line))
|
||||
line++;
|
||||
while (spacep (line))
|
||||
line++;
|
||||
}
|
||||
return (char*)line;
|
||||
}
|
||||
|
||||
|
||||
/* Check whether the option NAME appears in LINE */
|
||||
@ -84,6 +100,8 @@ has_option (const char *line, const char *name)
|
||||
int n = strlen (name);
|
||||
|
||||
s = strstr (line, name);
|
||||
if (s && s >= skip_options (line))
|
||||
return 0;
|
||||
return (s && (s == line || spacep (s-1)) && (!s[n] || spacep (s+n)));
|
||||
}
|
||||
|
||||
@ -530,6 +548,10 @@ cmd_import (assuan_context_t ctx, char *line)
|
||||
}
|
||||
|
||||
|
||||
/* EXPORT [--data [--armor|--base64]] [--] pattern
|
||||
|
||||
*/
|
||||
|
||||
static int
|
||||
cmd_export (assuan_context_t ctx, char *line)
|
||||
{
|
||||
@ -538,11 +560,20 @@ cmd_export (assuan_context_t ctx, char *line)
|
||||
FILE *out_fp;
|
||||
char *p;
|
||||
strlist_t list, sl;
|
||||
int use_data;
|
||||
|
||||
if (fd == -1)
|
||||
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
||||
use_data = has_option (line, "--data");
|
||||
|
||||
/* break the line down into an strlist_t */
|
||||
if (use_data)
|
||||
{
|
||||
/* We need to override any possible setting done by an OUTPUT command. */
|
||||
ctrl->create_pem = has_option (line, "--armor");
|
||||
ctrl->create_base64 = has_option (line, "--base64");
|
||||
}
|
||||
|
||||
line = skip_options (line);
|
||||
|
||||
/* Break the line down into an strlist_t. */
|
||||
list = NULL;
|
||||
for (p=line; *p; line = p)
|
||||
{
|
||||
@ -565,17 +596,36 @@ cmd_export (assuan_context_t ctx, char *line)
|
||||
}
|
||||
}
|
||||
|
||||
out_fp = fdopen ( dup(fd), "w");
|
||||
if (!out_fp)
|
||||
if (use_data)
|
||||
{
|
||||
free_strlist (list);
|
||||
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
|
||||
out_fp = assuan_get_data_fp (ctx);
|
||||
if (!out_fp)
|
||||
{
|
||||
free_strlist (list);
|
||||
return set_error (GPG_ERR_ASS_GENERAL, "no data stream");
|
||||
}
|
||||
gpgsm_export (ctrl, list, out_fp);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (fd == -1)
|
||||
{
|
||||
free_strlist (list);
|
||||
return set_error (GPG_ERR_ASS_NO_OUTPUT, NULL);
|
||||
}
|
||||
out_fp = fdopen ( dup(fd), "w");
|
||||
if (!out_fp)
|
||||
{
|
||||
free_strlist (list);
|
||||
return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed");
|
||||
}
|
||||
|
||||
gpgsm_export (ctrl, list, out_fp);
|
||||
fclose (out_fp);
|
||||
}
|
||||
|
||||
gpgsm_export (ctrl, list, out_fp);
|
||||
fclose (out_fp);
|
||||
free_strlist (list);
|
||||
/* close and reset the fd */
|
||||
/* Close and reset the fds. */
|
||||
close_message_fd (ctrl);
|
||||
assuan_close_input_fd (ctx);
|
||||
assuan_close_output_fd (ctx);
|
||||
@ -1097,67 +1147,3 @@ gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
|
||||
return gpgsm_status2 (ctrl, no, buf, NULL);
|
||||
}
|
||||
|
||||
#if 0
|
||||
/*
|
||||
* Write a status line with a buffer using %XX escapes. If WRAP is >
|
||||
* 0 wrap the line after this length. If STRING is not NULL it will
|
||||
* be prepended to the buffer, no escaping is done for string.
|
||||
* A wrap of -1 forces spaces not to be encoded as %20.
|
||||
*/
|
||||
void
|
||||
write_status_text_and_buffer ( int no, const char *string,
|
||||
const char *buffer, size_t len, int wrap )
|
||||
{
|
||||
const char *s, *text;
|
||||
int esc, first;
|
||||
int lower_limit = ' ';
|
||||
size_t n, count, dowrap;
|
||||
|
||||
if( !statusfp )
|
||||
return; /* not enabled */
|
||||
|
||||
if (wrap == -1) {
|
||||
lower_limit--;
|
||||
wrap = 0;
|
||||
}
|
||||
|
||||
text = get_status_string (no);
|
||||
count = dowrap = first = 1;
|
||||
do {
|
||||
if (dowrap) {
|
||||
fprintf (statusfp, "[GNUPG:] %s ", text );
|
||||
count = dowrap = 0;
|
||||
if (first && string) {
|
||||
fputs (string, statusfp);
|
||||
count += strlen (string);
|
||||
}
|
||||
first = 0;
|
||||
}
|
||||
for (esc=0, s=buffer, n=len; n && !esc; s++, n-- ) {
|
||||
if ( *s == '%' || *(const byte*)s <= lower_limit
|
||||
|| *(const byte*)s == 127 )
|
||||
esc = 1;
|
||||
if ( wrap && ++count > wrap ) {
|
||||
dowrap=1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (esc) {
|
||||
s--; n++;
|
||||
}
|
||||
if (s != buffer)
|
||||
fwrite (buffer, s-buffer, 1, statusfp );
|
||||
if ( esc ) {
|
||||
fprintf (statusfp, "%%%02X", *(const unsigned char*)s );
|
||||
s++; n--;
|
||||
}
|
||||
buffer = s;
|
||||
len = n;
|
||||
if ( dowrap && len )
|
||||
putc ( '\n', statusfp );
|
||||
} while ( len );
|
||||
|
||||
putc ('\n',statusfp);
|
||||
fflush (statusfp);
|
||||
}
|
||||
#endif
|
||||
|
25
sm/verify.c
25
sm/verify.c
@ -410,7 +410,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
|
||||
log_error ("invalid signature: message digest attribute "
|
||||
"does not match calculated one\n");
|
||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||||
fpr = gpgsm_fpr_and_name_for_status (cert);
|
||||
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
|
||||
xfree (fpr);
|
||||
goto next_signer;
|
||||
@ -447,7 +447,7 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
char *fpr;
|
||||
|
||||
log_error ("invalid signature: %s\n", gpg_strerror (rc));
|
||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||||
fpr = gpgsm_fpr_and_name_for_status (cert);
|
||||
gpgsm_status (ctrl, STATUS_BADSIG, fpr);
|
||||
xfree (fpr);
|
||||
goto next_signer;
|
||||
@ -463,16 +463,19 @@ gpgsm_verify (ctrl_t ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
if (DBG_X509)
|
||||
log_debug ("signature okay - checking certs\n");
|
||||
rc = gpgsm_validate_chain (ctrl, cert, keyexptime, 0, NULL, 0);
|
||||
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
|
||||
{
|
||||
gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);
|
||||
rc = 0;
|
||||
}
|
||||
else
|
||||
gpgsm_status (ctrl, STATUS_GOODSIG, NULL);
|
||||
|
||||
{
|
||||
char *buf, *fpr, *tstr;
|
||||
char *fpr, *buf, *tstr;
|
||||
|
||||
fpr = gpgsm_fpr_and_name_for_status (cert);
|
||||
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
|
||||
{
|
||||
gpgsm_status (ctrl, STATUS_EXPKEYSIG, fpr);
|
||||
rc = 0;
|
||||
}
|
||||
else
|
||||
gpgsm_status (ctrl, STATUS_GOODSIG, fpr);
|
||||
|
||||
xfree (fpr);
|
||||
|
||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||||
tstr = strtimestamp_r (sigtime);
|
||||
|
Loading…
x
Reference in New Issue
Block a user