security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

Merge branch 'STABLE-BRANCH-2-2' into master 

--

Resolved Conflicts:
	NEWS  - removed
	configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-05-13 13:29:40 +02:00
parent 1793f2c46a 1ced88edf4
commit 7b7576637d
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
73 changed files with 3270 additions and 3583 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
Makefile.am
View File

@ -18,10 +18,21 @@
## Process this file with automake to produce Makefile.in
# Location of the released tarball archives. Note that this is an
# internal archive and before uploading this to the public server,
# manual tests should be run and the git release tat set and pushed.
# Adjust as needed.
RELEASE_ARCHIVE_DIR = wk@vigenere:tarballs/gnupg/v2.2
# The key used to sign the released sources. Adjust as needed.
RELEASE_SIGNING_KEY = D8692123C4065DEA5E0F3AB5249B39D24F25E3B6
# Autoconf flags.
ACLOCAL_AMFLAGS = -I m4
AM_DISTCHECK_CONFIGURE_FLAGS = --enable-gnupg-builddir-envvar \
--enable-all-tests --enable-symcryptrun --enable-g13 \
--enable-gpg2-is-gpg --enable-gpgtar --enable-wks-tools --disable-ntbtls
--enable-gpgtar --enable-wks-tools --disable-ntbtls
GITLOG_TO_CHANGELOG=gitlog-to-changelog
@ -151,8 +162,68 @@ TESTS_ENVIRONMENT = \
objdir=$(abs_top_builddir) \
GPGSCM_PATH=$(abs_top_srcdir)/tests/gpgscm
.PHONY: check-all
.PHONY: check-all release sign-release
check-all:
$(TESTS_ENVIRONMENT) \
$(abs_top_builddir)/tests/gpgscm/gpgscm \
$(abs_srcdir)/tests/run-tests.scm $(TESTFLAGS) $(TESTS)
# Names of to help the release target.
RELEASE_NAME = $(PACKAGE_TARNAME)-$(PACKAGE_VERSION)
RELEASE_W32_STEM_NAME = $(PACKAGE_TARNAME)-w32-$(PACKAGE_VERSION)
release:
+(set -e;\
if [ "$(abs_top_builddir)" = "$(abs_top_srcdir)" ]; then \
echo "error: build directory must not be the source directory" >&2;\
exit 2;\
fi ;\
echo "/* Build started at $$(date -uIseconds) */" ;\
cd $(top_srcdir); \
./autogen.sh --force; \
cd $(abs_top_builddir); \
rm -rf dist; mkdir dist ; cd dist ; \
$(abs_top_srcdir)/configure --enable-maintainer-mode; \
$(MAKE) distcheck TESTFLAGS=--parallel; \
$(TAR) xjf $(RELEASE_NAME).tar.bz2 ;\
$(MAKE) -f $(RELEASE_NAME)/build-aux/speedo.mk w32-release ;\
echo "/* Build finished at $$(date -uIseconds) */" ;\
echo "/*" ;\
echo " * Please run the final step interactivly:" ;\
echo " * make sign-release" ;\
echo " */" ;\
) 2>&1 | tee "$(RELEASE_NAME).buildlog"
sign-release:
+(set -e; \
cd dist; \
release_w32_name="$(RELEASE_W32_STEM_NAME)_$$(date -u +%Y%m%d)" ;\
files1="$(RELEASE_NAME).tar.bz2 \
$${release_w32_name}.tar.xz \
$${release_w32_name}.exe" ;\
files2="$(RELEASE_NAME).tar.bz2.sig \
$(RELEASE_NAME).swdb \
$(RELEASE_NAME).buildlog \
$${release_w32_name}.tar.xz.sig \
$${release_w32_name}.exe.sig \
$${release_w32_name}.exe.swdb" ;\
$(MAKE) -f $(RELEASE_NAME)/build-aux/speedo.mk w32-sign-installer ;\
echo "/* Signing the source tarball ..." ;\
gpg -sbu $(RELEASE_SIGNING_KEY) $(RELEASE_NAME).tar.bz2 ;\
echo "/* Signing the W32 source tarball ..." ;\
gpg -sbu $(RELEASE_SIGNING_KEY) $${release_w32_name}.tar.xz ;\
echo "/* Signing the W32 installer ..." ;\
gpg -sbu $(RELEASE_SIGNING_KEY) $${release_w32_name}.exe ;\
cat $(RELEASE_NAME).swdb >swdb.snippet;\
echo '#+macro: gnupg22_branch STABLE-BRANCH-2-2' >>swdb.snippet;\
cat $${release_w32_name}.exe.swdb >>swdb.snippet;\
echo >>swdb.snippet ;\
sha1sum $${files1} >>swdb.snippet ;\
cat "../$(RELEASE_NAME).buildlog" swdb.snippet \
| gzip >$(RELEASE_NAME).buildlog ;\
echo "Release created - copying it to the local archive ..." ;\
scp -p $${files1} $${files2} $(RELEASE_ARCHIVE_DIR)/ || true;\
echo '/*' ;\
echo ' * All done; for checksums see dist/swdb.snippet' ;\
echo ' */' ;\
)

18
agent/command.c
View File

@ -2825,6 +2825,7 @@ static const char hlp_getinfo[] =
" std_env_names - List the names of the standard environment.\n"
" std_session_env - List the standard session environment.\n"
" std_startup_env - List the standard startup environment.\n"
" getenv NAME - Return value of envvar NAME.\n"
" connections - Return number of active connections.\n"
" jent_active - Returns OK if Libgcrypt's JENT is active.\n"
" restricted - Returns OK if the connection is in restricted mode.\n"
@ -2961,6 +2962,23 @@ cmd_getinfo (assuan_context_t ctx, char *line)
}
}
}
else if (!strncmp (line, "getenv", 6)
&& (line[6] == ' ' || line[6] == '\t' || !line[6]))
{
line += 6;
while (*line == ' ' || *line == '\t')
line++;
if (!*line)
rc = gpg_error (GPG_ERR_MISSING_VALUE);
else
{
const char *s = getenv (line);
if (!s)
rc = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
else
rc = assuan_send_data (ctx, s, strlen (s));
}
}
else if (!strcmp (line, "connections"))
{
char numbuf[20];

4
build-aux/getswdb.sh
View File

@ -175,9 +175,9 @@ fi
# to help detect rollback attacks.
#
if [ $skip_selfcheck = no ]; then
gnupg_ver=$(awk '$1=="gnupg21_ver" {print $2;exit}' swdb.lst)
gnupg_ver=$(awk '$1=="gnupg22_ver" {print $2;exit}' swdb.lst)
if [ -z "$gnupg_ver" ]; then
echo "GnuPG 2.1 version missing in swdb.lst!" >&2
echo "GnuPG 2.2 version missing in swdb.lst!" >&2
exit 1
fi
gnupg_ver_num=$(echo "$gnupg_ver" | cvtver)

7
build-aux/speedo/w32/inst.nsi
View File

@ -625,6 +625,7 @@ Section "GnuPG" SEC_gnupg
File "bin/gpgconf.exe"
File "bin/gpg-connect-agent.exe"
File "bin/gpgtar.exe"
File "libexec/dirmngr_ldap.exe"
File "libexec/gpg-preset-passphrase.exe"
File "libexec/gpg-wks-client.exe"
@ -743,6 +744,8 @@ Section "-libgpg-error" SEC_libgpg_error
File share/locale/de/LC_MESSAGES/libgpg-error.mo
SetOutPath "$INSTDIR\share\locale\eo\LC_MESSAGES"
File share/locale/eo/LC_MESSAGES/libgpg-error.mo
SetOutPath "$INSTDIR\share\locale\es\LC_MESSAGES"
File share/locale/es/LC_MESSAGES/libgpg-error.mo
SetOutPath "$INSTDIR\share\locale\fr\LC_MESSAGES"
File share/locale/fr/LC_MESSAGES/libgpg-error.mo
SetOutPath "$INSTDIR\share\locale\hu\LC_MESSAGES"
@ -1249,6 +1252,9 @@ Section "-un.libgpg-error"
Delete "$INSTDIR\share\locale\eo\LC_MESSAGES\libgpg-error.mo"
RMDir "$INSTDIR\share\locale\eo\LC_MESSAGES"
RMDir "$INSTDIR\share\locale\eo"
Delete "$INSTDIR\share\locale\es\LC_MESSAGES\libgpg-error.mo"
RMDir "$INSTDIR\share\locale\es\LC_MESSAGES"
RMDir "$INSTDIR\share\locale\es"
Delete "$INSTDIR\share\locale\fr\LC_MESSAGES\libgpg-error.mo"
RMDir "$INSTDIR\share\locale\fr\LC_MESSAGES"
RMDir "$INSTDIR\share\locale\fr"
@ -1307,6 +1313,7 @@ Section "-un.gnupg"
Delete "$INSTDIR\bin\gpgconf.exe"
Delete "$INSTDIR\bin\gpg-connect-agent.exe"
Delete "$INSTDIR\bin\gpgtar.exe"
Delete "$INSTDIR\bin\dirmngr_ldap.exe"
Delete "$INSTDIR\bin\gpg-preset-passphrase.exe"
Delete "$INSTDIR\bin\gpg-wks-client.exe"

2
common/exechelp-w32.c
View File

@ -556,7 +556,7 @@ gnupg_spawn_process (const char *pgmname, const char *argv[],
memset (&si, 0, sizeof si);
si.cb = sizeof (si);
si.dwFlags = STARTF_USESTDHANDLES | STARTF_USESHOWWINDOW;
si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_MINIMIZE;
si.wShowWindow = DEBUG_W32_SPAWN? SW_SHOW : SW_HIDE;
si.hStdInput = inpipe[0] == INVALID_HANDLE_VALUE? nullhd[0] : inpipe[0];
si.hStdOutput = outpipe[1] == INVALID_HANDLE_VALUE? nullhd[1] : outpipe[1];
si.hStdError = errpipe[1] == INVALID_HANDLE_VALUE? nullhd[2] : errpipe[1];

1
common/miscellaneous.c
View File

@ -401,6 +401,7 @@ is_file_compressed (const char *s, int *ret_rc)
*ret_rc = gpg_error_from_syserror ();
return 0;
}
iobuf_ioctl (a, IOBUF_IOCTL_NO_CACHE, 1, NULL);
if ( iobuf_get_filelength( a, &overflow ) < 6 && !overflow) {
*ret_rc = 0;

12
configure.ac
View File

@ -665,7 +665,6 @@ case "${host}" in
have_dosish_system=yes
have_w32_system=yes
require_iconv=no
use_ldapwrapper=no # Fixme: Do this only for CE.
require_pipe_to_unblock_pselect=no
case "${host}" in
*-mingw32ce*)
@ -976,6 +975,17 @@ else
*** we need the support of the New Portable Threads Library.
***]])
fi
#
# Enable debugging of nPth
#
AC_ARG_ENABLE(npth-debug,
AC_HELP_STRING([--enable-npth-debug],
[build with debug version of npth]),
[if test $enableval = yes ; then
AC_DEFINE(NPTH_ENABLE_DEBUG,1,
[Build with debug version of nPth])
fi])
#

5
dirmngr/certcache.c
View File

@ -423,6 +423,9 @@ load_certs_from_dir (const char *dirname, unsigned int trustclass)
log_info (_("certificate '%s' already cached\n"), fname);
else if (!err)
{
if ((trustclass & CERTTRUST_CLASS_CONFIG))
http_register_cfg_ca (fname);
if (trustclass)
log_info (_("trusted certificate '%s' loaded\n"), fname);
else
@ -763,6 +766,8 @@ cert_cache_deinit (int full)
}
}
http_register_cfg_ca (NULL);
total_nonperm_certificates = 0;
any_cert_of_class = 0;
initialization_done = 0;

7
dirmngr/crlcache.c
View File

@ -125,6 +125,9 @@
idea anyway to limit the number of opened cache files. */
#define MAX_OPEN_DB_FILES 5
#ifndef O_BINARY
# define O_BINARY 0
#endif
static const char oidstr_crlNumber[] = "2.5.29.20";
/* static const char oidstr_issuingDistributionPoint[] = "2.5.29.28"; */
@ -1139,7 +1142,7 @@ lock_db_file (crl_cache_t cache, crl_cache_entry_t entry)
xfree (fname);
return NULL;
}
fd = open (fname, O_RDONLY);
fd = open (fname, O_RDONLY | O_BINARY);
if (fd == -1)
{
log_error (_("error opening cache file '%s': %s\n"),
@ -2051,7 +2054,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
}
}
fd_cdb = open (fname, O_WRONLY | O_CREAT | O_TRUNC, 0644);
fd_cdb = open (fname, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
if (fd_cdb == -1)
{
err = gpg_error_from_errno (errno);

159
dirmngr/crlfetch.c
View File

@ -28,6 +28,7 @@
#include "dirmngr.h"
#include "misc.h"
#include "http.h"
#include "ks-engine.h" /* For ks_http_fetch. */
#if USE_LDAP
# include "ldap-wrapper.h"
@ -154,41 +155,17 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
{
gpg_error_t err;
parsed_uri_t uri;
char *free_this = NULL;
int redirects_left = 2; /* We allow for 2 redirect levels. */
estream_t httpfp = NULL;
*reader = NULL;
if (!url)
return gpg_error (GPG_ERR_INV_ARG);
once_more:
err = http_parse_uri (&uri, url, 0);
http_release_parsed_uri (uri);
if (err && !strncmp (url, "https:", 6))
{
/* FIXME: We now support https.
* Our HTTP code does not support TLS, thus we can't use this
* scheme and it is frankly not useful for CRL retrieval anyway.
* We resort to using http, assuming that the server also
* provides plain http access. */
free_this = xtrymalloc (strlen (url) + 1);
if (free_this)
{
strcpy (stpcpy (free_this,"http:"), url+6);
err = http_parse_uri (&uri, free_this, 0);
http_release_parsed_uri (uri);
if (!err)
{
log_info (_("using \"http\" instead of \"https\"\n"));
url = free_this;
}
}
}
if (!err) /* Yes, our HTTP code groks that. */
{
http_t hd;
if (opt.disable_http)
{
log_error (_("CRL access not possible due to disabled %s\n"),
@ -196,97 +173,57 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
}
else
err = http_open_document (&hd, url, NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
|(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
|(dirmngr_use_tor()? HTTP_FLAG_FORCE_TOR:0)
|(opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4:0)
|(opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6:0)
),
ctrl->http_proxy, NULL, NULL, NULL);
switch ( err? 99999 : http_get_status_code (hd) )
{
case 200:
{
estream_t fp = http_get_read_ptr (hd);
struct reader_cb_context_s *cb_ctx;
/* Note that we also allow root certificates loaded from
* "/etc/gnupg/trusted-certs/". We also do not consult the
* CRL for the TLS connection - that may lead to a loop.
* Due to cacert.org redirecting their https URL to http we
* also allow such a downgrade. */
err = ks_http_fetch (ctrl, url,
(KS_HTTP_FETCH_TRUST_CFG
| KS_HTTP_FETCH_NO_CRL
| KS_HTTP_FETCH_ALLOW_DOWNGRADE ),
&httpfp);
}
cb_ctx = xtrycalloc (1, sizeof *cb_ctx);
if (!cb_ctx)
err = gpg_error_from_syserror ();
if (!err)
err = ksba_reader_new (reader);
if (!err)
{
cb_ctx->fp = fp;
err = ksba_reader_set_cb (*reader, &my_es_read, cb_ctx);
}
if (err)
{
log_error (_("error initializing reader object: %s\n"),
gpg_strerror (err));
ksba_reader_release (*reader);
*reader = NULL;
http_close (hd, 0);
}
else
{
/* The ksba reader misses a user pointer thus we need
to come up with our own way of associating a file
pointer (or well the callback context) with the
reader. It is only required when closing the
reader thus there is no performance issue doing it
this way. FIXME: We now have a close notification
which might be used here. */
register_file_reader (*reader, cb_ctx);
http_close (hd, 1);
}
}
break;
if (err)
log_error (_("error retrieving '%s': %s\n"), url, gpg_strerror (err));
else
{
struct reader_cb_context_s *cb_ctx;
case 301: /* Redirection (perm.). */
case 302: /* Redirection (temp.). */
{
const char *s = http_get_header (hd, "Location");
cb_ctx = xtrycalloc (1, sizeof *cb_ctx);
if (!cb_ctx)
err = gpg_error_from_syserror ();
else if (!(err = ksba_reader_new (reader)))
{
cb_ctx->fp = httpfp;
err = ksba_reader_set_cb (*reader, &my_es_read, cb_ctx);
if (!err)
{
/* The ksba reader misses a user pointer thus we
* need to come up with our own way of associating a
* file pointer (or well the callback context) with
* the reader. It is only required when closing the
* reader thus there is no performance issue doing
* it this way. FIXME: We now have a close
* notification which might be used here. */
register_file_reader (*reader, cb_ctx);
httpfp = NULL;
}
}
log_info (_("URL '%s' redirected to '%s' (%u)\n"),
url, s?s:"[none]", http_get_status_code (hd));
if (s && *s && redirects_left-- )
{
xfree (free_this); url = NULL;
free_this = xtrystrdup (s);
if (!free_this)
err = gpg_error_from_errno (errno);
else
{
url = free_this;
http_close (hd, 0);
/* Note, that our implementation of redirection
actually handles a redirect to LDAP. */
goto once_more;
}
}
else
err = gpg_error (GPG_ERR_NO_DATA);
log_error (_("too many redirections\n")); /* Or no "Location". */
http_close (hd, 0);
}
break;
case 99999: /* Made up status code for error reporting. */
log_error (_("error retrieving '%s': %s\n"),
url, gpg_strerror (err));
break;
default:
log_error (_("error retrieving '%s': http status %u\n"),
url, http_get_status_code (hd));
err = gpg_error (GPG_ERR_NO_DATA);
http_close (hd, 0);
if (err)
{
log_error (_("error initializing reader object: %s\n"),
gpg_strerror (err));
ksba_reader_release (*reader);
*reader = NULL;
xfree (cb_ctx);
}
}
}
else /* Let the LDAP code try other schemes. */
else /* Let the LDAP code parse other schemes. */
{
if (opt.disable_ldap)
{
@ -310,7 +247,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
}
}
xfree (free_this);
es_fclose (httpfp);
return err;
}

3
dirmngr/dirmngr.c
View File

@ -2243,7 +2243,8 @@ handle_connections (assuan_fd_t listen_fd)
npth_timersub (&abstime, &curtime, &timeout);
#ifndef HAVE_W32_SYSTEM
ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout, npth_sigev_sigmask());
ret = npth_pselect (nfd+1, &read_fdset, NULL, NULL, &timeout,
npth_sigev_sigmask());
saved_errno = errno;
while (npth_sigev_get_pending(&signo))

53
dirmngr/dirmngr_ldap.c
View File

@ -29,7 +29,6 @@
# include <signal.h>
#endif
#include <errno.h>
#include <assert.h>
#include <sys/time.h>
#include <unistd.h>
#ifndef USE_LDAPWRAPPER
@ -343,7 +342,7 @@ ldap_wrapper_main (char **argv, estream_t outstream)
usage (1);
#else
/* All passed arguments should be fine in this case. */
assert (argc);
log_assert (argc);
#endif
#ifdef USE_LDAPWRAPPER
@ -382,16 +381,56 @@ catch_alarm (int dummy)
}
#endif
#ifdef HAVE_W32_SYSTEM
static DWORD CALLBACK
alarm_thread (void *arg)
{
HANDLE timer = arg;
WaitForSingleObject (timer, INFINITE);
_exit (10);
return 0;
}
#endif
static void
set_timeout (my_opt_t myopt)
{
#ifdef HAVE_W32_SYSTEM
/* FIXME for W32. */
(void)myopt;
#else
if (myopt->alarm_timeout)
alarm (myopt->alarm_timeout);
{
#ifdef HAVE_W32_SYSTEM
static HANDLE timer;
LARGE_INTEGER due_time;
/* A negative value is a relative time. */
due_time.QuadPart = (unsigned long long)-10000000 * myopt->alarm_timeout;
if (!timer)
{
SECURITY_ATTRIBUTES sec_attr;
DWORD tid;
memset (&sec_attr, 0, sizeof sec_attr);
sec_attr.nLength = sizeof sec_attr;
sec_attr.bInheritHandle = FALSE;
/* Create a manual resetable timer. */
timer = CreateWaitableTimer (NULL, TRUE, NULL);
/* Intially set the timer. */
SetWaitableTimer (timer, &due_time, 0, NULL, NULL, 0);
if (CreateThread (&sec_attr, 0, alarm_thread, timer, 0, &tid))
log_error ("failed to create alarm thread\n");
}
else /* Retrigger the timer. */
SetWaitableTimer (timer, &due_time, 0, NULL, NULL, 0);
#else
alarm (myopt->alarm_timeout);
#endif
}
}

4
dirmngr/http-ntbtls.c
View File

@ -87,13 +87,15 @@ gnupg_http_tls_verify_cb (void *opaque,
}
else /* Use the certificates as requested from the HTTP module. */
{
if ((http_flags & HTTP_FLAG_TRUST_CFG))
validate_flags |= VALIDATE_FLAG_TRUST_CONFIG;
if ((http_flags & HTTP_FLAG_TRUST_DEF))
validate_flags |= VALIDATE_FLAG_TRUST_HKP;
if ((http_flags & HTTP_FLAG_TRUST_SYS))
validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;
/* If HKP trust is requested and there are no HKP certificates
* configured, also try thye standard system certificates. */
* configured, also try the standard system certificates. */
if ((validate_flags & VALIDATE_FLAG_TRUST_HKP)
&& !cert_cache_any_in_class (CERTTRUST_CLASS_HKP))
validate_flags |= VALIDATE_FLAG_TRUST_SYSTEM;

60
dirmngr/http.c
View File

@ -318,6 +318,9 @@ static gpg_error_t (*tls_callback) (http_t, http_session_t, int);
/* The list of files with trusted CA certificates. */
static strlist_t tls_ca_certlist;
/* The list of files with extra trusted CA certificates. */
static strlist_t cfg_ca_certlist;
/* The global callback for net activity. */
static void (*netactivity_cb)(void);
@ -596,6 +599,35 @@ http_register_tls_ca (const char *fname)
}
/* Register a CA certificate for future use. The certificate is
* expected to be in FNAME. PEM format is assume if FNAME has a
* suffix of ".pem". If FNAME is NULL the list of CA files is
* removed. This is a variant of http_register_tls_ca which puts the
* certificate into a separate list enabled using HTTP_FLAG_TRUST_CFG. */
void
http_register_cfg_ca (const char *fname)
{
strlist_t sl;
if (!fname)
{
free_strlist (cfg_ca_certlist);
cfg_ca_certlist = NULL;
}
else
{
/* Warn if we can't access right now, but register it anyway in
case it becomes accessible later */
if (access (fname, F_OK))
log_info (_("can't access '%s': %s\n"), fname,
gpg_strerror (gpg_error_from_syserror()));
sl = add_to_strlist (&cfg_ca_certlist, fname);
if (*sl->d && !strcmp (sl->d + strlen (sl->d) - 4, ".pem"))
sl->flags = 1;
}
}
/* Register a callback which is called every time the HTTP mode has
* made a successful connection to some server. */
void
@ -680,6 +712,7 @@ http_session_release (http_session_t sess)
* Valid values for FLAGS are:
* HTTP_FLAG_TRUST_DEF - Use the CAs set with http_register_tls_ca
* HTTP_FLAG_TRUST_SYS - Also use the CAs defined by the system
* HTTP_FLAG_TRUST_CFG - Also use CAs set with http_register_cfg_ca
* HTTP_FLAG_NO_CRL - Do not consult CRLs for https.
*/
gpg_error_t
@ -793,6 +826,21 @@ http_session_new (http_session_t *r_session,
#endif /* gnutls >= 3.0.20 */
}
/* Add other configured certificates to the session. */
if ((flags & HTTP_FLAG_TRUST_CFG))
{
for (sl = cfg_ca_certlist; sl; sl = sl->next)
{
rc = gnutls_certificate_set_x509_trust_file
(sess->certcred, sl->d,
(sl->flags & 1)? GNUTLS_X509_FMT_PEM : GNUTLS_X509_FMT_DER);
if (rc < 0)
log_info ("setting extra CA from file '%s' failed: %s\n",
sl->d, gnutls_strerror (rc));
}
}
rc = gnutls_init (&sess->tls_session, GNUTLS_CLIENT);
if (rc < 0)
{
@ -1688,9 +1736,19 @@ send_request (http_t hd, const char *httphost, const char *auth,
#ifdef USE_TLS
if (hd->uri->use_tls && !hd->session->tls_session)
{
log_error ("TLS requested but no GNUTLS context available\n");
log_error ("TLS requested but no TLS context available\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
if (opt_debug)
log_debug ("Using TLS library: %s %s\n",
# if HTTP_USE_NTBTLS
"NTBTLS", ntbtls_check_version (NULL)
# elif HTTP_USE_GNUTLS
"GNUTLS", gnutls_check_version (NULL)
# else
"?", "?"
# endif /*HTTP_USE_*TLS*/
);
#endif /*USE_TLS*/
if ((hd->flags & HTTP_FLAG_FORCE_TOR))

6
dirmngr/http.h
View File

@ -88,8 +88,9 @@ enum
HTTP_FLAG_IGNORE_IPv4 = 64, /* Do not use IPv4. */
HTTP_FLAG_IGNORE_IPv6 = 128, /* Do not use IPv6. */
HTTP_FLAG_TRUST_DEF = 256, /* Use the CAs configured for HKP. */
HTTP_FLAG_TRUST_SYS = 512, /* Also use the system defined CAs. */
HTTP_FLAG_NO_CRL = 1024 /* Do not consult CRLs for https. */
HTTP_FLAG_TRUST_SYS = 512, /* Also use the system defined CAs. */
HTTP_FLAG_TRUST_CFG = 1024, /* Also use configured CAs. */
HTTP_FLAG_NO_CRL = 2048 /* Do not consult CRLs for https. */
};
@ -110,6 +111,7 @@ void http_set_verbose (int verbose, int debug);
void http_register_tls_callback (gpg_error_t (*cb)(http_t,http_session_t,int));
void http_register_tls_ca (const char *fname);
void http_register_cfg_ca (const char *fname);
void http_register_netactivity_cb (void (*cb)(void));

6
dirmngr/ks-action.c
View File

@ -257,7 +257,9 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers,
if (is_hkp_s)
err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp);
else if (is_http_s)
err = ks_http_fetch (ctrl, uri->parsed_uri->original, &infp);
err = ks_http_fetch (ctrl, uri->parsed_uri->original,
KS_HTTP_FETCH_NOCACHE,
&infp);
else
BUG ();
@ -314,7 +316,7 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
if (parsed_uri->is_http)
{
err = ks_http_fetch (ctrl, url, &infp);
err = ks_http_fetch (ctrl, url, KS_HTTP_FETCH_NOCACHE, &infp);
if (!err)
{
err = copy_stream (infp, outfp);

6
dirmngr/ks-engine-hkp.c
View File

@ -55,7 +55,7 @@
/* Number of seconds after a host is marked as resurrected. */
#define RESURRECT_INTERVAL (3600*3) /* 3 hours */
#define RESURRECT_INTERVAL (3600+1800) /* 1.5 hours */
/* To match the behaviour of our old gpgkeys helper code we escape
more characters than actually needed. */
@ -110,7 +110,7 @@ static hostinfo_t *hosttable;
static int hosttable_size;
/* The number of host slots we initially allocate for HOSTTABLE. */
#define INITIAL_HOSTTABLE_SIZE 10
#define INITIAL_HOSTTABLE_SIZE 50
/* Create a new hostinfo object, fill in NAME and put it into
@ -583,7 +583,7 @@ map_host (ctrl_t ctrl, const char *name, const char *srvtag, int force_reselect,
/* Deal with the pool name before selecting a host. */
if (r_httphost)
{
*r_httphost = xtrystrdup (hi->cname? hi->cname : hi->name);
*r_httphost = xtrystrdup (hi->name);
if (!*r_httphost)
return gpg_error_from_syserror ();
}

41
dirmngr/ks-engine-http.c
View File

@ -62,12 +62,17 @@ ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
/* Get the key from URL which is expected to specify a http style
scheme. On success R_FP has an open stream to read the data. */
* scheme. On success R_FP has an open stream to read the data.
* Despite its name this function is also used to retrieve arbitrary
* data via https or http.
*/
gpg_error_t
ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
estream_t *r_fp)
{
gpg_error_t err;
http_session_t session = NULL;
unsigned int session_flags;
http_t http = NULL;
int redirects_left = MAX_REDIRECTS;
estream_t fp = NULL;
@ -81,12 +86,16 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
is_onion = uri->onion;
is_https = uri->use_tls;
once_more:
/* Note that we only use the system provided certificates with the
/* By default we only use the system provided certificates with this
* fetch command. */
err = http_session_new (&session, NULL,
((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
| HTTP_FLAG_TRUST_SYS),
session_flags = HTTP_FLAG_TRUST_SYS;
if ((flags & KS_HTTP_FETCH_NO_CRL) || ctrl->http_no_crl)
session_flags |= HTTP_FLAG_NO_CRL;
if ((flags & KS_HTTP_FETCH_TRUST_CFG))
session_flags |= HTTP_FLAG_TRUST_CFG;
once_more:
err = http_session_new (&session, NULL, session_flags,
gnupg_http_tls_verify_cb, ctrl);
if (err)
goto leave;
@ -100,6 +109,7 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
/* httphost */ NULL,
/* fixme: AUTH */ NULL,
((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
| (DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0)
| (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
| (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
| (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
@ -111,10 +121,11 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
{
fp = http_get_write_ptr (http);
/* Avoid caches to get the most recent copy of the key. We set
both the Pragma and Cache-Control versions of the header, so
we're good with both HTTP 1.0 and 1.1. */
es_fputs ("Pragma: no-cache\r\n"
"Cache-Control: no-cache\r\n", fp);
* both the Pragma and Cache-Control versions of the header, so
* we're good with both HTTP 1.0 and 1.1. */
if ((flags & KS_HTTP_FETCH_NOCACHE))
es_fputs ("Pragma: no-cache\r\n"
"Cache-Control: no-cache\r\n", fp);
http_start_data (http);
if (es_ferror (fp))
err = gpg_error_from_syserror ();
@ -164,7 +175,13 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
if (err)
goto leave;
if ((is_onion && ! uri->onion) || (is_https && ! uri->use_tls))
if (is_onion && !uri->onion)
{
err = gpg_error (GPG_ERR_FORBIDDEN);
goto leave;
}
if (!(flags & KS_HTTP_FETCH_ALLOW_DOWNGRADE)
&& is_https && !uri->use_tls)
{
err = gpg_error (GPG_ERR_FORBIDDEN);
goto leave;

10
dirmngr/ks-engine.h
View File

@ -41,8 +41,16 @@ gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri,
const void *data, size_t datalen);
/*-- ks-engine-http.c --*/
/* Flags for the ks_http_fetch. */
#define KS_HTTP_FETCH_NOCACHE 1 /* Request no caching. */
#define KS_HTTP_FETCH_TRUST_CFG 2 /* Requests HTTP_FLAG_TRUST_CFG. */
#define KS_HTTP_FETCH_NO_CRL 4 /* Requests HTTP_FLAG_NO_CRL. */
#define KS_HTTP_FETCH_ALLOW_DOWNGRADE 8 /* Allow redirect https -> http. */
gpg_error_t ks_http_help (ctrl_t ctrl, parsed_uri_t uri);
gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp);
gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, unsigned int flags,
estream_t *r_fp);
/*-- ks-engine-finger.c --*/

1
dirmngr/ldap-wrapper-ce.c
View File

@ -45,6 +45,7 @@
#ifdef USE_LDAPWRAPPER
# error This module is not expected to be build.
#endif
#error This module might not anymore work.

761
dirmngr/ldap-wrapper.c
View File

@ -1,5 +1,5 @@
/* ldap-wrapper.c - LDAP access via a wrapper process
* Copyright (C) 2004, 2005, 2007, 2008 g10 Code GmbH
* Copyright (C) 2004, 2005, 2007, 2008, 2018 g10 Code GmbH
* Copyright (C) 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@ -19,31 +19,34 @@
*/
/*
We can't use LDAP directly for these reasons:
1. On some systems the LDAP library uses (indirectly) pthreads and
that is not compatible with PTh.
2. It is huge library in particular if TLS comes into play. So
problems with unfreed memory might turn up and we don't want
this in a long running daemon.
3. There is no easy way for timeouts. In particular the timeout
value does not work for DNS lookups (well, this is usual) and it
seems not to work while loading a large attribute like a
CRL. Having a separate process allows us to either tell the
process to commit suicide or have our own housekepping function
kill it after some time. The latter also allows proper
cancellation of a query at any point of time.
4. Given that we are going out to the network and usually get back
a long response, the fork/exec overhead is acceptable.
Note that under WindowsCE the number of processes is strongly
limited (32 processes including the kernel processes) and thus we
don't use the process approach but implement a different wrapper in
ldap-wrapper-ce.c.
*/
* We can't use LDAP directly for these reasons:
*
* 1. On some systems the LDAP library uses (indirectly) pthreads and
* that is not compatible with GNU Pth. Since 2.1 we use nPth
* instead of GNU Pth which does not have this problem anymore
* because it will use pthreads if the platform supports it. Thus
* this was a historical reasons.
*
* 2. It is huge library in particular if TLS comes into play. So
* problems with unfreed memory might turn up and we don't want
* this in a long running daemon.
*
* 3. There is no easy way for timeouts. In particular the timeout
* value does not work for DNS lookups (well, this is usual) and it
* seems not to work while loading a large attribute like a
* CRL. Having a separate process allows us to either tell the
* process to commit suicide or have our own housekepping function
* kill it after some time. The latter also allows proper
* cancellation of a query at any point of time.
*
* 4. Given that we are going out to the network and usually get back
* a long response, the fork/exec overhead is acceptable.
*
* Note that under WindowsCE the number of processes is strongly
* limited (32 processes including the kernel processes) and thus we
* don't use the process approach but implement a different wrapper in
* ldap-wrapper-ce.c.
*/
#include <config.h>
@ -89,39 +92,66 @@ struct wrapper_context_s
{
struct wrapper_context_s *next;
pid_t pid; /* The pid of the wrapper process. */
int printable_pid; /* Helper to print diagnostics after the process has
been cleaned up. */
int fd; /* Connected with stdout of the ldap wrapper. */
gpg_error_t fd_error; /* Set to the gpg_error of the last read error
if any. */
int log_fd; /* Connected with stderr of the ldap wrapper. */
ctrl_t ctrl; /* Connection data. */
int ready; /* Internally used to mark to be removed contexts. */
ksba_reader_t reader; /* The ksba reader object or NULL. */
char *line; /* Used to print the log lines (malloced). */
size_t linesize;/* Allocated size of LINE. */
size_t linelen; /* Use size of LINE. */
time_t stamp; /* The last time we noticed ativity. */
pid_t pid; /* The pid of the wrapper process. */
int printable_pid; /* Helper to print diagnostics after the process has
* been cleaned up. */
estream_t fp; /* Connected with stdout of the ldap wrapper. */
gpg_error_t fp_err; /* Set to the gpg_error of the last read error
* if any. */
estream_t log_fp; /* Connected with stderr of the ldap wrapper. */
ctrl_t ctrl; /* Connection data. */
int ready; /* Internally used to mark to be removed contexts. */
ksba_reader_t reader;/* The ksba reader object or NULL. */
char *line; /* Used to print the log lines (malloced). */
size_t linesize; /* Allocated size of LINE. */
size_t linelen; /* Use size of LINE. */
time_t stamp; /* The last time we noticed ativity. */
int reaper_idx; /* Private to ldap_wrapper_thread. */
};
/* We keep a global list of spawned wrapper process. A separate thread
makes use of this list to log error messages and to watch out for
finished processes. */
static struct wrapper_context_s *wrapper_list;
/* We keep a global list of spawned wrapper process. A separate
* thread makes use of this list to log error messages and to watch
* out for finished processes. Access to list is protected by a
* mutex. The condition variable is used to wakeup the reaper
* thread. */
static struct wrapper_context_s *reaper_list;
static npth_mutex_t reaper_list_mutex = NPTH_MUTEX_INITIALIZER;
static npth_cond_t reaper_run_cond = NPTH_COND_INITIALIZER;
/* We need to know whether we are shutting down the process. */
static int shutting_down;
/* Close the pth file descriptor FD and set it to -1. */
#define SAFE_CLOSE(fd) \
do { int _fd = fd; if (_fd != -1) { close (_fd); fd = -1;} } while (0)
/* Close the estream fp and set it to NULL. */
#define SAFE_CLOSE(fp) \
do { estream_t _fp = fp; es_fclose (_fp); fp = NULL; } while (0)
static void
lock_reaper_list (void)
{
if (npth_mutex_lock (&reaper_list_mutex))
log_fatal ("%s: failed to acquire mutex: %s\n", __func__,
gpg_strerror (gpg_error_from_syserror ()));
}
static void
unlock_reaper_list (void)
{
if (npth_mutex_unlock (&reaper_list_mutex))
log_fatal ("%s: failed to release mutex: %s\n", __func__,
gpg_strerror (gpg_error_from_syserror ()));
}
/* Read a fixed amount of data from READER into BUFFER. */
static gpg_error_t
read_buffer (ksba_reader_t reader, unsigned char *buffer, size_t count)
@ -151,8 +181,8 @@ destroy_wrapper (struct wrapper_context_s *ctx)
gnupg_release_process (ctx->pid);
}
ksba_reader_release (ctx->reader);
SAFE_CLOSE (ctx->fd);
SAFE_CLOSE (ctx->log_fd);
SAFE_CLOSE (ctx->fp);
SAFE_CLOSE (ctx->log_fp);
xfree (ctx->line);
xfree (ctx);
}
@ -218,25 +248,27 @@ print_log_line (struct wrapper_context_s *ctx, char *line)
/* Read data from the log stream. Returns true if the log stream
indicated EOF or error. */
* indicated EOF or error. */
static int
read_log_data (struct wrapper_context_s *ctx)
{
int n;
int rc;
size_t n;
char line[256];
/* We must use the npth_read function for pipes, always. */
do
n = npth_read (ctx->log_fd, line, sizeof line - 1);
while (n < 0 && errno == EINTR);
if (n <= 0) /* EOF or error. */
rc = es_read (ctx->log_fp, line, sizeof line - 1, &n);
if (rc || !n) /* Error or EOF. */
{
if (n < 0)
log_error (_("error reading log from ldap wrapper %d: %s\n"),
(int)ctx->pid, strerror (errno));
print_log_line (ctx, NULL);
SAFE_CLOSE (ctx->log_fd);
if (rc)
{
gpg_error_t err = gpg_error_from_syserror ();
if (gpg_err_code (err) == GPG_ERR_EAGAIN)
return 0;
log_error (_("error reading log from ldap wrapper %d: %s\n"),
(int)ctx->pid, gpg_strerror (err));
}
print_log_line (ctx, NULL); /* Flush. */
SAFE_CLOSE (ctx->log_fp);
return 1;
}
@ -251,15 +283,18 @@ read_log_data (struct wrapper_context_s *ctx)
/* This function is run by a separate thread to maintain the list of
wrappers and to log error messages from these wrappers. */
void *
ldap_wrapper_thread (void *dummy)
ldap_reaper_thread (void *dummy)
{
int nfds;
gpg_error_t err;
struct wrapper_context_s *ctx;
struct wrapper_context_s *ctx_prev;
struct timespec abstime;
struct timespec curtime;
struct timespec timeout;
fd_set fdset;
int millisecs;
gpgrt_poll_t *fparray = NULL;
int fparraysize = 0;
int count, i;
int ret;
time_t exptime;
@ -272,6 +307,61 @@ ldap_wrapper_thread (void *dummy)
{
int any_action = 0;
/* Wait until we are needed and then setup the FPARRAY. */
/* Note: There is one unlock inside the block! */
lock_reaper_list ();
{
while (!reaper_list && !shutting_down)
{
if (npth_cond_wait (&reaper_run_cond, &reaper_list_mutex))
log_error ("ldap-reaper: waiting on condition failed: %s\n",
gpg_strerror (gpg_error_from_syserror ()));
}
for (count = 0, ctx = reaper_list; ctx; ctx = ctx->next)
if (ctx->log_fp)
count++;
if (count > fparraysize || !fparray)
{
/* Need to realloc the array. We simply discard it and
* replace it by a new one. */
xfree (fparray);
fparray = xtrycalloc (count? count : 1, sizeof *fparray);
if (!fparray)
{
err = gpg_error_from_syserror ();
log_error ("ldap-reaper can't allocate poll array: %s"
" - waiting 1s\n", gpg_strerror (err));
/* Note: Here we unlock and continue! */
unlock_reaper_list ();
npth_sleep (1);
continue;
}
fparraysize = count;
}
for (count = 0, ctx = reaper_list; ctx; ctx = ctx->next)
{
if (ctx->log_fp)
{
log_assert (count < fparraysize);
fparray[count].stream = ctx->log_fp;
fparray[count].want_read = 1;
fparray[count].ignore = 0;
ctx->reaper_idx = count;
count++;
}
else
{
ctx->reaper_idx = -1;
fparray[count].ignore = 1;
}
}
for (i=count; i < fparraysize; i++)
fparray[i].ignore = 1;
}
unlock_reaper_list (); /* Note the one unlock inside the block. */
/* Compute the next timeout. */
npth_clock_gettime (&curtime);
if (!(npth_timercmp (&curtime, &abstime, <)))
{
@ -280,142 +370,166 @@ ldap_wrapper_thread (void *dummy)
abstime.tv_sec += TIMERTICK_INTERVAL;
}
npth_timersub (&abstime, &curtime, &timeout);
millisecs = timeout.tv_sec * 1000;
millisecs += timeout.tv_nsec / 1000000;
if (millisecs < 0)
millisecs = 1;
FD_ZERO (&fdset);
nfds = -1;
for (ctx = wrapper_list; ctx; ctx = ctx->next)
if (DBG_EXTPROG)
{
if (ctx->log_fd != -1)
{
FD_SET (ctx->log_fd, &fdset);
if (ctx->log_fd > nfds)
nfds = ctx->log_fd;
}
log_debug ("ldap-reaper: next run (count=%d size=%d, timeout=%d)\n",
count, fparraysize, millisecs);
for (count=0; count < fparraysize; count++)
if (!fparray[count].ignore)
log_debug ("ldap-reaper: fp[%d] stream=%p want=%d\n",
count, fparray[count].stream,fparray[count].want_read);
}
nfds++;
/* FIXME: For Windows, we have to use a reader thread on the
pipe that signals an event (and a npth_select_ev variant). */
ret = npth_pselect (nfds + 1, &fdset, NULL, NULL, &timeout, NULL);
if (ret == -1)
ret = es_poll (fparray, fparraysize, millisecs);
if (ret < 0)
{
if (errno != EINTR)
{
log_error (_("npth_select failed: %s - waiting 1s\n"),
strerror (errno));
npth_sleep (1);
}
err = gpg_error_from_syserror ();
log_error ("ldap-reaper failed to poll: %s"
" - waiting 1s\n", gpg_strerror (err));
/* In case the reason for the error is a too large array, we
* release it so that it will be allocated smaller in the
* next round. */
xfree (fparray);
fparray = NULL;
fparraysize = 0;
npth_sleep (1);
continue;
}
if (DBG_EXTPROG)
{
for (count=0; count < fparraysize; count++)
if (!fparray[count].ignore)
log_debug ("ldap-reaper: fp[%d] stream=%p r=%d %c%c%c%c%c%c%c\n",
count, fparray[count].stream, ret,
fparray[count].got_read? 'r':'-',
fparray[count].got_write?'w':'-',
fparray[count].got_oob? 'o':'-',
fparray[count].got_rdhup?'H':'-',
fparray[count].got_err? 'e':'-',
fparray[count].got_hup? 'h':'-',
fparray[count].got_nval? 'n':'-');
}
/* All timestamps before exptime should be considered expired. */
exptime = time (NULL);
if (exptime > INACTIVITY_TIMEOUT)
exptime -= INACTIVITY_TIMEOUT;
/* Note that there is no need to lock the list because we always
add entries at the head (with a pending event status) and
thus traversing the list will even work if we have a context
switch in waitpid (which should anyway only happen with Pth's
hard system call mapping). */
for (ctx = wrapper_list; ctx; ctx = ctx->next)
{
/* Check whether there is any logging to be done. */
if (nfds && ctx->log_fd != -1 && FD_ISSET (ctx->log_fd, &fdset))
{
if (read_log_data (ctx))
{
SAFE_CLOSE (ctx->log_fd);
any_action = 1;
}
}
/* Check whether the process is still running. */
if (ctx->pid != (pid_t)(-1))
{
gpg_error_t err;
int status;
err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
&status);
if (!err)
{
log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
ctx->ready = 1;
gnupg_release_process (ctx->pid);
ctx->pid = (pid_t)(-1);
any_action = 1;
}
else if (gpg_err_code (err) == GPG_ERR_GENERAL)
{
if (status == 10)
log_info (_("ldap wrapper %d ready: timeout\n"),
(int)ctx->pid);
else
log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
(int)ctx->pid, status);
ctx->ready = 1;
gnupg_release_process (ctx->pid);
ctx->pid = (pid_t)(-1);
any_action = 1;
}
else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
{
log_error (_("waiting for ldap wrapper %d failed: %s\n"),
(int)ctx->pid, gpg_strerror (err));
any_action = 1;
}
}
/* Check whether we should terminate the process. */
if (ctx->pid != (pid_t)(-1)
&& ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
{
gnupg_kill_process (ctx->pid);
ctx->stamp = (time_t)(-1);
log_info (_("ldap wrapper %d stalled - killing\n"),
(int)ctx->pid);
/* We need to close the log fd because the cleanup loop
waits for it. */
SAFE_CLOSE (ctx->log_fd);
any_action = 1;
}
}
/* If something has been printed to the log file or we got an
EOF from a wrapper, we now print the list of active
wrappers. */
if (any_action && DBG_LOOKUP)
{
log_info ("ldap worker stati:\n");
for (ctx = wrapper_list; ctx; ctx = ctx->next)
log_info (" c=%p pid=%d/%d rdr=%p ctrl=%p/%d la=%lu rdy=%d\n",
ctx,
(int)ctx->pid, (int)ctx->printable_pid,
ctx->reader,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
(unsigned long)ctx->stamp, ctx->ready);
}
/* Use a separate loop to check whether ready marked wrappers
may be removed. We may only do so if the ksba reader object
is not anymore in use or we are in shutdown state. */
again:
for (ctx_prev=NULL, ctx=wrapper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
if (ctx->ready
&& ((ctx->log_fd == -1 && !ctx->reader) || shutting_down))
lock_reaper_list ();
{
for (ctx = reaper_list; ctx; ctx = ctx->next)
{
if (ctx_prev)
ctx_prev->next = ctx->next;
else
wrapper_list = ctx->next;
destroy_wrapper (ctx);
/* We need to restart because destroy_wrapper might have
done a context switch. */
goto again;
/* Check whether there is any logging to be done. We need
* to check FPARRAYSIZE because it can be 0 in case
* es_poll returned a timeout. */
if (fparraysize && ctx->log_fp && ctx->reaper_idx >= 0)
{
log_assert (ctx->reaper_idx < fparraysize);
if (fparray[ctx->reaper_idx].got_read)
{
if (read_log_data (ctx))
{
SAFE_CLOSE (ctx->log_fp);
any_action = 1;
}
}
}
/* Check whether the process is still running. */
if (ctx->pid != (pid_t)(-1))
{
int status;
err = gnupg_wait_process ("[dirmngr_ldap]", ctx->pid, 0,
&status);
if (!err)
{
if (DBG_EXTPROG)
log_info (_("ldap wrapper %d ready"), (int)ctx->pid);
ctx->ready = 1;
gnupg_release_process (ctx->pid);
ctx->pid = (pid_t)(-1);
any_action = 1;
}
else if (gpg_err_code (err) == GPG_ERR_GENERAL)
{
if (status == 10)
log_info (_("ldap wrapper %d ready: timeout\n"),
(int)ctx->pid);
else
log_info (_("ldap wrapper %d ready: exitcode=%d\n"),
(int)ctx->pid, status);
ctx->ready = 1;
gnupg_release_process (ctx->pid);
ctx->pid = (pid_t)(-1);
any_action = 1;
}
else if (gpg_err_code (err) != GPG_ERR_TIMEOUT)
{
log_error (_("waiting for ldap wrapper %d failed: %s\n"),
(int)ctx->pid, gpg_strerror (err));
any_action = 1;
}
}
/* Check whether we should terminate the process. */
if (ctx->pid != (pid_t)(-1)
&& ctx->stamp != (time_t)(-1) && ctx->stamp < exptime)
{
gnupg_kill_process (ctx->pid);
ctx->stamp = (time_t)(-1);
log_info (_("ldap wrapper %d stalled - killing\n"),
(int)ctx->pid);
/* We need to close the log stream because the cleanup
* loop waits for it. */
SAFE_CLOSE (ctx->log_fp);
any_action = 1;
}
}
/* If something has been printed to the log file or we got an
* EOF from a wrapper, we now print the list of active
* wrappers. */
if (any_action && DBG_EXTPROG)
{
log_debug ("ldap worker stati:\n");
for (ctx = reaper_list; ctx; ctx = ctx->next)
log_debug (" c=%p pid=%d/%d rdr=%p logfp=%p"
" ctrl=%p/%d la=%lu rdy=%d\n",
ctx,
(int)ctx->pid, (int)ctx->printable_pid,
ctx->reader, ctx->log_fp,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0,
(unsigned long)ctx->stamp, ctx->ready);
}
/* An extra loop to check whether ready marked wrappers may be
* removed. We may only do so if the ksba reader object is
* not anymore in use or we are in shutdown state. */
again:
for (ctx_prev=NULL, ctx=reaper_list; ctx; ctx_prev=ctx, ctx=ctx->next)
{
if (ctx->ready
&& ((!ctx->log_fp && !ctx->reader) || shutting_down))
{
if (ctx_prev)
ctx_prev->next = ctx->next;
else
reaper_list = ctx->next;
destroy_wrapper (ctx);
goto again;
}
}
}
unlock_reaper_list ();
}
/*NOTREACHED*/
return NULL; /* Make the compiler happy. */
}
@ -424,7 +538,7 @@ ldap_wrapper_thread (void *dummy)
/* Start the reaper thread for the ldap wrapper. */
void
ldap_wrapper_launch_thread (void)
ldap_reaper_launch_thread (void)
{
static int done;
npth_attr_t tattr;
@ -435,14 +549,21 @@ ldap_wrapper_launch_thread (void)
return;
done = 1;
#ifdef HAVE_W32_SYSTEM
/* Static init does not yet work in W32 nPth. */
if (npth_cond_init (&reaper_run_cond, NULL))
log_fatal ("%s: failed to init condition variabale: %s\n",
__func__, gpg_strerror (gpg_error_from_syserror ()));
#endif
npth_attr_init (&tattr);
npth_attr_setdetachstate (&tattr, NPTH_CREATE_DETACHED);
err = npth_create (&thread, &tattr, ldap_wrapper_thread, NULL);
if (err)
if (npth_create (&thread, &tattr, ldap_reaper_thread, NULL))
{
log_error (_("error spawning ldap wrapper reaper thread: %s\n"),
strerror (err) );
err = gpg_error_from_syserror ();
log_error ("error spawning ldap reaper reaper thread: %s\n",
gpg_strerror (err) );
dirmngr_exit (1);
}
npth_setname_np (thread, "ldap-reaper");
@ -451,16 +572,20 @@ ldap_wrapper_launch_thread (void)
/* Wait until all ldap wrappers have terminated. We assume that the
kill has already been sent to all of them. */
void
ldap_wrapper_wait_connections ()
{
shutting_down = 1;
/* FIXME: This is a busy wait. */
while (wrapper_list)
lock_reaper_list ();
{
shutting_down = 1;
if (npth_cond_signal (&reaper_run_cond))
log_error ("%s: Ooops: signaling condition failed: %s\n",
__func__, gpg_strerror (gpg_error_from_syserror ()));
}
unlock_reaper_list ();
while (reaper_list)
npth_usleep (200);
}
@ -475,30 +600,35 @@ ldap_wrapper_release_context (ksba_reader_t reader)
if (!reader )
return;
for (ctx=wrapper_list; ctx; ctx=ctx->next)
if (ctx->reader == reader)
{
if (DBG_LOOKUP)
log_info ("releasing ldap worker c=%p pid=%d/%d rdr=%p ctrl=%p/%d\n",
ctx,
(int)ctx->pid, (int)ctx->printable_pid,
ctx->reader,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
lock_reaper_list ();
{
for (ctx=reaper_list; ctx; ctx=ctx->next)
if (ctx->reader == reader)
{
if (DBG_EXTPROG)
log_debug ("releasing ldap worker c=%p pid=%d/%d rdr=%p"
" ctrl=%p/%d\n", ctx,
(int)ctx->pid, (int)ctx->printable_pid,
ctx->reader,
ctx->ctrl, ctx->ctrl? ctx->ctrl->refcount:0);
ctx->reader = NULL;
SAFE_CLOSE (ctx->fd);
if (ctx->ctrl)
{
ctx->ctrl->refcount--;
ctx->ctrl = NULL;
}
if (ctx->fd_error)
log_info (_("reading from ldap wrapper %d failed: %s\n"),
ctx->printable_pid, gpg_strerror (ctx->fd_error));
break;
}
ctx->reader = NULL;
SAFE_CLOSE (ctx->fp);
if (ctx->ctrl)
{
ctx->ctrl->refcount--;
ctx->ctrl = NULL;
}
if (ctx->fp_err)
log_info ("%s: reading from ldap wrapper %d failed: %s\n",
__func__, ctx->printable_pid, gpg_strerror (ctx->fp_err));
break;
}
}
unlock_reaper_list ();
}
/* Cleanup all resources held by the connection associated with
CTRL. This is used after a cancel to kill running wrappers. */
void
@ -506,41 +636,45 @@ ldap_wrapper_connection_cleanup (ctrl_t ctrl)
{
struct wrapper_context_s *ctx;
for (ctx=wrapper_list; ctx; ctx=ctx->next)
if (ctx->ctrl && ctx->ctrl == ctrl)
{
ctx->ctrl->refcount--;
ctx->ctrl = NULL;
if (ctx->pid != (pid_t)(-1))
gnupg_kill_process (ctx->pid);
if (ctx->fd_error)
log_info (_("reading from ldap wrapper %d failed: %s\n"),
ctx->printable_pid, gpg_strerror (ctx->fd_error));
}
lock_reaper_list ();
{
for (ctx=reaper_list; ctx; ctx=ctx->next)
if (ctx->ctrl && ctx->ctrl == ctrl)
{
ctx->ctrl->refcount--;
ctx->ctrl = NULL;
if (ctx->pid != (pid_t)(-1))
gnupg_kill_process (ctx->pid);
if (ctx->fp_err)
log_info ("%s: reading from ldap wrapper %d failed: %s\n",
__func__, ctx->printable_pid, gpg_strerror (ctx->fp_err));
}
}
unlock_reaper_list ();
}
/* This is the callback used by the ldap wrapper to feed the ksba
reader with the wrappers stdout. See the description of
ksba_reader_set_cb for details. */
* reader with the wrapper's stdout. See the description of
* ksba_reader_set_cb for details. */
static int
reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread)
{
struct wrapper_context_s *ctx = cb_value;
size_t nleft = count;
int nfds;
struct timespec abstime;
struct timespec curtime;
struct timespec timeout;
int saved_errno;
fd_set fdset, read_fdset;
int millisecs;
gpgrt_poll_t fparray[1];
int ret;
gpg_error_t err;
/* FIXME: We might want to add some internal buffering because the
ksba code does not do any buffering for itself (because a ksba
reader may be detached from another stream to read other data and
the it would be cumbersome to get back already buffered
stuff). */
then it would be cumbersome to get back already buffered stuff). */
if (!buffer && !count && !nread)
return -1; /* Rewind is not supported. */
@ -548,81 +682,108 @@ reader_callback (void *cb_value, char *buffer, size_t count, size_t *nread)
/* If we ever encountered a read error, don't continue (we don't want to
possibly overwrite the last error cause). Bail out also if the
file descriptor has been closed. */
if (ctx->fd_error || ctx->fd == -1)
if (ctx->fp_err || !ctx->fp)
{
*nread = 0;
return -1;
}
FD_ZERO (&fdset);
FD_SET (ctx->fd, &fdset);
nfds = ctx->fd + 1;
memset (fparray, 0, sizeof fparray);
fparray[0].stream = ctx->fp;
fparray[0].want_read = 1;
npth_clock_gettime (&abstime);
abstime.tv_sec += TIMERTICK_INTERVAL;
while (nleft > 0)
{
int n;
gpg_error_t err;
npth_clock_gettime (&curtime);
if (!(npth_timercmp (&curtime, &abstime, <)))
{
err = dirmngr_tick (ctx->ctrl);
if (err)
{
ctx->fd_error = err;
SAFE_CLOSE (ctx->fd);
ctx->fp_err = err;
SAFE_CLOSE (ctx->fp);
return -1;
}
npth_clock_gettime (&abstime);
abstime.tv_sec += TIMERTICK_INTERVAL;
}
npth_timersub (&abstime, &curtime, &timeout);
millisecs = timeout.tv_sec * 1000;
millisecs += timeout.tv_nsec / 1000000;
if (millisecs < 0)
millisecs = 1;
read_fdset = fdset;
ret = npth_pselect (nfds, &read_fdset, NULL, NULL, &timeout, NULL);
saved_errno = errno;
if (DBG_EXTPROG)
{
log_debug ("%s: fp[0] stream=%p want=%d\n",
__func__, fparray[0].stream,fparray[0].want_read);
}
if (ret == -1 && saved_errno != EINTR)
ret = es_poll (fparray, DIM (fparray), millisecs);
if (ret < 0)
{
ctx->fd_error = gpg_error_from_errno (errno);
SAFE_CLOSE (ctx->fd);
ctx->fp_err = gpg_error_from_syserror ();
log_error ("error polling stdout of ldap wrapper %d: %s\n",
ctx->printable_pid, gpg_strerror (ctx->fp_err));
SAFE_CLOSE (ctx->fp);
return -1;
}
if (ret <= 0)
/* Timeout. Will be handled when calculating the next timeout. */
continue;
if (DBG_EXTPROG)
{
log_debug ("%s: fp[0] stream=%p r=%d %c%c%c%c%c%c%c\n",
__func__, fparray[0].stream, ret,
fparray[0].got_read? 'r':'-',
fparray[0].got_write?'w':'-',
fparray[0].got_oob? 'o':'-',
fparray[0].got_rdhup?'H':'-',
fparray[0].got_err? 'e':'-',
fparray[0].got_hup? 'h':'-',
fparray[0].got_nval? 'n':'-');
}
if (!ret)
{
/* Timeout. Will be handled when calculating the next timeout. */
continue;
}
/* This should not block now that select returned with a file
descriptor. So it shouldn't be necessary to use npth_read
(and it is slightly dangerous in the sense that a concurrent
thread might (accidentially?) change the status of ctx->fd
before we read. FIXME: Set ctx->fd to nonblocking? */
n = read (ctx->fd, buffer, nleft);
if (n < 0)
if (fparray[0].got_read)
{
ctx->fd_error = gpg_error_from_errno (errno);
SAFE_CLOSE (ctx->fd);
return -1;
size_t n;
if (es_read (ctx->fp, buffer, nleft, &n))
{
ctx->fp_err = gpg_error_from_syserror ();
if (gpg_err_code (ctx->fp_err) == GPG_ERR_EAGAIN)
ctx->fp_err = 0;
else
{
log_error ("%s: error reading: %s (%d)\n",
__func__, gpg_strerror (ctx->fp_err), ctx->fp_err);
SAFE_CLOSE (ctx->fp);
return -1;
}
}
else if (!n) /* EOF */
{
if (nleft == count)
return -1; /* EOF. */
break;
}
nleft -= n;
buffer += n;
if (n > 0 && ctx->stamp != (time_t)(-1))
ctx->stamp = time (NULL);
}
else if (!n)
{
if (nleft == count)
return -1; /* EOF. */
break;
}
nleft -= n;
buffer += n;
if (n > 0 && ctx->stamp != (time_t)(-1))
ctx->stamp = time (NULL);
}
*nread = count - nleft;
return 0;
}
/* Fork and exec the LDAP wrapper and return a new libksba reader
object at READER. ARGV is a NULL terminated list of arguments for
the wrapper. The function returns 0 on success or an error code.
@ -646,7 +807,7 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
int j;
const char **arg_list;
const char *pgmname;
int outpipe[2], errpipe[2];
estream_t outfp, errfp;
/* It would be too simple to connect stderr just to our logging
stream. The problem is that if we are running multi-threaded
@ -656,7 +817,7 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
wrapper module to do the logging on its own. Given that we anyway
need a way to reap the child process and this is best done using a
general reaping thread, that thread can do the logging too. */
ldap_wrapper_launch_thread ();
ldap_reaper_launch_thread ();
*reader = NULL;
@ -696,41 +857,21 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
return err;
}
err = gnupg_create_inbound_pipe (outpipe, NULL, 0);
if (!err)
{
err = gnupg_create_inbound_pipe (errpipe, NULL, 0);
if (err)
{
close (outpipe[0]);
close (outpipe[1]);
}
}
if (err)
{
log_error (_("error creating a pipe: %s\n"), gpg_strerror (err));
xfree (arg_list);
xfree (ctx);
return err;
}
err = gnupg_spawn_process_fd (pgmname, arg_list,
-1, outpipe[1], errpipe[1], &pid);
err = gnupg_spawn_process (pgmname, arg_list,
NULL, NULL, GNUPG_SPAWN_NONBLOCK,
NULL, &outfp, &errfp, &pid);
xfree (arg_list);
close (outpipe[1]);
close (errpipe[1]);
if (err)
{
close (outpipe[0]);
close (errpipe[0]);
xfree (ctx);
log_error ("error running '%s': %s\n", pgmname, gpg_strerror (err));
return err;
}
ctx->pid = pid;
ctx->printable_pid = (int) pid;
ctx->fd = outpipe[0];
ctx->log_fd = errpipe[0];
ctx->fp = outfp;
ctx->log_fp = errfp;
ctx->ctrl = ctrl;
ctrl->refcount++;
ctx->stamp = time (NULL);
@ -749,12 +890,20 @@ ldap_wrapper (ctrl_t ctrl, ksba_reader_t *reader, const char *argv[])
}
/* Hook the context into our list of running wrappers. */
ctx->reader = *reader;
ctx->next = wrapper_list;
wrapper_list = ctx;
if (opt.verbose)
log_info ("ldap wrapper %d started (reader %p)\n",
(int)ctx->pid, ctx->reader);
lock_reaper_list ();
{
ctx->reader = *reader;
ctx->next = reaper_list;
reaper_list = ctx;
if (npth_cond_signal (&reaper_run_cond))
log_error ("ldap-wrapper: Ooops: signaling condition failed: %s (%d)\n",
gpg_strerror (gpg_error_from_syserror ()), errno);
}
unlock_reaper_list ();
if (DBG_EXTPROG)
log_debug ("ldap wrapper %d started (%p, %s)\n",
(int)ctx->pid, ctx->reader, pgmname);
/* Need to wait for the first byte so we are able to detect an empty
output and not let the consumer see an EOF without further error

12
dirmngr/ldap.c
View File

@ -136,8 +136,12 @@ run_ldap_wrapper (ctrl_t ctrl,
argv[argc++] = "--pass";
argv[argc++] = pass;
}
if (opt.verbose)
if (DBG_LOOKUP)
argv[argc++] = "-vv";
else if (DBG_EXTPROG)
argv[argc++] = "-v";
argv[argc++] = "--log-with-pid";
if (multi_mode)
argv[argc++] = "--multi";
@ -564,8 +568,12 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
argv[argc++] = "--pass";
argv[argc++] = pass;
}
if (opt.verbose)
if (DBG_LOOKUP)
argv[argc++] = "-vv";
else if (DBG_EXTPROG)
argv[argc++] = "-v";
argv[argc++] = "--log-with-pid";
argv[argc++] = "--multi";
if (opt.ldaptimeout)

2
dirmngr/loadswdb.c
View File

@ -126,7 +126,7 @@ fetch_file (ctrl_t ctrl, const char *url, estream_t *r_fp)
size_t nread, nwritten;
char buffer[1024];
if ((err = ks_http_fetch (ctrl, url, &httpfp)))
if ((err = ks_http_fetch (ctrl, url, KS_HTTP_FETCH_NOCACHE, &httpfp)))
goto leave;
/* We now read the data from the web server into a memory buffer.

121
dirmngr/server.c
View File

@ -1105,7 +1105,7 @@ cmd_ldapserver (assuan_context_t ctx, char *line)
static const char hlp_isvalid[] =
"ISVALID [--only-ocsp] [--force-default-responder]"
" <certificate_id>|<certificate_fpr>\n"
" <certificate_id> [<certificate_fpr>]\n"
"\n"
"This command checks whether the certificate identified by the\n"
"certificate_id is valid. This is done by consulting CRLs or\n"
@ -1117,8 +1117,9 @@ static const char hlp_isvalid[] =
"delimited by a single dot. The first part is the SHA-1 hash of the\n"
"issuer name and the second part the serial number.\n"
"\n"
"Alternatively the certificate's fingerprint may be given in which\n"
"case an OCSP request is done before consulting the CRL.\n"
"If an OCSP check is desired CERTIFICATE_FPR with the hex encoded\n"
"fingerprint of the certificate is required. In this case an OCSP\n"
"request is done before consulting the CRL.\n"
"\n"
"If the option --only-ocsp is given, no fallback to a CRL check will\n"
"be used.\n"
@ -1130,7 +1131,7 @@ static gpg_error_t
cmd_isvalid (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
char *issuerhash, *serialno;
char *issuerhash, *serialno, *fpr;
gpg_error_t err;
int did_inquire = 0;
int ocsp_mode = 0;
@ -1141,25 +1142,36 @@ cmd_isvalid (assuan_context_t ctx, char *line)
force_default_responder = has_option (line, "--force-default-responder");
line = skip_options (line);
issuerhash = xstrdup (line); /* We need to work on a copy of the
line because that same Assuan
context may be used for an inquiry.
That is because Assuan reuses its
line buffer.
*/
/* We need to work on a copy of the line because that same Assuan
* context may be used for an inquiry. That is because Assuan
* reuses its line buffer. */
issuerhash = xstrdup (line);
serialno = strchr (issuerhash, '.');
if (serialno)
*serialno++ = 0;
else
if (!serialno)
{
char *endp = strchr (issuerhash, ' ');
xfree (issuerhash);
return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
}
*serialno++ = 0;
if (strlen (issuerhash) != 40)
{
xfree (issuerhash);
return leave_cmd (ctx, PARM_ERROR ("cert ID is too short"));
}
fpr = strchr (serialno, ' ');
while (fpr && spacep (fpr))
fpr++;
if (fpr && *fpr)
{
char *endp = strchr (fpr, ' ');
if (endp)
*endp = 0;
if (strlen (issuerhash) != 40)
if (strlen (fpr) != 40)
{
xfree (issuerhash);
return leave_cmd (ctx, PARM_ERROR (_("serialno missing in cert ID")));
return leave_cmd (ctx, PARM_ERROR ("fingerprint too short"));
}
ocsp_mode = 1;
}
@ -1168,17 +1180,24 @@ cmd_isvalid (assuan_context_t ctx, char *line)
again:
if (ocsp_mode)
{
/* Note, that we ignore the given issuer hash and instead rely
on the current certificate semantics used with this
command. */
/* Note, that we currently ignore the supplied fingerprint FPR;
* instead ocsp_isvalid does an inquire to ask for the cert.
* The fingerprint may eventually be used to lookup the
* certificate in a local cache. */
if (!opt.allow_ocsp)
err = gpg_error (GPG_ERR_NOT_SUPPORTED);
else
err = ocsp_isvalid (ctrl, NULL, NULL, force_default_responder);
/* Fixme: If we got no ocsp response and --only-ocsp is not used
we should fall back to CRL mode. Thus we need to clear
OCSP_MODE, get the issuerhash and the serialno from the
current certificate and jump to again. */
if (gpg_err_code (err) == GPG_ERR_CONFIGURATION
&& gpg_err_source (err) == GPG_ERR_SOURCE_DIRMNGR)
{
/* No default responder configured - fallback to CRL. */
if (!only_ocsp)
log_info ("falling back to CRL check\n");
ocsp_mode = 0;
goto again;
}
}
else if (only_ocsp)
err = gpg_error (GPG_ERR_NO_CRL_KNOWN);
@ -1858,7 +1877,7 @@ static const char hlp_validate[] =
" INQUIRE CERTLIST\n"
"\n"
"Here the first certificate is the target certificate, the remaining\n"
"certificates are suggested intermediary certificates. All certifciates\n"
"certificates are suggested intermediary certificates. All certificates\n"
"need to be PEM encoded.\n"
"\n"
"The option --systrust changes the behaviour to include the system\n"
@ -1909,7 +1928,7 @@ cmd_validate (assuan_context_t ctx, char *line)
err = gpg_error (GPG_ERR_MISSING_CERT);
if (!err)
{
/* Extraxt the first certificate from the list. */
/* Extract the first certificate from the list. */
cert = certlist->cert;
ksba_cert_ref (cert);
}
@ -1978,6 +1997,38 @@ make_keyserver_item (const char *uri, uri_item_t *r_item)
uri_item_t item;
*r_item = NULL;
/* We used to have DNS CNAME redirection from the URLs below to
* sks-keyserver. pools. The idea was to allow for a quick way to
* switch to a different set of pools. The problem with that
* approach is that TLS needs to verify the hostname and - because
* DNS is not secured - it can only check the user supplied hostname
* and not a hostname from a CNAME RR. Thus the final server all
* need to have certificates with the actual pool name as well as
* for keys.gnupg.net - that would render the advantage of
* keys.gnupg.net useless and so we better give up on this. Because
* the keys.gnupg.net URL are still in widespread use we do a static
* mapping here.
*/
if (!strcmp (uri, "hkps://keys.gnupg.net")
|| !strcmp (uri, "keys.gnupg.net"))
uri = "hkps://hkps.pool.sks-keyservers.net";
else if (!strcmp (uri, "https://keys.gnupg.net"))
uri = "https://hkps.pool.sks-keyservers.net";
else if (!strcmp (uri, "hkp://keys.gnupg.net"))
uri = "hkp://hkps.pool.sks-keyservers.net";
else if (!strcmp (uri, "http://keys.gnupg.net"))
uri = "http://hkps.pool.sks-keyservers.net";
else if (!strcmp (uri, "hkps://http-keys.gnupg.net")
|| !strcmp (uri, "http-keys.gnupg.net"))
uri = "hkps://ha.pool.sks-keyservers.net";
else if (!strcmp (uri, "https://http-keys.gnupg.net"))
uri = "https://ha.pool.sks-keyservers.net";
else if (!strcmp (uri, "hkp://http-keys.gnupg.net"))
uri = "hkp://ha.pool.sks-keyservers.net";
else if (!strcmp (uri, "http://http-keys.gnupg.net"))
uri = "http://ha.pool.sks-keyservers.net";
item = xtrymalloc (sizeof *item + strlen (uri));
if (!item)
return gpg_error_from_syserror ();
@ -2489,7 +2540,8 @@ static const char hlp_getinfo[] =
"dnsinfo - Return info about the DNS resolver\n"
"socket_name - Return the name of the socket.\n"
"session_id - Return the current session_id.\n"
"workqueue - Inspect the work queue\n";
"workqueue - Inspect the work queue\n"
"getenv NAME - Return value of envvar NAME\n";
static gpg_error_t
cmd_getinfo (assuan_context_t ctx, char *line)
{
@ -2557,6 +2609,23 @@ cmd_getinfo (assuan_context_t ctx, char *line)
workqueue_dump_queue (ctrl);
err = 0;
}
else if (!strncmp (line, "getenv", 6)
&& (line[6] == ' ' || line[6] == '\t' || !line[6]))
{
line += 6;
while (*line == ' ' || *line == '\t')
line++;
if (!*line)
err = gpg_error (GPG_ERR_MISSING_VALUE);
else
{
const char *s = getenv (line);
if (!s)
err = set_error (GPG_ERR_NOT_FOUND, "No such envvar");
else
err = assuan_send_data (ctx, s, strlen (s));
}
}
else
err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");

30
doc/DETAILS
View File

@ -105,6 +105,19 @@ described here.
certificate (i.e. for the trust anchor) and an 'f' for all other
valid certificates.
In "sig" records, this field may have one of these values as first
character:
- ! :: Signature is good.
- - :: Signature is bad.
- ? :: No public key to verify signature or public key is not usable.
- % :: Other error verifying a signature
More values may be added later. The field may also be empty if
gpg has been invoked in a non-checking mode (--list-sigs) or in a
fast checking mode. Since 2.2.7 '?' will also be printed by the
command --list-sigs if the key is not in the local keyring.
*** Field 3 - Key length
The length of key in bits.
@ -195,9 +208,11 @@ described here.
gpg's --edit-key menu does.
For "sig" records, this is the fingerprint of the key that issued
the signature. Note that this is only filled in if the signature
the signature. Note that this may only be filled if the signature
verified correctly. Note also that for various technical reasons,
this fingerprint is only available if --no-sig-cache is used.
Since 2.2.7 this field will also be set if the key is missing but
the signature carries an issuer fingerprint as meta data.
*** Field 14 - Flag field
@ -437,14 +452,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
available. This is the case with CMS and might eventually also be
available for OpenPGP.
*** ERRSIG <keyid> <pkalgo> <hashalgo> <sig_class> <time> <rc>
*** ERRSIG <keyid> <pkalgo> <hashalgo> <sig_class> <time> <rc> <fpr>
It was not possible to check the signature. This may be caused by
a missing public key or an unsupported algorithm. A RC of 4
indicates unknown algorithm, a 9 indicates a missing public
key. The other fields give more information about this signature.
sig_class is a 2 byte hex-value. The fingerprint may be used
instead of the keyid if it is available. This is the case with
gpgsm and might eventually also be available for OpenPGP.
instead of the long_keyid_or_fpr if it is available. This is the
case with gpgsm and might eventually also be available for
OpenPGP. The ERRSIG line has FPR filed which is only available
since 2.2.7; that FPR may either be missing or - if the signature
has no fingerprint as meta data.
Note, that TIME may either be the number of seconds since Epoch or
an ISO 8601 string. The latter can be detected by the presence of
@ -722,7 +740,9 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
The used key has been revoked by its owner. No arguments yet.
*** NO_PUBKEY <long keyid>
The public key is not available
The public key is not available. Note the arg should in general
not be used because it is better to take it from the ERRSIG
status line which is printed right before this one.
*** NO_SECKEY <long keyid>
The secret key is not available

3
doc/Makefile.am
View File

@ -49,7 +49,8 @@ EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \
gnupg-card-architecture.png gnupg-card-architecture.pdf \
FAQ gnupg7.texi mkdefsinc.c defsincdate \
opt-homedir.texi see-also-note.texi specify-user-id.texi \
gpgv.texi yat2m.c ChangeLog-2011 whats-new-in-2.1.txt
gpgv.texi yat2m.c ChangeLog-2011 whats-new-in-2.1.txt \
trust-values.texi
BUILT_SOURCES = gnupg-module-overview.png gnupg-module-overview.pdf \
gnupg-card-architecture.png gnupg-card-architecture.pdf \

7
doc/dirmngr.texi
View File

@ -208,9 +208,10 @@ flag names. To get a list of all supported flags the single word
@opindex debug-all
Same as @code{--debug=0xffffffff}
@item --gnutls-debug @var{level}
@opindex gnutls-debug
Enable debugging of GNUTLS at @var{level}.
@item --tls-debug @var{level}
@opindex tls-debug
Enable debugging of the TLS layer at @var{level}. The details of the
debug level depend on the used TLS library and are not set in stone.
@item --debug-wait @var{n}
@opindex debug-wait

2
doc/examples/vsnfd.prf
View File

@ -15,7 +15,7 @@ enable-crl-checks
[gpg-agent]
enable-extended-key-format
default-cache-ttl 900
max-cache-ttl [] 3600
max-cache-ttl 3600
no-allow-mark-trusted
no-allow-external-cache
enforce-passphrase-constraints

6
doc/gnupg.texi
View File

@ -140,6 +140,7 @@ the administration and the architecture.
* Invoking GPGSM:: Using the S/MIME protocol.
* Invoking SCDAEMON:: How to handle Smartcards.
* Specify a User ID:: How to Specify a User Id.
* Trust Values:: How GnuPG displays trust values.
* Helper Tools:: Description of small helper tools
* Web Key Service:: Tools for the Web Key Service
@ -179,6 +180,11 @@ the administration and the architecture.
@anchor{how-to-specify-a-user-id}
@include specify-user-id.texi
@node Trust Values
@chapter Trust Values
@anchor{trust-values}
@cindex trust values
@include trust-values.texi
@include tools.texi
@include wks.texi

60
doc/gpg.texi
View File

@ -214,7 +214,10 @@ symmetric cipher used is @value{GPGSYMENCALGO}, but may be chosen with the
@option{--encrypt} (for a message that may be decrypted via a secret key
or a passphrase), or @option{--sign} and @option{--encrypt} together
(for a signed message that may be decrypted via a secret key or a
passphrase).
passphrase). @command{@gpgname} caches the passphrase used for
symmetric encryption so that a decrypt operation may not require that
the user needs to enter the passphrase. The option
@option{--no-symkey-cache} can be used to disable this feature.
@item --store
@opindex store
@ -1037,38 +1040,13 @@ signing.
@c man:.RS
The listing shows you the key with its secondary keys and all user
ids. The primary user id is indicated by a dot, and selected keys or
user ids are indicated by an asterisk. The trust
value is displayed with the primary key: the first is the assigned owner
trust and the second is the calculated trust value. Letters are used for
the values:
IDs. The primary user ID is indicated by a dot, and selected keys or
user IDs are indicated by an asterisk. The trust
value is displayed with the primary key: "trust" is the assigned owner
trust and "validity" is the calculated validity of the key. Validity
values are also displayed for all user IDs.
For possible values of trust, @pxref{trust-values}.
@c man:.RE
@table @asis
@item -
No ownertrust assigned / not yet calculated.
@item e
Trust
calculation has failed; probably due to an expired key.
@item q
Not enough information for calculation.
@item n
Never trust this key.
@item m
Marginally trusted.
@item f
Fully trusted.
@item u
Ultimately trusted.
@end table
@c ******** End Edit-key Options **********
@item --sign-key @var{name}
@ -3188,6 +3166,12 @@ are:
Pinentry the user is not prompted again if he enters a bad password.
@end table
@item --no-symkey-cache
@opindex no-symkey-cache
Disable the passphrase cache used for symmetrical en- and decryption.
This cache is based on the message specific salt value
(cf. @option{--s2k-mode}).
@item --request-origin @var{origin}
@opindex request-origin
Tell gpg to assume that the operation ultimately originated at
@ -3302,8 +3286,14 @@ print the public key data.
Same as @option{--list-keys}, but the signatures are listed too. This
command has the same effect as using @option{--list-keys} with
@option{--with-sig-list}. Note that in contrast to
@option{--check-signatures} the key signatures are not verified.
@option{--check-signatures} the key signatures are not verified. This
command can be used to create a list of signing keys missing in the
lcoal keyring; for example:
@example
gpg --list-sigs --with-colons USERID | \
awk -F: '$1=="sig" && $2=="?" @{if($13)@{print $13@}else@{print $5@}@}'
@end example
@item --fast-list-mode
@opindex fast-list-mode
@ -3831,6 +3821,10 @@ which is equivalent to
imports only the user ids of a key containing the strings "Alfa"
or "Alpha" but not the string "test".
@mansect trust values
@ifset isman
@include trust-values.texi
@end ifset
@mansect return value
@chapheading RETURN VALUE

47
doc/trust-values.texi Normal file
View File

@ -0,0 +1,47 @@
@c Copyright (C) 2018 Free Software Foundation, Inc.
@c This is part of the GnuPG manual.
@c For copying conditions, see the file gnupg.texi.
Trust values are used to indicate ownertrust and validity of keys and
user IDs. They are displayed with letters or strings:
@table @asis
@item -
@itemx unknown
No ownertrust assigned / not yet calculated.
@item e
@itemx expired
Trust calculation has failed; probably due to an expired key.
@item q
@itemx undefined, undef
Not enough information for calculation.
@item n
@itemx never
Never trust this key.
@item m
@itemx marginal
Marginally trusted.
@item f
@itemx full
Fully trusted.
@item u
@itemx ultimate
Ultimately trusted.
@item r
@itemx revoked
For validity only: the key or the user ID has been revoked.
@item ?
@itemx err
The program encountered an unknown trust value.
@end table

2
g10/card-util.c
View File

@ -633,7 +633,7 @@ current_card_status (ctrl_t ctrl, estream_t fp,
{
tty_fprintf (fp, " created ....: %s\n",
isotimestamp (info.fpr3time));
print_keygrip (fp, info.grp2);
print_keygrip (fp, info.grp3);
}
tty_fprintf (fp, "General key info..: ");

28
g10/compress.c
View File

@ -309,15 +309,19 @@ int
handle_compressed (ctrl_t ctrl, void *procctx, PKT_compressed *cd,
int (*callback)(IOBUF, void *), void *passthru )
{
compress_filter_context_t *cfx;
int rc;
if(check_compress_algo(cd->algorithm))
return GPG_ERR_COMPR_ALGO;
cfx = xmalloc_clear (sizeof *cfx);
cfx->release = release_context;
cfx->algo = cd->algorithm;
push_compress_filter(cd->buf,cfx,cd->algorithm);
if(cd->algorithm) {
compress_filter_context_t *cfx;
cfx = xmalloc_clear (sizeof *cfx);
cfx->release = release_context;
cfx->algo = cd->algorithm;
if (push_compress_filter(cd->buf, cfx, cd->algorithm))
xfree (cfx);
}
if( callback )
rc = callback(cd->buf, passthru );
else
@ -326,16 +330,20 @@ handle_compressed (ctrl_t ctrl, void *procctx, PKT_compressed *cd,
return rc;
}
void
gpg_error_t
push_compress_filter(IOBUF out,compress_filter_context_t *zfx,int algo)
{
push_compress_filter2(out,zfx,algo,0);
return push_compress_filter2(out,zfx,algo,0);
}
void
/* Push a compress filter and return 0 if that succeeded. */
gpg_error_t
push_compress_filter2(IOBUF out,compress_filter_context_t *zfx,
int algo,int rel)
{
gpg_error_t err = gpg_error (GPG_ERR_FALSE);
if(algo>=0)
zfx->algo=algo;
else
@ -350,16 +358,20 @@ push_compress_filter2(IOBUF out,compress_filter_context_t *zfx,
case COMPRESS_ALGO_ZIP:
case COMPRESS_ALGO_ZLIB:
iobuf_push_filter2(out,compress_filter,zfx,rel);
err = 0;
break;
#endif
#ifdef HAVE_BZIP2
case COMPRESS_ALGO_BZIP2:
iobuf_push_filter2(out,compress_filter_bz2,zfx,rel);
err = 0;
break;
#endif
default:
BUG();
}
return err;
}

7
g10/filter.h
View File

@ -177,9 +177,10 @@ void unarmor_pump_release (UnarmorPump x);
int unarmor_pump (UnarmorPump x, int c);
/*-- compress.c --*/
void push_compress_filter(iobuf_t out,compress_filter_context_t *zfx,int algo);
void push_compress_filter2(iobuf_t out,compress_filter_context_t *zfx,
int algo,int rel);
gpg_error_t push_compress_filter (iobuf_t out, compress_filter_context_t *zfx,
int algo);
gpg_error_t push_compress_filter2 (iobuf_t out,compress_filter_context_t *zfx,
int algo, int rel);
/*-- cipher.c --*/
int cipher_filter_cfb (void *opaque, int control,

21
g10/getkey.c
View File

@ -4136,15 +4136,20 @@ get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
*********************************************/
/* Return a string with a printable representation of the user_id.
* this string must be freed by xfree. */
* this string must be freed by xfree. If R_NOUID is not NULL it is
* set to true if a user id was not found; otherwise to false. */
static char *
get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len,
int *r_nouid)
{
user_id_db_t r;
keyid_list_t a;
int pass = 0;
char *p;
if (r_nouid)
*r_nouid = 0;
/* Try it two times; second pass reads from the database. */
do
{
@ -4191,6 +4196,8 @@ get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
else
p = xasprintf ("%s [?]", keystr (keyid));
if (r_nouid)
*r_nouid = 1;
if (r_len)
*r_len = strlen (p);
return p;
@ -4200,7 +4207,7 @@ get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
char *
get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
{
char *p = get_user_id_string (ctrl, keyid, 0, NULL);
char *p = get_user_id_string (ctrl, keyid, 0, NULL, NULL);
char *p2 = utf8_to_native (p, strlen (p), 0);
xfree (p);
return p2;
@ -4210,15 +4217,15 @@ get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
char *
get_long_user_id_string (ctrl_t ctrl, u32 * keyid)
{
return get_user_id_string (ctrl, keyid, 1, NULL);
return get_user_id_string (ctrl, keyid, 1, NULL, NULL);
}
/* Please try to use get_user_byfpr instead of this one. */
char *
get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn)
get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid)
{
return get_user_id_string (ctrl, keyid, 2, rn);
return get_user_id_string (ctrl, keyid, 2, rn, r_nouid);
}
@ -4227,7 +4234,7 @@ char *
get_user_id_native (ctrl_t ctrl, u32 *keyid)
{
size_t rn;
char *p = get_user_id (ctrl, keyid, &rn);
char *p = get_user_id (ctrl, keyid, &rn, NULL);
char *p2 = utf8_to_native (p, rn, 0);
xfree (p);
return p2;

5
g10/gpg.c
View File

@ -429,6 +429,7 @@ enum cmd_and_opt_values
oSender,
oKeyOrigin,
oRequestOrigin,
oNoSymkeyCache,
oNoop
};
@ -902,6 +903,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_s (oAutoKeyLocate, "auto-key-locate", "@"),
ARGPARSE_s_n (oNoAutoKeyLocate, "no-auto-key-locate", "@"),
ARGPARSE_s_n (oNoAutostart, "no-autostart", "@"),
ARGPARSE_s_n (oNoSymkeyCache, "no-symkey-cache", "@"),
/* Dummy options with warnings. */
ARGPARSE_s_n (oUseAgent, "use-agent", "@"),
@ -3624,6 +3626,7 @@ main (int argc, char **argv)
break;
case oNoAutostart: opt.autostart = 0; break;
case oNoSymkeyCache: opt.no_symkey_cache = 1; break;
case oDefaultNewKeyAlgo:
opt.def_new_key_algo = pargs.r.ret_str;
@ -5214,7 +5217,7 @@ g10_exit( int rc )
/* If we had an error but not printed an error message, do it now.
* Note that write_status_failure will never print a second failure
* status line. */
if (log_get_errorcount (0))
if (rc)
write_status_failure ("gpg-exit", gpg_error (GPG_ERR_GENERAL));
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);

6
g10/import.c
View File

@ -767,7 +767,7 @@ valid_keyblock_packet (int pkttype)
* Meta data (ring trust packets) are only considered of WITH_META is set.
* PENDING_PKT should be initialized to NULL and not changed by the caller.
* Return: 0 = okay, -1 no more blocks or another errorcode.
* The int at at R_V3KEY counts the number of unsupported v3
* The int at R_V3KEY counts the number of unsupported v3
* keyblocks.
*/
static int
@ -856,7 +856,9 @@ read_block( IOBUF a, int with_meta,
{
compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
pkt->pkt.compressed->buf = NULL;
push_compress_filter2(a,cfx,pkt->pkt.compressed->algorithm,1);
if (push_compress_filter2 (a, cfx,
pkt->pkt.compressed->algorithm, 1))
xfree (cfx); /* e.g. in case of compression_algo NONE. */
}
free_packet (pkt, &parsectx);
init_packet(pkt);

8
g10/keydb.h
View File

@ -405,10 +405,10 @@ void setup_main_keyids (kbnode_t keyblock);
data structures. */
void merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock);
char*get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
char*get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
char*get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn);
char*get_user_id_native (ctrl_t ctrl, u32 *keyid);
char *get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
char *get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
char *get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid);
char *get_user_id_native (ctrl_t ctrl, u32 *keyid);
char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);

2
g10/keyedit.c
View File

@ -264,7 +264,7 @@ keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
else
{
size_t n;
char *p = get_user_id (ctrl, sig->keyid, &n);
char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
tty_print_utf8_string2 (fp, p, n,
opt.screen_columns - keystrlen () - 26 -
((opt.

15
g10/keylist.c
View File

@ -1182,7 +1182,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
else if (!opt.fast_list_mode)
{
size_t n;
char *p = get_user_id (ctrl, sig->keyid, &n);
char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
print_utf8_buffer (es_stdout, p, n);
xfree (p);
}
@ -1553,6 +1553,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
byte fparray[MAX_FINGERPRINT_LEN];
char *siguid;
size_t siguidlen;
char *issuer_fpr = NULL;
if (sig->sig_class == 0x20 || sig->sig_class == 0x28
|| sig->sig_class == 0x30)
@ -1610,11 +1611,16 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
else
{
rc = 0;
sigrc = ' ';
sigrc = ' '; /* Note the fix-up below in --list-sigs mode. */
}
if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode)
siguid = get_user_id (ctrl, sig->keyid, &siguidlen);
{
int nouid;
siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid);
if (!opt.check_sigs && nouid)
sigrc = '?'; /* No key in local keyring. */
}
else
{
siguid = NULL;
@ -1653,6 +1659,8 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
for (i = 0; i < fplen; i++)
es_fprintf (es_stdout, "%02X", fparray[i]);
}
else if ((issuer_fpr = issuer_fpr_string (sig)))
es_fputs (issuer_fpr, es_stdout);
es_fprintf (es_stdout, ":::%d:\n", sig->digest_algo);
@ -1661,6 +1669,7 @@ list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock,
/* fixme: check or list other sigs here */
xfree (siguid);
xfree (issuer_fpr);
}
}

63
g10/mainproc.c
View File

@ -1307,7 +1307,7 @@ list_node (CTX c, kbnode_t node)
}
else if (!opt.fast_list_mode)
{
p = get_user_id (c->ctrl, sig->keyid, &n);
p = get_user_id (c->ctrl, sig->keyid, &n, NULL);
es_write_sanitized (es_stdout, p, n,
opt.with_colons?":":NULL, NULL );
xfree (p);
@ -1710,21 +1710,40 @@ akl_has_wkd_method (void)
}
/* Return the ISSUER fingerprint string in human readbale format if
* available. Caller must release the string. */
static char *
issuer_fpr_string (PKT_signature *sig)
/* Return the ISSUER fingerprint buffer and its lenbgth at R_LEN.
* Returns NULL if not available. The returned buffer is valid as
* long as SIG is not modified. */
static const byte *
issuer_fpr_raw (PKT_signature *sig, size_t *r_len)
{
const byte *p;
size_t n;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
if (p && n == 21 && p[0] == 4)
return bin2hex (p+1, n-1, NULL);
{
*r_len = n - 1;
return p+1;
}
*r_len = 0;
return NULL;
}
/* Return the ISSUER fingerprint string in human readbale format if
* available. Caller must release the string. */
/* FIXME: Move to another file. */
char *
issuer_fpr_string (PKT_signature *sig)
{
const byte *p;
size_t n;
p = issuer_fpr_raw (sig, &n);
return p? bin2hex (p, n, NULL) : NULL;
}
static void
print_good_bad_signature (int statno, const char *keyid_str, kbnode_t un,
PKT_signature *sig, int rc)
@ -1761,7 +1780,7 @@ check_sig_and_print (CTX c, kbnode_t node)
int rc;
int is_expkey = 0;
int is_revkey = 0;
char *issuer_fpr;
char *issuer_fpr = NULL;
PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
int tried_ks_by_fpr;
@ -1888,13 +1907,14 @@ check_sig_and_print (CTX c, kbnode_t node)
write_status_text (STATUS_NEWSIG, NULL);
astr = openpgp_pk_algo_name ( sig->pubkey_algo );
if ((issuer_fpr = issuer_fpr_string (sig)))
issuer_fpr = issuer_fpr_string (sig);
if (issuer_fpr)
{
log_info (_("Signature made %s\n"), asctimestamp(sig->timestamp));
log_info (_(" using %s key %s\n"),
astr? astr: "?", issuer_fpr);
xfree (issuer_fpr);
}
else if (!keystrlen () || keystrlen () > 8)
{
@ -2001,14 +2021,14 @@ check_sig_and_print (CTX c, kbnode_t node)
const byte *p;
size_t n;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_ISSUER_FPR, &n);
if (p && n == 21 && p[0] == 4)
p = issuer_fpr_raw (sig, &n);
if (p)
{
/* v4 packet with a SHA-1 fingerprint. */
free_public_key (pk);
pk = NULL;
glo_ctrl.in_auto_key_retrieve++;
res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
res = keyserver_import_fprint (c->ctrl, p, n, opt.keyserver, 1);
tried_ks_by_fpr = 1;
glo_ctrl.in_auto_key_retrieve--;
if (!res)
@ -2375,22 +2395,23 @@ check_sig_and_print (CTX c, kbnode_t node)
}
else
{
char buf[50];
snprintf (buf, sizeof buf, "%08lX%08lX %d %d %02x %lu %d",
(ulong)sig->keyid[0], (ulong)sig->keyid[1],
sig->pubkey_algo, sig->digest_algo,
sig->sig_class, (ulong)sig->timestamp, gpg_err_code (rc));
write_status_text (STATUS_ERRSIG, buf);
write_status_printf (STATUS_ERRSIG, "%08lX%08lX %d %d %02x %lu %d %s",
(ulong)sig->keyid[0], (ulong)sig->keyid[1],
sig->pubkey_algo, sig->digest_algo,
sig->sig_class, (ulong)sig->timestamp,
gpg_err_code (rc),
issuer_fpr? issuer_fpr:"-");
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
{
buf[16] = 0;
write_status_text (STATUS_NO_PUBKEY, buf);
write_status_printf (STATUS_NO_PUBKEY, "%08lX%08lX",
(ulong)sig->keyid[0], (ulong)sig->keyid[1]);
}
if (gpg_err_code (rc) != GPG_ERR_NOT_PROCESSED)
log_error (_("Can't check signature: %s\n"), gpg_strerror (rc));
}
free_public_key (pk);
xfree (issuer_fpr);
return rc;
}

4
g10/options.h
View File

@ -249,7 +249,7 @@ struct
unsigned int allow_weak_digest_algos:1;
unsigned int large_rsa:1;
unsigned int disable_signer_uid:1;
/* Flag to enbale experimental features from RFC4880bis. */
/* Flag to enable experimental features from RFC4880bis. */
unsigned int rfc4880bis:1;
} flags;
@ -282,6 +282,8 @@ struct
int unwrap_encryption;
int only_sign_text_ids;
int no_symkey_cache; /* Disable the cache used for --symmetric. */
} opt;
/* CTRL is used to keep some global variables we currently can't

2
g10/packet.h
View File

@ -620,6 +620,8 @@ int proc_signature_packets_by_fd (ctrl_t ctrl,
int proc_encryption_packets (ctrl_t ctrl, void *ctx, iobuf_t a);
int list_packets( iobuf_t a );
char *issuer_fpr_string (PKT_signature *sig);
/*-- parse-packet.c --*/
/* Sets the packet list mode to MODE (i.e., whether we are dumping a

5
g10/passphrase.c
View File

@ -317,6 +317,9 @@ passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
canceled = &dummy_canceled;
*canceled = 0;
if (opt.no_symkey_cache)
nocache = 1; /* Force no symmtric key caching. */
if ( !s2k )
{
log_assert (create && !nocache);
@ -485,7 +488,7 @@ gpg_format_keydesc (ctrl_t ctrl, PKT_public_key *pk, int mode, int escaped)
&& pk->keyid[1] != pk->main_keyid[1]);
algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
timestr = strtimestamp (pk->timestamp);
uid = get_user_id (ctrl, is_subkey? pk->main_keyid:pk->keyid, &uidlen);
uid = get_user_id (ctrl, is_subkey? pk->main_keyid:pk->keyid, &uidlen, NULL);
orig_codeset = i18n_switchto_utf8 ();

2
g10/pkclist.c
View File

@ -1149,7 +1149,7 @@ build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list)
else
{
size_t n;
char *p = get_user_id (ctrl, keyid, &n );
char *p = get_user_id (ctrl, keyid, &n, NULL);
tty_print_utf8_string ( p, n );
xfree(p);
}

2
g10/revoke.c
View File

@ -571,7 +571,7 @@ gen_standard_revoke (ctrl_t ctrl, PKT_public_key *psk, const char *cache_nonce)
kl = opt.keyid_format == KF_NONE? 0 : keystrlen ();
tmpstr = get_user_id (ctrl, keyid, &len);
tmpstr = get_user_id (ctrl, keyid, &len, NULL);
es_fprintf (memfp, "uid%*s%.*s\n\n",
kl + 10, "",
(int)len, tmpstr);

53
po/ca.po
View File

@ -7988,33 +7988,18 @@ msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: error en escriure el registre de directoris: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "hi ha massa preferències «%c»\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "error en crear «%s»: %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "error en la lectura de «%s»: %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: error en escriure el registre de directoris: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8475,10 +8460,6 @@ msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "error en la lectura de «%s»: %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "ha fallat l'actualització de la clau secreta: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8499,14 +8480,6 @@ msgstr "ha fallat l'actualització: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8574,6 +8547,14 @@ msgstr "error mentre s'escrivia l'anell «%s»: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "error en la lectura de «%s»: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "hi ha massa preferències «%c»\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "error mentre s'enviava a «%s»: %s\n"
@ -9191,6 +9172,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "error en la lectura de «%s»: %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "ha fallat l'actualització de la clau secreta: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "no s'ha pogut eliminar el bloc de claus: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Quina grandària voleu? (1024) "

52
po/cs.po
View File

@ -7487,32 +7487,18 @@ msgstr "volání crl_cache_insert přes vydavatele selhalo: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "tabulka mapování čtenáře na soubor je plná  čeká se\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "namísto „https“ se použije „http“\n"
# Poslední argument je název protokolu
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr "Přístup k CRL není možný kvůli vypnutému %s\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "chyba při inicializaci čtecího objektu: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL „%s“ přesměrováno na „%s“ (%u)\n"
msgid "too many redirections\n"
msgstr "příliš mnoho přesměrování\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "chyba při získávání „%s“: %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "chyba při získávání „%s“: status HTTP je %u\n"
msgid "error initializing reader object: %s\n"
msgstr "chyba při inicializaci čtecího objektu: %s\n"
# Poslední argument je název protokolu
msgid "CRL access not possible due to Tor mode\n"
@ -7928,10 +7914,6 @@ msgstr "chyba při tisknutí řádku protokolu: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "chyba při čtení protokolu z ldapové obálky č.%d: %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "npth_select selhala: %s  čeká se 1s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "ldapová obálka %d připravena"
@ -7952,14 +7934,6 @@ msgstr "čekání na ldapovou obálku %d selhalo: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr "ldapová obálka %d se zasekla  bude zabita\n"
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr "chyba při zakládání vlákna ovládajícího obálku LDAPu: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "čtení z ldapové obálky %d selhalo: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "v názvu stroje je neplatný znak 0x%02x  nepřidáno\n"
@ -8023,6 +7997,13 @@ msgstr "chyba při připojování na „%s“: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "chyba při čtení HTTP odpovědi od „%s“: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL „%s“ přesměrováno na „%s“ (%u)\n"
msgid "too many redirections\n"
msgstr "příliš mnoho přesměrování\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "chyba při rozebírání OCSP odpovědi od „%s“: %s\n"
@ -8612,6 +8593,21 @@ msgstr ""
"Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n"
"Prověří heslo zadané na vstupu proti souboru se vzory\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "namísto „https“ se použije „http“\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "chyba při získávání „%s“: status HTTP je %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "npth_select selhala: %s  čeká se 1s\n"
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr "chyba při zakládání vlákna ovládajícího obálku LDAPu: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "čtení z ldapové obálky %d selhalo: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Jakou délku klíče pro podepisování si přejete? (%u) "

61
po/da.po
View File

@ -7946,36 +7946,19 @@ msgstr "modtagelse af linje mislykkedes: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: fejl ved skrivning af mappepost: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "for mange chifferpræferencer\n"
#, fuzzy, c-format
#| msgid "error retrieving `%s' via %s: %s\n"
msgid "error retrieving '%s': %s\n"
msgstr "fejl ved indhentelse af »%s« via %s: %s\n"
#, fuzzy, c-format
#| msgid "error running `%s': exit status %d\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "fejl ved kørsel af »%s«: afslutningsstatus %d\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: fejl ved skrivning af mappepost: %s\n"
#, fuzzy
#| msgid "certificate `%s' not found: %s\n"
@ -8476,11 +8459,6 @@ msgstr "fejl ved skrivning til »%s«: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "fejl ved læsning fra %s: %s\n"
#, fuzzy, c-format
#| msgid "pth_select failed: %s - waiting 1s\n"
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "pth_select mislykkeds: %s - venter 1s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8502,15 +8480,6 @@ msgstr "ventning på at proces %d skulle terminere mislykkedes: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "reading public key failed: %s\n"
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8588,6 +8557,15 @@ msgstr "fejl ved skrivning til »%s«: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "fejl ved læsning fra %s: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "for mange chifferpræferencer\n"
#, fuzzy, c-format
#| msgid "error binding socket to `%s': %s\n"
msgid "error parsing OCSP response for '%s': %s\n"
@ -9259,6 +9237,21 @@ msgstr ""
"Syntaks: gpg-check-pattern [tilvalg] mønsterfil\n"
"Kontroller en adgangsfrase angivet på stdin mod mønsterfilen\n"
#, fuzzy
#~| msgid "error running `%s': exit status %d\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "fejl ved kørsel af »%s«: afslutningsstatus %d\n"
#, fuzzy
#~| msgid "pth_select failed: %s - waiting 1s\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "pth_select mislykkeds: %s - venter 1s\n"
#, fuzzy
#~| msgid "reading public key failed: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "læsning af offentlig nøgle mislykkedes: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Hvilken nøglestørrelse ønsker du for underskriftsnøglen (%u) "

52
po/de.po
View File

@ -7653,31 +7653,17 @@ msgstr "crl_cache_insert über den Issuer fehlgeschlagen: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "\"reader to file\" Zuordnungstabelle ist voll - warte\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "Es wird \"HTTP\" anstatt \"HTTPS\" verwendet\n"
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr "CRL Zugriff nicht möglich da %s abgeschaltet ist\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "Fehler beim Initialisieren des \"reader\" Objekts: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL `%s' nach `%s' umgeleitet (%u)\n"
msgid "too many redirections\n"
msgstr "zu viele verschachtelte Umleitungen\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "Fehler beim Holen von `%s': %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "Fehler beim Holen von `%s': HTTP Status %u\n"
msgid "error initializing reader object: %s\n"
msgstr "Fehler beim Initialisieren des \"reader\" Objekts: %s\n"
msgid "CRL access not possible due to Tor mode\n"
msgstr "CRL Zugriff ist im Tor Modus nicht möglich\n"
@ -8096,10 +8082,6 @@ msgstr "Fehler beim Schreiben einer Logzeile: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "Fehler beim Lesen des Logs vom LDAP Wrapper %d: %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "npth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "LDAP Wrapper %d fertig"
@ -8120,14 +8102,6 @@ msgstr "Warten auf den LDAP Wrapper %d fehlgeschlagen: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr "LDAP Wrapper %d versackt - abgeschossen\n"
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr "Fehler beim Starten des LDAP Wrapper Kontrollthreads: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "Lesen vom LDAP Wrapper %d fehlgeschlagen: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "Ungültiges Zeichen 0x%02X im Hostnamen - nicht hinzugefügt\n"
@ -8191,6 +8165,13 @@ msgstr "Fehler beim Verbinden mit '%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "Fehler beim Lesen der HTTP Antwort von `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL `%s' nach `%s' umgeleitet (%u)\n"
msgid "too many redirections\n"
msgstr "zu viele verschachtelte Umleitungen\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "Fehler beim Zerlegen der OCSP Antwort für `%s': %s\n"
@ -8785,6 +8766,21 @@ msgstr ""
"Syntax: gpg-check-pattern [optionen] Musterdatei\n"
"Die von stdin gelesene Passphrase gegen die Musterdatei prüfen\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "Es wird \"HTTP\" anstatt \"HTTPS\" verwendet\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "Fehler beim Holen von `%s': HTTP Status %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "npth_select()-Aufruf fehlgeschlagen: %s - warte 1s\n"
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr "Fehler beim Starten des LDAP Wrapper Kontrollthreads: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "Lesen vom LDAP Wrapper %d fehlgeschlagen: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr ""
#~ "Welche Schlüssellänge wünschen Sie für den Signatur-Schlüssel? (%u) "

53
po/el.po
View File

@ -7827,33 +7827,18 @@ msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: σφάλμα στην εγγραφή της εγγραφής dir : %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "πάρα πολλές `%c' προεπιλογές\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "σφάλμα κατά τη δημιουργία του `%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: σφάλμα στην εγγραφή της εγγραφής dir : %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8301,10 +8286,6 @@ msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "η ενημέρωση μυστικού απέτυχε: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8325,14 +8306,6 @@ msgstr "η ενημέρωση απέτυχε: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8400,6 +8373,14 @@ msgstr "αδυναμία εγγραφής της κλειδοθήκης `%s': %s
msgid "error reading HTTP response for '%s': %s\n"
msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "πάρα πολλές `%c' προεπιλογές\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "σφάλμα στη αποστολή προς το `%s': %s\n"
@ -9017,6 +8998,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "σφάλμα κατά την ανάγνωση του `%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "η ενημέρωση μυστικού απέτυχε: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "διαγραφή block κλειδιών απέτυχε: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Τι μέγεθος κλειδιού θα θέλατε; (1024) "

53
po/eo.po
View File

@ -7770,33 +7770,18 @@ msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: eraro dum skribo de dosieruja registro: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "tro da '%c'-preferoj\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "eraro dum kreado de '%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "eraro dum legado de '%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: eraro dum skribo de dosieruja registro: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8243,10 +8228,6 @@ msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "eraro dum legado de '%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "aktualigo de sekreto malsukcesis: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8267,14 +8248,6 @@ msgstr "aktualigo malsukcesis: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8342,6 +8315,14 @@ msgstr "eraro dum skribado de ŝlosilaro '%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "eraro dum legado de '%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "tro da '%c'-preferoj\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "eraro dum sendo al '%s': %s\n"
@ -8958,6 +8939,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "eraro dum legado de '%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "aktualigo de sekreto malsukcesis: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "forviŝo de ŝlosilbloko malsukcesis: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Kiun ŝlosilgrandon vi deziras? (1024) "

3643
po/es.po
View File

File diff suppressed because it is too large Load Diff

53
po/et.po
View File

@ -7743,33 +7743,18 @@ msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: viga kataloogikirje kirjutamisel: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "liiga palju `%c' eelistusi\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "viga `%s' loomisel: %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "viga `%s' lugemisel: %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: viga kataloogikirje kirjutamisel: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8217,10 +8202,6 @@ msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "viga `%s' lugemisel: %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "salajase võtme uuendamine ebaõnnestus: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8241,14 +8222,6 @@ msgstr "uuendamine ebaõnnestus: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8316,6 +8289,14 @@ msgstr "viga võtmehoidlasse `%s' kirjutamisel: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "viga `%s' lugemisel: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "liiga palju `%c' eelistusi\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "viga teate saatmisel serverile `%s': %s\n"
@ -8933,6 +8914,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "viga `%s' lugemisel: %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "salajase võtme uuendamine ebaõnnestus: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "võtmebloki kustutamine ebaõnnestus: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Millist võtmepikkust te soovite? (1024) "

53
po/fi.po
View File

@ -7804,33 +7804,18 @@ msgstr "avainlohkojen poisto epäonnistui: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: virhe kirjoitettaessa hakemistotietuetta: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "liian monta \"%c\" valintaa\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "virhe luotaessa \"%s\": %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: virhe kirjoitettaessa hakemistotietuetta: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8279,10 +8264,6 @@ msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "salaisen päivitys epäonnistui: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8303,14 +8284,6 @@ msgstr "päivitys epäonnistui: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "avainlohkojen poisto epäonnistui: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8378,6 +8351,14 @@ msgstr "virhe kirjoitettaessa avainrenkaaseen \"%s\": %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "liian monta \"%c\" valintaa\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "virhe lähettäessä kohteeseen \"%s\": %s\n"
@ -8995,6 +8976,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "virhe luettaessa tiedostoa \"%s\": %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "salaisen päivitys epäonnistui: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "avainlohkojen poisto epäonnistui: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Minkä kokoisen avaimen haluat? (1024) "

54
po/fr.po
View File

@ -7805,33 +7805,19 @@ msgstr "échec de crl_cache_insert par émetteur : %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "table de projection de lecteur vers fichier pleine — attente\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "utilisation d'« http » au lieu d'« https »\n"
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
"accès à la liste de révocations de certificat impossible car %s est "
"désactivé\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "erreur d'initialisation de l'objet lecteur : %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL « %s » redirigée vers « %s » (%u)\n"
msgid "too many redirections\n"
msgstr "trop de redirections\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "erreur de récupération de « %s » : %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "erreur de récupération de « %s » : état HTTP %u\n"
msgid "error initializing reader object: %s\n"
msgstr "erreur d'initialisation de l'objet lecteur : %s\n"
#, fuzzy
#| msgid "CRL access not possible due to disabled %s\n"
@ -8264,10 +8250,6 @@ msgstr "erreur d'affichage de ligne du journal : %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "erreur de lecture du journal par l'enveloppe LDAP %d : %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "échec de npth_select : %s — attente 1 s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "enveloppe LDAP %d prête"
@ -8288,15 +8270,6 @@ msgstr "échec d'attente de l'enveloppe LDAP %d : %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr "enveloppe LDAP %d à l'arrêt — le processus va être tué\n"
# NOTE: Incorrectly set as translatable?
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr "error spawning ldap wrapper reaper thread: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "échec de lecture par l'enveloppe LDAP %d : %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "caractère 0x%02x incorrect dans le nom d'hôte — non ajouté\n"
@ -8362,6 +8335,13 @@ msgstr "erreur de connexion à « %s » : %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "erreur de lecture de réponse HTTP pour « %s » : %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL « %s » redirigée vers « %s » (%u)\n"
msgid "too many redirections\n"
msgstr "trop de redirections\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "erreur d'analyse de réponse OCSP pour « %s » : %s\n"
@ -8983,6 +8963,22 @@ msgstr ""
"Vérifier une phrase secrète donnée sur l'entrée standard par rapport à "
"ficmotif\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "utilisation d'« http » au lieu d'« https »\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "erreur de récupération de « %s » : état HTTP %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "échec de npth_select : %s — attente 1 s\n"
# NOTE: Incorrectly set as translatable?
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr "error spawning ldap wrapper reaper thread: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "échec de lecture par l'enveloppe LDAP %d : %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr ""
#~ "Quelle taille de clef désirez-vous pour la clef de signature ? (%u) "

53
po/gl.po
View File

@ -7829,33 +7829,18 @@ msgstr "fallou o borrado do bloque de chaves: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: erro ao escribi-lo rexistro de directorios: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "demasiadas preferencias `%c'\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "erro ao crear `%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "erro lendo `%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: erro ao escribi-lo rexistro de directorios: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8305,10 +8290,6 @@ msgstr "erro escribindo no chaveiro `%s': %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "erro lendo `%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "o segredo da actualización fallou: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8329,14 +8310,6 @@ msgstr "a actualización fallou: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "fallou o borrado do bloque de chaves: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8404,6 +8377,14 @@ msgstr "erro escribindo no chaveiro `%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "erro lendo `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "demasiadas preferencias `%c'\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "erro ao enviar a `%s': %s\n"
@ -9024,6 +9005,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "erro lendo `%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "o segredo da actualización fallou: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "fallou o borrado do bloque de chaves: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "¿Qué tamaño de chave quere? (1024) "

53
po/hu.po
View File

@ -7773,33 +7773,18 @@ msgstr "A kulcsblokk törlése sikertelen: %s.\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: Hiba könyvtárrekord írásakor: %s.\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "Túl sok \"%c\" preferencia.\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "Hiba \"%s\" létrehozásakor: %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "Hiba \"%s\" olvasásakor: %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: Hiba könyvtárrekord írásakor: %s.\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8247,10 +8232,6 @@ msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "Hiba \"%s\" olvasásakor: %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "Titkoskulcs-blokk frissítése sikertelen: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8271,14 +8252,6 @@ msgstr "Frissítés sikertelen: %s.\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "A kulcsblokk törlése sikertelen: %s.\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8346,6 +8319,14 @@ msgstr "Hiba a \"%s\" kulcskarika írásakor: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "Hiba \"%s\" olvasásakor: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "Túl sok \"%c\" preferencia.\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "Hiba %s-ra/-re küldéskor: %s\n"
@ -8963,6 +8944,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "Hiba \"%s\" olvasásakor: %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "Titkoskulcs-blokk frissítése sikertelen: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "A kulcsblokk törlése sikertelen: %s.\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Milyen kulcsméretet szeretne? (1024) "

53
po/id.po
View File

@ -7766,33 +7766,18 @@ msgstr "gagal menghapus keyblok: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: kesalahan menulis dir record: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "terlalu banyak preferensi `%c'\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "kesalahan penciptaan : `%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "kesalahan membaca `%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: kesalahan menulis dir record: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8240,10 +8225,6 @@ msgstr "kesalahan menulis keyring `%s': %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "kesalahan membaca `%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "gagal perbarui rahasia: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8264,14 +8245,6 @@ msgstr "gagal memperbarui: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "gagal menghapus keyblok: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8339,6 +8312,14 @@ msgstr "kesalahan menulis keyring `%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "kesalahan membaca `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "terlalu banyak preferensi `%c'\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "kesalahan mengirim ke `%s': %s\n"
@ -8956,6 +8937,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "kesalahan membaca `%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "gagal perbarui rahasia: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "gagal menghapus keyblok: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Keysize yang anda inginkan? (1024) "

53
po/it.po
View File

@ -7806,33 +7806,18 @@ msgstr "cancellazione del keyblock fallita: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: errore durante la scrittura del dir record: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "ci sono troppe preferenze `%c'\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "errore creando `%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "errore leggendo `%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: errore durante la scrittura del dir record: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8281,10 +8266,6 @@ msgstr "errore scrivendo il portachiavi `%s': %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "errore leggendo `%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "aggiornamento della chiave segreta fallito: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8305,14 +8286,6 @@ msgstr "aggiornamento fallito: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "cancellazione del keyblock fallita: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8380,6 +8353,14 @@ msgstr "errore scrivendo il portachiavi `%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "errore leggendo `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "ci sono troppe preferenze `%c'\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "errore leggendo `%s': %s\n"
@ -8997,6 +8978,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "errore leggendo `%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "aggiornamento della chiave segreta fallito: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "cancellazione del keyblock fallita: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Di che dimensioni vuoi la chiave? (1024) "

155
po/ja.po
View File

@ -4,13 +4,13 @@
# IIDA Yosiaki <iida@gnu.org>, 1999, 2000, 2002, 2003, 2004.
# Yoshihiro Kajiki <kajiki@ylug.org>, 1999.
# Takashi P.KATOH, 2002.
# NIIBE Yutaka <gniibe@fsij.org>, 2013, 2014, 2015, 2016, 2017.
# NIIBE Yutaka <gniibe@fsij.org>, 2013, 2014, 2015, 2016, 2017, 2018.
#
msgid ""
msgstr ""
"Project-Id-Version: gnupg 2.2.6\n"
"Report-Msgid-Bugs-To: translations@gnupg.org\n"
"PO-Revision-Date: 2018-03-30 19:31+0900\n"
"PO-Revision-Date: 2018-04-12 10:51+0900\n"
"Last-Translator: NIIBE Yutaka <gniibe@fsij.org>\n"
"Language-Team: none\n"
"Language: ja\n"
@ -278,7 +278,7 @@ msgstr ""
"避けましょう。"
msgid "Warning: You have entered an insecure passphrase."
msgstr "*警告*: 安全とは言えないパスフレーズが入力されました。"
msgstr "警告: 安全とは言えないパスフレーズが入力されました。"
#, c-format
msgid "Please enter the passphrase to%0Aprotect your new key"
@ -397,7 +397,7 @@ msgstr "選択されたダイジェスト・アルゴリズムは、無効です
#, c-format
msgid "Note: no default option file '%s'\n"
msgstr "*注意*: デフォルトのオプション・ファイル '%s' がありません\n"
msgstr "注意: デフォルトのオプション・ファイル '%s' がありません\n"
#, c-format
msgid "option file '%s': %s\n"
@ -409,7 +409,7 @@ msgstr "'%s' からオプションを読み込みます\n"
#, c-format
msgid "Note: '%s' is not considered an option\n"
msgstr "*注意*: '%s'はオプションとは考えられません\n"
msgstr "注意: '%s'はオプションとは考えられません\n"
#, c-format
msgid "can't create socket: %s\n"
@ -626,7 +626,7 @@ msgstr "誤り"
#, c-format
msgid "Note: This passphrase has never been changed.%0APlease change it now."
msgstr "*注意*: パスフレーズは変更されていません。%0A今、変更してください。"
msgstr "注意: パスフレーズは変更されていません。%0A今、変更してください。"
#, c-format
msgid ""
@ -1195,12 +1195,11 @@ msgstr "*警告*: %s\n"
msgid "Note: Outdated servers may lack important security fixes.\n"
msgstr ""
"*注意*: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれませ"
"ん。\n"
"注意: 古いサーバは、重要なセキュリティの修正が欠如しているかもしれません。\n"
#, c-format
msgid "Note: Use the command \"%s\" to restart them.\n"
msgstr "*注意*: \"%s\"コマンドを使って再起動してください。\n"
msgstr "注意: \"%s\"コマンドを使って再起動してください。\n"
#, c-format
msgid "%s is not compliant with %s mode\n"
@ -1320,9 +1319,9 @@ msgid ""
" If the key generation does not succeed, please check the\n"
" documentation of your card to see what sizes are allowed.\n"
msgstr ""
"*注意*: カードが要求された鍵長をサポートしているという保証はありません。\n"
" 鍵生成が成功しない場合、あなたのカードに関する技術文書を確認し、\n"
" 利用できる鍵長について確認ください。\n"
"注意: カードが要求された鍵長をサポートしているという保証はありません。\n"
" 鍵生成が成功しない場合、あなたのカードに関する技術文書を確認し、\n"
" 利用できる鍵長について確認ください。\n"
#, c-format
msgid "What keysize do you want? (%u) "
@ -1364,12 +1363,12 @@ msgstr "無効な選択です。\n"
#, c-format
msgid "The card will now be re-configured to generate a key of %u bits\n"
msgstr "今、%uビットの鍵を生成するようにカードは再コンフィグされました\n"
msgstr "カードは、今、%uビットの鍵を生成するように再コンフィグされます\n"
#, c-format
msgid "The card will now be re-configured to generate a key of type: %s\n"
msgstr ""
"カードは、今、こちらのタイプの鍵を生成するように再コンフィグされました: %s\n"
"カードは、今、こちらのタイプの鍵を生成するように再コンフィグされま: %s\n"
#, c-format
msgid "error changing key attribute for key %d: %s\n"
@ -1377,7 +1376,7 @@ msgstr "鍵%dの属性を変更する際にエラー: %s\n"
#, c-format
msgid "error getting card info: %s\n"
msgstr "情報の取得エラー: %s\n"
msgstr "カード情報の取得エラー: %s\n"
msgid "This command is not supported by this card\n"
msgstr "このカードでは、このコマンドはサポートされていません。\n"
@ -1386,7 +1385,7 @@ msgid "Make off-card backup of encryption key? (Y/n) "
msgstr "暗号化鍵のカード外バックアップを作成しますか? (Y/n) "
msgid "Note: keys are already stored on the card!\n"
msgstr "*注意*: 秘密鍵はもうカードに保管してあります!\n"
msgstr "注意: 秘密鍵はもうカードに保管してあります!\n"
msgid "Replace existing keys? (y/N) "
msgstr "既存の鍵を置き換えますか? (y/N) "
@ -1421,7 +1420,7 @@ msgid "KEYTOCARD failed: %s\n"
msgstr "KEYTOCARDが失敗しました: %s\n"
msgid "Note: This command destroys all keys stored on the card!\n"
msgstr "*注意*: このコマンドはカードに保管してあるすべての鍵を破壊します!\n"
msgstr "注意: このコマンドはカードに保管してあるすべての鍵を破壊します!\n"
msgid "Continue? (y/N) "
msgstr "続けますか? (y/N) "
@ -1555,7 +1554,7 @@ msgstr "所有者信用情報をクリアしました\n"
#, c-format
msgid "there is a secret key for public key \"%s\"!\n"
msgstr "この公開鍵にたいする秘密鍵\"%s\"があります!\n"
msgstr "この公開鍵にする秘密鍵\"%s\"があります!\n"
msgid "use option \"--delete-secret-keys\" to delete it first.\n"
msgstr "まず\"--delete-secret-keys\"オプションでこれを削除してください。\n"
@ -2091,11 +2090,11 @@ msgstr "(選択肢の一覧には\"help\"を使ってください)\n"
#, c-format
msgid "Note: old default options file '%s' ignored\n"
msgstr "*注意*: 以前デフォルトだったオプション・ファイル'%s'は、無視されます\n"
msgstr "注意: 以前デフォルトだったオプション・ファイル'%s'は、無視されます\n"
#, c-format
msgid "Note: %s is not for normal use!\n"
msgstr "*注意*: 普通%sは使いません!\n"
msgstr "注意: 普通%sは使いません!\n"
#, c-format
msgid "'%s' is not a valid signature expiration\n"
@ -2250,7 +2249,7 @@ msgid "invalid min-cert-level; must be 1, 2, or 3\n"
msgstr "無効なmin-cert-level。0か1か2か3でなければなりません\n"
msgid "Note: simple S2K mode (0) is strongly discouraged\n"
msgstr "*注意*: 単純なS2Kモード(0)の使用には強く反対します\n"
msgstr "注意: 単純なS2Kモード(0)の使用には強く反対します\n"
msgid "invalid S2K mode; must be 0, 1 or 3\n"
msgstr "無効なS2Kモード。0か1か3でなければなりません\n"
@ -2350,7 +2349,8 @@ msgstr "'%s'は有効な鍵ID, フィンガープリント、keygripではない
msgid "WARNING: no command supplied. Trying to guess what you mean ...\n"
msgstr ""
"警告: コマンドが指定されていません。なにを意味しているのか当ててみます ...\n"
"*警告*: コマンドが指定されていません。なにを意味しているのか当ててみま"
"す ...\n"
msgid "Go ahead and type your message ...\n"
msgstr "開始します。メッセージを打ってください ...\n"
@ -2868,7 +2868,7 @@ msgid ""
"The self-signature on \"%s\"\n"
"is a PGP 2.x-style signature.\n"
msgstr ""
"\"%s\"にたいする自己署名は、\n"
"\"%s\"にする自己署名は、\n"
"PGP 2.x形式の署名です。\n"
msgid "Do you want to promote it to an OpenPGP self-signature? (y/N) "
@ -2890,7 +2890,7 @@ msgid ""
"Your current signature on \"%s\"\n"
"is a local signature.\n"
msgstr ""
"\"%s\"にたいするあなたの今の署名\n"
"\"%s\"にするあなたの今の署名\n"
"はローカルな署名です。\n"
msgid "Do you want to promote it to a full exportable signature? (y/N) "
@ -3467,15 +3467,11 @@ msgstr "主鍵の有効期限を変更します。\n"
msgid "You can't change the expiration date of a v3 key\n"
msgstr "v3鍵の有効期限は変更できません\n"
#, fuzzy
#| msgid "Changing expiration time for a subkey.\n"
msgid "Changing usage of a subkey.\n"
msgstr "副鍵の有効期限を変更します。\n"
msgstr "副鍵の使用法を変更します。\n"
#, fuzzy
#| msgid "Changing expiration time for the primary key.\n"
msgid "Changing usage of the primary key.\n"
msgstr "主鍵の有効期限を変更します。\n"
msgstr "主鍵の使用法を変更します。\n"
#, c-format
msgid "signing subkey %s is already cross-certified\n"
@ -3982,7 +3978,7 @@ msgstr "バックアップ・ファイル'%s'が作成できません: %s\n"
#, c-format
msgid "Note: backup of card key saved to '%s'\n"
msgstr "*注意*: カード鍵のバックアップが'%s'へ保存されます\n"
msgstr "注意: カード鍵のバックアップが'%s'へ保存されます\n"
#, c-format
msgid "writing public key to '%s'\n"
@ -4017,7 +4013,7 @@ msgid ""
msgstr "鍵は%lu秒未来にできました (時間歪曲か時計の障害でしょう)\n"
msgid "Note: creating subkeys for v3 keys is not OpenPGP compliant\n"
msgstr "*注意*: v3鍵に対する副鍵の作成は、OpenPGPに適合しません\n"
msgstr "注意: v3鍵に対する副鍵の作成は、OpenPGPに適合しません\n"
msgid "Secret parts of primary key are not available.\n"
msgstr "主鍵の秘密部分が利用できません。\n"
@ -4069,7 +4065,7 @@ msgstr[0] "エラーのため%d個の署名を検査しません\n"
#, c-format
msgid "Warning: %lu key skipped due to its large size\n"
msgid_plural "Warning: %lu keys skipped due to their large sizes\n"
msgstr[0] "*警告*: %lu個の鍵がその大きさのためスキップされました\n"
msgstr[0] "警告: %lu個の鍵がその大きさのためスキップされました\n"
msgid "Keyring"
msgstr "鍵リング"
@ -4262,7 +4258,7 @@ msgid "decryption failed: %s\n"
msgstr "復号に失敗しました: %s\n"
msgid "Note: sender requested \"for-your-eyes-only\"\n"
msgstr "*注意*: 送信者は\"極秘とする\"ように求めています\n"
msgstr "注意: 送信者は\"極秘とする\"ように求めています\n"
#, c-format
msgid "original file name='%.*s'\n"
@ -4401,7 +4397,7 @@ msgstr "*警告*: ダイジェスト・アルゴリズム %s は廃止されて
#, c-format
msgid "Note: signatures using the %s algorithm are rejected\n"
msgstr "*注意*: アルゴリズム %s を用いた署名は拒否されました\n"
msgstr "注意: アルゴリズム %s を用いた署名は拒否されました\n"
#, c-format
msgid "(reported error: %s)\n"
@ -4725,15 +4721,15 @@ msgid "WARNING: This subkey has been revoked by its owner!\n"
msgstr "*警告*: この副鍵は所有者によって失効されています!\n"
msgid "Note: This key has been disabled.\n"
msgstr "*注意*: この鍵は使用禁止に設定されています。\n"
msgstr "注意: この鍵は使用禁止に設定されています。\n"
#, c-format
msgid "Note: Verified signer's address is '%s'\n"
msgstr "*注意*: 確認された署名者のアドレスは'%s'です\n"
msgstr "注意: 確認された署名者のアドレスは'%s'です\n"
#, c-format
msgid "Note: Signer's address '%s' does not match DNS entry\n"
msgstr "*注意*: 署名者のアドレス'%s'がDNSのエントリと一致しません\n"
msgstr "注意: 署名者のアドレス'%s'がDNSのエントリと一致しません\n"
msgid "trustlevel adjusted to FULL due to valid PKA info\n"
msgstr "PKA情報が有効のため、信用レベルがFULLに調整されました\n"
@ -4742,7 +4738,7 @@ msgid "trustlevel adjusted to NEVER due to bad PKA info\n"
msgstr "PKA情報が無効のため、信用レベルがNEVERに調整されました\n"
msgid "Note: This key has expired!\n"
msgstr "*注意*: この鍵は期限切れです!\n"
msgstr "注意: この鍵は期限切れです!\n"
msgid "WARNING: This key is not certified with a trusted signature!\n"
msgstr "*警告*: この鍵は信用できる署名で証明されていません!\n"
@ -4823,11 +4819,11 @@ msgstr "有効な宛先がありません\n"
#, c-format
msgid "Note: key %s has no %s feature\n"
msgstr "*注意*: 鍵%sには %s の機能がありません\n"
msgstr "注意: 鍵%sには %s の機能がありません\n"
#, c-format
msgid "Note: key %s has no preference for %s\n"
msgstr "*注意*: 鍵%sには%sに対する優先指定がありません\n"
msgstr "注意: 鍵%sには%sに対する優先指定がありません\n"
msgid "data not saved; use option \"--output\" to save it\n"
msgstr ""
@ -4877,10 +4873,10 @@ msgstr "*警告*: 暗号アルゴリズム%sは受取人の優先指定に入っ
#, c-format
msgid "Note: secret key %s expired at %s\n"
msgstr "*注意*: 秘密鍵%sは%sで期限切れとなります\n"
msgstr "注意: 秘密鍵%sは%sで期限切れとなります\n"
msgid "Note: key has been revoked"
msgstr "*注意*: 鍵は失効済みです"
msgstr "注意: 鍵は失効済みです"
#, c-format
msgid "build_packet failed: %s\n"
@ -5074,28 +5070,27 @@ msgstr[0] "鍵%sは%lu日、未来にできました (時間歪曲か時計の
#, c-format
msgid "Note: signature key %s expired %s\n"
msgstr "*注意*: 署名鍵%sは%sに期限切れとなります\n"
msgstr "注意: 署名鍵%sは%sに期限切れとなります\n"
#, c-format
msgid "Note: signature key %s has been revoked\n"
msgstr "*注意*: 鍵 %s は失効済みです\n"
msgstr "注意: 鍵 %s は失効済みです\n"
#, fuzzy, c-format
#| msgid "standalone signature of class 0x%02x\n"
#, c-format
msgid "bad key signature from key %s: %s (0x%02x, 0x%x)\n"
msgstr "クラス0x%02xのスタンドアロン署名\n"
msgstr "鍵%sによる不正な鍵への署名: %s (0x%02x, 0x%x)\n"
#, c-format
msgid "assuming bad signature from key %s due to an unknown critical bit\n"
msgstr "不明のクリティカル・ビットにより、鍵%sの署名を不正とみなします\n"
msgstr "不明のクリティカル・ビットのため、鍵%sによる署名を不正とみなします\n"
#, c-format
msgid "key %s: no subkey for subkey revocation signature\n"
msgstr "鍵%s: 副鍵失効署名にたいする副鍵がありません\n"
msgstr "鍵%s: 副鍵失効署名にする副鍵がありません\n"
#, c-format
msgid "key %s: no subkey for subkey binding signature\n"
msgstr "鍵%s: 副鍵対応への署名にたいする副鍵がありません\n"
msgstr "鍵%s: 副鍵対応への署名にする副鍵がありません\n"
#, c-format
msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
@ -5225,7 +5220,7 @@ msgid "%s: trustdb created\n"
msgstr "%s: 信用データベースができました\n"
msgid "Note: trustdb not writable\n"
msgstr "*注意*: 信用データベースが、書き込み不能です\n"
msgstr "注意: 信用データベースが、書き込み不能です\n"
#, c-format
msgid "%s: invalid trustdb\n"
@ -6089,7 +6084,7 @@ msgid "failed to open '%s': %s\n"
msgstr "'%s'が開けません: %s\n"
msgid "Note: non-critical certificate policy not allowed"
msgstr "*注意*: クリティカルでない証明書ポリシーは認められません"
msgstr "注意: クリティカルでない証明書ポリシーは認められません"
msgid "certificate policy not allowed"
msgstr "証明書ポリシーは認められません"
@ -6605,7 +6600,7 @@ msgstr ""
#, c-format
msgid "Note: won't be able to encrypt to '%s': %s\n"
msgstr "*注意*:'%s'に対して暗号化できません: %s\n"
msgstr "注意:'%s'に対して暗号化できません: %s\n"
#, c-format
msgid "unknown validation model '%s'\n"
@ -7233,31 +7228,17 @@ msgstr "発行者からcrl_cache_insertが失敗しました: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "readerからファイル・マッピングのテーブルがいっぱいです - 待ちます\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "\"http\" を \"https\" の代わりに使います\n"
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr "CRLアクセスは停止された%sのため不可能です\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "リーダ・オブジェクトの初期化エラー: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL'%s' は '%s' (%u) へリダイレクトされました\n"
msgid "too many redirections\n"
msgstr "リダイレクトが多すぎます\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "'%s'を取得する際のエラー: %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "'%s'の取得エラー: httpステイタス %u\n"
msgid "error initializing reader object: %s\n"
msgstr "リーダ・オブジェクトの初期化エラー: %s\n"
msgid "CRL access not possible due to Tor mode\n"
msgstr "CRLアクセスはTorモードのため不可能です\n"
@ -7672,10 +7653,6 @@ msgstr "log出力エラー: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "ldap wrapper %dからのログの読み込みエラー: %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "npth_selectに失敗しました: %s - 一秒待ちます\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "ldap wrapper %d が準備完了"
@ -7696,14 +7673,6 @@ msgstr "ldap wrapper %dの待ちが失敗: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr "ldap wrapper %d が止まりました - killしています\n"
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr "ldap wrapperのスレッドの起動でエラー: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "ldap wrapper %d からの読み込みに失敗しました: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "ホスト名に無効な文字 0x%02x - 加えません\n"
@ -7767,6 +7736,13 @@ msgstr "'%s'の接続エラー: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "'%s'のHTTP応答の読み込みエラー: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL'%s' は '%s' (%u) へリダイレクトされました\n"
msgid "too many redirections\n"
msgstr "リダイレクトが多すぎます\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "'%s'に対するOCSP応答構文解析エラー: %s\n"
@ -8356,6 +8332,21 @@ msgstr ""
"形式: gpg-check-pattern [オプション] パターンファイル\n"
"パターンファイルに対して標準入力のパスフレーズを確認する\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "\"http\" を \"https\" の代わりに使います\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "'%s'の取得エラー: httpステイタス %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "npth_selectに失敗しました: %s - 一秒待ちます\n"
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr "ldap wrapperのスレッドの起動でエラー: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "ldap wrapper %d からの読み込みに失敗しました: %s\n"
#~ msgid "No change."
#~ msgstr "変更なし。"

52
po/nb.po
View File

@ -7365,31 +7365,17 @@ msgstr "crl_cache_insert via utsteder mislyktes: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "tilknytningstabell for overføring fra leser til fil er full. Venter\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "bruker «http» i stedet for «https»\n"
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr "Ingen CRL-tilgang fordi %s er slått av\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "feil under innlasting av leserobjekt: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "Videresendt fra adresse «%s» til «%s» (%u)\n"
msgid "too many redirections\n"
msgstr "for mange videresendinger\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "feil under henting av «%s»: %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "feil under henting av «%s»: http-status %u\n"
msgid "error initializing reader object: %s\n"
msgstr "feil under innlasting av leserobjekt: %s\n"
msgid "CRL access not possible due to Tor mode\n"
msgstr "Ingen CRL-tilgang i Tor-modus\n"
@ -7804,10 +7790,6 @@ msgstr "feil under utskrift av logglinje: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "feil under lesing av logg fra ldap-grensesnitt %d: %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "npth_select mislyktes: %s - venter 1s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "ldap-grensesnitt %d klart"
@ -7828,14 +7810,6 @@ msgstr "venting på ldap-grensesnitt %d mislyktes: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr "ldap-grensesnitt %d steilet - dreper prosess\n"
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr "feil under oppbygging av «reaper»-tråd for ldap-grensesnitt: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "lesing fra ldap-grensesnitt %d mislyktes: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "vertsnavn inneholder ugyldig tegn 0x%02x, og ble ikke lagt til\n"
@ -7899,6 +7873,13 @@ msgstr "feil under tilkobling til «%s»: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "feil under lesing av HTTP-svar for «%s»: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "Videresendt fra adresse «%s» til «%s» (%u)\n"
msgid "too many redirections\n"
msgstr "for mange videresendinger\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "feil under tolking av OCSP-svar for «%s»: %s\n"
@ -8488,6 +8469,21 @@ msgstr ""
"Syntaks: gpg-check-pattern [valg] mønsterfil\n"
"Kontroller passordfrase oppgitt på standard innkanal mot valgt mønsterfil\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "bruker «http» i stedet for «https»\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "feil under henting av «%s»: http-status %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "npth_select mislyktes: %s - venter 1s\n"
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr "feil under oppbygging av «reaper»-tråd for ldap-grensesnitt: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "lesing fra ldap-grensesnitt %d mislyktes: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Hvor stor skal signaturnøkkelen være? (%u) "

61
po/pl.po
View File

@ -8009,36 +8009,19 @@ msgstr "odbieranie linii nie powiodło się: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: błąd zapisu wpisu katalogowego: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "zbyt wiele ustawień szyfru\n"
#, fuzzy, c-format
#| msgid "error retrieving `%s' via %s: %s\n"
msgid "error retrieving '%s': %s\n"
msgstr "błąd odtwarzania ,,%s'' poprzez %s: %s\n"
#, fuzzy, c-format
#| msgid "error running `%s': exit status %d\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "błąd uruchamiania ,,%s'': kod wyjścia %d\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: błąd zapisu wpisu katalogowego: %s\n"
#, fuzzy
#| msgid "certificate `%s' not found: %s\n"
@ -8540,11 +8523,6 @@ msgstr "błąd zapisu do %s: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "błąd odczytu z %s: %s\n"
#, fuzzy, c-format
#| msgid "pth_select failed: %s - waiting 1s\n"
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "pth_select nie powiodło się: %s - czekanie 1s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8566,15 +8544,6 @@ msgstr "oczekiwanie na zakończenie procesu %d nie powiodło się: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "reading public key failed: %s\n"
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8652,6 +8621,15 @@ msgstr "błąd zapisu do ,,%s'': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "błąd odczytu z %s: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "zbyt wiele ustawień szyfru\n"
#, fuzzy, c-format
#| msgid "error binding socket to `%s': %s\n"
msgid "error parsing OCSP response for '%s': %s\n"
@ -9327,6 +9305,21 @@ msgstr ""
"Składnia: gpg-check-pattern [opcje] plik-wzorców\n"
"Sprawdzanie hasła ze standardowego wejścia względem pliku wzorców\n"
#, fuzzy
#~| msgid "error running `%s': exit status %d\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "błąd uruchamiania ,,%s'': kod wyjścia %d\n"
#, fuzzy
#~| msgid "pth_select failed: %s - waiting 1s\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "pth_select nie powiodło się: %s - czekanie 1s\n"
#, fuzzy
#~| msgid "reading public key failed: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "odczyt klucza publicznego nie powiódł się: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Jakiej długości klucz do podpisywania wygenerować? (%u) "

53
po/pt.po
View File

@ -7773,33 +7773,18 @@ msgstr "remoção do bloco de chave falhou: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: erro ao escrever registo de diretório: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "demasiadas preferências `%c'\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "erro ao criar `%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "erro na leitura de `%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: erro ao escrever registo de diretório: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8249,10 +8234,6 @@ msgstr "erro na escrita do porta-chaves `%s': %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "erro na leitura de `%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "actualização da chave secreta falhou: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8273,14 +8254,6 @@ msgstr "actualização falhou: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "remoção do bloco de chave falhou: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8348,6 +8321,14 @@ msgstr "erro na escrita do porta-chaves `%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "erro na leitura de `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "demasiadas preferências `%c'\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "erro ao enviar para `%s': %s\n"
@ -8965,6 +8946,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "erro na leitura de `%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "actualização da chave secreta falhou: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "remoção do bloco de chave falhou: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Qual o tamanho de chave desejado? (1024) "

57
po/ro.po
View File

@ -7835,34 +7835,18 @@ msgstr "citirea cheii publice a eşuat: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: eroare scriere înregistrare dir: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "prea multe preferinţe de cifrare\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "eroare la creearea `%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "eroare la citire `%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: eroare scriere înregistrare dir: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8324,10 +8308,6 @@ msgstr "eroare la scrierea inelului de chei `%s': %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "eroare la citire `%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "actualizarea secretului a eşuat: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8348,15 +8328,6 @@ msgstr "actualizarea a eşuat: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "reading public key failed: %s\n"
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "citirea cheii publice a eşuat: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8426,6 +8397,15 @@ msgstr "eroare la scrierea inelului de chei `%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "eroare la citire `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "prea multe preferinţe de cifrare\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "eroare trimitere la `%s': %s\n"
@ -9047,6 +9027,19 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "eroare la citire `%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "actualizarea secretului a eşuat: %s\n"
#, fuzzy
#~| msgid "reading public key failed: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "citirea cheii publice a eşuat: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Ce lungime de cheie doriţi? (%u) "

53
po/ru.po
View File

@ -7492,33 +7492,19 @@ msgstr "сбой crl_cache_insert через издателя: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "ожидание ресурсов для объекта чтения\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "используется \"http\" вместо \"https\"\n"
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
"Доступ к списку отозванных сертификатов невозможен\n"
"из-за того, что не задействуется %s\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "ошибка инициализации объекта устройства чтения: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL '%s' перенаправлен на '%s' (%u)\n"
msgid "too many redirections\n"
msgstr "слишком много перенаправлений\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "ошибка получения '%s': %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "ошибка получения '%s': статус HTTP %u\n"
msgid "error initializing reader object: %s\n"
msgstr "ошибка инициализации объекта устройства чтения: %s\n"
msgid "CRL access not possible due to Tor mode\n"
msgstr ""
@ -7942,10 +7928,6 @@ msgstr "ошибка вывода строки журнала: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "ошибка чтения журнала из обертки LDAP %d: %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "сбой npth_select: %s - жду 1 секунду\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "обертка LDAP %d готова"
@ -7966,14 +7948,6 @@ msgstr "сбой при ожидании обертки LDAP %d: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr "обертка LDAP %d зависла - будет удалена\n"
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr "ошибка при запуске прерывающего потока управления обертки LDAP: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "сбой при чтении из обертки LDAP %d: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "недопустимый символ 0x%02x в имени хоста - не добавляется\n"
@ -8037,6 +8011,13 @@ msgstr "ошибка соединения с '%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "ошибка чтения ответа HTTP для '%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "URL '%s' перенаправлен на '%s' (%u)\n"
msgid "too many redirections\n"
msgstr "слишком много перенаправлений\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "ошибка разбора ответа OCSP для '%s': %s\n"
@ -8630,6 +8611,22 @@ msgstr ""
"Синтаксис: gpg-check-pattern [параметры] файл_образцов\n"
"Проверить фразу-пароль, поступающую из stdin, по файлу образцов\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "используется \"http\" вместо \"https\"\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "ошибка получения '%s': статус HTTP %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "сбой npth_select: %s - жду 1 секунду\n"
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr ""
#~ "ошибка при запуске прерывающего потока управления обертки LDAP: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "сбой при чтении из обертки LDAP %d: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Какой Вам нужен размер ключа для подписей? (%u) "

53
po/sk.po
View File

@ -7797,33 +7797,18 @@ msgstr "zmazanie bloku kľúča sa nepodarilo: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: chyba pri zápise adresárového záznamu: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "príliš veľa `%c' predvolieb\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "chyba pri vytváraní `%s': %s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "chyba pri čítaní `%s': %s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: chyba pri zápise adresárového záznamu: %s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8272,10 +8257,6 @@ msgstr "chyba pri zápise súboru kľúčov (keyring) `%s': %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "chyba pri čítaní `%s': %s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "aktualizácia tajného kľúča zlyhala: %s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8296,14 +8277,6 @@ msgstr "aktualizácia zlyhala: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "zmazanie bloku kľúča sa nepodarilo: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8371,6 +8344,14 @@ msgstr "chyba pri zápise súboru kľúčov (keyring) `%s': %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "chyba pri čítaní `%s': %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
msgid "too many redirections\n"
msgstr "príliš veľa `%c' predvolieb\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "chyba pri posielaní na `%s': %s\n"
@ -8988,6 +8969,18 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "chyba pri čítaní `%s': %s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "aktualizácia tajného kľúča zlyhala: %s\n"
#, fuzzy
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "zmazanie bloku kľúča sa nepodarilo: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Akú veľkosť kľúča si prajete? (1024) "

61
po/sv.po
View File

@ -8088,36 +8088,19 @@ msgstr "mottagande rad misslyckades: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: fel vid läsning av katalogpost: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "för många chifferinställningar\n"
#, fuzzy, c-format
#| msgid "error retrieving `%s' via %s: %s\n"
msgid "error retrieving '%s': %s\n"
msgstr "fel vid hämtning av \"%s\" via %s: %s\n"
#, fuzzy, c-format
#| msgid "error running `%s': exit status %d\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: fel vid läsning av katalogpost: %s\n"
#, fuzzy
#| msgid "certificate `%s' not found: %s\n"
@ -8622,11 +8605,6 @@ msgstr "fel vid skrivning till %s: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "fel vid läsning från %s: %s\n"
#, fuzzy, c-format
#| msgid "pth_select failed: %s - waiting 1s\n"
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "pth_select misslyckades: %s - väntar 1 s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8648,15 +8626,6 @@ msgstr "misslyckades med att vänta på att processen %d skulle avslutas: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "reading public key failed: %s\n"
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "läsning av publik nyckel misslyckades: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8734,6 +8703,15 @@ msgstr "fel vid skrivning till \"%s\": %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "fel vid läsning från %s: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "för många chifferinställningar\n"
#, fuzzy, c-format
#| msgid "error binding socket to `%s': %s\n"
msgid "error parsing OCSP response for '%s': %s\n"
@ -9408,6 +9386,21 @@ msgstr ""
"Syntax: gpg-check-pattern [flaggor] mönsterfil\n"
"Kontrollera en lösenfras angiven på standard in mot mönsterfilen\n"
#, fuzzy
#~| msgid "error running `%s': exit status %d\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "fel vid körning av \"%s\": avslutsstatus %d\n"
#, fuzzy
#~| msgid "pth_select failed: %s - waiting 1s\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "pth_select misslyckades: %s - väntar 1 s\n"
#, fuzzy
#~| msgid "reading public key failed: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "läsning av publik nyckel misslyckades: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Vilken nyckelstorlek vill du använda för signaturnyckeln? (%u) "

61
po/tr.po
View File

@ -7990,36 +7990,19 @@ msgstr "satır alımı başarısız: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: dizin kaydını yazma hatası: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "çok fazla şifreleme tercihi\n"
#, fuzzy, c-format
#| msgid "error retrieving `%s' via %s: %s\n"
msgid "error retrieving '%s': %s\n"
msgstr "`%s' %s üzerinden alınırken hata: %s\n"
#, fuzzy, c-format
#| msgid "error running `%s': exit status %d\n"
msgid "error retrieving '%s': http status %u\n"
msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s: dizin kaydını yazma hatası: %s\n"
#, fuzzy
#| msgid "certificate `%s' not found: %s\n"
@ -8521,11 +8504,6 @@ msgstr "%s yazılırken hata: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "%s okunurken hata: %s\n"
#, fuzzy, c-format
#| msgid "pth_select failed: %s - waiting 1s\n"
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "pth_select başarısız: %s - 1s bekliyor\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8547,15 +8525,6 @@ msgstr "süreç %d sonlanacak diye beklerken başarısızlık: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "reading public key failed: %s\n"
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "genel anahtar okuması başarısız: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8633,6 +8602,15 @@ msgstr "`%s' yazılırken hata: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "%s okunurken hata: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "çok fazla şifreleme tercihi\n"
#, fuzzy, c-format
#| msgid "error binding socket to `%s': %s\n"
msgid "error parsing OCSP response for '%s': %s\n"
@ -9309,6 +9287,21 @@ msgstr ""
"Standart girdiden verilen anahtar parolasını örüntü dosyasıyla "
"karşılaştırır\n"
#, fuzzy
#~| msgid "error running `%s': exit status %d\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "`%s' çalışırken hata: çıkış durumu: %d\n"
#, fuzzy
#~| msgid "pth_select failed: %s - waiting 1s\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "pth_select başarısız: %s - 1s bekliyor\n"
#, fuzzy
#~| msgid "reading public key failed: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "genel anahtar okuması başarısız: %s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "İstediğiniz anahtar uzunluğu nedir? (%u) "

55
po/uk.po
View File

@ -7608,31 +7608,17 @@ msgstr "помилка crl_cache_insert за видавцем: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "засіб читання до таблиці відповідності файлів переповнено — очікуємо\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "використовуємо «http» замість «https»\n"
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr "Доступ до CRL неможливий через вимкнений %s\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "помилка під час спроби ініціалізації об’єкта читання: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "Адресу «%s» переспрямовано до «%s» (%u)\n"
msgid "too many redirections\n"
msgstr "занадто багато переспрямувань\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "помилка отримання «%s»: %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "помилка отримання «%s»: стан http %u\n"
msgid "error initializing reader object: %s\n"
msgstr "помилка під час спроби ініціалізації об’єкта читання: %s\n"
msgid "CRL access not possible due to Tor mode\n"
msgstr "Доступ до CRL неможливий через увімкнений режим Tor\n"
@ -8051,10 +8037,6 @@ msgstr "помилка під час спроби виводу рядка жур
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "помилка під час спроби читання журналу з обгортки LDAP %d: %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "помилка npth_select: %s — очікування у 1 с\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "обгортка LDAP %d готова"
@ -8075,15 +8057,6 @@ msgstr "очікування даних з обгортки LDAP %d зазнал
msgid "ldap wrapper %d stalled - killing\n"
msgstr "обгортка LDAP %d не відповідає — завершуємо роботу\n"
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
"помилка під час спроби породження потоку обгортки отримання даних LDAP: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "спроба читання з обгортки LDAP %d зазнала невдачі: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "некоректний символ 0x%02x у назві вузла — не додано\n"
@ -8147,6 +8120,13 @@ msgstr "помилка під час спроби встановлення з’
msgid "error reading HTTP response for '%s': %s\n"
msgstr "помилка під час спроби читання відповіді за HTTP для «%s»: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "Адресу «%s» переспрямовано до «%s» (%u)\n"
msgid "too many redirections\n"
msgstr "занадто багато переспрямувань\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "помилка під час обробки відповіді за OCSP для «%s»: %s\n"
@ -8740,6 +8720,23 @@ msgstr ""
"Синтаксис: gpg-check-pattern [параметри] файл_шаблонів\n"
"Перевірити пароль, вказаний у stdin, за допомогою файлааблонів\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "використовуємо «http» замість «https»\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "помилка отримання «%s»: стан http %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "помилка npth_select: %s — очікування у 1 с\n"
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr ""
#~ "помилка під час спроби породження потоку обгортки отримання даних LDAP: "
#~ "%s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "спроба читання з обгортки LDAP %d зазнала невдачі: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "Якому розміру ключа підписування ви надаєте перевагу? (%u) "

57
po/zh_CN.po
View File

@ -7662,34 +7662,18 @@ msgstr "无法读出公钥:%s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr ""
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s写入目录记录时出错%s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "太多对称加密算法首选项\n"
#, fuzzy, c-format
msgid "error retrieving '%s': %s\n"
msgstr "建立‘%s时发生错误%s\n"
#, fuzzy, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "读取‘%s时出错%s\n"
#| msgid "%s: error writing dir record: %s\n"
msgid "error initializing reader object: %s\n"
msgstr "%s写入目录记录时出错%s\n"
#, fuzzy
msgid "CRL access not possible due to Tor mode\n"
@ -8147,10 +8131,6 @@ msgstr "写入钥匙环‘%s时出错 %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "读取‘%s时出错%s\n"
#, fuzzy, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "更新私钥失败:%s\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr ""
@ -8171,15 +8151,6 @@ msgstr "更新失败:%s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr ""
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr ""
#, fuzzy, c-format
#| msgid "reading public key failed: %s\n"
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "无法读出公钥:%s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr ""
@ -8249,6 +8220,15 @@ msgstr "写入钥匙环‘%s时出错 %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "读取‘%s时出错%s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr ""
#, fuzzy
#| msgid "too many cipher preferences\n"
msgid "too many redirections\n"
msgstr "太多对称加密算法首选项\n"
#, fuzzy, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "在‘%s中寻找信任度记录时出错%s\n"
@ -8868,6 +8848,19 @@ msgid ""
"Check a passphrase given on stdin against the patternfile\n"
msgstr ""
#, fuzzy
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "读取‘%s时出错%s\n"
#, fuzzy
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "更新私钥失败:%s\n"
#, fuzzy
#~| msgid "reading public key failed: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "无法读出公钥:%s\n"
#, fuzzy
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "您想要用多大的密钥尺寸?(%u)"

52
po/zh_TW.po
View File

@ -7381,31 +7381,17 @@ msgstr "經由發行者的 crl_cache_insert 失敗: %s\n"
msgid "reader to file mapping table full - waiting\n"
msgstr "讀取程式至檔案映射表已滿 - 正在等待\n"
msgid "using \"http\" instead of \"https\"\n"
msgstr "正改以 \"http\" 代替 \"https\"\n"
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr "不可能存取 CRL 因已停用 %s\n"
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "啟始讀取程式物件時出錯: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "網址 '%s' 重新轉向至 '%s' (%u)\n"
msgid "too many redirections\n"
msgstr "太多重新導向\n"
#, c-format
msgid "error retrieving '%s': %s\n"
msgstr "取回 '%s' 時出錯: %s\n"
#, c-format
msgid "error retrieving '%s': http status %u\n"
msgstr "取回 '%s' 時出錯: http 狀態 %u\n"
msgid "error initializing reader object: %s\n"
msgstr "啟始讀取程式物件時出錯: %s\n"
#, fuzzy
#| msgid "CRL access not possible due to disabled %s\n"
@ -7821,10 +7807,6 @@ msgstr "印出日誌記錄列時出錯: %s\n"
msgid "error reading log from ldap wrapper %d: %s\n"
msgstr "從 ldap 封裝程式 %d 讀取日誌記錄時出錯: %s\n"
#, c-format
msgid "npth_select failed: %s - waiting 1s\n"
msgstr "npth_select 失敗: %s - 等 1 秒鐘\n"
#, c-format
msgid "ldap wrapper %d ready"
msgstr "ldap 封裝程式 %d 準備妥當"
@ -7845,14 +7827,6 @@ msgstr "等候 ldap 封裝程式 %d 時失敗: %s\n"
msgid "ldap wrapper %d stalled - killing\n"
msgstr "ldap 封裝程式 %d 已卡住 - 正在中止\n"
#, c-format
msgid "error spawning ldap wrapper reaper thread: %s\n"
msgstr "繁衍 ldap 封裝程式收割執行緒時出錯: %s\n"
#, c-format
msgid "reading from ldap wrapper %d failed: %s\n"
msgstr "從 ldap 封裝程式 %d 讀取時失敗: %s\n"
#, c-format
msgid "invalid char 0x%02x in host name - not added\n"
msgstr "主機名稱中有無效的字符 0x%02x - 不予加入\n"
@ -7918,6 +7892,13 @@ msgstr "連線至 '%s' 時出錯: %s\n"
msgid "error reading HTTP response for '%s': %s\n"
msgstr "讀取 '%s' HTTP 回應時出錯: %s\n"
#, c-format
msgid "URL '%s' redirected to '%s' (%u)\n"
msgstr "網址 '%s' 重新轉向至 '%s' (%u)\n"
msgid "too many redirections\n"
msgstr "太多重新導向\n"
#, c-format
msgid "error parsing OCSP response for '%s': %s\n"
msgstr "剖析 '%s' OCSP 回應時出錯: %s\n"
@ -8524,6 +8505,21 @@ msgstr ""
"語法: gpg-check-pattern [選項] 樣式檔案\n"
"用樣式檔案來檢查由標準輸入給定的密語\n"
#~ msgid "using \"http\" instead of \"https\"\n"
#~ msgstr "正改以 \"http\" 代替 \"https\"\n"
#~ msgid "error retrieving '%s': http status %u\n"
#~ msgstr "取回 '%s' 時出錯: http 狀態 %u\n"
#~ msgid "npth_select failed: %s - waiting 1s\n"
#~ msgstr "npth_select 失敗: %s - 等 1 秒鐘\n"
#~ msgid "error spawning ldap wrapper reaper thread: %s\n"
#~ msgstr "繁衍 ldap 封裝程式收割執行緒時出錯: %s\n"
#~ msgid "reading from ldap wrapper %d failed: %s\n"
#~ msgstr "從 ldap 封裝程式 %d 讀取時失敗: %s\n"
#~ msgid "What keysize do you want for the Signature key? (%u) "
#~ msgstr "你的簽署金鑰想要用多大的金鑰尺寸? (%u) "

41
sm/call-dirmngr.c
View File

@ -491,8 +491,8 @@ isvalid_status_cb (void *opaque, const char *line)
Values for USE_OCSP:
0 = Do CRL check.
1 = Do an OCSP check.
2 = Do an OCSP check using only the default responder.
1 = Do an OCSP check but fallback to CRL unless CRLS are disabled.
2 = Do only an OCSP check using only the default responder.
*/
int
gpgsm_dirmngr_isvalid (ctrl_t ctrl,
@ -500,7 +500,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
{
static int did_options;
int rc;
char *certid;
char *certid, *certfpr;
char line[ASSUAN_LINELENGTH];
struct inq_certificate_parm_s parm;
struct isvalid_status_parm_s stparm;
@ -509,19 +509,13 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
if (rc)
return rc;
if (use_ocsp)
certfpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
certid = gpgsm_get_certid (cert);
if (!certid)
{
certid = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
}
else
{
certid = gpgsm_get_certid (cert);
if (!certid)
{
log_error ("error getting the certificate ID\n");
release_dirmngr (ctrl);
return gpg_error (GPG_ERR_GENERAL);
}
log_error ("error getting the certificate ID\n");
release_dirmngr (ctrl);
return gpg_error (GPG_ERR_GENERAL);
}
if (opt.verbose > 1)
@ -541,13 +535,8 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
stparm.seen = 0;
memset (stparm.fpr, 0, 20);
/* FIXME: If --disable-crl-checks has been set, we should pass an
option to dirmngr, so that no fallback CRL check is done after an
ocsp check. It is not a problem right now as dirmngr does not
fallback to CRL checking. */
/* It is sufficient to send the options only once because we have
one connection per process only. */
* one connection per process only. */
if (!did_options)
{
if (opt.force_crl_refresh)
@ -555,10 +544,14 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl,
NULL, NULL, NULL, NULL, NULL, NULL);
did_options = 1;
}
snprintf (line, DIM(line), "ISVALID%s %s",
use_ocsp == 2? " --only-ocsp --force-default-responder":"",
certid);
snprintf (line, DIM(line), "ISVALID%s%s %s%s%s",
use_ocsp == 2 || opt.no_crl_check ? " --only-ocsp":"",
use_ocsp == 2? " --force-default-responder":"",
certid,
use_ocsp? " ":"",
use_ocsp? certfpr:"");
xfree (certid);
xfree (certfpr);
rc = assuan_transact (dirmngr_ctx, line, NULL, NULL,
inq_certificate, &parm,