Minor changes and typo fixes.

2006-09-06 11:53:24 +00:00 · 2006-09-06 11:53:24 +00:00 · 7b9fa9da99
parent 3d3299d1fe
commit 7b9fa9da99
12 changed files with 83 additions and 16 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2006-08-31  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Require libksba 1.0 and added API check for it.
+	(GPG_ERR_LOCKED): Removed DECL check as we require 1.2 anyway.
+	(have_libusb): New to give a feedback about CCID support
+
 2006-08-21  Werner Koch  <wk@g10code.com>

 	* configure.ac: Removed docbook tests.
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@ -1142,7 +1142,7 @@ reread_configuration (void)
   unique name in a unique new directory will be created.  In both
   cases check for valid characters as well as against a maximum
   allowed length for a unix domain socket is done.  The function
-   terminates the process in case of an error.  Retunrs: Pointer to an
+   terminates the process in case of an error.  Returns: Pointer to an
   allcoated string with the absolute name of the socket used.  */
 static char *
 create_socket_name (int use_standard_socket,
--- a/common/ChangeLog
+++ b/common/ChangeLog
@ -3,6 +3,7 @@
 	* http.c (http_get_header): New.
 	(capitalize_header_name, store_header): New.
 	(parse_response): Store headers away.
+	(send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
 	* http.h: New flag HTTP_FLAG_NEED_HEADER.

 2006-08-21  Werner Koch  <wk@g10code.com>
--- a/common/http.c
+++ b/common/http.c
@ -872,7 +872,9 @@ send_request (http_t hd, const char *auth, const char *proxy)
  if (hd->sock == -1)
    {
      xfree (proxy_authstr);
-      return gpg_error_from_errno (save_errno);
+      return (save_errno 
+              ? gpg_error_from_errno (save_errno)
+              : gpg_error (GPG_ERR_NOT_FOUND));
    }

 #ifdef HTTP_USE_GNUTLS
--- a/configure.ac
+++ b/configure.ac
@ -46,7 +46,8 @@ NEED_LIBGCRYPT_VERSION=1.1.94

 NEED_LIBASSUAN_VERSION=0.6.10

-NEED_KSBA_VERSION=0.9.16
+NEED_KSBA_API=1
+NEED_KSBA_VERSION=1.0.0


 PACKAGE=$PACKAGE_NAME
@ -68,6 +69,7 @@ have_libgcrypt=no
 have_libassuan=no
 have_ksba=no
 have_pth=no
+have_libusb=no

 use_bzip2=yes
 use_exec=yes
@ -561,10 +563,6 @@ fi
 #
 AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
                  have_gpg_error=yes,have_gpg_error=no)
-_tmp_gpg_error_save_cflags="$CFLAGS"
-CFLAGS="$CFLAGS $GPG_ERROR_CFLAGS"
-AC_CHECK_DECLS(GPG_ERR_LOCKED,,,[#include <gpg-error.h>])
-CFLAGS="${_tmp_gpg_error_save_cflags}"


 #
@ -584,7 +582,7 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION",
 #
 # libksba is our X.509 support library
 #
-AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
+AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)


 #
@ -595,6 +593,7 @@ AC_CHECK_LIB(usb, usb_bulk_write,
              [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
                AC_DEFINE(HAVE_LIBUSB,1,
                         [defined if libusb is available])
+                have_libusb=yes
             ])
 AC_SUBST(LIBUSB_LIBS)
 AC_CHECK_FUNCS(usb_create_match)
@ -1208,6 +1207,10 @@ if test "$build_scdaemon" = "yes"; then
     tmp=", "
     missing_pth=yes
  fi
+  if test $have_libusb = no; then
+     build_scdaemon_extra="${tmp}without internal CCID driver"
+     tmp=", "
+  fi
  if test -n "$build_scdaemon_extra"; then
     build_scdaemon_extra="(${build_scdaemon_extra})"
  fi
@ -1251,7 +1254,7 @@ if test "$have_libgcrypt" = "no"; then
 *** You need libgcrypt to build this program.
 **  This library is for example available at
 ***   ftp://ftp.gnupg.org/gcrypt/libgcrypt/
-*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API) is required.)
+*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.)
 ***]])
 fi
 if test "$have_libassuan" = "no"; then
@ -1269,8 +1272,8 @@ if test "$have_ksba" = "no"; then
 ***
 *** You need libksba to build this program.
 *** This library is for example available at
-***   ftp://ftp.gnupg.org/gcrypt/alpha/libksba/
-*** (at least version $NEED_KSBA_VERSION is required).
+***   ftp://ftp.gnupg.org/gcrypt/libksba/
+*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required).
 ***]])
 fi
 if test "$missing_pth" = "yes"; then
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,9 @@
+2006-09-01  Werner Koch  <wk@g10code.com>
+
+	* call-agent.c: Do not force using the pipe server.
+
+	* gpg.c (main): Enable card related commands.
+
 2006-08-22  Werner Koch  <wk@g10code.com>

 	* mainproc.c (proc_plaintext): Fixed a #warning
--- a/g10/call-agent.c
+++ b/g10/call-agent.c
@ -48,7 +48,7 @@
 #endif

 static assuan_context_t agent_ctx = NULL;
-static int force_pipe_server = 1; /* FIXME: set this back to 0. */
+static int force_pipe_server; 

 struct cipher_parm_s 
 {
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -2012,8 +2012,14 @@ main (int argc, char **argv )
 	  case aRefreshKeys:
 	  case aFetchKeys:
 	  case aExport: 
+#ifdef ENABLE_CARD_SUPPORT
+          case aCardStatus:
+          case aCardEdit: 
+          case aChangePIN:
+#endif /* ENABLE_CARD_SUPPORT*/
            set_cmd (&cmd, pargs.r_opt);
            break;
+
 	  case aListKeys: set_cmd( &cmd, aListKeys); break;
 	  case aListSigs: set_cmd( &cmd, aListSigs); break;
 	  case aExportSecret: set_cmd( &cmd, aExportSecret); break;
--- a/m4/ksba.m4
+++ b/m4/ksba.m4
@ -13,6 +13,12 @@
 dnl AM_PATH_KSBA([MINIMUM-VERSION,
 dnl              [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
 dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.0.7 won't pass the test unless the installed 
+dnl version of libksba is at least 1.0.7 *and* the API number is 1.  Using
+dnl this features allows to prevent build against newer versions of libksba
+dnl with a changed API.
 dnl
 AC_DEFUN([AM_PATH_KSBA],
 [ AC_ARG_WITH(ksba-prefix,
@ -27,7 +33,15 @@ AC_DEFUN([AM_PATH_KSBA],
  fi

  AC_PATH_PROG(KSBA_CONFIG, ksba-config, no)
-  min_ksba_version=ifelse([$1], ,0.4.4,$1)
+  tmp=ifelse([$1], ,1:1.0.0,$1)
+  if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+     req_ksba_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
+     min_ksba_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+  else
+     req_ksba_api=0
+     min_ksba_version="$tmp"
+  fi
+
  AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version)
  ok=no
  if test "$KSBA_CONFIG" != "no" ; then
@ -60,15 +74,34 @@ AC_DEFUN([AM_PATH_KSBA],
        fi
    fi
  fi
+  if test $ok = yes; then
+    AC_MSG_RESULT(yes)
+  else
+    AC_MSG_RESULT(no)
+  fi
+  if test $ok = yes; then
+     # Even if we have a recent libksba, we should check that the
+     # API is compatible.
+     if test "$req_ksba_api" -gt 0 ; then
+        tmp=`$KSBA_CONFIG --api-version 2>/dev/null || echo 0`
+        if test "$tmp" -gt 0 ; then
+           AC_MSG_CHECKING([KSBA API version])
+           if test "$req_ksba_api" -eq "$tmp" ; then
+             AC_MSG_RESULT(okay)
+           else
+             ok=no
+             AC_MSG_RESULT([does not match.  want=$req_ksba_api got=$tmp.])
+           fi
+        fi
+     fi
+  fi
  if test $ok = yes; then
    KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags`
    KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs`
-    AC_MSG_RESULT(yes)
    ifelse([$2], , :, [$2])
  else
    KSBA_CFLAGS=""
    KSBA_LIBS=""
-    AC_MSG_RESULT(no)
    ifelse([$3], , :, [$3])
  fi
  AC_SUBST(KSBA_CFLAGS)
--- a/sm/certchain.c
+++ b/sm/certchain.c
@ -136,6 +136,8 @@ allowed_ca (ksba_cert_t cert, int *chainlen, int listmode, FILE *fp)
    {
      if (get_regtp_ca_info (cert, chainlen))
        {
+          /* Note that dirmngr takes a different way to cope with such
+             certs. */
          return 0; /* RegTP issued certificate. */
        }

--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@ -66,7 +66,7 @@ The format of the native parameter file is follows:
 	Length of the key in bits.  Default is 1024.
     Key-Grip: hexstring
        This is optional and used to generate a request for an already
-        existsing key.  Key-Length will be ignored when given,
+        existing key.  Key-Length will be ignored when given,
     Key-Usage: <usage-list>
        Space or comma delimited list of key usage, allowed values are
        "encrypt" and "sign".  This is used to generate the KeyUsage extension.
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -70,6 +70,9 @@ struct {

  { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns" }, /* Netscape. */
  { "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms"}, /* Microsoft. */
+
+  { "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck" },
+
  { NULL, NULL }
 };

@ -125,6 +128,11 @@ static struct {
  { "1.3.6.1.5.5.7.1.10", "acProxying" },
  { "1.3.6.1.5.5.7.1.11", "subjectInfoAccess" },

+  { "1.3.6.1.5.5.7.48.1", "ocsp" },
+  { "1.3.6.1.5.5.7.48.2", "caIssuers" },
+  { "1.3.6.1.5.5.7.48.3", "timeStamping" },
+  { "1.3.6.1.5.5.7.48.5", "caRepository" },
+
  /* X.509 id-ce */
  { "2.5.29.14", "subjectKeyIdentifier", 1},
  { "2.5.29.15", "keyUsage", 1 },