security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

Preparing for a release

Browse Source
This commit is contained in:
Werner Koch 2004-03-06 20:11:19 +00:00
parent 9008835d8a
commit 884483282f
15 changed files with 423 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,3 +1,9 @@
2004-03-06 Werner Koch <wk@gnupg.org>
Released 1.9.6.
* configure.ac: Check the Libgcrypt API.
2004-02-25 Werner Koch <wk@gnupg.org> 2004-02-25 Werner Koch <wk@gnupg.org>
* configure.ac: New option --disable-threads to inhibit * configure.ac: New option --disable-threads to inhibit

3
NEWS
View File

@ -1,6 +1,7 @@
Noteworthy changes in version 1.9.6 Noteworthy changes in version 1.9.6 (2004-03-06)
------------------------------------------------ ------------------------------------------------
* Code cleanups and bug fixes.
Noteworthy changes in version 1.9.5 (2004-02-21) Noteworthy changes in version 1.9.5 (2004-02-21)

5
common/ChangeLog
View File

@ -1,3 +1,8 @@
2004-03-03 Werner Koch <wk@gnupg.org>
* asshelp.c, asshelp.h: New.
(send_pinentry_environment): New. Code taken from ../sm/call-agent.c.
2004-02-19 Werner Koch <wk@gnupg.org> 2004-02-19 Werner Koch <wk@gnupg.org>
* simple-pwquery.c (agent_open): Don't mangle INFOSTR. * simple-pwquery.c (agent_open): Don't mangle INFOSTR.

3
common/Makefile.am
View File

@ -39,6 +39,7 @@ libcommon_a_SOURCES = \
membuf.c membuf.h \ membuf.c membuf.h \
iobuf.c iobuf.h \ iobuf.c iobuf.h \
ttyio.c ttyio.h \ ttyio.c ttyio.h \
asshelp.c asshelp.h \
signal.c \ signal.c \
dynload.h dynload.h
@ -46,7 +47,7 @@ libcommon_a_SOURCES = \
libcommon_a_LIBADD = @LIBOBJS@ libcommon_a_LIBADD = @LIBOBJS@
libsimple_pwquery_a_SOURCES = \ libsimple_pwquery_a_SOURCES = \
simple-pwquery.c simple-pwquery.h simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
libsimple_pwquery_a_LIBADD = @LIBOBJS@ libsimple_pwquery_a_LIBADD = @LIBOBJS@

166
common/asshelp.c Normal file
View File

@ -0,0 +1,166 @@
/* asshelp.c - Helper functions for Assuan
* Copyright (C) 2002, 2004 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
#include "util.h"
#include "asshelp.h"
/* Send the assuan command pertaining to the pinenry environment. The
OPT_* arguments are optional and may be used to overide the
defaults taken from the current locale. */
gpg_error_t
send_pinentry_environment (assuan_context_t ctx,
const char *opt_display,
const char *opt_ttyname,
const char *opt_ttytype,
const char *opt_lc_ctype,
const char *opt_lc_messages)
{
int rc = 0;
char *dft_display = NULL;
char *dft_ttyname = NULL;
char *dft_ttytype = NULL;
char *old_lc = NULL;
char *dft_lc = NULL;
dft_display = getenv ("DISPLAY");
if (opt_display || dft_display)
{
char *optstr;
if (asprintf (&optstr, "OPTION display=%s",
opt_display ? opt_display : dft_display) < 0)
return gpg_error_from_errno (errno);
rc = assuan_transact (ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
return map_assuan_err (rc);
}
if (!opt_ttyname)
{
dft_ttyname = getenv ("GPG_TTY");
if ((!dft_ttyname || !*dft_ttyname) && ttyname (0))
dft_ttyname = ttyname (0);
}
if (opt_ttyname || dft_ttyname)
{
char *optstr;
if (asprintf (&optstr, "OPTION ttyname=%s",
opt_ttyname ? opt_ttyname : dft_ttyname) < 0)
return gpg_error_from_errno (errno);
rc = assuan_transact (ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
return map_assuan_err (rc);
}
dft_ttytype = getenv ("TERM");
if (opt_ttytype || (dft_ttyname && dft_ttytype))
{
char *optstr;
if (asprintf (&optstr, "OPTION ttytype=%s",
opt_ttyname ? opt_ttytype : dft_ttytype) < 0)
return gpg_error_from_errno (errno);
rc = assuan_transact (ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
return map_assuan_err (rc);
}
#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
old_lc = setlocale (LC_CTYPE, NULL);
if (old_lc)
{
old_lc = strdup (old_lc);
if (!old_lc)
return gpg_error_from_errno (errno);
}
dft_lc = setlocale (LC_CTYPE, "");
#endif
if (opt_lc_ctype || (dft_ttyname && dft_lc))
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-ctype=%s",
opt_lc_ctype ? opt_lc_ctype : dft_lc) < 0)
rc = gpg_error_from_errno (errno);
else
{
rc = assuan_transact (ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
rc = map_assuan_err (rc);
}
}
#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
if (old_lc)
{
setlocale (LC_CTYPE, old_lc);
free (old_lc);
}
#endif
if (rc)
return rc;
#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
old_lc = setlocale (LC_MESSAGES, NULL);
if (old_lc)
{
old_lc = strdup (old_lc);
if (!old_lc)
return gpg_error_from_errno (errno);
}
dft_lc = setlocale (LC_MESSAGES, "");
#endif
if (opt_lc_messages || (dft_ttyname && dft_lc))
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-messages=%s",
opt_lc_messages ? opt_lc_messages : dft_lc) < 0)
rc = gpg_error_from_errno (errno);
else
{
rc = assuan_transact (ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
rc = map_assuan_err (rc);
}
}
#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
if (old_lc)
{
setlocale (LC_MESSAGES, old_lc);
free (old_lc);
}
#endif
return rc;
}

36
common/asshelp.h Normal file
View File

@ -0,0 +1,36 @@
/* asshelp.h - Helper functions for Assuan
* Copyright (C) 2004 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef GNUPG_COMMON_ASSHELP_H
#define GNUPG_COMMON_ASSHELP_H
#include <assuan.h>
#include <gpg-error.h>
gpg_error_t
send_pinentry_environment (assuan_context_t ctx,
const char *opt_display,
const char *opt_ttyname,
const char *opt_ttytype,
const char *opt_lc_ctype,
const char *opt_lc_messages);
#endif /*GNUPG_COMMON_ASSHELP_H*/

14
configure.ac
View File

@ -24,18 +24,24 @@ min_automake_version="1.7.6"
# Version number: Remember to change it immediately *after* a release. # Version number: Remember to change it immediately *after* a release.
# Add a "-cvs" prefix for non-released code. # Add a "-cvs" prefix for non-released code.
AC_INIT(gnupg, 1.9.6-cvs, gnupg-devel@gnupg.org) AC_INIT(gnupg, 1.9.6, gnupg-devel@gnupg.org)
# Set development_version to yes if the minor number is odd or you # Set development_version to yes if the minor number is odd or you
# feel that the default check for a development version is not # feel that the default check for a development version is not
# sufficient. # sufficient.
development_version=yes development_version=yes
NEED_GPG_ERROR_VERSION=0.6 NEED_GPG_ERROR_VERSION=0.6
NEED_LIBGCRYPT_VERSION=1.1.92
NEED_LIBGCRYPT_API=1
NEED_LIBGCRYPT_VERSION=1.1.93
NEED_LIBASSUAN_VERSION=0.6.4 NEED_LIBASSUAN_VERSION=0.6.4
NEED_KSBA_VERSION=0.9.4 NEED_KSBA_VERSION=0.9.4
NEED_OPENSC_VERSION=0.8.0 NEED_OPENSC_VERSION=0.8.0
PACKAGE=$PACKAGE_NAME PACKAGE=$PACKAGE_NAME
VERSION=$PACKAGE_VERSION VERSION=$PACKAGE_VERSION
@ -411,7 +417,7 @@ AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
# #
# Libgcrypt is our generic crypto library # Libgcrypt is our generic crypto library
# #
AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_VERSION", AM_PATH_LIBGCRYPT("$NEED_LIBGCRYPT_API:$NEED_LIBGCRYPT_VERSION",
have_libgcrypt=yes,have_libgcrypt=no) have_libgcrypt=yes,have_libgcrypt=no)
@ -1022,7 +1028,7 @@ if test "$have_libgcrypt" = "no"; then
*** You need libgcrypt to build this program. *** You need libgcrypt to build this program.
** This library is for example available at ** This library is for example available at
*** ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/ *** ftp://ftp.gnupg.org/gcrypt/alpha/libgcrypt/
*** (at least version $NEED_LIBGCRYPT_VERSION is required.) *** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API) is required.)
***]]) ***]])
fi fi
if test "$have_libassuan" = "no"; then if test "$have_libassuan" = "no"; then

4
m4/ChangeLog
View File

@ -1,3 +1,7 @@
2004-03-06 Werner Koch <wk@gnupg.org>
* libgcrypt.m4: Updated.
2004-02-18 Werner Koch <wk@gnupg.org> 2004-02-18 Werner Koch <wk@gnupg.org>
* gpg-error.m4, libgcrypt.m4, libassuan.m4, ksba.m4: New. * gpg-error.m4, libgcrypt.m4, libassuan.m4, ksba.m4: New.

47
m4/libgcrypt.m4
View File

@ -1,5 +1,5 @@
dnl Autoconf macros for libgcrypt dnl Autoconf macros for libgcrypt
dnl Copyright (C) 2002 Free Software Foundation, Inc. dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc.
dnl dnl
dnl This file is free software; as a special exception the author gives dnl This file is free software; as a special exception the author gives
dnl unlimited permission to copy and/or distribute it, with or without dnl unlimited permission to copy and/or distribute it, with or without
@ -12,7 +12,13 @@ dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl Test for liblibgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
dnl with the API version to also check the API compatibility. Example:
dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl dnl
AC_DEFUN(AM_PATH_LIBGCRYPT, AC_DEFUN(AM_PATH_LIBGCRYPT,
[ AC_ARG_WITH(libgcrypt-prefix, [ AC_ARG_WITH(libgcrypt-prefix,
@ -26,7 +32,15 @@ AC_DEFUN(AM_PATH_LIBGCRYPT,
fi fi
AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
min_libgcrypt_version=ifelse([$1], ,0.4.4,$1) tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
else
req_libgcrypt_api=0
min_libgcrypt_version="$tmp"
fi
AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
ok=no ok=no
if test "$LIBGCRYPT_CONFIG" != "no" ; then if test "$LIBGCRYPT_CONFIG" != "no" ; then
@ -36,7 +50,7 @@ AC_DEFUN(AM_PATH_LIBGCRYPT,
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
req_micro=`echo $min_libgcrypt_version | \ req_micro=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
libgcrypt_config_version=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --version` libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
major=`echo $libgcrypt_config_version | \ major=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
minor=`echo $libgcrypt_config_version | \ minor=`echo $libgcrypt_config_version | \
@ -60,14 +74,33 @@ AC_DEFUN(AM_PATH_LIBGCRYPT,
fi fi
fi fi
if test $ok = yes; then if test $ok = yes; then
LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --cflags`
LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG $libgcrypt_config_args --libs`
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
if test $ok = yes; then
# If we have a recent libgcrypt, we should also check that the
# API is compatible
if test "$req_libgcrypt_api" -gt 0 ; then
tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
if test "$tmp" -gt 0 ; then
AC_MSG_CHECKING([LIBGCRYPT API version])
if test "$req_libgcrypt_api" -eq "$tmp" ; then
AC_MSG_RESULT(okay)
else
ok=no
AC_MSG_RESULT([does not match (want=$req_libgcrypt_api got=$tmp)])
fi
fi
fi
fi
if test $ok = yes; then
LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
ifelse([$2], , :, [$2]) ifelse([$2], , :, [$2])
else else
LIBGCRYPT_CFLAGS="" LIBGCRYPT_CFLAGS=""
LIBGCRYPT_LIBS="" LIBGCRYPT_LIBS=""
AC_MSG_RESULT(no)
ifelse([$3], , :, [$3]) ifelse([$3], , :, [$3])
fi fi
AC_SUBST(LIBGCRYPT_CFLAGS) AC_SUBST(LIBGCRYPT_CFLAGS)

15
sm/ChangeLog
View File

@ -1,5 +1,20 @@
2004-03-04 Werner Koch <wk@gnupg.org>
* call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT.
* certchain.c (is_cert_still_valid): New. Code moved from ...
(gpgsm_validate_chain): ... here because we now need to check at
two places and at a later stage, so that we can pass the issuer
cert down to the dirmngr.
2004-03-03 Werner Koch <wk@gnupg.org> 2004-03-03 Werner Koch <wk@gnupg.org>
* call-agent.c (start_agent): Replaced pinentry setup code by a
call to a new common function.
* certdump.c (gpgsm_format_keydesc): Make sure the string is
returned as utf-8.
* export.c (gpgsm_export): Make sure that we don't export more * export.c (gpgsm_export): Make sure that we don't export more
than one certificate. than one certificate.

123
sm/call-agent.c
View File

@ -34,6 +34,7 @@
#include <gcrypt.h> #include <gcrypt.h>
#include <assuan.h> #include <assuan.h>
#include "i18n.h" #include "i18n.h"
#include "asshelp.h"
#include "keydb.h" /* fixme: Move this to import.c */ #include "keydb.h" /* fixme: Move this to import.c */
#include "../common/membuf.h" #include "../common/membuf.h"
@ -68,12 +69,7 @@ start_agent (void)
{ {
int rc = 0; int rc = 0;
char *infostr, *p; char *infostr, *p;
ASSUAN_CONTEXT ctx; assuan_context_t ctx;
char *dft_display = NULL;
char *dft_ttyname = NULL;
char *dft_ttytype = NULL;
char *old_lc = NULL;
char *dft_lc = NULL;
if (agent_ctx) if (agent_ctx)
return 0; /* fixme: We need a context for each thread or serialize return 0; /* fixme: We need a context for each thread or serialize
@ -170,118 +166,9 @@ start_agent (void)
if (rc) if (rc)
return map_assuan_err (rc); return map_assuan_err (rc);
dft_display = getenv ("DISPLAY"); return send_pinentry_environment (agent_ctx,
if (opt.display || dft_display) opt.display, opt.ttyname, opt.ttytype,
{ opt.lc_ctype, opt.lc_messages);
char *optstr;
if (asprintf (&optstr, "OPTION display=%s",
opt.display ? opt.display : dft_display) < 0)
return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
return map_assuan_err (rc);
}
if (!opt.ttyname)
{
dft_ttyname = getenv ("GPG_TTY");
if ((!dft_ttyname || !*dft_ttyname) && ttyname (0))
dft_ttyname = ttyname (0);
}
if (opt.ttyname || dft_ttyname)
{
char *optstr;
if (asprintf (&optstr, "OPTION ttyname=%s",
opt.ttyname ? opt.ttyname : dft_ttyname) < 0)
return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
return map_assuan_err (rc);
}
dft_ttytype = getenv ("TERM");
if (opt.ttytype || (dft_ttyname && dft_ttytype))
{
char *optstr;
if (asprintf (&optstr, "OPTION ttytype=%s",
opt.ttyname ? opt.ttytype : dft_ttytype) < 0)
return OUT_OF_CORE (errno);
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
return map_assuan_err (rc);
}
#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
old_lc = setlocale (LC_CTYPE, NULL);
if (old_lc)
{
old_lc = strdup (old_lc);
if (!old_lc)
return OUT_OF_CORE (errno);
}
dft_lc = setlocale (LC_CTYPE, "");
#endif
if (opt.lc_ctype || (dft_ttyname && dft_lc))
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-ctype=%s",
opt.lc_ctype ? opt.lc_ctype : dft_lc) < 0)
rc = OUT_OF_CORE (errno);
else
{
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
rc = map_assuan_err (rc);
}
}
#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
if (old_lc)
{
setlocale (LC_CTYPE, old_lc);
free (old_lc);
}
#endif
if (rc)
return rc;
#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
old_lc = setlocale (LC_MESSAGES, NULL);
if (old_lc)
{
old_lc = strdup (old_lc);
if (!old_lc)
return OUT_OF_CORE (errno);
}
dft_lc = setlocale (LC_MESSAGES, "");
#endif
if (opt.lc_messages || (dft_ttyname && dft_lc))
{
char *optstr;
if (asprintf (&optstr, "OPTION lc-messages=%s",
opt.lc_messages ? opt.lc_messages : dft_lc) < 0)
rc = OUT_OF_CORE (errno);
else
{
rc = assuan_transact (agent_ctx, optstr, NULL, NULL, NULL, NULL, NULL,
NULL);
free (optstr);
if (rc)
rc = map_assuan_err (rc);
}
}
#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
if (old_lc)
{
setlocale (LC_MESSAGES, old_lc);
free (old_lc);
}
#endif
return rc;
} }

32
sm/call-dirmngr.c
View File

@ -49,6 +49,7 @@ static int force_pipe_server = 0;
struct inq_certificate_parm_s { struct inq_certificate_parm_s {
ASSUAN_CONTEXT ctx; ASSUAN_CONTEXT ctx;
ksba_cert_t cert; ksba_cert_t cert;
ksba_cert_t issuer_cert;
}; };
struct lookup_parm_s { struct lookup_parm_s {
@ -239,27 +240,45 @@ inq_certificate (void *opaque, const char *line)
AssuanError rc; AssuanError rc;
const unsigned char *der; const unsigned char *der;
size_t derlen; size_t derlen;
int issuer_mode = 0;
if (!(!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]))) if (!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8]))
{
line += 8;
}
else if (!strncmp (line, "SENDISSUERCERT", 14)
&& (line[14] == ' ' || !line[14]))
{
line += 14;
issuer_mode = 1;
}
else
{ {
log_error ("unsupported inquiry `%s'\n", line); log_error ("unsupported inquiry `%s'\n", line);
return ASSUAN_Inquire_Unknown; return ASSUAN_Inquire_Unknown;
} }
line += 8;
if (!*line) if (!*line)
{ /* send the current certificate */ { /* Send the current certificate. */
der = ksba_cert_get_image (parm->cert, &derlen); der = ksba_cert_get_image (issuer_mode? parm->issuer_cert : parm->cert,
&derlen);
if (!der) if (!der)
rc = ASSUAN_Inquire_Error; rc = ASSUAN_Inquire_Error;
else else
rc = assuan_send_data (parm->ctx, der, derlen); rc = assuan_send_data (parm->ctx, der, derlen);
} }
else if (issuer_mode)
{
log_error ("sending specific issuer certificate back "
"is not yet implemented\n");
rc = ASSUAN_Inquire_Error;
}
else else
{ /* send the given certificate */ { /* Send the given certificate. */
int err; int err;
ksba_cert_t cert; ksba_cert_t cert;
err = gpgsm_find_cert (line, &cert); err = gpgsm_find_cert (line, &cert);
if (err) if (err)
{ {
@ -293,7 +312,7 @@ inq_certificate (void *opaque, const char *line)
request first. request first.
*/ */
int int
gpgsm_dirmngr_isvalid (ksba_cert_t cert, int use_ocsp) gpgsm_dirmngr_isvalid (ksba_cert_t cert, ksba_cert_t issuer_cert, int use_ocsp)
{ {
int rc; int rc;
char *certid; char *certid;
@ -328,6 +347,7 @@ gpgsm_dirmngr_isvalid (ksba_cert_t cert, int use_ocsp)
parm.ctx = dirmngr_ctx; parm.ctx = dirmngr_ctx;
parm.cert = cert; parm.cert = cert;
parm.issuer_cert = issuer_cert;
/* FIXME: If --disable-crl-checks has been set, we should pass an /* FIXME: If --disable-crl-checks has been set, we should pass an
option to dirmngr, so that no fallback CRL check is done after an option to dirmngr, so that no fallback CRL check is done after an

109
sm/certchain.c
View File

@ -347,7 +347,7 @@ find_up (KEYDB_HANDLE kh, ksba_cert_t cert, const char *issuer, int find_next)
if (opt.verbose) if (opt.verbose)
log_info (_("looking up issuer at external location\n")); log_info (_("looking up issuer at external location\n"));
/* dirmngr is confused about unknown attributes so has a quick /* dirmngr is confused about unknown attributes so as a quick
and ugly hack we locate the CN and use this and the and ugly hack we locate the CN and use this and the
following. Fixme: we should have far better parsing in the following. Fixme: we should have far better parsing in the
dirmngr. */ dirmngr. */
@ -469,6 +469,55 @@ gpgsm_is_root_cert (ksba_cert_t cert)
return yes; return yes;
} }
/* This is a helper for gpgsm_validate_chain. */
static gpg_error_t
is_cert_still_valid (ctrl_t ctrl, int lm, FILE *fp,
ksba_cert_t subject_cert, ksba_cert_t issuer_cert,
int *any_revoked, int *any_no_crl, int *any_crl_too_old)
{
if (!opt.no_crl_check || ctrl->use_ocsp)
{
gpg_error_t err;
err = gpgsm_dirmngr_isvalid (subject_cert, ctrl->use_ocsp);
if (err)
{
/* Fixme: We should change the wording because we may
have used OCSP. */
switch (gpg_err_code (err))
{
case GPG_ERR_CERT_REVOKED:
do_list (1, lm, fp, _("certificate has been revoked"));
*any_revoked = 1;
/* Store that in the keybox so that key listings are
able to return the revoked flag. We don't care
about error, though. */
keydb_set_cert_flags (subject_cert, KEYBOX_FLAG_VALIDITY, 0,
VALIDITY_REVOKED);
break;
case GPG_ERR_NO_CRL_KNOWN:
do_list (1, lm, fp, _("no CRL found for certificate"));
*any_no_crl = 1;
break;
case GPG_ERR_CRL_TOO_OLD:
do_list (1, lm, fp, _("the available CRL is too old"));
if (!lm)
log_info (_("please make sure that the "
"\"dirmngr\" is properly installed\n"));
*any_crl_too_old = 1;
break;
default:
do_list (1, lm, fp, _("checking the CRL failed: %s"),
gpg_strerror (rc));
return err;
}
}
}
return 0;
}
/* Validate a chain and optionally return the nearest expiration time /* Validate a chain and optionally return the nearest expiration time
in R_EXPTIME. With LISTMODE set to 1 a special listmode is in R_EXPTIME. With LISTMODE set to 1 a special listmode is
@ -597,46 +646,10 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
goto leave; goto leave;
} }
if (!opt.no_crl_check || ctrl->use_ocsp)
{
rc = gpgsm_dirmngr_isvalid (subject_cert, ctrl->use_ocsp);
if (rc)
{
/* Fixme: We should change the wording because we may
have used OCSP. */
switch (gpg_err_code (rc))
{
case GPG_ERR_CERT_REVOKED:
do_list (1, lm, fp, _("certificate has been revoked"));
any_revoked = 1;
/* Store that in the keybox so that key listings are
able to return the revoked flag. We don't care
about error, though. */
keydb_set_cert_flags (subject_cert, KEYBOX_FLAG_VALIDITY, 0,
VALIDITY_REVOKED);
break;
case GPG_ERR_NO_CRL_KNOWN:
do_list (1, lm, fp, _("no CRL found for certificate"));
any_no_crl = 1;
break;
case GPG_ERR_CRL_TOO_OLD:
do_list (1, lm, fp, _("the available CRL is too old"));
if (!lm)
log_info (_("please make sure that the "
"\"dirmngr\" is properly installed\n"));
any_crl_too_old = 1;
break;
default:
do_list (1, lm, fp, _("checking the CRL failed: %s"),
gpg_strerror (rc));
goto leave;
}
rc = 0;
}
}
/* Is this a self-signed certificate? */
if (subject && !strcmp (issuer, subject)) if (subject && !strcmp (issuer, subject))
{ { /* Yes. */
if (gpgsm_check_cert_sig (subject_cert, subject_cert) ) if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
{ {
do_list (1, lm, fp, do_list (1, lm, fp,
@ -684,7 +697,15 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
gpg_strerror (rc)); gpg_strerror (rc));
} }
break; /* okay, a self-signed certicate is an end-point */ /* Check for revocations etc. */
rc = is_cert_still_valid (ctrl, lm, fp,
subject_cert, subject_cert,
&any_revoked, &any_no_crl,
&any_crl_too_old);
if (rc)
goto leave;
break; /* Okay: a self-signed certicate is an end-point. */
} }
depth++; depth++;
@ -801,6 +822,14 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
} }
} }
/* Check for revocations etc. */
rc = is_cert_still_valid (ctrl, lm, fp,
subject_cert, issuer_cert,
&any_revoked, &any_no_crl, &any_crl_too_old);
if (rc)
goto leave;
if (opt.verbose && !listmode) if (opt.verbose && !listmode)
log_info ("certificate is good\n"); log_info ("certificate is good\n");

37
sm/certdump.c
View File

@ -26,6 +26,12 @@
#include <unistd.h> #include <unistd.h>
#include <time.h> #include <time.h>
#include <assert.h> #include <assert.h>
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif
#ifdef HAVE_LANGINFO_CODESET
#include <langinfo.h>
#endif
#include "gpgsm.h" #include "gpgsm.h"
#include <gcrypt.h> #include <gcrypt.h>
@ -601,12 +607,14 @@ gpgsm_format_name (const char *name)
char * char *
gpgsm_format_keydesc (ksba_cert_t cert) gpgsm_format_keydesc (ksba_cert_t cert)
{ {
int rc;
char *name, *subject, *buffer, *p; char *name, *subject, *buffer, *p;
const char *s; const char *s;
ksba_isotime_t t; ksba_isotime_t t;
char created[20]; char created[20];
char *sn; char *sn;
ksba_sexp_t sexp; ksba_sexp_t sexp;
char *orig_codeset = NULL;
name = ksba_cert_get_subject (cert, 0); name = ksba_cert_get_subject (cert, 0);
subject = name? gpgsm_format_name (name) : NULL; subject = name? gpgsm_format_name (name) : NULL;
@ -622,7 +630,24 @@ gpgsm_format_keydesc (ksba_cert_t cert)
else else
*created = 0; *created = 0;
if ( asprintf (&name,
#ifdef ENABLE_NLS
/* The Assuan agent protol requires us to transmit utf-8 strings */
orig_codeset = bind_textdomain_codeset (PACKAGE, NULL);
#ifdef HAVE_LANGINFO_CODESET
if (!orig_codeset)
orig_codeset = nl_langinfo (CODESET);
#endif
if (orig_codeset)
{ /* We only switch when we are able to restore the codeset later. */
orig_codeset = xstrdup (orig_codeset);
if (!bind_textdomain_codeset (PACKAGE, "utf-8"))
orig_codeset = NULL;
}
#endif
rc = asprintf (&name,
_("Please enter the passphrase to unlock the" _("Please enter the passphrase to unlock the"
" secret key for:\n" " secret key for:\n"
"\"%s\"\n" "\"%s\"\n"
@ -630,7 +655,15 @@ gpgsm_format_keydesc (ksba_cert_t cert)
subject? subject:"?", subject? subject:"?",
sn? sn: "?", sn? sn: "?",
gpgsm_get_short_fingerprint (cert), gpgsm_get_short_fingerprint (cert),
created) < 0) created);
#ifdef ENABLE_NLS
if (orig_codeset)
bind_textdomain_codeset (PACKAGE, orig_codeset);
#endif
xfree (orig_codeset);
if (rc < 0)
{ {
int save_errno = errno; int save_errno = errno;
xfree (subject); xfree (subject);

3
sm/gpgsm.h
View File

@ -288,7 +288,8 @@ int gpgsm_agent_learn (void);
int gpgsm_agent_passwd (const char *hexkeygrip, const char *desc); int gpgsm_agent_passwd (const char *hexkeygrip, const char *desc);
/*-- call-dirmngr.c --*/ /*-- call-dirmngr.c --*/
int gpgsm_dirmngr_isvalid (ksba_cert_t cert, int use_ocsp); int gpgsm_dirmngr_isvalid (ksba_cert_t cert, ksba_cert_t issuer_cert,
int use_ocsp);
int gpgsm_dirmngr_lookup (ctrl_t ctrl, STRLIST names, int gpgsm_dirmngr_lookup (ctrl_t ctrl, STRLIST names,
void (*cb)(void*, ksba_cert_t), void *cb_value); void (*cb)(void*, ksba_cert_t), void *cb_value);
int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command, int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command,