Implement --faked-systrem-time for gpg.

Typo and comment fixes.

doc/DETAILS

@@ -221,12 +221,13 @@ more arguments in future versions.
 
     GOODSIG  <long_keyid_or_fpr>  <username>
 	The signature with the keyid is good.  For each signature only
-        one of the three codes GOODSIG, BADSIG or ERRSIG will be
-        emitted and they may be used as a marker for a new signature.
-        The username is the primary one encoded in UTF-8 and %XX
-        escaped. The fingerprint may be used instead of the long keyid
-        if it is available.  This is the case with CMS and might
-        eventually also be available for OpenPGP.
+        one of the codes GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, REVKEYSIG
+        or ERRSIG will be emitted.  In the past they were used as a
+        marker for a new signature; new code should use the NEWSIG
+        status instead.  The username is the primary one encoded in
+        UTF-8 and %XX escaped. The fingerprint may be used instead of
+        the long keyid if it is available.  This is the case with CMS
+        and might eventually also be available for OpenPGP.
 
     EXPSIG  <long_keyid_or_fpr>  <username>
 	The signature with the keyid is good, but the signature is

doc/gpg.texi

@@ -2188,6 +2188,13 @@ Enable debug output from the included CCID driver for smartcards.
 Note that this option is only available on some system.
 @end ifset
 
+@item --faked-system-time @var{epoch}
+@opindex faked-system-time
+This option is only useful for testing; it sets the system time back or
+forth to @var{epoch} which is the number of seconds elapsed since the year
+1970.  Alternatively @var{epoch} may be given as a full ISO time string
+(e.g. "20070924T154812").
+
 @item --enable-progress-filter
 Enable certain PROGRESS status outputs. This option allows frontends
 to display a progress indicator while gpg is processing larger files.

doc/gpgsm.texi

@@ -450,7 +450,7 @@ However the standard model (shell) is in that case always tried first.
 @opindex ignore-cert-extension
 Add @var{oid} to the list of ignored certificate extensions.  The
 @var{oid} is expected to be in dotted decimal form, like
-@code{2.5.29.3}.  This option may used more than once.  Critical
+@code{2.5.29.3}.  This option may be used more than once.  Critical
 flagged certificate extensions matching one of the OIDs in the list
 are treated as if they are actually handled and thus the certificate
 won't be rejected due to an unknown critical extension.  Use this

g10/ChangeLog

@@ -1,3 +1,7 @@
+2009-12-17  Werner Koch  <wk@g10code.com>
+
+	* gpg.c: Add new option --faked-system-time.
+
 2009-12-15  Werner Koch  <wk@g10code.com>
 
 	* keydb.c (keydb_add_resource): s/readonly/read_only/g.

g10/gpg.c

@@ -362,6 +362,7 @@ enum cmd_and_opt_values
     oDisableDSA2,
     oAllowMultipleMessages,
     oNoAllowMultipleMessages,
+    oFakedSystemTime,
 
     oNoop
   };
@@ -704,6 +705,7 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_s (oPersonalDigestPreferences, "personal-digest-preferences","@"),
   ARGPARSE_s_s (oPersonalCompressPreferences,
                                          "personal-compress-preferences", "@"),
+  ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"),
 
   /* Aliases.  I constantly mistype these, and assume other people do
      as well. */
@@ -2963,6 +2965,15 @@ main (int argc, char **argv)
 	    opt.flags.allow_multiple_messages=0;
 	    break;
 
+          case oFakedSystemTime:
+            {
+              time_t faked_time = isotime2epoch (pargs.r.ret_str); 
+              if (faked_time == (time_t)(-1))
+                faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10);
+              gnupg_set_time (faked_time, 0);
+            }
+            break;
+
 	  case oNoop: break;
 
 	  default: 
@@ -3069,6 +3080,17 @@ main (int argc, char **argv)
     if( opt.batch )
 	tty_batchmode( 1 );
 
+    if (gnupg_faked_time_p ())
+      {
+        gnupg_isotime_t tbuf;
+        
+        log_info (_("WARNING: running with faked system time: "));
+        gnupg_get_isotime (tbuf);
+        dump_isotime (tbuf);
+        log_printf ("\n");
+      }
+    
+
     gcry_control (GCRYCTL_RESUME_SECMEM_WARN);
 
     if(require_secmem && !got_secmem)

g10/server.c

@@ -608,7 +608,7 @@ static const char hlp_passwd[] =
 static gpg_error_t
 cmd_passwd (assuan_context_t ctx, char *line)
 {
-  ctrl_t ctrl = assuan_get_pointer (ctx);
+  /* ctrl_t ctrl = assuan_get_pointer (ctx); */
   gpg_error_t err;
 
   line = skip_options (line);
@@ -629,7 +629,7 @@ register_commands (assuan_context_t ctx)
   {
     const char *name;
     assuan_handler_t handler;
-    assuan_handler_t help;
+    const char * const help;
   } table[] = {
     { "RECIPIENT",     cmd_recipient },
     { "SIGNER",        cmd_signer    },

kbx/keybox-blob.c

@@ -315,6 +315,9 @@ add_fixup (KEYBOXBLOB blob, u32 off, u32 val)
 static u32
 make_timestamp (void)
 {
+#ifdef __GNUC__
+#warning using time and not gnupg_get_time
+#endif
   return time(NULL);
 }
 

sm/certchain.c

@@ -241,9 +241,9 @@ unknown_criticals (ksba_cert_t cert, int listmode, estream_t fp)
         ;
       unsupported = !known[i];
 
-      /* If this critical extension is not supoported, check the list
-         of to be ignored extensions to se whether we claim that it is
-         supported.  */
+      /* If this critical extension is not supported.  Check the list
+         of to be ignored extensions to see whether we claim that it
+         is supported.  */
       if (unsupported && opt.ignored_cert_extensions)
         {
           for (sl=opt.ignored_cert_extensions;