Exporting secret keys via gpg-agent is now basically supported.

A couple of forward ported changes.
Doc updates.

sm/ChangeLog

@@ -1,3 +1,13 @@
+2010-09-16  Werner Koch  <wk@g10code.com>
+
+	* certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
+	(do_validate_chain): Ditto.
+	(gpgsm_basic_cert_check): Ditto.
+	* call-agent.c (learn_cb): Take care of new
+	GPG_ERR_MISSING_ISSUER_CERT.
+	* import.c (check_and_store): Ditto.
+	(check_and_store): Ditto.
+
 2010-08-16  Werner Koch  <wk@g10code.com>
 
 	* gpgsm.c (main) <aGPGConfList>: Use es_printf.

sm/call-agent.c

@@ -887,7 +887,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
      because we can assume that the --learn-card command has been used
      on purpose.  */
   rc = gpgsm_basic_cert_check (parm->ctrl, cert);
-  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT)
+  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
+      && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
     log_error ("invalid certificate: %s\n", gpg_strerror (rc));
   else
     {

sm/certchain.c

@@ -789,7 +789,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
          print an error here.  */
       if (rc != -1 && opt.verbose > 1)
         log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-      rc = gpg_error (GPG_ERR_MISSING_CERT);
+      rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
       goto leave;
     }
 
@@ -1496,7 +1496,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
             }
           else
             log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-          rc = gpg_error (GPG_ERR_MISSING_CERT);
+          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
           goto leave;
         }
 
@@ -1897,7 +1897,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
             }
           else
             log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-          rc = gpg_error (GPG_ERR_MISSING_CERT);
+          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
           goto leave;
         }
       

sm/gpgsm.c

@@ -287,7 +287,7 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_s (oAuditLog, "audit-log", 
                 N_("|FILE|write an audit log to FILE")),
-  ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""),
+  ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
   ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
   ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
   ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),

sm/import.c

@@ -194,7 +194,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
   if (!rc && ctrl->with_validation)
     rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
   if (!rc || (!ctrl->with_validation
-              && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
+              && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
+                  || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
     {
       int existed;
 
@@ -253,9 +254,14 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
       log_error (_("basic certificate checks failed - not imported\n"));
       if (stats)
         stats->not_imported++;
-      print_import_problem (ctrl, cert,
-                            gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
-                            gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
+      /* We keep the test for GPG_ERR_MISSING_CERT only in case
+         GPG_ERR_MISSING_CERT has been used instead of the newer
+         GPG_ERR_MISSING_ISSUER_CERT.  */
+      print_import_problem 
+        (ctrl, cert,
+         gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
+         gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
+         gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
     }
 }