Preparing 1.9.13

ChangeLog

@@ -1,9 +1,12 @@
+2004-12-03  Werner Koch  <wk@g10code.com>
+
+	Released 1.9.13.
+
 2004-11-26  Werner Koch  <wk@g10code.com>
 
 	* configure.ac: Replace strsep.  Replaced use of "target" by
 	"host".
 	
-
 2004-10-22  Werner Koch  <wk@g10code.com>
 
 	Released 1.9.12.

NEWS

@@ -1,6 +1,10 @@
-Noteworthy changes in version 1.9.13
+Noteworthy changes in version 1.9.13 (2004-12-03)
 -------------------------------------------------
 
+ * [gpgsm] New option --prefer-system-dirmngr.
+
+ * Minor cleanups and debbuging aids.
+
 
 Noteworthy changes in version 1.9.12 (2004-10-22)
 -------------------------------------------------

build-w32.sh

@@ -0,0 +1,10 @@
+ ./configure --enable-maintainer-mode --prefix=/home/wk/w32root  \
+             --host=i586-mingw32msvc --build=`scripts/config.guess` \
+             --with-gpg-error-prefix=/home/wk/w32root \
+	     --with-ksba-prefix=/home/wk/w32root \
+	     --with-libgcrypt-prefix=/home/wk/w32root \
+	     --with-libassuan-prefix=/home/wk/w32root \
+	     --with-zlib=/home/wk/w32root
+	     
+	     
+ 

configure.ac

@@ -24,7 +24,7 @@ min_automake_version="1.7.9"
 
 # Version number: Remember to change it immediately *after* a release.
 #                 Add a "-cvs" prefix for non-released code.
-AC_INIT(gnupg, 1.9.13-cvs, gnupg-devel@gnupg.org)
+AC_INIT(gnupg, 1.9.13, gnupg-devel@gnupg.org)
 # Set development_version to yes if the minor number is odd or you
 # feel that the default check for a development version is not
 # sufficient.

po/de.po

@@ -10,7 +10,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: gnupg2 1.9.10\n"
 "Report-Msgid-Bugs-To: translations@gnupg.org\n"
-"POT-Creation-Date: 2004-11-24 15:41+0100\n"
+"POT-Creation-Date: 2004-12-03 18:30+0100\n"
 "PO-Revision-Date: 2004-11-24 15:43+0100\n"
 "Last-Translator: Werner Koch <wk@gnupg.org>\n"
 "Language-Team: de\n"
@@ -100,12 +100,12 @@ msgid "allow clients to mark keys as \"trusted\""
 msgstr "erlaube Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren"
 
 #: agent/gpg-agent.c:195 agent/protect-tool.c:134 scd/scdaemon.c:168
-#: sm/gpgsm.c:487 tools/gpgconf.c:85
+#: sm/gpgsm.c:491 tools/gpgconf.c:85
 msgid "Please report bugs to <"
 msgstr "Fehlerberichte bitte an <"
 
 #: agent/gpg-agent.c:195 agent/protect-tool.c:134 scd/scdaemon.c:168
-#: sm/gpgsm.c:487 tools/gpgconf.c:85
+#: sm/gpgsm.c:491 tools/gpgconf.c:85
 msgid ">.\n"
 msgstr ">.\n"
 
@@ -121,30 +121,30 @@ msgstr ""
 "Syntax: gpg-agent [Optionen] [Kommando [Argumente]]\n"
 "Verwaltung von geheimen Schlüssel für GnuPG\n"
 
-#: agent/gpg-agent.c:271 scd/scdaemon.c:242 sm/gpgsm.c:605
+#: agent/gpg-agent.c:271 scd/scdaemon.c:242 sm/gpgsm.c:609
 #, c-format
 msgid "invalid debug-level `%s' given\n"
 msgstr "ungültige Debugebene `%s' angegeben\n"
 
 #: agent/gpg-agent.c:448 agent/protect-tool.c:1050 kbx/kbxutil.c:431
-#: scd/scdaemon.c:357 sm/gpgsm.c:728
+#: scd/scdaemon.c:357 sm/gpgsm.c:730
 #, c-format
 msgid "libgcrypt is too old (need %s, have %s)\n"
 msgstr ""
 "Die Bibliothek \"libgcrypt\" is zu alt (benötigt wird %s, vorhanden ist %s)\n"
 
-#: agent/gpg-agent.c:521 scd/scdaemon.c:437 sm/gpgsm.c:826
+#: agent/gpg-agent.c:521 scd/scdaemon.c:437 sm/gpgsm.c:828
 #, c-format
 msgid "NOTE: no default option file `%s'\n"
 msgstr "Notiz: Voreingestellte Konfigurationsdatei `%s' fehlt\n"
 
 #: agent/gpg-agent.c:526 agent/gpg-agent.c:1000 scd/scdaemon.c:442
-#: sm/gpgsm.c:830
+#: sm/gpgsm.c:832
 #, c-format
 msgid "option file `%s': %s\n"
 msgstr "Konfigurationsdatei `%s': %s\n"
 
-#: agent/gpg-agent.c:534 scd/scdaemon.c:450 sm/gpgsm.c:837
+#: agent/gpg-agent.c:534 scd/scdaemon.c:450 sm/gpgsm.c:839
 #, c-format
 msgid "reading options from `%s'\n"
 msgstr "Optionen werden aus `%s' gelesen\n"
@@ -163,11 +163,11 @@ msgstr "Verzeichniss `%s' wurde erstellt\n"
 msgid "no gpg-agent running in this session\n"
 msgstr "Der gpg-agent läuft nicht für diese Session\n"
 
-#: agent/gpg-agent.c:1257 common/simple-pwquery.c:286 sm/call-agent.c:128
+#: agent/gpg-agent.c:1257 common/simple-pwquery.c:293 sm/call-agent.c:128
 msgid "malformed GPG_AGENT_INFO environment variable\n"
 msgstr "Die Variable GPG_AGENT_INFO ist fehlerhaft\n"
 
-#: agent/gpg-agent.c:1269 common/simple-pwquery.c:298 sm/call-agent.c:140
+#: agent/gpg-agent.c:1269 common/simple-pwquery.c:305 sm/call-agent.c:140
 #, c-format
 msgid "gpg-agent protocol version %d is not supported\n"
 msgstr "Das gpg-agent Protocol %d wird nicht unterstützt\n"
@@ -302,32 +302,32 @@ msgstr "WARNUNG: Unsichere Besitzrechte f
 msgid "Warning: unsafe permissions on %s \"%s\"\n"
 msgstr "WARNUNG: Unsichere Zugriffsrechte für %s \"%s\"\n"
 
-#: common/simple-pwquery.c:272
+#: common/simple-pwquery.c:279
 msgid "gpg-agent is not available in this session\n"
 msgstr "Der gpg-agent ist nicht verfügbar\n"
 
-#: common/simple-pwquery.c:320
+#: common/simple-pwquery.c:327
 #, c-format
 msgid "can't connect to `%s': %s\n"
 msgstr "Verbindung zu `%s' kann nicht aufgebaut werden: %s\n"
 
-#: common/simple-pwquery.c:331
+#: common/simple-pwquery.c:338
 msgid "communication problem with gpg-agent\n"
 msgstr "Kommunikationsproblem mit gpg-agent\n"
 
-#: common/simple-pwquery.c:341
+#: common/simple-pwquery.c:348
 msgid "problem setting the gpg-agent options\n"
 msgstr "Beim setzen der gpg-agent Optionen ist ein problem aufgetreten\n"
 
-#: common/simple-pwquery.c:479
+#: common/simple-pwquery.c:487
 msgid "canceled by user\n"
 msgstr "Vom Benutzer abgebrochen\n"
 
-#: common/simple-pwquery.c:486
+#: common/simple-pwquery.c:494
 msgid "problem with the agent\n"
 msgstr "Problem mit dem Agenten\n"
 
-#: jnlib/logging.c:625
+#: jnlib/logging.c:627
 #, c-format
 msgid "you found a bug ... (%s:%d)\n"
 msgstr "Sie haben einen Bug (Softwarefehler) gefunden ... (%s:%d)\n"
@@ -651,7 +651,7 @@ msgstr "Der Herausgeber wird von einer externen Stelle gesucht\n"
 msgid "number of issuers matching: %d\n"
 msgstr "Anzahl der übereinstimmenden Heruasgeber: %d\n"
 
-#: sm/certchain.c:403 sm/certchain.c:562 sm/certchain.c:922 sm/decrypt.c:260
+#: sm/certchain.c:403 sm/certchain.c:562 sm/certchain.c:931 sm/decrypt.c:260
 #: sm/encrypt.c:341 sm/sign.c:324 sm/verify.c:106
 msgid "failed to allocated keyDB handle\n"
 msgstr "Ein keyDB Handle konnte nicht bereitgestellt werden\n"
@@ -699,43 +699,43 @@ msgstr "Das Zertifikat ist abgelaufen"
 msgid "selfsigned certificate has a BAD signature"
 msgstr "Das eigenbeglaubigte Zertifikat hat eine FALSCHE Signatur"
 
-#: sm/certchain.c:675
+#: sm/certchain.c:679
 msgid "root certificate is not marked trusted"
 msgstr "Das Wurzelzertifikat ist nicht als vertrauenswürdig markiert"
 
-#: sm/certchain.c:686
+#: sm/certchain.c:690
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "Fingerprint=%s\n"
 
-#: sm/certchain.c:691
+#: sm/certchain.c:695
 msgid "root certificate has now been marked as trusted\n"
 msgstr "Das Wurzelzertifikat wurde nun als vertrauenswürdig markiert\n"
 
-#: sm/certchain.c:706
+#: sm/certchain.c:710
 #, c-format
 msgid "checking the trust list failed: %s\n"
 msgstr "Fehler beim Prüfen der vertrauenswürdigen Zertifikate: %s\n"
 
-#: sm/certchain.c:732 sm/import.c:166
+#: sm/certchain.c:736 sm/import.c:166
 msgid "certificate chain too long\n"
 msgstr "Der Zertifikatkette ist zu lang\n"
 
-#: sm/certchain.c:744
+#: sm/certchain.c:748
 msgid "issuer certificate not found"
 msgstr "Herausgeberzertifikat nicht gefunden"
 
-#: sm/certchain.c:777
+#: sm/certchain.c:781
 msgid "certificate has a BAD signature"
 msgstr "Das Zertifikat hat eine FALSCHE Signatur"
 
-#: sm/certchain.c:800
+#: sm/certchain.c:809
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 "Eine anderes möglicherweise passendes CA-Zertifikat gefunden - versuche "
 "nochmal"
 
-#: sm/certchain.c:823
+#: sm/certchain.c:832
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "Die Zertifikatkette ist länger als von der CA erlaubt (%d)"
@@ -1052,11 +1052,11 @@ msgstr ""
 " --list-keys [Namen]        Schlüssel anzeigenn\n"
 " --fingerprint [Namen]      \"Fingerabdrücke\" anzeigen\\n\n"
 
-#: sm/gpgsm.c:490
+#: sm/gpgsm.c:494
 msgid "Usage: gpgsm [options] [files] (-h for help)"
 msgstr "Gebrauch: gpgsm [Optionen] [Dateien] (-h für Hilfe)"
 
-#: sm/gpgsm.c:493
+#: sm/gpgsm.c:497
 msgid ""
 "Syntax: gpgsm [options] [files]\n"
 "sign, check, encrypt or decrypt using the S/MIME protocol\n"
@@ -1065,7 +1065,7 @@ msgstr ""
 "Gebrauch: gpgsm [Optionen] [Dateien]\n"
 "Signieren, prüfen, ver- und entschlüsseln mittels S/MIME protocol\n"
 
-#: sm/gpgsm.c:500
+#: sm/gpgsm.c:504
 msgid ""
 "\n"
 "Supported algorithms:\n"
@@ -1073,50 +1073,50 @@ msgstr ""
 "\n"
 "Unterstützte Algorithmen:\n"
 
-#: sm/gpgsm.c:576
+#: sm/gpgsm.c:580
 msgid "usage: gpgsm [options] "
 msgstr "Gebrauch: gpgsm [Optionen] "
 
-#: sm/gpgsm.c:642
+#: sm/gpgsm.c:645
 msgid "conflicting commands\n"
 msgstr "Widersprechende Kommandos\n"
 
-#: sm/gpgsm.c:658
+#: sm/gpgsm.c:661
 #, c-format
 msgid "can't encrypt to `%s': %s\n"
 msgstr "Verschlüsseln für `%s' nicht möglich: %s\n"
 
-#: sm/gpgsm.c:733
+#: sm/gpgsm.c:735
 #, c-format
 msgid "libksba is too old (need %s, have %s)\n"
 msgstr "Die Bibliothek Libksba is nicht aktuell (benötige %s, habe %s)\n"
 
-#: sm/gpgsm.c:1181
+#: sm/gpgsm.c:1183
 msgid "WARNING: program may create a core file!\n"
 msgstr "WARNUNG: Programm könnte eine core-dump-Datei schreiben!\n"
 
-#: sm/gpgsm.c:1193
+#: sm/gpgsm.c:1195
 msgid "WARNING: running with faked system time: "
 msgstr "WARNUNG: Ausführung mit gefälschter Systemzeit: "
 
-#: sm/gpgsm.c:1219
+#: sm/gpgsm.c:1221
 msgid "selected cipher algorithm is invalid\n"
 msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n"
 
-#: sm/gpgsm.c:1227
+#: sm/gpgsm.c:1229
 msgid "selected digest algorithm is invalid\n"
 msgstr "Das ausgewählte Hashverfahren ist ungültig\n"
 
-#: sm/gpgsm.c:1257
+#: sm/gpgsm.c:1259
 #, c-format
 msgid "can't sign using `%s': %s\n"
 msgstr "Signieren mit `%s' nicht möglich: %s\n"
 
-#: sm/gpgsm.c:1423
+#: sm/gpgsm.c:1425
 msgid "this command has not yet been implemented\n"
 msgstr "Diee Kommando wurde noch nicht implementiert\n"
 
-#: sm/gpgsm.c:1646 sm/gpgsm.c:1679
+#: sm/gpgsm.c:1648 sm/gpgsm.c:1681
 #, c-format
 msgid "can't open `%s': %s\n"
 msgstr "Datei `%s' kann nicht geöffnet werden: %s\n"
@@ -1385,10 +1385,6 @@ msgstr "Konfiguration der zu nutzenden LDAP-Server"
 msgid "Configuration for OCSP"
 msgstr "Konfiguration zu OCSP"
 
-#, fuzzy
-#~ msgid "passphrase (CHV%d) is too short; minimum length is %d\n"
-#~ msgstr "Die Passphrase (CHV%d) ist zu kurz; Mindestlänge ist %d\n"
-
 #~ msgid "Usage: sc-investigate [options] (-h for help)\n"
 #~ msgstr "Gebrauch: sc-investigate [Optionen] (-h für Hilfe)\n"
 

sm/ChangeLog

@@ -1,3 +1,9 @@
+2004-12-02  Werner Koch  <wk@g10code.com>
+
+	* certchain.c (gpgsm_basic_cert_check): Dump certs with bad
+	signature for debugging.
+	(gpgsm_validate_chain): Ditto.
+
 2004-11-29  Werner Koch  <wk@g10code.com>
 
 	* gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and

sm/certchain.c

@@ -292,7 +292,7 @@ find_up (KEYDB_HANDLE kh, ksba_cert_t cert, const char *issuer, int find_next)
               keydb_search_reset (kh);
           
           /* In case of an error try the ephemeral DB.  We can't do
-             that in find-netx mode because we can't keep the search
+             that in find-next mode because we can't keep the search
              state then. */
           if (rc == -1 && !find_next)
             { 
@@ -311,7 +311,7 @@ find_up (KEYDB_HANDLE kh, ksba_cert_t cert, const char *issuer, int find_next)
          signature because it is not the correct one. */
       if (rc == -1)
         {
-          log_info ("issuer certificate (#");
+          log_info ("%sissuer certificate (#", find_next?"next ":"");
           gpgsm_dump_serial (authidno);
           log_printf ("/");
           gpgsm_dump_string (s);
@@ -565,7 +565,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
     }
 
   if (DBG_X509 && !listmode)
-    gpgsm_dump_cert ("subject", cert);
+    gpgsm_dump_cert ("target", cert);
 
   subject_cert = cert;
   maxdepth = 50;
@@ -659,6 +659,10 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
             {
               do_list (1, lm, fp,
                        _("selfsigned certificate has a BAD signature"));
+              if (DBG_X509)
+                {
+                  gpgsm_dump_cert ("self-signing cert", subject_cert);
+                }
               rc = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN
                                    : GPG_ERR_BAD_CERT);
               goto leave;
@@ -775,10 +779,15 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
       if (rc)
         {
           do_list (0, lm, fp, _("certificate has a BAD signature"));
+          if (DBG_X509)
+            {
+              gpgsm_dump_cert ("signing issuer", issuer_cert);
+              gpgsm_dump_cert ("signed subject", subject_cert);
+            }
           if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE)
             {
               /* We now try to find other issuer certificates which
-                 might have been used.  This is rquired because some
+                 might have been used.  This is required because some
                  CAs are reusing the issuer and subject DN for new
                  root certificates. */
               rc = find_up (kh, subject_cert, issuer, 1);
@@ -940,6 +949,10 @@ gpgsm_basic_cert_check (ksba_cert_t cert)
         {
           log_error ("selfsigned certificate has a BAD signature: %s\n",
                      gpg_strerror (rc));
+          if (DBG_X509)
+            {
+              gpgsm_dump_cert ("self-signing cert", cert);
+            }
           rc = gpg_error (GPG_ERR_BAD_CERT);
           goto leave;
         }