diff --git a/ChangeLog b/ChangeLog index c95cd9a10..6dbe8663f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,12 @@ +2004-12-03 Werner Koch + + Released 1.9.13. + 2004-11-26 Werner Koch * configure.ac: Replace strsep. Replaced use of "target" by "host". - 2004-10-22 Werner Koch Released 1.9.12. diff --git a/NEWS b/NEWS index 2d75cb013..606612c38 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ -Noteworthy changes in version 1.9.13 +Noteworthy changes in version 1.9.13 (2004-12-03) ------------------------------------------------- + * [gpgsm] New option --prefer-system-dirmngr. + + * Minor cleanups and debbuging aids. + Noteworthy changes in version 1.9.12 (2004-10-22) ------------------------------------------------- diff --git a/build-w32.sh b/build-w32.sh new file mode 100644 index 000000000..c9ea984dc --- /dev/null +++ b/build-w32.sh @@ -0,0 +1,10 @@ + ./configure --enable-maintainer-mode --prefix=/home/wk/w32root \ + --host=i586-mingw32msvc --build=`scripts/config.guess` \ + --with-gpg-error-prefix=/home/wk/w32root \ + --with-ksba-prefix=/home/wk/w32root \ + --with-libgcrypt-prefix=/home/wk/w32root \ + --with-libassuan-prefix=/home/wk/w32root \ + --with-zlib=/home/wk/w32root + + + diff --git a/configure.ac b/configure.ac index 8b6bc4d73..38e649f5a 100644 --- a/configure.ac +++ b/configure.ac @@ -24,7 +24,7 @@ min_automake_version="1.7.9" # Version number: Remember to change it immediately *after* a release. # Add a "-cvs" prefix for non-released code. -AC_INIT(gnupg, 1.9.13-cvs, gnupg-devel@gnupg.org) +AC_INIT(gnupg, 1.9.13, gnupg-devel@gnupg.org) # Set development_version to yes if the minor number is odd or you # feel that the default check for a development version is not # sufficient. diff --git a/po/de.po b/po/de.po index 1c85954d8..eac1827bc 100644 --- a/po/de.po +++ b/po/de.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg2 1.9.10\n" "Report-Msgid-Bugs-To: translations@gnupg.org\n" -"POT-Creation-Date: 2004-11-24 15:41+0100\n" +"POT-Creation-Date: 2004-12-03 18:30+0100\n" "PO-Revision-Date: 2004-11-24 15:43+0100\n" "Last-Translator: Werner Koch \n" "Language-Team: de\n" @@ -100,12 +100,12 @@ msgid "allow clients to mark keys as \"trusted\"" msgstr "erlaube Aufrufern Schlüssel als \"vertrauenswürdig\" zu markieren" #: agent/gpg-agent.c:195 agent/protect-tool.c:134 scd/scdaemon.c:168 -#: sm/gpgsm.c:487 tools/gpgconf.c:85 +#: sm/gpgsm.c:491 tools/gpgconf.c:85 msgid "Please report bugs to <" msgstr "Fehlerberichte bitte an <" #: agent/gpg-agent.c:195 agent/protect-tool.c:134 scd/scdaemon.c:168 -#: sm/gpgsm.c:487 tools/gpgconf.c:85 +#: sm/gpgsm.c:491 tools/gpgconf.c:85 msgid ">.\n" msgstr ">.\n" @@ -121,30 +121,30 @@ msgstr "" "Syntax: gpg-agent [Optionen] [Kommando [Argumente]]\n" "Verwaltung von geheimen Schlüssel für GnuPG\n" -#: agent/gpg-agent.c:271 scd/scdaemon.c:242 sm/gpgsm.c:605 +#: agent/gpg-agent.c:271 scd/scdaemon.c:242 sm/gpgsm.c:609 #, c-format msgid "invalid debug-level `%s' given\n" msgstr "ungültige Debugebene `%s' angegeben\n" #: agent/gpg-agent.c:448 agent/protect-tool.c:1050 kbx/kbxutil.c:431 -#: scd/scdaemon.c:357 sm/gpgsm.c:728 +#: scd/scdaemon.c:357 sm/gpgsm.c:730 #, c-format msgid "libgcrypt is too old (need %s, have %s)\n" msgstr "" "Die Bibliothek \"libgcrypt\" is zu alt (benötigt wird %s, vorhanden ist %s)\n" -#: agent/gpg-agent.c:521 scd/scdaemon.c:437 sm/gpgsm.c:826 +#: agent/gpg-agent.c:521 scd/scdaemon.c:437 sm/gpgsm.c:828 #, c-format msgid "NOTE: no default option file `%s'\n" msgstr "Notiz: Voreingestellte Konfigurationsdatei `%s' fehlt\n" #: agent/gpg-agent.c:526 agent/gpg-agent.c:1000 scd/scdaemon.c:442 -#: sm/gpgsm.c:830 +#: sm/gpgsm.c:832 #, c-format msgid "option file `%s': %s\n" msgstr "Konfigurationsdatei `%s': %s\n" -#: agent/gpg-agent.c:534 scd/scdaemon.c:450 sm/gpgsm.c:837 +#: agent/gpg-agent.c:534 scd/scdaemon.c:450 sm/gpgsm.c:839 #, c-format msgid "reading options from `%s'\n" msgstr "Optionen werden aus `%s' gelesen\n" @@ -163,11 +163,11 @@ msgstr "Verzeichniss `%s' wurde erstellt\n" msgid "no gpg-agent running in this session\n" msgstr "Der gpg-agent läuft nicht für diese Session\n" -#: agent/gpg-agent.c:1257 common/simple-pwquery.c:286 sm/call-agent.c:128 +#: agent/gpg-agent.c:1257 common/simple-pwquery.c:293 sm/call-agent.c:128 msgid "malformed GPG_AGENT_INFO environment variable\n" msgstr "Die Variable GPG_AGENT_INFO ist fehlerhaft\n" -#: agent/gpg-agent.c:1269 common/simple-pwquery.c:298 sm/call-agent.c:140 +#: agent/gpg-agent.c:1269 common/simple-pwquery.c:305 sm/call-agent.c:140 #, c-format msgid "gpg-agent protocol version %d is not supported\n" msgstr "Das gpg-agent Protocol %d wird nicht unterstützt\n" @@ -302,32 +302,32 @@ msgstr "WARNUNG: Unsichere Besitzrechte f msgid "Warning: unsafe permissions on %s \"%s\"\n" msgstr "WARNUNG: Unsichere Zugriffsrechte für %s \"%s\"\n" -#: common/simple-pwquery.c:272 +#: common/simple-pwquery.c:279 msgid "gpg-agent is not available in this session\n" msgstr "Der gpg-agent ist nicht verfügbar\n" -#: common/simple-pwquery.c:320 +#: common/simple-pwquery.c:327 #, c-format msgid "can't connect to `%s': %s\n" msgstr "Verbindung zu `%s' kann nicht aufgebaut werden: %s\n" -#: common/simple-pwquery.c:331 +#: common/simple-pwquery.c:338 msgid "communication problem with gpg-agent\n" msgstr "Kommunikationsproblem mit gpg-agent\n" -#: common/simple-pwquery.c:341 +#: common/simple-pwquery.c:348 msgid "problem setting the gpg-agent options\n" msgstr "Beim setzen der gpg-agent Optionen ist ein problem aufgetreten\n" -#: common/simple-pwquery.c:479 +#: common/simple-pwquery.c:487 msgid "canceled by user\n" msgstr "Vom Benutzer abgebrochen\n" -#: common/simple-pwquery.c:486 +#: common/simple-pwquery.c:494 msgid "problem with the agent\n" msgstr "Problem mit dem Agenten\n" -#: jnlib/logging.c:625 +#: jnlib/logging.c:627 #, c-format msgid "you found a bug ... (%s:%d)\n" msgstr "Sie haben einen Bug (Softwarefehler) gefunden ... (%s:%d)\n" @@ -651,7 +651,7 @@ msgstr "Der Herausgeber wird von einer externen Stelle gesucht\n" msgid "number of issuers matching: %d\n" msgstr "Anzahl der übereinstimmenden Heruasgeber: %d\n" -#: sm/certchain.c:403 sm/certchain.c:562 sm/certchain.c:922 sm/decrypt.c:260 +#: sm/certchain.c:403 sm/certchain.c:562 sm/certchain.c:931 sm/decrypt.c:260 #: sm/encrypt.c:341 sm/sign.c:324 sm/verify.c:106 msgid "failed to allocated keyDB handle\n" msgstr "Ein keyDB Handle konnte nicht bereitgestellt werden\n" @@ -699,43 +699,43 @@ msgstr "Das Zertifikat ist abgelaufen" msgid "selfsigned certificate has a BAD signature" msgstr "Das eigenbeglaubigte Zertifikat hat eine FALSCHE Signatur" -#: sm/certchain.c:675 +#: sm/certchain.c:679 msgid "root certificate is not marked trusted" msgstr "Das Wurzelzertifikat ist nicht als vertrauenswürdig markiert" -#: sm/certchain.c:686 +#: sm/certchain.c:690 #, c-format msgid "fingerprint=%s\n" msgstr "Fingerprint=%s\n" -#: sm/certchain.c:691 +#: sm/certchain.c:695 msgid "root certificate has now been marked as trusted\n" msgstr "Das Wurzelzertifikat wurde nun als vertrauenswürdig markiert\n" -#: sm/certchain.c:706 +#: sm/certchain.c:710 #, c-format msgid "checking the trust list failed: %s\n" msgstr "Fehler beim Prüfen der vertrauenswürdigen Zertifikate: %s\n" -#: sm/certchain.c:732 sm/import.c:166 +#: sm/certchain.c:736 sm/import.c:166 msgid "certificate chain too long\n" msgstr "Der Zertifikatkette ist zu lang\n" -#: sm/certchain.c:744 +#: sm/certchain.c:748 msgid "issuer certificate not found" msgstr "Herausgeberzertifikat nicht gefunden" -#: sm/certchain.c:777 +#: sm/certchain.c:781 msgid "certificate has a BAD signature" msgstr "Das Zertifikat hat eine FALSCHE Signatur" -#: sm/certchain.c:800 +#: sm/certchain.c:809 msgid "found another possible matching CA certificate - trying again" msgstr "" "Eine anderes möglicherweise passendes CA-Zertifikat gefunden - versuche " "nochmal" -#: sm/certchain.c:823 +#: sm/certchain.c:832 #, c-format msgid "certificate chain longer than allowed by CA (%d)" msgstr "Die Zertifikatkette ist länger als von der CA erlaubt (%d)" @@ -1052,11 +1052,11 @@ msgstr "" " --list-keys [Namen] Schlüssel anzeigenn\n" " --fingerprint [Namen] \"Fingerabdrücke\" anzeigen\\n\n" -#: sm/gpgsm.c:490 +#: sm/gpgsm.c:494 msgid "Usage: gpgsm [options] [files] (-h for help)" msgstr "Gebrauch: gpgsm [Optionen] [Dateien] (-h für Hilfe)" -#: sm/gpgsm.c:493 +#: sm/gpgsm.c:497 msgid "" "Syntax: gpgsm [options] [files]\n" "sign, check, encrypt or decrypt using the S/MIME protocol\n" @@ -1065,7 +1065,7 @@ msgstr "" "Gebrauch: gpgsm [Optionen] [Dateien]\n" "Signieren, prüfen, ver- und entschlüsseln mittels S/MIME protocol\n" -#: sm/gpgsm.c:500 +#: sm/gpgsm.c:504 msgid "" "\n" "Supported algorithms:\n" @@ -1073,50 +1073,50 @@ msgstr "" "\n" "Unterstützte Algorithmen:\n" -#: sm/gpgsm.c:576 +#: sm/gpgsm.c:580 msgid "usage: gpgsm [options] " msgstr "Gebrauch: gpgsm [Optionen] " -#: sm/gpgsm.c:642 +#: sm/gpgsm.c:645 msgid "conflicting commands\n" msgstr "Widersprechende Kommandos\n" -#: sm/gpgsm.c:658 +#: sm/gpgsm.c:661 #, c-format msgid "can't encrypt to `%s': %s\n" msgstr "Verschlüsseln für `%s' nicht möglich: %s\n" -#: sm/gpgsm.c:733 +#: sm/gpgsm.c:735 #, c-format msgid "libksba is too old (need %s, have %s)\n" msgstr "Die Bibliothek Libksba is nicht aktuell (benötige %s, habe %s)\n" -#: sm/gpgsm.c:1181 +#: sm/gpgsm.c:1183 msgid "WARNING: program may create a core file!\n" msgstr "WARNUNG: Programm könnte eine core-dump-Datei schreiben!\n" -#: sm/gpgsm.c:1193 +#: sm/gpgsm.c:1195 msgid "WARNING: running with faked system time: " msgstr "WARNUNG: Ausführung mit gefälschter Systemzeit: " -#: sm/gpgsm.c:1219 +#: sm/gpgsm.c:1221 msgid "selected cipher algorithm is invalid\n" msgstr "Das ausgewählte Verschlüsselungsverfahren ist ungültig\n" -#: sm/gpgsm.c:1227 +#: sm/gpgsm.c:1229 msgid "selected digest algorithm is invalid\n" msgstr "Das ausgewählte Hashverfahren ist ungültig\n" -#: sm/gpgsm.c:1257 +#: sm/gpgsm.c:1259 #, c-format msgid "can't sign using `%s': %s\n" msgstr "Signieren mit `%s' nicht möglich: %s\n" -#: sm/gpgsm.c:1423 +#: sm/gpgsm.c:1425 msgid "this command has not yet been implemented\n" msgstr "Diee Kommando wurde noch nicht implementiert\n" -#: sm/gpgsm.c:1646 sm/gpgsm.c:1679 +#: sm/gpgsm.c:1648 sm/gpgsm.c:1681 #, c-format msgid "can't open `%s': %s\n" msgstr "Datei `%s' kann nicht geöffnet werden: %s\n" @@ -1385,10 +1385,6 @@ msgstr "Konfiguration der zu nutzenden LDAP-Server" msgid "Configuration for OCSP" msgstr "Konfiguration zu OCSP" -#, fuzzy -#~ msgid "passphrase (CHV%d) is too short; minimum length is %d\n" -#~ msgstr "Die Passphrase (CHV%d) ist zu kurz; Mindestlänge ist %d\n" - #~ msgid "Usage: sc-investigate [options] (-h for help)\n" #~ msgstr "Gebrauch: sc-investigate [Optionen] (-h für Hilfe)\n" diff --git a/sm/ChangeLog b/sm/ChangeLog index 5f35e4858..930584af3 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,9 @@ +2004-12-02 Werner Koch + + * certchain.c (gpgsm_basic_cert_check): Dump certs with bad + signature for debugging. + (gpgsm_validate_chain): Ditto. + 2004-11-29 Werner Koch * gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and diff --git a/sm/certchain.c b/sm/certchain.c index c51327e0d..f32507f34 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -292,7 +292,7 @@ find_up (KEYDB_HANDLE kh, ksba_cert_t cert, const char *issuer, int find_next) keydb_search_reset (kh); /* In case of an error try the ephemeral DB. We can't do - that in find-netx mode because we can't keep the search + that in find-next mode because we can't keep the search state then. */ if (rc == -1 && !find_next) { @@ -311,7 +311,7 @@ find_up (KEYDB_HANDLE kh, ksba_cert_t cert, const char *issuer, int find_next) signature because it is not the correct one. */ if (rc == -1) { - log_info ("issuer certificate (#"); + log_info ("%sissuer certificate (#", find_next?"next ":""); gpgsm_dump_serial (authidno); log_printf ("/"); gpgsm_dump_string (s); @@ -565,7 +565,7 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, } if (DBG_X509 && !listmode) - gpgsm_dump_cert ("subject", cert); + gpgsm_dump_cert ("target", cert); subject_cert = cert; maxdepth = 50; @@ -659,6 +659,10 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, { do_list (1, lm, fp, _("selfsigned certificate has a BAD signature")); + if (DBG_X509) + { + gpgsm_dump_cert ("self-signing cert", subject_cert); + } rc = gpg_error (depth? GPG_ERR_BAD_CERT_CHAIN : GPG_ERR_BAD_CERT); goto leave; @@ -775,10 +779,15 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, if (rc) { do_list (0, lm, fp, _("certificate has a BAD signature")); + if (DBG_X509) + { + gpgsm_dump_cert ("signing issuer", issuer_cert); + gpgsm_dump_cert ("signed subject", subject_cert); + } if (gpg_err_code (rc) == GPG_ERR_BAD_SIGNATURE) { /* We now try to find other issuer certificates which - might have been used. This is rquired because some + might have been used. This is required because some CAs are reusing the issuer and subject DN for new root certificates. */ rc = find_up (kh, subject_cert, issuer, 1); @@ -940,6 +949,10 @@ gpgsm_basic_cert_check (ksba_cert_t cert) { log_error ("selfsigned certificate has a BAD signature: %s\n", gpg_strerror (rc)); + if (DBG_X509) + { + gpgsm_dump_cert ("self-signing cert", cert); + } rc = gpg_error (GPG_ERR_BAD_CERT); goto leave; }