* configure.ac (NEED_NTBTLS_VERSION): Require at least 0.2.0 so that
we can remove a conditional compilation.
* dirmngr/http.c (struct proxy_info_s): New.
(release_proxy_info): New to keep proxy information in one object.
(send_request): Factor some code out to ...
(get_proxy_for_url): this,
(send_request_basic_checks): this,
(send_request_set_sni): this,
(run_ntbtls_handshake): this,
(run_gnutls_handshake): and this.
--
Note that this also removes some never used code. For example the
NTBTLS handshake has code taken from GNUTLS which was never used due
to the different ways on how the certificates are checked.
The proxy code has been factored out to make to prepare further
authentication methods. The proxy_info_t was introduced for the same
reason.
Tested against gnutls and ntbtls builds. No proxy tests yet done,
because we need more sophisticated tests anyway.
GnuPG-bug-id: 5768
* acinclude.m4 (GNUPG_CHECK_ENDIAN): Use AC_COMPILE_IFELSE instead of
AC_TRY_COMPILE. Use AC_RUN_IFELSE instead of AC_TRY_RUN.
(GNUPG_BUILD_PROGRAM): Use AS_HELP_STRING instead of AC_HELP_STRING.
* configure.ac: Use AC_USE_SYSTEM_EXTENSIONS instead of AC_GNU_SOURCE.
Use AS_HELP_STRING instead of AC_HELP_STRING.
(AC_ISC_POSIX): Replace by AC_SEARCH_LIBS.
(AC_TYPE_SIGNAL): Remove.
* m4/isc-posix.m4: Remove.
* m4/codeset.m4: Update from gnulib.
* m4/gettext.m4: Update from gnulib.
* m4/lcmessage.m4: Update from gnulib.
* m4/socklen.m4: Update from gnulib.
* m4/ldap.m4: Use AS_HELP_STRING instead of AC_HELP_STRING.
Use AC_LINK_IFELSE instead of AC_TRY_LINK.
Use AC_RUN_IFELSE instead of AC_TRY_RUN.
* m4/gpg-error.m4: Update from libgpg-error.
* m4/readline.m4: Update from libgpg-error.
* m4/npth.m4: Update from npth.
* m4/libassuan.m4: Update from libassuan.
* m4/libgcrypt.m4: Update from libgcrypt.
* m4/ksba.m4: Update from libksba.
* m4/ntbtls.m4: Update from ntbtls.
* common/signal.c [!HAVE_DOSISH_SYSTEM] (init_one_signal): Replace
RETSIGTYPE to void.
[!HAVE_DOSISH_SYSTEM] (got_fatal_signal, got_usr_signal): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d66fb3aa53a6c4a815fe35a15e3c61886c5df628)
Still a lot of warnings. Need to cherry pick more stuff.
--
This also includes a speedo update for the Scute based authenticode
thing which has been manually added to speedo.mk at the end of the
release process of 2.2.35.
--
Note that for this LTS version we now print g10 Code as the first
copyright holder with --version. This is to avoid confusion at our
customers, now that we also provide a Linux^WGNU/Linux version of
GnuPG VS-Desktop and the Windows version has always shown g10 Code.
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.
* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.
* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--
Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore. Thus it is better to change them.
For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.
For http based access the Dutch Surfnet keyserver is used. However
due to a non-standard TLS certificate this server can not easily be
made the default for https.
Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.
* configure.ac (GPGRT_ENABLE_ARGPARSE_MACROS): Define.
* common/argparse.c, common/argparse.h: Rewrite.
* tests/gpgscm/main.c: Switch to the new option parser.
* g10/gpg.c: Switch to the new option parser and enable a global conf
file.
* g10/gpgv.c: Ditto.
* agent/gpg-agent.c: Ditto.
* agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c: Ditto.
* scd/scdaemon.c: Ditto.
* dirmngr/dirmngr.c: Ditto.
* dirmngr/dirmngr_ldap.c: Ditto
* dirmngr/dirmngr-client.c: Ditto.
* kbx/kbxutil.c: Ditto.
* tools/gpg-card.c: Ditto.
* tools/gpg-check-pattern.c: Ditto.
* tools/gpg-connect-agent.c: Ditto.
* tools/gpg-pair-tool.c: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpgconf.c: Ditto.
* tools/gpgsplit.c: Ditto.
* tools/gpgtar.c: Ditto.
* g13/g13.c: Ditto.
* g13/g13-syshelp.c: Ditto. Do not force verbose mode.
* sm/gpgsm.c: Ditto. Add option --no-options.
--
This is backport from master
commit cdbe10b762f38449b86da69076209324b0c99982
commit ba463128ce65a0f347643f7246a8e097c5be19f1
commit 3bc004decd289810bc1b6ad6fb8f47e45c770ce6
commit 2c823bd878fcdbcc4f6c34993e1d0539d9a6b237
commit 0e8f6e2aa98c212442001036fb5178cd6cd8af59
but without changing all functions names to gpgrt. Instead we use
wrapper functions which, when building against old Libgpg-error
versions, are implemented in argparse.c using code from the current
libgpg-error. This allows to keep the dependency requirement at
libgpg-error 1.27 to support older distributions. Tested builds
against 1.27 and 1.40-beta.
Note that g13-syshelp does not anymore default to --verbose because
that can now be enabled in /etc/gnupg/g13-syshelp.conf.
GnuPG-bug-id: 4788
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (NEED_KSBA_VERSION): Set to 1.3.5.
--
Minor update to make sure that important fixes are used. That version
was release in 2016 and thus before the new requirement for Libgcrypt
1.8.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.27
* common/util.h: Remove compatibility macros.
--
This is just a minor change to align with the need for Libgcrypt 1.8.
The latter was first released in summer 2017 while Libgpg-error 1.27
was released earlier in spring that year.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.8.
* tools/gpgconf.c (show_version_libgcrypt): Remove conditional case
for Libgcrypt < 1.8.
* common/compliance.c (gnupg_rng_is_compliant): Ditto.
* agent/pksign.c: Ditto.
* agent/gpg-agent.c (thread_init_once): Ditto.
(agent_libgcrypt_progress_cb): Ditto.
* agent/command.c (cmd_getinfo): Ditto.
--
Libgcrypt 1.7 reached end-of-life more than a year ago. Thus there is
no reason to keep backward support for it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Require libgpg-error 1.25.
* common/util.h: Define some extra error codes.
--
This actually defines a few more error ocdes in case they are used by
backported code. The requirement chnaged to 1.25 because erro codes
from there are also required.
GnuPG-bug-id: 4965
Signed-off-by: Werner Koch <wk@gnupg.org>