* configure.ac (TEST_LIBTSS): Fix the condition with SWTPM.
* tests/tpm2dtests/start_sw_tpm.sh: Use --daemon and --pid
to run SWTPM.
--
Cherry-picked from master commit of:
98dd6f7af6aa3dcce19f20c22e3f825676e6b184
GnuPG-bug-id: 6052
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac (TPMSERVER): Don't supply hard-coded path.
(SWTPM, SWTPM_IOCTL, TSSSTARTUP): Likewise.
--
Cherry-picked from master commit of:
f2ca727978da5b1ed84f97bf37d604e8a4e60091
Having hard-coded path has bad side effect; It may not be detected
even if it's available with PATH.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac (TEST_LIBTSS): Fix the condition with SWTPM.
* tests/tpm2dtests/start_sw_tpm.sh: Use --daemon and --pid
to run SWTPM.
--
GnuPG-bug-id: 6052
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac (TPMSERVER): Don't supply hard-coded path.
(SWTPM, SWTPM_IOCTL, TSSSTARTUP): Likewise.
--
Having hard-coded path has bad side effect; It may not be detected
even if it's available with PATH.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* dirmngr/http.c: Remove gnutls version specific code.
(send_request): Factor some code out to ...
(run_proxy_connect): new.
(mk_proxy_request): new.
(mk_std_request): new.
* configure.ac (NEED_GNUTLS_VERSION): Require 3.2.
--
This patch is to factor out some code and also to remove support for
legacy gnutls versions. Note that gnutls 3.2 was released 10 years
ago.
* configure.ac (NEED_NTBTLS_VERSION): Require at least 0.2.0 so that
we can remove a conditional compilation.
* dirmngr/http.c (struct proxy_info_s): New.
(release_proxy_info): New to keep proxy information in one object.
(send_request): Factor some code out to ...
(get_proxy_for_url): this,
(send_request_basic_checks): this,
(send_request_set_sni): this,
(run_ntbtls_handshake): this,
(run_gnutls_handshake): and this.
--
Note that this also removes some never used code. For example the
NTBTLS handshake has code taken from GNUTLS which was never used due
to the different ways on how the certificates are checked.
The proxy code has been factored out to make to prepare further
authentication methods. The proxy_info_t was introduced for the same
reason.
Tested against gnutls and ntbtls builds. No proxy tests yet done,
because we need more sophisticated tests anyway.
GnuPG-bug-id: 5768
* configure.ac (NEED_LIBASSUAN_API): Require the API version 3.0.
(NEED_LIBASSUAN_VERSION): Require 3.0.0 or later.
--
GnuPG-bug-id: 6606
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac (DIRMNGR_DEFAULT_KEYSERVER): Change to
keyserver.ubuntu.com.
* dirmngr/certcache.c (cert_cache_init): Disable default pool cert.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Ditto.
* dirmngr/http.c (http_session_new): Ditto.
* dirmngr/server.c (make_keyserver_item): Use a different mapping for
the gnupg.net names.
--
Due to the unfortunate shutdown of the keyserver pool, the long term
defaults won't work anymore. Thus it is better to change them.
For https access keyserver.ubuntu.com is now used because it can be
expected that this server can stand the load from newer gnupg LTS
versions.
For http based access the Dutch Surfnet keyserver is used. However
due to a non-standard TLS certificate this server can not easily be
made the default for https.
Note: that the default server will be changed again as soon as a new
connected keyserver infrastructure has been established.
(cherry picked from commit 47c4e3e00a7ef55f954c14b3c237496e54a853c1)
* configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h.
* dirmngr/ks-engine-ldap.c: Remove including getopt.h.
* tools/make-dns-cert.c: Likewise.
--
Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h
is only needed for getopt_long of GNU extention.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* configure.ac: New option --with-tss to force the use of a
specific TSS library.
--
While most systems will probably have only one of the two TPM
libraries that we support (the IBM TSS or the Intel TSS), it
would still be helpful to allow which one to use in the event
that both are detected, instead of always using the IBM one.
This patch does that by adding a --with-tss=TSS configure-time
option, where TSS can be "ibm", "intel", or "autodetect". The
default value is "autodetect", which triggers the original
behavior (i.e. try to detect both libraries, and prefer the IBM
one if both are found).
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* configure.ac (min_automake_version): Bump to 1.16.3
--
This version has the now needed support for
- new variable AM_DISTCHECK_DVI_TARGET, to allow overriding the
"make dvi" that is done as part of distcheck.
* configure.ac (TEST_LIBTSS): Make that conditional depend on the
detection of tssstartup.
--
While the tpm2d daemon can use either the Intel TSS or the IBM TSS,
the test code (specifically, the start_sw_tpm.sh script) requires
some tools from the IBM TSS (tssstartup and tsspowerup).
If a software TPM is detected at configure time but the IBM TSS
tools are absent (e.g. because only the Intel TSS is available on
the system), `make check` will attempt to run the tpm2d tests and
those will fail when the start_sw_tpm.sh script is launched.
This patch makes running the tpm2d tests dependent not only on
the detection of a software TPM, but also on the detection of
tssstartup (it is probably safe to assume that if tssstartup is
present, then tsspowerup is available as well).
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* configure.ac: Check for Intel TSS.
* tpm2d/intel-tss.h: New.
* tpm2d/tpm2.h (HAVE_INTEL_TSS): Use the Intel code.
--
The Intel TSS is somewhat of a moving target, so this wraps support
for this TSS into tpm2daemon. Unfortunately this wrapper uses some
APIs that are only present in a relatively recent Intel TSS, so it
looks like it will only work with version 2.4.0 or higher.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
- Add header blurb; see previous patch.
- Add new file to the Makefile
Signed-off-by: Werner Koch <wk@gnupg.org>