protocols we handle. Directly pass them to curl or fake-curl and see if
an error comes back.
* curl-shim.h, curl-shim.c (handle_error), ksutil.c (curl_err_to_gpg_err):
Add support for CURLE_UNSUPPORTED_PROTOCOL in fake curl.
* Makefile.am: Don't need -DFAKE_CURL any longer since it's in config.h.
stays up to date.
* gpgkeys_http.c: Don't need to define HTTP_PROXY_ENV here since it's
in ksutil.h.
* gpgkeys_curl.c (get_key, main), gpgkeys_hkp.c (main): Pass AUTH
values to curl or curl-shim.
* curl-shim.c (curl_easy_perform), gpgkeys_curl.c (main),
gpgkeys_hkp.c (main): Use curl-style proxy semantics.
arguments, try to get the proxy from the environment.
* ksutil.h, ksutil.c (curl_err_to_gpg_err, curl_writer): Copy from
gpgkeys_curl.c.
* gpgkeys_oldhkp.c: Copy from gpgkeys_hkp.c.
gpgkeys_ldap.c. Print a string, but strip out any CRs.
* gpgkeys_finger.c (get_key), gpgkeys_hkp.c (get_key), gpgkeys_http.c
(get_key): Use it here when outputting key material to canonicalize
line endings.
canonicalize line endings.
* gpgkeys_curl.c (writer): Discard everything outside the BEGIN and
END lines when retrieving keys. Canonicalize line endings. (main):
Accept FTPS.
certificate checking (which is on by default).
* gpgkeys_curl.c (main): Add "debug" option to match the LDAP helper.
Add "check-cert" option to disable SSL certificate checking (which is
on by default).
transfer protocols. Allow setting HTTP proxy via "http-proxy=foo" option
(there is natural support in libcurl for the http_proxy environment
variable).
* Makefile.am: Remove the conditional since this is all handled in
autoconf now.
numeric value for the maximum number of redirects to allow. Defaults to
5.
* gpgkeys_curl.c (main), gpgkeys_finger.c (main), gpgkeys_hkp.c (main),
gpgkeys_http.c (main), gpgkeys_ldap.c (main): Make sure that a "timeout"
option passed with no arguments is properly handled.
gpgkeys_finger.c (main): Call timeout functions before performing an
action that could block for a long time.
* ksutil.h, ksutil.c: New. Right now just contains timeout functions.
full DN rather than LDAP_SCOPE_ONELEVEL plus a filter to find the
pgpServerInfo object. Some LDAP setups don't like the search. (main):
Stop binding to the server since it seems no server really requires it,
and some require it not be there.
with OpenLDAP, but it's practically vital to debug SSL and TLS setups.
Add "basedn" option. This allows users to override the autodetection for
base DN. SSL overrides TLS, so TLS will not be started on SSL connections
(starting an already started car).
we can try a modify operation first, and fail over to an add if that
fails. Add cannot cope with the NULLs at the head of the modify request,
so we jump into the list in the middle.
connection to the NAI keyserver since we cannot tell if it is a NAI
keyserver until we connect. Fail if we cannot find a base keyspace DN.
Fix a false success message for TLS being enabled.
(min_automake_version): New.
* LINGUAS: Added all languages we supported in 1.2.5.
Copied all po files from 1.2.5.
* autogen.sh: Updated to the modern version, grepping the required
tool versions from configure.ac.
attributes. This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.
functionality added. Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID. Properly build the timestamp for pgpKeyCreateTime and
pgpKeyExpireTime.
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field. Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New. Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.
* Makefile.am: Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.
gpgkeys_ldap when needed.
* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP
keyserver.
something other than GnuPG is calling the program). (main): Avoid possible
pre-string write. Noted by Christian Biere.
* gpgkeys_ldap.c (main): Avoid possible pre-string write.
passes the proxy in from the outside. If the command file sends a proxy,
use it. If it sends "http-proxy" with no arguments, use $http_proxy from
the environment.
Also include extern references for optarg and optind since there is no
guarantee that any header file will include them. Standards? We don't
need no stinkin' standards
* Makefile.am: Use @GETOPT@ to pull in libiberty on those platforms that
need it.
armored key. (main): Accept "try-dns-srv" option.
* Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities. Use @SRVLIBS@ to link in the resolver if we are using DNS
SRV.