* configure.ac (USE_LDAPWRAPPER): Remove ac_define and conditional.
* dirmngr/Makefile.am: Remove USE_LDAPWRAPPER and considere true.
* dirmngr/ldap-wrapper-ce.c: Remove.
* dirmngr/ldap-wrapper.c: Remove USE_LDAPWRAPPER stuff. Minor chnages
to debug output.
* dirmngr/dirmngr_ldap.c: Remove USE_LDAPWRAPPER stuff. Remove
my_ldap macros.
(fetch_ldap) [W32]: Use ldap_sslinit.
--
Note that the ldap_sslinit stuff for Windows has not been tested.
This patch removes the whole wrapper-but-linked business because we do
not need it anymore. WindowsCE for which we used it is pretty dead.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap-wrapper.c (wrapper_list): Rename to reaper_list.
(ldap_reaper_thread): Protect all list modification with a mutex. Use
a condition var to wake up the reaper thread.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap-wrapper.c: Revamp module to make use of es_poll for
portability.
* configure.ac: Always use the ldap wrapper.
--
Since the migration from GNU Pth to nPth the ldap wrapper never worked
reliable on Windows. Our long term use of the old Window CE wrapper
thing didn't fixed this either. The new code uses the portable
es_poll function and thus code which is tested at several other
places. It Should(tm) fix the Windows issues.
GnuPG-bug-id: 3937
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.c (main): Avoid calling ldap_wrapper_launch_thread()
Before we need it.
* dirmngr/ldap-wrapper.c (ldap_wrapper): Call
ldap_wrapper_launch_thread() just in time (before any attempt to use
an ldap subprocess).
--
A dirmngr process that never looks anything up in LDAP has no need for
a reaper thread, but one was started automatically. This thread wakes
up every two seconds to look for ldap processes that might never have
been running. We won't start more than one reaper thread for any
given dirmngr due to the static int "done" in
ldap_wrapper_launch_thread(), so it's safe to call this every time
there is a use of ldap_wrapper.
If someone wants to do further dirmngr optimizations for ldap users,
the reaper thread itself could use dynamically-calculated timeouts
(and probably needs to be alerted dynamically when a new ldap
subprocess is available so it can re-calculate those timeouts).
Note: It's not clear to me how to test ldap access effectively; i know
of no public ldap services that i can verify against, and i do not run
my own ldap servers. If someone has a publicly-available ldap server
that developers can run tests against, i would be happy to hear about
it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Do not close the
stdout reader after EOF from read_log_data.
* dirmngr/crlcache.c (crl_cache_reload_crl): Close the reader before
the next iteration.
--
I assumed that the log_fd also has a reader object but that reader
object is used for stdout and needs to be closed by the consumer.
The real bug with the non-released ldap_wrapper control objects was
that when looping over distribution points we did not closed the used
reader object before the next iteration. Now, the test case had more
than one DP and thus we lost one reader object.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/ldap-wrapper.c (ldap_wrapper_thread): Move nfds computation
into the loop. Check the queue also on timeout. Close log_fd and
reader context on EOF or error.
--
The major bug here was that on an EOF of the log fd the log fd was not
closed and thus the final queue item removal could not work. Checking
the queue on a timeout is not really necessary but it help in case
there is a race condition lingering.
GnuPG-bug-id: 1838, 1978
Signed-off-by: Werner Koch <wk@gnupg.org>
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
Similar to gpg-agent, dirmngr's wait timeouts are now synced to the
full second. Increased ldap helper thread timeout to 2 seconds.
Nuked some white spaces.
