we can try a modify operation first, and fail over to an add if that
fails. Add cannot cope with the NULLs at the head of the modify request,
so we jump into the list in the middle.
connection to the NAI keyserver since we cannot tell if it is a NAI
keyserver until we connect. Fail if we cannot find a base keyspace DN.
Fix a false success message for TLS being enabled.
(min_automake_version): New.
* LINGUAS: Added all languages we supported in 1.2.5.
Copied all po files from 1.2.5.
* autogen.sh: Updated to the modern version, grepping the required
tool versions from configure.ac.
attributes. This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.
functionality added. Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID. Properly build the timestamp for pgpKeyCreateTime and
pgpKeyExpireTime.
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field. Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New. Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.
* Makefile.am: Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.
gpgkeys_ldap when needed.
* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP
keyserver.
something other than GnuPG is calling the program). (main): Avoid possible
pre-string write. Noted by Christian Biere.
* gpgkeys_ldap.c (main): Avoid possible pre-string write.
passes the proxy in from the outside. If the command file sends a proxy,
use it. If it sends "http-proxy" with no arguments, use $http_proxy from
the environment.
Also include extern references for optarg and optind since there is no
guarantee that any header file will include them. Standards? We don't
need no stinkin' standards
* Makefile.am: Use @GETOPT@ to pull in libiberty on those platforms that
need it.
armored key. (main): Accept "try-dns-srv" option.
* Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities. Use @SRVLIBS@ to link in the resolver if we are using DNS
SRV.
get_key, search_key): The LDAP keyserver doesn't remove duplicates, so
remove them locally. Do not include the key modification time in the
search response.
each item. (main): Call fail_all from here, as needed. Also add a
NO_MEMORY error in an appropriate place and fix error return code.
(ldap_err_to_gpg_err): Add KEYSERVER_UNREACHABLE.
* gpgkeys_hkp.c (fail_all): New function to unwind a keylist and error
each item. (main): Call fail_all from here. Also add a NO_MEMORY error in
an appropriate place. (get_key): Use new UNREACHABLE error for network
errors.
people can set their own email address to respond to.
* gpgkeys_hkp.c (get_key): Properly respond with KEY FAILED (to gpg) and
"key not found" (to user) on failure.