* gpg-agent.c: New option --write-env-file.
* gpg-agent.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
* scdaemon.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
(handle_connections): Include the file descriptor into the name of
the thread.
* acinclude.m4: Ditto.
* scdaemon.texi: Removed OpenSC specific options.
* app-p15.c: New. Basic support for pkcs15 cards without OpenSC.
There are quite a couple of things missing but at least I can use
my old TCOS cards from the Aegypten-1 development for signing.
* app.c (select_application): Detect pkcs15 applications.
* Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h
and card-p15.c because they are now obsolete. Added app-p15.c.
Removed all OpenSC stuff.
* command.c (do_reset, open_card, cmd_serialno, cmd_learn)
(cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed
all special cases for the old card.c based mechanisms.
* scdaemon.c, apdu.c: Removed all special cases for OpenSC.
* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.
* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates. This is required because on signature
verification an expired key is fine whereas a revoked one is not.
* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
sm/
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
this filter. Changed all callers.
* certchain.c (find_up_search_by_keyid): New helper.
(find_up): Also try using the AKI.keyIdentifier.
(find_up_external): Ditto.
* configure.ac: Check for /usr/bin/shred and define SHRED.
tools/
2005-04-15 Marcus Brinkmann <marcus@g10code.de>
* symcryptrun.c (remove_file): New function.
(confucius_copy_file): Accept new argument PLAIN and shred the
file if it is set on error.
directories default to c:/gnupg. Require libassuan 0.6.9.
* gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
the pth_init kludge.
(main): Add new options --[no-]use-standard-socket.
(check_for_running_agent): Check whether it is running on the
standard socket.
* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.
* call-agent.c (start_agent): Before starting a pipe server start
to connect to a server on the standard socket. Use PATHSEP
* call-dirmngr.c (start_dirmngr): Use PATHSEP.
* import.c: Include unistd.h for dup and close.
* w32-pth.c, w32-pth.h: New.
* Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because
under W32 we need the w32 pth code from jnlib.
* misc.c (setup_pinentry_env) [W32]: Disabled.
--with-validation is set.
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
messages.
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
PKALGO. Changed all callers to pass it.
(pk_algo_from_sexp): New.
tests/pkits: New directory
stable version 0.1.x.
* scdaemon.texi (Card applications): New section.
* scdaemon.c (main): New option --disable-application.
* app.c (is_app_allowed): New.
(select_application): Use it to check for disabled applications.
* ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New.
* ccid-driver.c (ccid_open_reader): Support the stable 0.1 version
of libusb.
(ccid_get_atr): Handle short messages.
* apdu.c (my_rapdu_get_status): Implemented.
* Makefile.am: Make OpenSC lib link after libgcrypt. Do not link
to pth.
* apdu.c: Don't use Pth if we use OpenSC.
* sc-investigate.c, scdaemon.c: Disable use of pth if OpenSC is used.
* scdaemon.c (main): Bumbed thread stack size up to 512k.
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.
* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.
* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA. We use shared error codes anyway.
* export.c (export_p12): Removed debugging code.
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
Introduce PACKAGE_GT and set it to gnupg2.
* gpg-agent.c (main): Use new libgcrypt thread library register
scheme.
* Makevars (DOMAIN): Init from PACKAGE_GT
* g10.c: New options --gpgconf-list, --debug-level and --log-file
(set_debug): Add arg DEBUG_LEVEL.
(main): Look at less and less version specific config files. From
gnupg 1.3.
* configure.ac: Removed the need for g10defs.h. Reworked the
--with-foo-pgm stuff.
* autogen.sh (check_version): Removed bashism and simplified.
* acinclude.m4 (AM_PATH_OPENSC): Kludge to avoid error output for
a bad opensc-config.
* sign.c (add_certificate_list): Decrement N for the first cert.
* Makefile.am (sbin_SCRIPTS): New, to install addgnupghome.
(EXTRA_DIST): Added rfc822parse.c rfc822parse.h gpgparsemail.c
which might be useful for debugging.