doc/
* com-certs.pem: Added the current root certifcates of D-Trust and
S-Trust.
g10/
* status.c (write_status_begin_signing): New.
* sign.c (sign_file, sign_symencrypt_file): Call it.
* textfilter.c (copy_clearsig_text): Call it.
* call-agent.c (agent_scd_pksign): Pass --hash-rmd160 to SCD if
required.
* gpg.c (main): Let --no-use-agent and --gpg-agent-info print a
warning.
* misc.c (obsolete_option): New.
* protect-tool.c (get_passphrase): New arg OPT_CHECK.
(get_new_passphrase): Enable OTP_CHECK on the first call.
* command.c (cmd_get_passphrase): Implement option --check.
* gpg-agent.c (MIN_PASSPHRASE_LEN): New
(parse_rereadable_options): New option --min-passphrase-len.
* genkey.c (check_passphrase_constraints): New.
(agent_genkey, agent_protect_and_store): Call new function. Fix
memory leak.
* call-pinentry.c (agent_askpin): Allow translation of the displayed
error message.
(agent_popup_message_start): Remove arg CANCEL_BTN.
(popup_message_thread): Use --one-button option.
* command.c (cmd_passwd): Now that we don't distinguish between
assuan and regular error codes we can jump to the end on error.
common/
* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.
* gpg-agent.c: New option --write-env-file.
* gpg-agent.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
* estream.c: Use HAVE_CONFIG_H and not USE_CONFIG_H!
(es_func_fd_read, es_func_fd_write): Protect against EINTR.
* gpg-agent.texi (Agent UPDATESTARTUPTTY): New.
* scdaemon.c (handle_connections): Make sure that the signals we
are handling are not blocked.Block signals while creating new
threads.
(handle_connections): Include the file descriptor into the name of
the thread.
(agent_scd_check_aliveness): New.
* gpg-agent.c (handle_tick): Test for an alive scdaemon.
(handle_signal): Print thread info on SIGUSR1.
* scdaemon.c (handle_signal): Print thread info on SIGUSR1.
* acinclude.m4: Ditto.
* scdaemon.texi: Removed OpenSC specific options.
* app-p15.c: New. Basic support for pkcs15 cards without OpenSC.
There are quite a couple of things missing but at least I can use
my old TCOS cards from the Aegypten-1 development for signing.
* app.c (select_application): Detect pkcs15 applications.
* Makefile.am (scdaemon_SOURCES): Removed card.c, card-common.h
and card-p15.c because they are now obsolete. Added app-p15.c.
Removed all OpenSC stuff.
* command.c (do_reset, open_card, cmd_serialno, cmd_learn)
(cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkdecrypt): Removed
all special cases for the old card.c based mechanisms.
* scdaemon.c, apdu.c: Removed all special cases for OpenSC.
sm/
* call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
* certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
this filter. Changed all callers.
* certchain.c (find_up_search_by_keyid): New helper.
(find_up): Also try using the AKI.keyIdentifier.
(find_up_external): Ditto.
directories default to c:/gnupg. Require libassuan 0.6.9.
* gpg-agent.c (main) [W32]: Now that Mutexes work we can remove
the pth_init kludge.
(main): Add new options --[no-]use-standard-socket.
(check_for_running_agent): Check whether it is running on the
standard socket.
* sysutils.h [W32]: Define sleep.
* util.h: Add prototype for mkdtemp.
* call-agent.c (start_agent): Before starting a pipe server start
to connect to a server on the standard socket. Use PATHSEP
* call-dirmngr.c (start_dirmngr): Use PATHSEP.
* import.c: Include unistd.h for dup and close.
* kbxutil.c (i18n_init): Always use LC_ALL.
* gpgsm.c (i18n_init): Always use LC_ALL.
* certdump.c (gpgsm_format_name): Factored code out to ..
(gpgsm_format_name2): .. new.
(gpgsm_print_name): Factored code out to ..
(gpgsm_print_name2): .. new.
(print_dn_part): New arg TRANSLATE. Changed all callers.
(print_dn_parts): Ditto.
(gpgsm_format_keydesc): Do not translate the SUBJECT; we require
it to stay UTF-8 but we still want to filter out bad control
characters.
* gpgconf.c (i18n_init): Always use LC_ALL.
(main): The default action is now to check for an already running
agent.
(parse_rereadable_options): Set logfile only on reread.
(main): Do not print the "is development version" note.
--with-validation is set.
* certchain.c (gpgsm_basic_cert_check): Print more detailed error
messages.
* certcheck.c (do_encode_md): Partly support DSA. Add new arg
PKALGO. Changed all callers to pass it.
(pk_algo_from_sexp): New.
tests/pkits: New directory
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.
* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.
* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA. We use shared error codes anyway.
* export.c (export_p12): Removed debugging code.
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
* app-help.c (app_help_read_length_of_cert): Fixed calculation of
R_CERTOFF.
* pcsc-wrapper.c: New.
* Makefile.am (pkglib_PROGRAMS): Install it here.
* apdu.c (writen, readn): New.
(open_pcsc_reader, pcsc_send_apdu, close_pcsc_reader): Use the
pcsc-wrapper if we are using Pth.
(apdu_send_le): Reinitialize RESULTLEN. Handle SW_EOF_REACHED
like SW_SUCCESS.
Introduce PACKAGE_GT and set it to gnupg2.
* gpg-agent.c (main): Use new libgcrypt thread library register
scheme.
* Makevars (DOMAIN): Init from PACKAGE_GT
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build. Detect a keygrip and construct the filename in that
case. Unprotcet a key if needed. Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.
* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.
* simple-pwquery.c (agent_open): Don't mangle INFOSTR.
* export.c (export_p12, popen_protect_tool)
(gpgsm_p12_export): New.
* gpgsm.c (main): New command --export-secret-key-p12.
* configure.ac: Removed the need for g10defs.h. Reworked the
--with-foo-pgm stuff.
* autogen.sh (check_version): Removed bashism and simplified.
* acinclude.m4 (AM_PATH_OPENSC): Kludge to avoid error output for
a bad opensc-config.
* sign.c (add_certificate_list): Decrement N for the first cert.
* Makefile.am (sbin_SCRIPTS): New, to install addgnupghome.
(EXTRA_DIST): Added rfc822parse.c rfc822parse.h gpgparsemail.c
which might be useful for debugging.
(cmd_encrypt): Add all enrypt-to marked certs to the list.
* encrypt.c (gpgsm_encrypt): Check that real recipients are
available.
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
options work. Pass the list of recients to gpgsm_server.
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
(opt): Add NO_ENCRYPT_TO.
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
Changed all callers and ignore duplicate entries.
(is_cert_in_certlist): New.
(gpgsm_add_cert_to_certlist): New.
structure, so that it can indeed be updated.
* card-util.c (fpr_is_zero): New.
(generate_card_keys): New.
(card_edit): New command "generate".
* keygen.c (generate_keypair): New arg CARD_SERIALNO, removed call
to check_smartcard.
(check_smartcard,show_smartcard): Removed.
(show_sha1_fpr,fpr_is_zero): Removed.
* app-openpgp.c (do_getattr): Support SERIALNO and AID.
* misc.c (openpgp_pk_algo_usage): Allow AUTH where SIGN is allowed.
* keygen.c (ask_passphrase): No need to allocated S2K in secure
memory.
* scdaemon.c (main): --pcsc-driver again defaults to pcsclite.
David Corcoran was so kind to remove the GPL incompatible
advertisng clause from pcsclite.
* apdu.c (apdu_open_reader): Actually make pcsc-driver option work.
* scdaemon.c, scdaemon.h: New option --disable-opensc.
* card.c (card_open): Implement it.
* apdu.c (open_osc_reader, osc_send_apdu): New.
(apdu_open_reader) [HAVE_OPENSC]: Use the opensc driver if not
disabled.
(error_string) [HAVE_OPENSC]: Use sc_strerror.
(send_apdu) [HAVE_OPENSC]: Call osc_apdu_send.
(ALL_LINGUAS): Removed all except for de. During development it
might not be a good idea to keep all of them - they get outdated
too soon and diff files will be far too large.
* NEWS: Bring in cosmetic changes from stable branch.
* configure.ac: Figure out whether the LDAP library supports
ldap_get_option, ld_errno, or neither.
2002-09-14 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try linking LDAP without -lresolv first, just in
case the platform has libresolv, but doesn't actually need it to
use LDAP.
2002-09-12 David Shaw <dshaw@jabberwocky.com>
* NEWS: Note that the old IDEA plugin won't work with post-1.1.90
gpg.