2004-02-22 David Shaw * gpgkeys_ldap.c (delete_one_attr): New function to replace attributes with NULL (a "delete" that works even for nonexistant attributes). (send_key): Use it here to remove attributes so a modify operation starts with a clean playing field. Bias sends to modify before add, since (I suspect) people update their existing keys more often than they make and send new keys to the server. 2004-02-21 David Shaw * gpgkeys_ldap.c (epoch2ldaptime): New. Converse of ldap2epochtime. (make_one_attr): New. Build a modification list in memory to send to the LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg. (free_mod_values): New. Unwinds a modification list. (send_key_keyserver): Renamed from old send_key(). (send_key): New function to send a key to a LDAP server. (main): Use send_key() for real LDAP servers, send_key_keyserver() otherwise. 2004-02-20 David Shaw * gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv. (search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever the server did give us. (find_basekeyspacedn): There is no guarantee that namingContexts will be readable. * Makefile.am: Link gpgkeys_ldap with libutil.a to get the replacement functions (and eventually translations, etc). 2004-02-19 David Shaw * gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do not correct for timezones. (main): Find the basekeyspacedn before we try to start TLS, so we can give a better error message when a user tries to use TLS with a LDAP keyserver. * Makefile.am: Add automake conditionals to symlink gpgkeys_ldaps to gpgkeys_ldap when needed. * gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections. These are only useful and usable when talking to real LDAP keyservers. Add new "tls" option to tune TLS use from off, to try quietly, to try loudly, or to require TLS. * gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what kind of LDAP server we're talking to (either real LDAP or the LDAP keyserver), and return the baseKeySpaceDN to find keys under. (main): Call it from here, and remove the old code that only handled the LDAP keyserver. 2004-02-18 David Shaw * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER is defined before we use it. * gpgkeys_mailto.in: Fix VERSION number. 2004-01-13 Werner Koch * gpgkeys_hkp.c (send_key): Add a content type. 2004-01-11 David Shaw * gpgkeys_hkp.c (search_key): Catch a mangled input file (useful if something other than GnuPG is calling the program). (main): Avoid possible pre-string write. Noted by Christian Biere. * gpgkeys_ldap.c (main): Avoid possible pre-string write. 2003-12-28 David Shaw * gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code that passes the proxy in from the outside. If the command file sends a proxy, use it. If it sends "http-proxy" with no arguments, use $http_proxy from the environment. Suggested by Christian Biere. 2003-12-28 Stefan Bellon * gpgkeys_hkp.c, gpgkeys_ldap.c [__riscos__]: Removal of unnecessary #ifdef __riscos__ sections. 2003-11-27 Werner Koch * gpgkeys_hkp.c (get_key): Fixed invalid use of fprintf without format string. 2003-10-25 Werner Koch * Makefile.am (gpgkeys_hkp_LDADD): Replaced INTLLIBS by LIBINTL. 2003-07-10 David Shaw * Makefile.am: Use W32LIBS where appropriate. 2003-05-30 David Shaw * gpgkeys_hkp.c, gpgkeys_ldap.c: #include if it is available. Also include extern references for optarg and optind since there is no guarantee that any header file will include them. Standards? We don't need no stinkin' standards. * Makefile.am: Use @GETOPT@ to pull in libiberty on those platforms that need it. 2003-04-08 David Shaw * gpgkeys_hkp.c (dehtmlize, parse_hkp_index): Fix memory corruption bug on some platforms. 2003-03-11 David Shaw * gpgkeys_hkp.c (get_key): Properly handle CRLF line endings in the armored key. (main): Accept "try-dns-srv" option. * Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using capabilities. Use @SRVLIBS@ to link in the resolver if we are using DNS SRV. 2003-02-11 David Shaw * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ so it can be easily overridden at make time. 2003-01-29 David Shaw * gpgkeys_mailto.in: Fix regexp to work properly if the "keyid" is not a keyid, but rather a text string from the user ID. 2003-01-06 David Shaw * gpgkeys_hkp.c (get_key): Use options=mr when getting a key so keyserver doesn't attach the HTML header which we will just have to discard. 2002-11-17 David Shaw * gpgkeys_ldap.c (main), gpgkeys_hkp.c (main): Use new keyserver protocol version. 2002-11-14 David Shaw * gpgkeys_ldap.c (get_key): The deduping code requires "pgpcertid", but that was not available when running without verbose on. Noted by Stefan. 2002-11-10 David Shaw * gpgkeys_ldap.c (get_key): Fix typo in deduping code. 2002-11-05 David Shaw * gpgkeys_ldap.c (key_in_keylist, add_key_to_keylist, free_keylist, get_key, search_key): The LDAP keyserver doesn't remove duplicates, so remove them locally. Do not include the key modification time in the search response. 2002-11-04 David Shaw * gpgkeys_hkp.c (send_key), gpgkeys_ldap.c (send_key): Properly handle an input file that does not include any key data at all. 2002-10-24 David Shaw * gpgkeys_hkp.c (main), gpgkeys_ldap.c (main): Add -V flag to output protocol and program version. 2002-10-21 David Shaw * Makefile.am: Anything linking with libutil.a needs INTLLIBS as well on platforms where INTLLIBS is set. 2002-10-14 David Shaw * gpgkeys_hkp.c (write_quoted): Use %-encoding instead of \-encoding. (parse_hkp_index): Use new keyserver key listing format, and add support for disabled keys via include-disabled. * gpgkeys_ldap.c (get_key): Don't print keysize unless it's >0. (printquoted): Use %-encoding instead of \-encoding. (search_key): Use new keyserver key listing format. 2002-10-08 David Shaw * gpgkeys_ldap.c (search_key, main): Make sure LDAP values are freed in case of error. * gpgkeys_ldap.c (fail_all): New function to unwind a keylist and error each item. (main): Call fail_all from here, as needed. Also add a NO_MEMORY error in an appropriate place and fix error return code. (ldap_err_to_gpg_err): Add KEYSERVER_UNREACHABLE. * gpgkeys_hkp.c (fail_all): New function to unwind a keylist and error each item. (main): Call fail_all from here. Also add a NO_MEMORY error in an appropriate place. (get_key): Use new UNREACHABLE error for network errors. 2002-09-26 Werner Koch * gpgkeys_ldap.c (send_key): Removed non-constant initializers. 2002-09-24 David Shaw * gpgkeys_ldap.c (ldap_err_to_gpg_err, ldap_to_gpg_err, send_key, get_key, search_key, main): Some minor error reporting enhancements for use with GPA (show reasons for KEY FAILED). * gpgkeys_hkp.c (send_key, get_key, search_key, main): Some minor error reporting enhancements for use with GPA (show reasons for KEY FAILED). 2002-09-20 Werner Koch * gpgkeys_hkp.c (handle_old_hkp_index): s/input/inp/ to avoid shadowing warning. 2002-09-19 David Shaw * gpgkeys_hkp.c (get_key, handle_old_hkp_index, search_key): Properly handle line truncation. 2002-09-16 David Shaw * gpgkeys_mailto.in: Add quasi-RFC-2368 mailto:email@addr?from= syntax so people can set their own email address to respond to. * gpgkeys_hkp.c (get_key): Properly respond with KEY FAILED (to gpg) and "key not found" (to user) on failure. 2002-09-13 David Shaw * gpgkeys_hkp.c: (search_key, handle_old_hkp_index): Try and request a machine-readable key index. If the server supports this, pass it through. If the server does not support it, parse the "index" page. 2002-09-12 Stefan Bellon * gpgkeys_hkp.c: Tidied up RISC OS initializations. 2002-09-12 David Shaw * gpgkeys_hkp.c (main): Remove warning - this is no longer experimental code. 2002-09-09 Werner Koch * gpgkeys_hkp.c (send_key, get_key, search_key): Check return value of malloc. (dehtmlize): Use ascii_tolower to protect against weird locales. Cast the argument for isspace for the sake of broken HP/UXes. (search_key): Check return value of realloc. 2002-09-09 David Shaw * gpgkeys_ldap.c (get_key): Some compilers (RISC OS, HPUX c89) don't like using variables as array initializers. * gpgkeys_hkp.c (send_key): Use CRLF in headers. 2002-08-28 David Shaw * gpgkeys_hkp.c (parse_hkp_index): Use same types on all platforms. This was probably leftover from earlier code where the typing mattered. * gpgkeys_hkp.c: Overall cleanup from iobuf conversion. Be consistent in m_alloc and malloc usage. Remove include-disabled (meaningless on HKP). RISC OS tweak. 2002-08-27 David Shaw * gpgkeys_hkp.c, Makefile.am: Convert over to using iobufs. * gpgkeys_hkp.c (http_get, http_post): Use CRLF for line endings. * gpgkeys_hkp.c: Include util.h on RISC OS as per Stefan. Include a replacement for hstrerror() for those platforms (such as RISC OS) that don't have it. 2002-08-26 David Shaw * Makefile.am: May as well include gpgkeys_hkp.c in the distribution now. It works well enough without proxies, and isn't built by default. It would be good to get some test experience with it. * gpgkeys_hkp.c (main): Don't warn about include-subkeys - it isn't unsupported, it's actually non-meaningful in the context of HKP (yet). * gpgkeys_hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into new "dehtmlize" function. Remove HTML before trying to parse each line from the keyserver. If the keyserver provides key type information in the listing, use it. (Copy over from g10/hkp.c). 2002-08-19 David Shaw * gpgkeys_hkp.c (get_key, parse_hkp_index): Bring over latest code from g10/hkp.c. * gpgkeys_ldap.c (get_key): Fix cosmetic URL display problem (extra ":" at the end). 2002-08-03 Stefan Bellon * gpgkeys_ldap.c: Tidied up RISC OS initializations. 2002-07-25 David Shaw * gpgkeys_hkp.c: "Warning" -> "WARNING" 2002-07-24 David Shaw * Makefile.am: Install keyserver helpers in @GNUPG_LIBEXECDIR@ 2002-07-15 David Shaw * gpgkeys_ldap.c (send_key, get_key, main): Consult the server version string to determine whether to use pgpKey or pgpKeyV2. 2002-07-09 David Shaw * gpgkeys_mailto.in: Use new OPAQUE tag for non net-path URIs. Fail more elegantly if there is no email address to send to. Show the GnuPG version in the message body. 2002-07-04 David Shaw * gpgkeys_ldap.c (get_key), gpgkeys_hkp.c (get_key): Display keyserver URI as a URI, but only if verbose. 2002-07-01 David Shaw * gpgkeys_hkp.c (parse_hkp_index): Error if the keyserver returns an unparseable HKP response. * gpgkeys_hkp.c (main): Warn on honor-http-proxy, broken-http-proxy, and include-subkeys (not supported yet). * gpgkeys_ldap.c (main), gpgkeys_hkp.c (http_connect, main): Fix some shadowing warnings. 2002-06-11 David Shaw * Makefile.am: Don't hard-code the LDAP libraries - get them from LDAPLIBS via configure. Also, gpgkeys_hkp is a program, not a script. 2002-06-10 David Shaw * gpgkeys_ldap.c (include_subkeys): Default "include-subkeys" to off, since GnuPG now defaults it to on. 2002-06-06 David Shaw * gpgkeys_hkp.c (parse_hkp_index): Type tweaks. * gpgkeys_hkp.c (main): Add experimental code warning. 2002-06-05 David Shaw * Makefile.am, gpgkeys_hkp.c (new): Experimental HKP keyserver interface. 2002-05-08 David Shaw * gpgkeys_ldap.c: Include if we absolutely must. This helps when compiling against a very old OpenLDAP. 2002-04-29 David Shaw * gpgkeys_mailto.in: Properly handle key requests in full fingerprint form. 2002-03-29 David Shaw * gpgkeys_ldap.c (printquoted): Quote backslashes within keyserver search responses. 2002-02-25 David Shaw * gpgkeys_ldap (get_key): LDAP keyservers do not support v3 fingerprints, so error out if someone tries. Actually, they don't support any fingerprints, but at least we can calculate a keyid from a v4 fingerprint. 2002-02-23 David Shaw * gpgkeys_ldap: Clarify the notion of a partial failure. This is possible if more than one key is being handled in a batch, and one fails while the other succeeds. Note that a search that comes up with no results is not a failure - that is a valid response of "no answer". * gpgkeys_ldap.c (get_key): Allow GnuPG to send us full v4 fingerprints, long key ids, or short key ids while fetching. Since the LDAP server doesn't actually handle fingerprints, chop them down to long key ids for actual use. * gpgkeys_ldap.c (main, get_key): When searching for a keyid, search for subkeys as well as primary keys. This is mostly significant when automatically fetching the key based on the id in a header (i.e. "signature made by...."). "no-include-subkeys" disables. 2002-02-14 David Shaw * gpgkeys_ldap.c: Fix compiler warning. * gpgkeys_ldap.c: Be much more robust with mangled input files. 2001-12-28 David Shaw * gpgkeys_mailto.in: Use the new OUTOFBAND indicator so gpg knows not to try and import anything. Also turn on perl -w for warnings. * gpgkeys_ldap.c (main): If we're using temp files (rather than stdin/stdout), make sure the file is closed when we're done. 2001-12-20 David Shaw * Properly free the LDAP response when we're done with it. * Now that we handle multiple keys, we must remove duplicates as the LDAP keyserver returns keys with multiple user IDs multiple times. * Properly handle multiple keys with the same key ID (it's really rare, so fetch "0xDEADBEEF" to test this). 2001-12-17 David Shaw * gpgkeys_ldap.c, gpgkeys_mailto.in: Fix GNU capitalization issues. Prefix log messages with "gpgkeys" to clarify which program is generating them. 2001-12-14 David Shaw * gpgkeys_ldap.c (search_key): Use unsigned int rather than uint for portability. 2001-12-04 David Shaw * Initial version of gpgkeys_ldap (LDAP keyserver helper) and gpgkeys_mailto (email keyserver helper) Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.