There are old Dirmngr ChangeLog entries. 2004-10-04 Werner Koch * src/dirmngr.c: Changed an help entry description. 2004-09-30 Werner Koch * src/dirmngr.c (i18n_init): Always use LC_ALL. 2004-09-28 Werner Koch Released 0.5.6. * config.guess, config.sub: Updated. 2004-06-21 Werner Koch * src/crlfetch.c (crl_fetch): Bad hack to use the right attribute. 2004-05-13 Werner Koch Released 0.5.5. * src/ldap.c (start_cert_fetch_ldap, start_cert_fetch_ldap): More detailed error messages. * src/crlcache.c (update_dir): Handle i-records properly. 2004-04-29 Werner Koch Released 0.5.4. * src/crlcache.h (crl_cache_result_t): Add CRL_CACHE_CANTUSE. * src/server.c (cmd_isvalid): Handle it here. * src/crlcache.c (crl_cache_isvalid): Issue this code if the CRL cant be used. (open_dir): Parse new fields 8,9 and 10 as well as the invalid flag. (write_dir_line_crl): Write new fields. (get_crl_number, get_auth_key_id): New. (crl_cache_insert): Fill new fields. Mark the entry invalid if the CRL is too old after an update or an unknown critical extension was seen. (list_one_crl_entry): Print the new fields. 2004-04-28 Werner Koch * configure.ac: Requires libksba 0.9.6. * src/dirmngr.c: New option --ocsp-signer. * src/dirmngr.h (opt): Renamed member OCSP_REPONDERS to OCSP_RESPONDER and made ist a simple string. Add OCSP_SIGNER. * src/ocsp.c (ocsp_isvalid): Changed it accordingly. (ocsp_isvalid): Pass the ocsp_signer to check_signature. (check_signature): New arg SIGNER_FPR. Use it to retrieve the certificate. Factored out common code to .. (check_signature_core): .. New. 2004-04-27 Werner Koch * src/server.c (start_command_handler): Keep track of the first connection. (dirmngr_tick): New. * src/ldap.c (attr_fetch_fun_reader): Call it from time to time. 2004-04-23 Werner Koch * src/dirmngr.c (main): Removed the add-servers option from the gpgconf list. It is not really useful. 2004-04-02 Thomas Schwinge * autogen.sh: Added ACLOCAL_FLAGS. 2004-04-13 Werner Koch * src/crlcache.c (update_dir): Do not double close FPOUT. 2004-04-09 Werner Koch * src/cdblib.c (cdb_make_start): Wipeout the entire buffer to shutup valgrind. (ewrite): Fixed writing bad data on EINTR. * src/ldap.c (get_attr_from_result_ldap): Fixed bad copy and terminate of a string. * src/crlfetch.c (crl_fetch): Fixed freeing of VALUE on error. 2004-04-07 Werner Koch * src/dirmngr.h (server_control_s): Add member force_crl_refresh. * src/server.c (option_handler): New. (start_command_handler): Register option handler * src/crlcache.c (crl_cache_isvalid): Add arg FORCE_REFRESH. (crl_cache_insert): Record last refresh in memory. * src/server.c (inquire_cert_and_load_crl): Renamed from inquire_cert. 2004-04-06 Werner Koch Released 0.5.3 * doc/dirmngr.texi: Updated. * doc/texinfo.tex: Updated. 2004-04-05 Werner Koch * src/ocsp.c (ocsp_isvalid): Check THIS_UPDATE. * src/misc.c (add_isotime): New. (date2jd, jd2date, days_per_month, days_per_year): New. Taken from my ancient (1988) code used in Wedit (time2.c). 2004-04-02 Werner Koch * autogen.sh: Check gettext version. * configure.ac: Add AM_GNU_GETTEXT. 2004-04-02 gettextize * Makefile.am (SUBDIRS): Add intl. (EXTRA_DIST): Add config.rpath. * configure.ac (AC_CONFIG_FILES): Add intl/Makefile, 2004-04-02 Werner Koch Add i18n at most places. * src/dirmngr.c (i18n_init): New. (main): Call it. * src/dirmngr.h: Add i18n stuff. 2004-04-01 Werner Koch * src/misc.c (get_fingerprint_hexstring): New. * src/server.c (dirmngr_status): New. 2004-03-26 Werner Koch * configure.ac: Add AC_SYS_LARGEFILE. * doc/dirmngr.texi: Changed the license to the GPL as per message by Mathhias Kalle Dalheimer of Klaralvdalens-Datakonsult dated Jan 7, 2004. * doc/fdl.texi: Removed. 2004-03-25 Werner Koch * src/dirmngr.c (main): New command --fetch-crl. 2004-03-23 Werner Koch * src/dirmngr.c: New option --allow-ocsp. * src/server.c (cmd_isvalid): Make use of allow_ocsp. 2004-03-17 Werner Koch * src/dirmngr.c (main) : Fixed default value quoting. 2004-03-16 Werner Koch * src/dirmngr.c (main): Add ocsp-responder to the gpgconf list. Add option --debug-level. (set_debug): New. 2004-03-15 Werner Koch * src/misc.c (canon_sexp_to_grcy): New. 2004-03-12 Werner Koch * src/crlfetch.c (crl_fetch): Hack to substitute http for https. 2004-03-10 Werner Koch * src/dirmngr.c (parse_ldapserver_file): Don't skip the entire file on errors. 2004-03-09 Werner Koch * src/dirmngr.c (my_ksba_hash_buffer): New. (main): Initialize the internal libksba hashing. * src/server.c (get_issuer_cert_local): Renamed to ... (get_cert_local): ... this. Changed all callers. Allow NULL for ISSUER to return the current target cert. (get_issuing_cert_local): New. (do_get_cert_local): Moved common code to here. 2004-03-06 Werner Koch Released 0.5.2. * configure.ac: Fixed last change to check the API version of libgcrypt. 2004-03-05 Werner Koch * configure.ac: Also check the SONAME of libgcrypt. 2004-03-03 Werner Koch * src/dirmngr.c: New option --ocsp-responder. * src/dirmngr.h (opt): Add member OCSP_RESPONDERS. 2004-02-26 Steffen Hansen * src/server.c (start_command_handler): Corrected typo and made dirmngr output it's version in the greeting message. 2004-02-24 Marcus Brinkmann * src/dirmngr.c (DEFAULT_ADD_SERVERS): Removed. If this were true, there'd be no way to disable it. (main): Dump options in new gpgconf format. 2004-02-11 Werner Koch * autogen.sh (check_version): Removed bashism and simplified. 2004-02-06 Moritz Schulte * src/crlfetch.c (crl_fetch_default): Do not dereference VALUE, when checking for non-zero. 2004-02-01 Marcus Brinkmann * src/dirmngr.c (DEFAULT_ADD_SERVERS, DEFAULT_MAX_REPLIES) (DEFAULT_LDAP_TIMEOUT): New macros. (main): Use them. (enum cmd_and_opt_values): New command aGPGConfList. (main): Add handler here. 2004-01-17 Werner Koch * configure.ac: Added AC_CHECK_FUNCS tests again, because the other test occurrences belong to the jnlib tests block. 2004-01-15 Moritz Schulte * configure.ac: Fixed funopen replacement mechanism; removed unnecessary AC_CHECK_FUNCS calls. 2004-01-14 Werner Koch * src/crlcache.c (list_one_crl_entry): Don't use putchar. * src/server.c (cmd_listcrls): New. 2003-12-23 Werner Koch Released 0.5.1. 2003-12-17 Werner Koch * configure.ac (CFLAGS): Add -Wformat-noliteral in gcc + maintainer mode. (NEED_LIBASSUAN_VERSION): Bump up to 0.6.2. 2003-12-16 Werner Koch * configure.ac: Update the tests for jnlib. * src/dirmngr.c (main): Ignore SIGPIPE in server mode. 2003-12-12 Werner Koch * src/crlcache.c (hash_dbfile): Also hash version info of the cache file format. * src/Makefile.am (dirmngr_SOURCES): Add http.h. * configure.ac: Removed checking for DB2. Add checking for mmap. * src/cdb.h, src/cdblib.h: New. Add a few comments from the original man page and fixed typos. * src/cdblib.c (cdb_findinit, cdb_findnext): Modified to allow walking over all entries. * src/crlcache.h: Removed DB2/4 cruft. (release_one_cache_entry, lock_db_file, crl_parse_insert) (crl_cache_insert, crl_cache_isvalid, list_one_crl_entry): Use the new CDB interface. * src/dirmngr.c: Beautified the help messages. (wrong_args): New. (main): new option --force. Revamped the command handling code. Allow to pass multiple CRLS as well as stdin to --local-crl. * src/crlcache.c (crl_cache_insert): Make --force work. 2003-12-11 Werner Koch * src/crlfetch.c (crl_fetch): Enhanced to allow fetching binary data using HTTP. * src/http.c, src/http.h: Replaced by the code from gnupg 1.3 and modified acording to our needs. (read_line): New. Based on the code from GnuPG's iobuf_read_line. * configure.ac: Check for getaddrinfo. * src/dirmngr.c (parse_ldapserver_file): Close the stream. (main): Free ldapfile. * src/ocsp.c, src/ocsp.h: New. Albeit not functionality. * src/server.c (inquire_cert): Catch EOF when reading dist points. * src/crlcache.c (hash_dbfile, check_dbfile): New. (lock_db_file, crl_cache_insert): Use them here to detect corrupted CRL files. (open_dir): Read the new dbfile hash field. * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to retrun a stream. (fun_reader, fun_closer, setup_funopen): New. * src/server.c (inquire_cert): Changed to use the new stream interface of crlfetch.c. 2003-12-10 Werner Koch * src/funopen.c: New. * configure.ac (funopen): Add test. * src/Makefile.am (dirmngr_LDADD): Add LIBOBJS. * src/crlcache.c (next_line_from_file): Remove the limit on the line length. (crl_cache_new): Removed. (open_dbcontent): New. (crl_cache_init): Use it here. (crl_cache_flush): The DB content fie is now in the cache directory, so we can simplify it. (make_db_file_name, lock_db_file, unlock_db_file): New. (release_cache): Close the cached DB files. (crl_cache_isvalid): Make use of the new lock_db_file. (crl_cache_insert): Changed to take a stream as argument. (crl_parse_insert): Rewritten to use a temporary DB and to avoid using up large amounts of memory. (db_entry_new): Removed. (release_cache,release_one_cache_entry): Splitted up. (find_entry): Take care of the new deleted flag. (crl_cache_load): Simplified becuase we can now pass a FP to the insert code. (save_contents): Removed. (update_dir): New. (open_dbcontent_file): Renamed to open_dir_file. (check_dbcontent_version): Renamed to check_dir_version. (open_dbcontent): Renamed to open_dir. * src/dirmngr.c: New option --faked-system-time. * src/misc.c (faked_time_p, set_time, get_time): New. Taken from GnuPG. (check_isotime): New. (unpercent_string): New. 2003-12-09 Werner Koch * src/crlcache.h (DBDIR,DBCONTENTFILE): Changed value. * autogen.sh: Reworked. * README.CVS: New. * configure.ac: Added min_automake_version. 2003-12-03 Werner Koch * src/server.c (cmd_lookup): Send an END line after each certificate. 2003-11-28 Werner Koch * src/Makefile.am (dirmngr_LDADD): Remove DB_LIBS because it never got defined and -ldb{2,4} is implictly set by the AC_CHECK_LIB test in configure. * src/crlcache.c (mydbopen): DB4 needs an extra parameter; I wonder who ever tested DB4 support. Add an error statement in case no DB support is configured. * tests/Makefile.am: Don't use AM_CPPFLAGS but AM_CFLAGS, replaced variables by configure templates. * src/Makefile.am: Ditto. 2003-11-19 Werner Koch * src/crlcache.c (list_one_crl_entry): Define X to nothing for non DB4 systems. Thanks to Luca M. G. Centamore. 2003-11-17 Werner Koch Released 0.5.0 * src/crlcache.c (crl_cache_new): Fixed eof detection. * src/server.c (cmd_loadcrl): Do the unescaping. * doc/dirmngr.texi: Added a history section for this modified version. 2003-11-14 Werner Koch * tests/asschk.c: New. Taken from GnuPG. * tests/Makefile.am: Added asschk. 2003-11-13 Werner Koch * src/ldap.c (fetch_next_cert_ldap): Get the pattern switching right. * tests/test-dirmngr.c: Replaced a couple of deprecated types. * configure.ac (GPG_ERR_SOURCE_DEFAULT): Added. (fopencookie, asprintf): Removed unneeded test. (PRINTABLE_OS_NAME): Updated the test from gnupg. (CFLAGS): Do full warnings only in maintainer mode. Add flag --enable gcc-warnings to override it and to enable even more warnings. * acinclude.m4: Removed the libgcrypt test. * src/ldap.c (get_attr_from_result_ldap): Simplified the binary hack and return a proper gpg error. (attr_fetch_ldap_internal): Changed error handling. (attr_fetch_ldap): Reworked. Return configuration error if no servers are configured. (url_fetch_ldap, add_server_to_servers) (url_fetch_ldap_internal): Reworked. (struct cert_fetch_context_s): New to get rid of a global state. (start_cert_fetch_ldap): Allocate context and do a bind with a timeout. Parse pattern. (end_cert_fetch_ldap): Take context and don't return anything. (find_next_pattern): Removed. (parse_one_pattern): Redone. (get_cert_ldap): Redone. * src/server.c (cmd_lookup): Changed for changed fetch functions. * doc/dirmngr.texi: Reworked a bit to get rid of tex errors. * configure.ac: Enable makeinfo test. * src/crlcache.c (crl_cache_insert): Fixed for latest KSBA API changes. * tests/test-dirmngr.c (main): Ditto. Also added some more error checking. 2003-11-11 Werner Koch * src/cert.c (hashify_data, hexify_data, serial_hex) (serial_to_buffer): Moved all to ... * src/misc.c: .. here. * src/Makefile.am (cert.c, cert.h): Removed. * cert.c, cert.h: Removed. * m4/: New. * configure.ac, Makefile.am: Include m4 directory support, updated required library versions. * src/cert.c (make_cert): Removed. * src/ldap.c (fetch_next_cert_ldap): Return a gpg style error. * src/misc.h (copy_time): New. * src/misc.c (get_isotime): New. (iso_string2time, iso_time2string): Removed. (unhexify): New. * src/crlcache.h (DBCONTENTSVERSION): Bumbed to 0.6. * src/crlcache.c (finish_sig_check): New. Factored out from crl_parse_insert and entirely redone. (do_encode_md): Removed. (print_time): Removed (crl_cache_isvalid): Reworked. 2003-11-10 Werner Koch * src/crlcache.c (make_db_val, parse_db_val): Removed. * src/cert.c (serial_to_buffer): New. * src/server.c (get_issuer_cert_local): Rewritten. * src/crlcache.c (crl_parse_insert): Rewritten. Takes now a CTRL instead of the Assuan context. Changed caller accordingly. (get_issuer_cert): Cleaned up. * src/crlfetch.c (crl_fetch): Changed VALUE to unsigned char* for documentation reasons. Make sure that VALUE is released on error. (crl_fetch_default, ca_cert_fetch): Ditto. * src/crlcache.c (release_cache): New. (crl_cache_deinit): Use it here. (crl_cache_flush): Redone. (save_contents): Redone. (crl_cache_list, list_one_crl_entry): Print error messages. 2003-11-06 Werner Koch * src/crlcache.c (create_directory_if_needed, cleanup_cache_dir): New. Factored out from crl_cache_new and mostly rewritten. (crl_cache_new): Rewritten. (next_line_from_file): New. (find_entry): Cleaned up. (crl_cache_deinit): Cleaned up. * src/dirmngr.c (dirmngr_init_default_ctrl): New stub. * src/dirmngr.h (ctrl_t): New. (DBG_ASSUAN,...): Added the usual debug test macros. * src/server.c: Removed the GET_PTR cruft, replaced it by ctrl_t. Removed the recursion flag. (get_issuer_cert_local): Allow for arbitary large certificates. 4096 is definitely too small. (inquire_cert): Ditto. (start_command_handler): Set a hello line and call the default init function. (cmd_isvalid): Rewritten. (inquire_cert): Removed unused arg LINE. General cleanup. (map_assuan_err,map_to_assuan_status): New. Taken from gnupg 1.9. (cmd_lookup): Rewritten. (cmd_loadcrl): Started to rewrite it. 2003-10-29 Werner Koch * src/dirmngr.c (parse_ldapserver_file): Entirely rewritten. (cleanup): New. (main): Cleaned up. 2003-10-28 Werner Koch * src/dirmngr.h: Renamed dirmngr_opt to opt. * src/dirmngr.c (parse_ldapserver_file, free_ldapservers_list): Moved with this file. Cleaned up. Replaced too deep recursion in the free function. 2003-10-21 Werner Koch Changed all occurrences of assuan.h to use use the system provided one. * src/server.c (register_commands): Adjusted for Assuan API change. 2003-08-14 Werner Koch * src/Makefile.am: s/LIBKSBA_/KSBA_/. Changed for external Assuan lib. * tests/Makefile.am: Ditto. * configure.ac: Partly restructured, add standard checks for required libraries, removed included libassuan. * Makefile.am (SUBDIRS): Removed assuan becuase we now use the libassuan package. * src/dirmngr.c (main): Properly initialize Libgcrypt and libksba. 2003-08-13 Werner Koch * src/server.c (get_issuer_cert_local): Print error using assuan_strerror. * src/crlcache.c (do_encode_md, start_sig_check): Adjust for changed Libgcrypt API. 2003-06-19 Steffen Hansen * configure.ac: Upped version to 0.4.7-cvs. 2003-06-19 Steffen Hansen * configure.ac: Release 0.4.6. 2003-06-17 Bernhard Reiter * src/ldap.c (url_fetch_ldap()): try other default servers when an url with hostname failed * AUTHORS: added Steffen and Werner * THANKS: Thanked people in the ChangeLog and the Ägypten-Team 2003-06-16 Steffen Hansen * configure.ac, src/crlcache.h, src/crlcache.c: Added db4 support. * src/Makefile.am, tests/Makefile.am: Removed automake warning. * tests/test-dirmngr.c: Removed a warning. 2003-05-12 Steffen Hansen * doc/Makefile.am: Added dirmngr.ops to DISTCLEANFILES. * ChangeLog, doc/ChangeLog, src/ChangeLog: Merged dirmngr ChangeLogs into one toplevel file. * acinclude.m4, configure.ac: Renamed PFX to PATH for consistency. 2003-05-12 Steffen Hansen * src/ldap.c: Fixed end-of-certificates-list indication. 2003-05-08 Steffen Hansen * src/server.c: Fixed iteration over server list 2003-02-23 Steffen Hansen * src/crlcache.h, src/crlcache.c, src/dirmngr.c: Implemented --flush command. 2003-02-07 Marcus Brinkmann * configure.ac: Release 0.4.4. 2003-02-05 Steffen Hansen * src/ldap.c: Try harder with and without ";binary" in the attribute name when fetching certificates. * src/ldap.c, src/server.c: Support multiple userCertificate attributes per entry. 2003-02-04 Steffen Hansen * src/ldap.c: Include the sn attribute in the search filter. Better log messages. 2002-11-20 Steffen Hansen * Doc updates (fixes #1373) * Fix for #1419 (crash in free_ldapservers_list()) * Fix for #1375. Dirmngr now asks back with an INQUIRE SENDCERT before querying the LDAP servers for an issuer certificate to validate a CRL 2002-11-12 Werner Koch * config.sub, config.guess: Updated from ftp.gnu.org/gnu/config to version 2002-11-08. 2002-11-12 Werner Koch * dirmngr.c (main) : Better pass NULL instead of an unitialized Assuan context. Let's hope that the other functions can cope with this. 2002-10-25 Bernhard Reiter * src/ldap.c (get_attr_from_result_ldap()): added value extraction retry for CRLs and Certs without ";binary" * changed version number to reflect cvs status to "0.4.3-cvs" 2002-08-21 Werner Koch * dirmngr.c (main): Changed default homedir to .gnupg. 2002-08-07 Steffen Hansen * Added configure check to examine whether db2 cursor() uses 3 or 4 parameters. 2002-07-31 Werner Koch * doc/dirmngr.texi: Fixed the structure and added menu entries for the other nodes. 2002-07-30 Steffen Hansen * Added doc dir and first steps towards manual. 2002-07-29 Steffen Hansen * Got rid of the default server for CRL lookup. We now use the same list of servers that we use for cert. lookup. 2002-07-29 Steffen Hansen * New option --add-servers to allow dirmngr to add LDAP servers found in CRL distribution points to the list of servers it searches. NOTE: The added servers are only active in the currently running dirmngr -- the info isn't written to persistens storage. 2002-07-26 Steffen Hansen * Default LDAP timeout is 100 seconds now. * Use DB2 instead of DB1. Check for libresolv, fixed bug when libldap was found in the default search path. 2002-07-22 Steffen Hansen * Implemented --load-crl option. Also available as LOADCRL assuan command when in server mode. 2002-07-22 Steffen Hansen * Implemented new option --ldaptimeout to specify the number of seconds to wait for an LDAP request before timeout. * Added --list-crls option to print the contents of the CRL cache * Added some items to the dbcontents file to make printout nicer and updated it's version number 2002-07-02 Werner Koch * crlcache.c (crl_parse_insert): Fixed log_debug format string. 2002-07-02 Steffen Hansen * configure.ac: Use DB->get() return value correctly. 2002-06-28 Werner Koch * crlcache.c (crl_parse_insert): Keep track of newly allocated ENTRY so that we don't free existing errors after a bad signature. * dirmngr.h: Include prototype for start_command_handler. * crlfetch.c, crlcache.c, http.c, cert.c, ldap.c: Include config.h. * crlcache.c (crl_parse_insert): Fixed format type specifiers for time_t variables in log_debug. * error.h: Use log_debug instead of dirmngr_debug. Changed all callers. * Makefile.am (dirmngr_SOURCES): Removed error.c * dirmngr.c (main): Register gcrypt malloc functions with ksba so that we don't run into problems by using the wrong free function. The gcrypt malloc function have the additional benefit of a providing allocation sanity checks when compiled with that feature. * crlcache.c (get_issuer_cert): Use xfree instead of ksba_free. 2002-06-27 Steffen Hansen * ldap.c: Look for both userCertificate and caCertificate 2002-06-26 Steffen Hansen * configure.ac: Upped version number to 0.3.1 2002-06-25 Werner Koch * server.c (cmd_lookup): Use assuan_write_status which ensures a correct syntax. 2002-06-20 Werner Koch * crlcache.c (crl_cache_isvalid): Started with some nicer logging. However, this will need a lot more work. (get_issuer_cert): Ditto. * dirmngr.c (main): Changed required libgcrypt version and don't print the prefix when using a logfile. 2002-06-20 Werner Koch * tests/Makefile.am (TESTS): Removed test-dirmngr because it is not a proper test program. (EXTRA_DIST): Removed the non-existent test certificate. 2002-05-21 Werner Koch * server.c (start_command_handler): Enable assuan debugging. 2002-05-08 Steffen Hansen * Replaced gdbm check with db1 check 2002-05-08 Steffen Hansen * Replaced gdbm with db1, updated file format version 2002-03-01 Steffen Hansen * Added gdbm configure check 2002-01-23 Steffen Hansen * Return ASSUAN_CRL_Too_Old if the CRL is too old 2002-01-17 Steffen Hansen Added commandline options --ldapserver --ldapport --ldapuser --ldappassword . Cleaned up CRL parsing, signature evaluation a bit, changed datetime format in config file to ISO, added version string to contents format and cache file clean up code in case of mismatch. 2002-01-14 Steffen Hansen * Use dirmngr_opt.homedir for storing the db. Added Makefile.am to tests, bugfixes. * First code. Things that work: Loading/saving database (paths hardcoded) Fetching CRL from hardcoded server, parsing and inserting in database Answer ISVALID xxx.yyy requests Things that are missing: Some error-checking/handling Proper autoconf handling of gdbm and OpenLDAP Signature checking downloaded CRLs Answer LOOKUP requests ... How to test: cd tests ldapsearch -v -x -h www.trustcenter.de -b '' userCertificate -t cp /tmp/ testcert.der ./test-dirmngr