| Commit message (Collapse) | Author | Files | Lines |
|---|
|
* dirmngr/crlcache.c (check_dir_version): Avoid segv.
--
GnuPG-bug-id: 1842
Debian-bug-id: 776611
|
|
(ks-engine-ldap.c) Fix segfault caused by missing check whether uri is
initialized
|
|
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--
JNLIB has no more meaning. Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac: Merge seperate jnlib checks.
(HAVE_JNLIB_LOGGING): Remove.
* common/logging.c, common/simple-pwquery.c (JNLIB_NEED_AFLOCAL):
Rename to GNUPG_COMMON_NEED_AFLOCAL. Change all tests.
--
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/. Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.
* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.
* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--
With this patch gpg does not do any network access itself but uses
dirmngr for that. Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows. Probably also required for Solaris etc.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/dirmngr.h (server_control_s): Add field http_proxy.
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value
from OPT.
(dirmngr_deinit_default_ctrl): New.
(main): Call dirmngr_deinit_default_ctrl.
* dirmngr/server.c (start_command_handler): Ditto.
(option_handler): Add option "http-proxy".
* dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
* dirmngr/ks-engine-hkp.c (send_request): Add proxy support.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
We also merge dirmngr/ChangeLog.1 into dirmngr/ChangeLog-2011
and rename keyserver/ChangeLog-2011 to dirmngr/ChangeLog-2011-ks.
|
|
* dirmngr/Makefile.am (dirmngr_SOURCES): Only include
ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP
is TRUE.
(module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE.
* dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is
TRUE.
(cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not
TRUE.
--
Signed-off-by: Neal H. Walfield <[email protected]>
GnuPG-bug-id: 1949
|
|
* dirmngr/Makefile.am (t_common_ldadd): Add missing libs.
|
|
|
|
* dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and
gmtime_r.
|
|
* dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect.
|
|
* g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
|
|
* dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192.
* g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places.
|
|
* dirmngr/ks-engine-ldap.c (ks_ldap_put): Replace use of alloca with
xmalloc and xfree.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* dirmngr/ks-engine-ldap.c (modlist_dump): Simplify truncation of long
strings.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): On error, return
GPG_ERR_GENERAL, not GPG_ERR_ASS_GENERAL.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* dirmngr/dirmngr.h (struct server_control_s): Move field keyservers
from here...
* dirmngr/server.c (struct server_local_s): ... to here. Update
users.
* dirmngr/ks-action.h (ks_action_resolve): Add argument keyservers.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
* dirmngr/ks-action.c (ks_action_resolve): Add argument keyservers.
Use it instead of ctrl->keyservers.
(ks_action_search): Likewise.
(ks_action_get): Likewise.
(ks_action_put): Likewise.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Fix resource
leak.
(ks_ldap_search): Check error from es_fopenmem. Use LDAP_ERR where
required.
(modlist_dump): Check error from es_fopenmem.
(uncescape): s/int/size_t/. Use existing macros.
(extract_attributes): Use existing trim function.
(ks_ldap_put): Do not segv on error from modlist_dump.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/ks-engine-ldap.c [__riscos__]: Remove doubled util.h.
(ldap_to_gpg_err): s/GPG_ERR_GENERAL/GPG_ERR_INTERNAL/.
(tm2ldaptime): Use snprintf.
(ldap_connect): Get error code prior to log_error and and use modern
function. Use xfree, xtrustrdup etc.
(modlist_lookup): Use GNUPG_GCC_A_USED.
(modlist_free): Use xfree.
--
sprintf has been replaced by snprintf to avoid warnings on some
platforms.
xfree et al. is required so that replacement functions are
used if defined. For example the Libgcrypt functions which may not be
fully compatible with standard free.
Impossible conditions should use GPG_ERR_INTERNAL.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Improvement documentation.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* g10/call-dirmngr.c (record_output): New function.
(ks_put_inq_cb): Use it here to generate a --with-colons like output
instead of a custom format.
* dirmngr/ks-action.c: Include "ldap-parse-uri.h".
(ks_action_help): If the provided URI is an LDAP URI, then use
ldap_parse_uri to parse. Call ks_ldap_help.
(ks_action_search): If passed an LDAP URI, then call ks_ldap_search.
(ks_action_get): Likewise.
(ks_action_put): Likewise. Also, change data from a 'const void *' to
a 'void *' and add info and infolen parameters. Add note that
function may modify DATA.
* dirmngr/ks-action.h (ks_action_put): Update declaration accordingly.
* dirmngr/server.c: Include "ldap-parse-uri.h".
(cmd_keyserver): If ITEM->URI is an LDAP URI, parse it using
ldap_parse_uri.
(hlp_ks_put): Improve documentation.
(cmd_ks_put): Also pass info and infolen to ks_action_put. Improve
documentation.
* dirmngr/ks-engine.h (ks_ldap_help): New declaration.
(ks_ldap_search): Likewise.
(ks_ldap_get): Likewise.
(ks_ldap_put): Likewise.
* dirmngr/ks-engine-ldap.c: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add ks-engine-ldap.c,
ldap-parse-uri.c and ldap-parse-uri.h.
(dirmngr_LDADD) [USE_LDAP]: Add $(ldaplibs).
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* dirmngr/ks-action.c (copy_stream): Move function from here...
* dirmngr/misc.c (copy_stream): ... to here and drop the static
qualifier.
* dirmngr/misc.h (copy_stream): Add declaration.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* dirmngr/ks-engine-hkp.c (armor_data): Move function from here...
* dirmngr/misc.c (armor_data): ... to here and drop static qualifier.
* dirmngr/misc.h: New declaration.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* dirmngr/Makefile.am (module_tests): New variable.
(noinst_PROGRAMS): New primary. Set it to $(module_tests).
(TESTS): New variable. Set it to $(module_tests).
(t_common_src): New variable.
(t_common_ldadd): Likewise.
(t_ldap_parse_uri_SOURCES): New primary.
(t_ldap_parse_uri_LDADD): Likewise.
* dirmngr/ldap-parse-uri.c: New file.
* dirmngr/ldap-parse-uri.h: Likewise.
* dirmngr/t-ldap-parse-uri.c: Likewise.
* dirmngr/t-support.h: Likewise.
--
Signed-off-by: Neal H. Walfield <[email protected]>
|
|
* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--
GnuPG-bug-id: 1792
Thanks to davidw for figuring out the problem.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/certcache.c (cert_cache_init): Load certificates
from sysconfig dir instead of the homeidr.
* dirmngr/dirmngr.c (main): Removed parsing of obsolete
homedir_data option.
* dirmngr/dirmngr.h (opt): Removed homedir_data.
* doc/dirmngr.texi: Update and clarify certs directory doc.
--
Using the homedir for extra-certs and trusted-certs makes
little sense when dirmngr is used with a caller that
manages it's own store of certificates and can
provide those through the SENDCERT command.
You can use trusted-certs and extra-certs to provide
users with a base of locally available certificates that are
not already in store of the applications.
|
|
* dirmngr/dirmngr.c (my_gnutls_log): Build only if gnutls is used.
|
|
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <[email protected]>
|
|
* common/init.c (early_system_init): New stub function.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/Makefile.am (AM_CFLAGS): Add flags for TLS libs.
--
This should fix
GnuPG-bug-id: 1813.
|
|
* dirmngr/ks-engine-hkp.c (map_host): Fix error return.
--
In ks-engine-hkp.c on line 509 'reftbl' is freed, but it is then
used on line 511. I'm guessing this is a missing return;.
Reported-by: Joshua Rogers <[email protected]>
Debian-Bug-Id: 773520
Other fixes on error added too.
|
|
* dirmngr/ldap.c (start_cert_fetch_ldap): fix ARGC limitation.
--
Reported-by: Joshua Rogers <[email protected]>
Debian-Bug-Id: 773507
|
|
* dirmngr/server.c (cmd_ks_search, cmd_ks_get): Fix memory leak.
* dirmngr/ks-engine-hkp.c (ks_hkp_mark_host): Remove double check.
--
Reported-by: Joshua Rogers <[email protected]>
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/crlfetch.c (crl_fetch): Check that URL is not NULL.
--
Reported-by: Joshua Rogers <[email protected]>
"Remove un-needed check. If 'url' were not to be true,
http_parse_uri(parse_uri(do_parse_uri))) would fail, leaving 'err'
false."
In addition I added an explicit check for the URL arg not beeing NULL.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--
Reported-by: Joshua Rogers <[email protected]>
"If something inside the ldapserver_parse_one function failed,
'server' would be freed, then returned, leading to a
use-after-free. This code is likely copied from sm/gpgsm.c, which
was also susceptible to this bug."
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Mark host dead
also for 2 other error messages.
|
|
* dirmngr/ks-engine-hkp.c (map_host): Change to return an gpg_error_t.
Return an error code for all dead hosts.
(make_host_part): Change to return an gpg_error_t. Change all
callers.
--
The functions used to return an error code via ERRNO. However, this
does not allow to return extra error codes in a portable way. Thus we
change the function to directly return a gpg_error_t.
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/dirmngr.c (ENAMETOOLONG): new.
(redir_socket_name): New.
(main): Add Assuan socket redirection.
(cleanup): Adjust cleanup for redirection.
--
Signed-off-by: Werner Koch <[email protected]>
|
|
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Make use of TLS macros.
--
Only report support for the hkps scheme when GnuPG / dirmngr
has been built with a TLS library.
This helps debuging and enable the user to detect whether support
for hkps is included by doing a
`gpg-connect-agent --dirmngr 'keyserver --help' /bye`.
Currently hkps will be listed as a supported scheme but trying to
add a keyserver using it will silently fail.
As a digression, https is never listed as a valid scheme.
|
|
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.
* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"
* common/t-timestuff.c: Use putenv if setenv is not available.
--
gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X. This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.
In part two we will address the functions
mkdtemp
setenv
unsetenv
strpbrk
which may bot be implemented on all platforms. They are not required
on a libc based system.
Signed-off-by: Werner Koch <[email protected]>
|
|
* configure.ac: Add option --disable-ldap.
(USE_LDAP): New ac_define and am_conditional.
* dirmngr/Makefile.am: Take care of USE_LDAP.
* dirmngr/dirmngr.c (!USE_LDAP): Make all ldap options dummy options
and do not call any ldap function.
* dirmngr/server.c (!USE_LDAP): Do not call any ldap function.
* dirmngr/crlfetch.c (!USE_LDAP): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
|
--
|
|
--
|
|
* dirmngr/Makefile.am: Avoid $(DNSLIBS) for dirmngr_ldap
* g10/Makefile.am: $(LIBREADLINE) is only for gpg2; gpgv2 does not
need $(LIBASSUAN_LIBS)
* sm/Makefile.am: gpgsm does not need $(ZLIBS)
* tools/Makefile.am: gpgconf does not need $(NPTH_LIBS)
--
In the course of building GnuPG 2.1.0 beta864 on debian, i found that
several of the installed executables were linked to libraries that
they did not need to be linked to, which would cause unnecessary
package dependencies at runtime.
The changeset here removes these unnecessary libraries from linking.
Something similar could possibly also be done by passing --as-needed
to the linker, but trimming the depenencies seems more parsimonious.
|
|
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--
This is only the configure stuff. If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
|
|
* dirmngr/ks-engine-hkp.c (cert_log_cb): Move to ...
* dirmngr/misc.c (cert_log_cb): here.
* dirmngr/ks-engine-http.c (ks_http_fetch): Support 307-redirection
and https.
--
Note that this requires that the root certificates are registered using
the --hkp-cacert option. Eventually we may introduce a separate
option to allow using different CAs for KS_FETCH and keyserver based
requests.
|
|
* configure.ac (NEED_GPG_ERROR_VERSION): Reguire 1.14.
(GPGRT_ENABLE_ES_MACROS): Define.
(estream_INIT): Remove.
* m4/estream.m4: Remove.
* common/estream-printf.c, common/estream-printf.h: Remove.
* common/estream.c, common/estream.h: Remove.
* common/init.c (_init_common_subsystems): Call gpgrt initialization.
|
