| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
* dirmngr/http.c (http_session_new): Remove used of tls_prority.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/t-http.c: Always include ksba.h.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/Makefile.am (t_http_CFLAGS, t_http_LDADD): Add KSBA flags
and libs.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http-ntbtls.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add file.
* dirmngr/dirmngr.h (SERVER_CONTROL_MAGIC): New.
(server_conrol_s): Add field 'magic',
* dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Set MAGIC.
(dirmngr_deinit_default_ctrl): Set MAGIC to deadbeef.
* dirmngr/http.c (my_ntbtls_verify_cb): New.
(http_session_new) [HTTP_USE_NTBTLS]: Remove all CA setting code.
(send_request) [HTTP_USE_NTBTLS]: Set the verify callback. Do not call
the verify callback after the handshake.
* dirmngr/ks-engine-hkp.c (send_request): Pass
gnupg_http_tls_verify_cb to http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (my_http_tls_verify_cb): New.
(main): Rename option --gnutls-debug to --tls-debug.
(main) [HTTP_USE_NTBTLS]: Create a session.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.h (http_verify_cb_t): New type.
* dirmngr/http.c (http_session_s): Add fields flags, verify_cb, and
verify_cb_value.
(http_session_new): Remove arg tls_priority. Add args verify_cb and
verify-cb_value. Store them in the session object.
(send_request): Use per-session verify callback.
(http_verify_server_credentials) [HTTP_USE_NTBTLS]: Return
GPG_ERR_NOT_IMPLEMENTED.
* dirmngr/ks-engine-hkp.c (send_request): Adjust for changed
http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): Ditto.
* dirmngr/server.c (do_get_cert_local): Replace xmalloc by malloc.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/http.c (send_request): Strip the default https port.
--
GnuPG-bug-id: 2965
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/validate.h: Remove enums VALIDATE_MODE_*.
(VALIDATE_FLAG_SYSTRUST, VALIDATE_FLAG_EXTRATRUST)
(VALIDATE_FLAG_CRL, VALIDATE_FLAG_RECURSIVE)
(VALIDATE_FLAG_OCSP, VALIDATE_FLAG_TLS)
(VALIDATE_FLAG_NOCRLCHECK): New constants.
* dirmngr/validate.c (validate_cert_chain): Change arg 'mode' to
'flags'. Change code accordingly. Remove NO-CRL in TLS mode kludge.
* dirmngr/crlcache.c (crl_parse_insert): Change to use flag values for
the validate_cert_chain call.
* dirmngr/server.c (cmd_validate): Ditto. Add new option --no-crl.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/certcache.h (certlist_s, certlist_t): New.
* dirmngr/certcache.c (read_certlist_from_stream): New.
(release_certlist): New.
* dirmngr/server.c (MAX_CERTLIST_LENGTH): New.
(cmd_validate): Add options --tls and --systrust. Implement them
using a kludge for now.
* dirmngr/validate.c (validate_cert_chain): Support systrust
checking. Add kludge to disable the CRL checking for tls mode.
--
This can now be used to test a list of certificates as returned by
TLS. Put the certs PEM encoded into a a file certlist.pem with the
target certificate being the first. Then run
gpg-connect-agent --dirmngr \
'/definqfile CERTLIST wiki-gnupg-chain.pem' \
'validate --systrust --tls' /bye
CRLS check has been disabled becuase we can't yet pass the systrust
flag to the CRL checking code.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/validate.c (enum cert_usage_modes): New.
(cert_usage_p): Change type of arg MODE. Use enums instead of
hardwired values. Use a switch instead of tricky bit tests.
(cert_use_cert_p, cert_use_ocsp_p, cert_use_crl_p): Adjust.
* dirmngr/validate.c (cert_usage_p): Rename to check_cert_usage.
(cert_use_cert_p): Rename to check_cert_use_cert.
(cert_use_ocsp_p): Rename to check_cert_use_ocsp.
(cert_use_crl_p): Rename to check_cert_use_crl.
* dirmngr/validate.h (VALIDATE_MODE_CERT_SYSTRUST): New.
(VALIDATE_MODE_TLS, VALIDATE_MODE_TLS_SYSTRUST): New.
--
A function with a "_p" suffix return 0 for a True just looks weird.
We now use names which better indicate that an error code is returned.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/certcache.c (CERTOPENSYSTEMSTORE) [W32]: New type.
(CERTENUMCERTIFICATESINSTORE) [W32]: New type.
(CERTCLOSESTORE) [W32]: New type.
(load_certs_from_file) [W32]: Do not build.
(load_certs_from_w32_store) [W32]: New.
(load_certs_from_system) [W32]: Call new function.
--
GnuTLS loads the system certificates from the "ROOT" and "CA" store;
thus we do the same. On a Visa box you may for example see 21 from
"ROOT" and 6 from "CA".
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Add option --default-trust-store.
(DEFAULT_TRUST_STORE_FILE): New ac_define.
* dirmngr/certcache.c: Include ksba-io-support.h.
(total_trusted_certificates, total_system_trusted_certificates): New.
(put_cert): Manage the new counters.
(cert_cache_deinit): Reset them.
(cert_cache_print_stats): Print them.
(is_trusted_cert): Add arg WITH_SYSTRUST. Change all callers to pass
false.
(load_certs_from_file): New.
(load_certs_from_system): New.
(cert_cache_init): Load system certificates.
--
Note that this code does not yet allow to load the system certificates
on Windows.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/certcache.c (cert_item_s): Rename 'flags.loaded' to
'flags.config'. Add 'flags.systrust'.
(total_loaded_certificates): Rename to total_config_certificates.
(put_cert): Rename args for clarity. Set SYSTRUST flag.
(load_certs_from_dir): Make sure put_cert does not set the SYSTRUST
flag.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/certcache.c (find_cert_bysn): Use strconcat.
(find_cert_bysubject): Ditto.
* dirmngr/http.c (store_header): Ditto.
* dirmngr/ldap.c (make_url): Ditto.
* dirmngr/server.c (get_cert_local_ski): Ditto.
(do_get_cert_local): Use xstrconcat.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_name_libdns): Work around an
incompatibility between the glibc resolver and libdns.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (hostinfo_s): Remove fields v4addr and
v5addr and add fields iporname and iporname_valid.
(create_new_hostinfo): Clear them.
(add_host): Remove the code to set the v4addr and v6addr fields.
(ks_hkp_print_hosttable): Remove printing of the fields. Compute the
iporname field and display it.
(ks_hkp_reload): Force re-computing of the iporname field in
ks_hkp_print_hosttable.
--
GnuPG-bug-id: 2928
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (add_host): Don't to a PTR lookup for hosts
in a pool.
--
GnuPG-bug-id: 2928
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (libdns_init): Do not print error message for a
missing nsswitch.conf. Make sure that tehre is a DNS entry.
--
GnuPG-bug-id: 2948
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (disable_dns_tormode): New.
* dirmngr/dirmngr.c (oNoUseTor): New const.
(opts): New option --no-use-tor.
(tor_mode): New var.
(parse_rereadable_options): Change to use TOR_MODE.
(dirmngr_use_tor): New.
(set_tor_mode): Call disable_dns_tormode. Implement oNoUseTor.
* dirmngr/dirmngr.h (opt): Remove field 'use_tor'. Replace all
references by a call to dirmngr_use_tor().
* dirmngr/server.c (cmd_getinfo): Distinguish between default and
enforced TOR_MODE.
--
This patch replaces the global variable opt.use_tar by a function
testing a file local mode flag. This patch prepares for a
use-tor-if-available mode.
GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* dirmngr/dirmngr.c (housekeeping_thread): Load swdb only if the
option is set.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (tor_not_running_p): New.
(map_host): Call that to print a warning.
(handle_send_request_error): Ditto and avoid marking the host dead.
Also print a tor_config_problem warning. Add arg CTRL; adjust callers
to pass that new arg.
* g10/call-dirmngr.c (ks_status_cb): Detect and print the new
warnings.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (connect_server): Change to return an gpg_error_t
and to store socket at the passed address.
(http_raw_connect, send_request): Adjust accordingly.
--
This change removes cruft from the code and allows to return the error
code from the name lookup.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dirmngr.c (oDisableIPv4): New const.
(opts): New option --disable-ipv4.
(parse_rereadable_options): Set that option.
* dirmngr/dirmngr.h (opt): New field 'disable_ipv4'.
* dirmngr/dns-stuff.c (opt_disable_ipv4): bew var.
(set_dns_disable_ipv4): New.
(resolve_name_standard): Skip v4 addresses when OPT_DISABLE_IPV4 is
set.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Pass HTTP_FLAG_IGNORE_IPv4 if opt.disable_v4 is set.
* dirmngr/crlfetch.c (crl_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/logging.c (do_logv): Remove extra parentheses in comparison.
* dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
dns_res_close is given a defined value in the error case.
* dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
format string char.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
* dirmngr/ks-engine-http.c (ks_http_help): Ditto.
* dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.
* scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
char.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
error case.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.
* tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (ks_hkp_reload): New.
* dirmngr/dirmngr.c (dirmngr_sighup_action): Call it.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c (dns_nssconf_loadfile): Skip negation terms in
nsswitch.conf parser.
--
This small patch was submitted along with this comment:
We've been having issues over at Arch Linux with the new libdns
code. Our /etc/nsswitch.conf contains the following line:
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
And it turns out dirmngr fails to parse the negation statement (the
bang in !UNAVAIL). This results in gnupg not being able to resolve
any name.
Looking at dirmngr/dns.c it was unclear to me how to properly handle
such negations. The dns_anyconf_scan calls used in
dns_nssconf_loadfile do not allow to store a negation bit easily...
In the meantime, I wrote the attached patch which ignores those
statements altogether. It makes libdns work as expected for us.
Commit log written by wk
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (libdns_init): Call log_debug only if opt_debug
is set.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (libdns_init): Fallback to files,dns.
--
Signed-off-by: Phil Pennock <[email protected]>
ChangeLog entry by wk.
This fixed the problem:
Short version: macOS doesn't include /etc/nsswitch.conf and GnuPG's
dirmngr is hard-erroring when that file is missing, such that no DNS
operations succeed and --recv-key returns ENOENT type errors to the
caller.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/http.c [HTTP_USE_NTBTLS] (http_session_new): Add CA by
ntbtls_set_ca_chain.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): For literal addresses do a
reverse lookup.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
(resolve_addr_libdns): New.
(resolve_dns_addr): Divert to resolve_dns_addr.
--
In the old code reverse lookups where disabled in Tor mode. By
implementing the reverse lookups via libdns it is now possible to do
them also in Tor mode.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
for literal IP addresses.
(resolve_name_standard): Ditto.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
the address family.
* dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
R_HTTPHOST because that is its purpose. Note that the former
behaviour of storing a NULL to indicate that it is not a pool has not
been used.
(make_host_part): Ditto.
(make_host_part): Make sure that literal v6 addresses are correclty
marked in the constructed URL.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/dns.c (dns_rrtype): Ignore -Wstrict-prototypes warning.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
--
This is the same replacement we use in Libassuan
(commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e) to make it work on
OpenBSD and may other BSD based OSes.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Check whether
Tor is running.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Take care of
ENETDOWN.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (use_socks): New.
(my_sock_new_for_addr): New.
(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
--
Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
https.c used to create a socket for the actual address family and thus
the connect call in Libassuan fails when it tries to connect to a v6
address using a v4 socket.
It would be cleaner to have the my_sock_new_for_addr function as a
public interface in Libassuan; for now we need to duplicate some code.
from Libassuan.
GnuPG-bug-id: 2902
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* dirmngr/crlcache.c (oidstr_issuingDistributionPoint): Comment.
* dirmngr/ocsp.c (oidstr_certHash): Comment.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/dirmngr.c (parse_rereadable_options): Set http debugging.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.c (opt_verbose, opt_debug): New vars.
(http_set_verbose): New function.
(_my_socket_new): Add debug output.
(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
OPT_DEBUG has ben set to 2 in a debugger.
(http_session_new, http_session_ref): Ditto.
(send_request, http_start_data): Print debug output for the request.
(parse_response): Change to use log_debug_string for the response.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
(make_host_part): Rewrite.
--
This fixes a regression from 2.0 and 1.4 where these tags have been in
used since 2009. For whatever reason this was not ported to 2.1 and
"hkp" was always used.
GnuPG-bug-id: 2451
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
* dirmngr/http.c (do_parse_uri): That it.
* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
(make_host_part): Ditto.
(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
(ks_hkp_search): Ditto.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--
This implements the behaviour of the keyserver helpers from 1.4 and
2.0.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/server.c (cmd_wkd_get): Support SRV records.
--
This patch changes the way a WKD query is done. Now we first look for
a SRV record for service "openpgpkey" and port "tcp" under the
to-be-queried domain. If such a record was found and the target host
matches the to-be-queried domain or is a suffix to that domain, that
target host is used instead of the domain name. The SRV record also
allows to change the port and obviously can be used for
load-balancing.
For example a query for the submission address of example.org with the
SRV record specification
_openpgpkey._tcp IN SRV 0 0 0 wkd.foo.org.
IN SRV 0 0 0 wkd.example.net.
IN SRV 0 0 4711 wkd.example.org.
(queried using the name "_openpgpkey._tcp.example.org") would fetch
from this URL:
https://wkd.example.org:4711/.well-known/openpgpkey/submission-address
Note that the first two SRV records won't be used because foo.org and
example.net do not match example.org. We require that the target host
is identical to the domain or be a subdomain of it. This is so that
an attacker modifying the SRV records needs to setup a server in a
sub-domain of the actual domain and can't use an arbitrary domain.
Whether this is a sufficient requirement is not clear and needs
further discussion.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* dirmngr/misc.c (dump_cert): Also print SubjectAltNames.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
* dirmngr/http.c (connect_server): Simplify SRV lookup.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
--
This new API is more convenient because it includes commonly used
code. Note that right now http.c's SRV record code is not used.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (getsrv_libdns): Strip trailing dot from the
target.
--
See-also: b200e636ab20d2aa93d9f71f3789db5a04af0a56
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (enable_dns_tormode): Always succeed.
(reload_dns_stuff): Reset tor port.
* dirmngr/dirmngr.c (set_tor_mode): Also enable Tor mode for DNS.
(main): Remove warning that Tor mode may not fully work.
* dirmngr/server.c (cmd_dns_cert): Remove explicit Tor for DNS
initialization.
* dirmngr/t-dns-stuff.c (main): Remove option --new-circuit and error
checking for enable_dns_tormode.
--
This patch also resets the port on SIGHUP so that after starting Tor
SIGHUP is sufficient to use Tor. Without the SIGHUP and when not
using the Tor browser Dirmngr would keep on trying the Tor browser
port.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* dirmngr/dns-stuff.c (libdns_init): Add debug level diagnostic on
success.
--
This output may help to avoid questions when evaluating an Assuan log.
Signed-off-by: Werner Koch <[email protected]>
|
