diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | agent/gpg-agent.c | 2 | ||||
| -rw-r--r-- | common/ChangeLog | 1 | ||||
| -rw-r--r-- | common/http.c | 4 | ||||
| -rw-r--r-- | configure.ac | 21 | ||||
| -rw-r--r-- | g10/ChangeLog | 6 | ||||
| -rw-r--r-- | g10/call-agent.c | 2 | ||||
| -rw-r--r-- | g10/gpg.c | 6 | ||||
| -rw-r--r-- | m4/ksba.m4 | 39 | ||||
| -rw-r--r-- | sm/certchain.c | 2 | ||||
| -rw-r--r-- | sm/certreqgen.c | 2 | ||||
| -rw-r--r-- | sm/keylist.c | 8 |
12 files changed, 83 insertions, 16 deletions
@@ -1,3 +1,9 @@ +2006-08-31 Werner Koch <[email protected]> + + * configure.ac: Require libksba 1.0 and added API check for it. + (GPG_ERR_LOCKED): Removed DECL check as we require 1.2 anyway. + (have_libusb): New to give a feedback about CCID support + 2006-08-21 Werner Koch <[email protected]> * configure.ac: Removed docbook tests. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 17370c4c5..08a390c9a 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1142,7 +1142,7 @@ reread_configuration (void) unique name in a unique new directory will be created. In both cases check for valid characters as well as against a maximum allowed length for a unix domain socket is done. The function - terminates the process in case of an error. Retunrs: Pointer to an + terminates the process in case of an error. Returns: Pointer to an allcoated string with the absolute name of the socket used. */ static char * create_socket_name (int use_standard_socket, diff --git a/common/ChangeLog b/common/ChangeLog index 7c8c0ba72..6cd136c5d 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -3,6 +3,7 @@ * http.c (http_get_header): New. (capitalize_header_name, store_header): New. (parse_response): Store headers away. + (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed. * http.h: New flag HTTP_FLAG_NEED_HEADER. 2006-08-21 Werner Koch <[email protected]> diff --git a/common/http.c b/common/http.c index 31f65b6cd..83b6216cc 100644 --- a/common/http.c +++ b/common/http.c @@ -872,7 +872,9 @@ send_request (http_t hd, const char *auth, const char *proxy) if (hd->sock == -1) { xfree (proxy_authstr); - return gpg_error_from_errno (save_errno); + return (save_errno + ? gpg_error_from_errno (save_errno) + : gpg_error (GPG_ERR_NOT_FOUND)); } #ifdef HTTP_USE_GNUTLS diff --git a/configure.ac b/configure.ac index 4ab9986a9..72c6a1f1a 100644 --- a/configure.ac +++ b/configure.ac @@ -46,7 +46,8 @@ NEED_LIBGCRYPT_VERSION=1.1.94 NEED_LIBASSUAN_VERSION=0.6.10 -NEED_KSBA_VERSION=0.9.16 +NEED_KSBA_API=1 +NEED_KSBA_VERSION=1.0.0 PACKAGE=$PACKAGE_NAME @@ -68,6 +69,7 @@ have_libgcrypt=no have_libassuan=no have_ksba=no have_pth=no +have_libusb=no use_bzip2=yes use_exec=yes @@ -561,10 +563,6 @@ fi # AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION", have_gpg_error=yes,have_gpg_error=no) -_tmp_gpg_error_save_cflags="$CFLAGS" -CFLAGS="$CFLAGS $GPG_ERROR_CFLAGS" -AC_CHECK_DECLS(GPG_ERR_LOCKED,,,[#include <gpg-error.h>]) -CFLAGS="${_tmp_gpg_error_save_cflags}" # @@ -584,7 +582,7 @@ AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION", # # libksba is our X.509 support library # -AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no) +AM_PATH_KSBA("$NEED_KSBA_API:$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no) # @@ -595,6 +593,7 @@ AC_CHECK_LIB(usb, usb_bulk_write, [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb" AC_DEFINE(HAVE_LIBUSB,1, [defined if libusb is available]) + have_libusb=yes ]) AC_SUBST(LIBUSB_LIBS) AC_CHECK_FUNCS(usb_create_match) @@ -1208,6 +1207,10 @@ if test "$build_scdaemon" = "yes"; then tmp=", " missing_pth=yes fi + if test $have_libusb = no; then + build_scdaemon_extra="${tmp}without internal CCID driver" + tmp=", " + fi if test -n "$build_scdaemon_extra"; then build_scdaemon_extra="(${build_scdaemon_extra})" fi @@ -1251,7 +1254,7 @@ if test "$have_libgcrypt" = "no"; then *** You need libgcrypt to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ -*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API) is required.) +*** (at least version $NEED_LIBGCRYPT_VERSION using API $NEED_LIBGCRYPT_API is required.) ***]]) fi if test "$have_libassuan" = "no"; then @@ -1269,8 +1272,8 @@ if test "$have_ksba" = "no"; then *** *** You need libksba to build this program. *** This library is for example available at -*** ftp://ftp.gnupg.org/gcrypt/alpha/libksba/ -*** (at least version $NEED_KSBA_VERSION is required). +*** ftp://ftp.gnupg.org/gcrypt/libksba/ +*** (at least version $NEED_KSBA_VERSION using API $NEED_KSBA_API is required). ***]]) fi if test "$missing_pth" = "yes"; then diff --git a/g10/ChangeLog b/g10/ChangeLog index 765ac770d..10ebcca20 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2006-09-01 Werner Koch <[email protected]> + + * call-agent.c: Do not force using the pipe server. + + * gpg.c (main): Enable card related commands. + 2006-08-22 Werner Koch <[email protected]> * mainproc.c (proc_plaintext): Fixed a #warning diff --git a/g10/call-agent.c b/g10/call-agent.c index 524b274c1..413a7c830 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -48,7 +48,7 @@ #endif static assuan_context_t agent_ctx = NULL; -static int force_pipe_server = 1; /* FIXME: set this back to 0. */ +static int force_pipe_server; struct cipher_parm_s { @@ -2012,8 +2012,14 @@ main (int argc, char **argv ) case aRefreshKeys: case aFetchKeys: case aExport: +#ifdef ENABLE_CARD_SUPPORT + case aCardStatus: + case aCardEdit: + case aChangePIN: +#endif /* ENABLE_CARD_SUPPORT*/ set_cmd (&cmd, pargs.r_opt); break; + case aListKeys: set_cmd( &cmd, aListKeys); break; case aListSigs: set_cmd( &cmd, aListSigs); break; case aExportSecret: set_cmd( &cmd, aExportSecret); break; diff --git a/m4/ksba.m4 b/m4/ksba.m4 index 99017c39e..e44b078c2 100644 --- a/m4/ksba.m4 +++ b/m4/ksba.m4 @@ -13,6 +13,12 @@ dnl AM_PATH_KSBA([MINIMUM-VERSION, dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS +dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed +dnl with the API version to also check the API compatibility. Example: +dnl a MINIMUN-VERSION of 1:1.0.7 won't pass the test unless the installed +dnl version of libksba is at least 1.0.7 *and* the API number is 1. Using +dnl this features allows to prevent build against newer versions of libksba +dnl with a changed API. dnl AC_DEFUN([AM_PATH_KSBA], [ AC_ARG_WITH(ksba-prefix, @@ -27,7 +33,15 @@ AC_DEFUN([AM_PATH_KSBA], fi AC_PATH_PROG(KSBA_CONFIG, ksba-config, no) - min_ksba_version=ifelse([$1], ,0.4.4,$1) + tmp=ifelse([$1], ,1:1.0.0,$1) + if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then + req_ksba_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` + min_ksba_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` + else + req_ksba_api=0 + min_ksba_version="$tmp" + fi + AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version) ok=no if test "$KSBA_CONFIG" != "no" ; then @@ -61,14 +75,33 @@ AC_DEFUN([AM_PATH_KSBA], fi fi if test $ok = yes; then + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi + if test $ok = yes; then + # Even if we have a recent libksba, we should check that the + # API is compatible. + if test "$req_ksba_api" -gt 0 ; then + tmp=`$KSBA_CONFIG --api-version 2>/dev/null || echo 0` + if test "$tmp" -gt 0 ; then + AC_MSG_CHECKING([KSBA API version]) + if test "$req_ksba_api" -eq "$tmp" ; then + AC_MSG_RESULT(okay) + else + ok=no + AC_MSG_RESULT([does not match. want=$req_ksba_api got=$tmp.]) + fi + fi + fi + fi + if test $ok = yes; then KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags` KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs` - AC_MSG_RESULT(yes) ifelse([$2], , :, [$2]) else KSBA_CFLAGS="" KSBA_LIBS="" - AC_MSG_RESULT(no) ifelse([$3], , :, [$3]) fi AC_SUBST(KSBA_CFLAGS) diff --git a/sm/certchain.c b/sm/certchain.c index 647adc030..054ca4c83 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -136,6 +136,8 @@ allowed_ca (ksba_cert_t cert, int *chainlen, int listmode, FILE *fp) { if (get_regtp_ca_info (cert, chainlen)) { + /* Note that dirmngr takes a different way to cope with such + certs. */ return 0; /* RegTP issued certificate. */ } diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 7a9847858..9ca16017d 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -66,7 +66,7 @@ The format of the native parameter file is follows: Length of the key in bits. Default is 1024. Key-Grip: hexstring This is optional and used to generate a request for an already - existsing key. Key-Length will be ignored when given, + existing key. Key-Length will be ignored when given, Key-Usage: <usage-list> Space or comma delimited list of key usage, allowed values are "encrypt" and "sign". This is used to generate the KeyUsage extension. diff --git a/sm/keylist.c b/sm/keylist.c index c44d62102..199737541 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -70,6 +70,9 @@ struct { { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns" }, /* Netscape. */ { "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms"}, /* Microsoft. */ + + { "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck" }, + { NULL, NULL } }; @@ -125,6 +128,11 @@ static struct { { "1.3.6.1.5.5.7.1.10", "acProxying" }, { "1.3.6.1.5.5.7.1.11", "subjectInfoAccess" }, + { "1.3.6.1.5.5.7.48.1", "ocsp" }, + { "1.3.6.1.5.5.7.48.2", "caIssuers" }, + { "1.3.6.1.5.5.7.48.3", "timeStamping" }, + { "1.3.6.1.5.5.7.48.5", "caRepository" }, + /* X.509 id-ce */ { "2.5.29.14", "subjectKeyIdentifier", 1}, { "2.5.29.15", "keyUsage", 1 }, |