1 2011-12-01 Werner Koch <wk@g10code.com>
3 NB: ChangeLog files are no longer manually maintained. Starting
4 on December 1st, 2011 we put change information only in the GIT
5 commit log, and generate a top-level ChangeLog file from logs at
6 "make dist". See doc/HACKING for details.
8 2011-11-24 Werner Koch <wk@g10code.com>
10 * ks-engine-http.c (ks_http_help): Do not print help for hkp.
11 * ks-engine-hkp.c (ks_hkp_help): Print help only for hkp.
12 (send_request): Remove test code.
13 (map_host): Use xtrymalloc.
15 * certcache.c (classify_pattern): Remove unused variable and make
16 explicit substring search work.
18 2011-06-01 Marcus Brinkmann <mb@g10code.com>
20 * Makefile.am (dirmngr_ldap_CFLAGS): Add $(LIBGCRYPT_CFLAGS),
21 which is needed by common/util.h.
23 2011-04-25 Werner Koch <wk@g10code.com>
25 * ks-engine-hkp.c (ks_hkp_search): Mark classify_user_id for use
29 2011-04-12 Werner Koch <wk@g10code.com>
31 * ks-engine-hkp.c (ks_hkp_search, ks_hkp_get, ks_hkp_put): Factor
33 (make_host_part): new.
35 (create_new_hostinfo, find_hostinfo, sort_hostpool)
36 (select_random_host, map_host, mark_host_dead)
37 (ks_hkp_print_hosttable): New.
39 2011-02-23 Werner Koch <wk@g10code.com>
41 * certcache.c (get_cert_bysubject): Take care of a NULL argument.
42 (find_cert_bysubject): Ditto. Fixes bug#1300.
44 2011-02-09 Werner Koch <wk@g10code.com>
46 * ks-engine-kdns.c: New but only the framework.
48 * server.c (cmd_keyserver): Add option --help.
49 (dirmngr_status_help): New.
50 * ks-action.c (ks_print_help): New.
51 (ks_action_help): New.
52 * ks-engine-finger.c (ks_finger_help): New.
53 * ks-engine-http.c (ks_http_help): New.
54 * ks-engine-hkp.c (ks_hkp_help): New.
56 * ks-action.c (ks_action_fetch): Support http URLs.
57 * ks-engine-http.c: New.
59 * ks-engine-finger.c (ks_finger_get): Rename to ks_finger_fetch.
62 2011-02-08 Werner Koch <wk@g10code.com>
64 * server.c (cmd_ks_fetch): New.
65 * ks-action.c (ks_action_fetch): New.
66 * ks-engine-finger.c: New.
68 2011-02-03 Werner Koch <wk@g10code.com>
70 * Makefile.am (dirmngr_LDADD): Remove -llber.
72 2011-01-25 Werner Koch <wk@g10code.com>
74 * dirmngr.c (handle_connections): Rewrite loop to use pth-select
75 so to sync timeouts to the full second.
77 (main) [W32CE]: Fix setting of default homedir.
79 * ldap-wrapper.c (ldap_wrapper_thread): Sync to the full second.
80 Increate pth_wait timeout from 1 to 2 seconds.
82 2011-01-20 Werner Koch <wk@g10code.com>
84 * server.c (release_ctrl_keyservers): New.
85 (cmd_keyserver, cmd_ks_seach, cmd_ks_get, cmd_ks_put): New.
86 * dirmngr.h (uri_item_t): New.
87 (struct server_control_s): Add field KEYSERVERS.
88 * ks-engine-hkp.c: New.
90 * ks-action.c, ks-action.h: New.
91 * server.c: Include ks-action.h.
93 * Makefile.am (dirmngr_SOURCES): Add new files.
95 2011-01-19 Werner Koch <wk@g10code.com>
97 * dirmngr.c (main): Use es_printf for --gpgconf-list.
99 2010-12-14 Werner Koch <wk@g10code.com>
101 * cdb.h (struct cdb) [W32]: Add field CDB_MAPPING.
102 * cdblib.c (cdb_init) [W32]: Save mapping handle.
103 (cdb_free) [W32]: Don't leak the mapping handle from cdb_init by
106 * crlcache.c (crl_cache_insert): Close unused matching files.
108 * dirmngr.c (main) [W32CE]: Change homedir in daemon mode to /gnupg.
110 2010-12-07 Werner Koch <wk@g10code.com>
112 * dirmngr.c (TIMERTICK_INTERVAL) [W32CE]: Change to 60s.
114 2010-11-23 Werner Koch <wk@g10code.com>
116 * Makefile.am (dirmngr_LDFLAGS): Add extra_bin_ldflags.
117 (dirmngr_client_LDFLAGS): Ditto.
119 2010-10-21 Werner Koch <wk@g10code.com>
121 * dirmngr.c (main): Changed faked system time warning
123 2010-10-15 Werner Koch <wk@g10code.com>
125 * Makefile.am (CLEANFILES): Add no-libgcrypt.c.
127 2010-09-16 Werner Koch <wk@g10code.com>
129 * validate.c (validate_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
131 2010-08-13 Werner Koch <wk@g10code.com>
133 * Makefile.am (dirmngr_SOURCES): Add w32-ldap-help.h.
135 * dirmngr_ldap.c (fetch_ldap): Call ldap_unbind.
137 * w32-ldap-help.h: New.
138 * dirmngr_ldap.c [W32CE]: Include w32-ldap-help.h and use the
139 mapped ldap functions.
141 2010-08-12 Werner Koch <wk@g10code.com>
143 * crlcache.c (update_dir, crl_cache_insert): s/unlink/gnupg_remove/.
145 * dirmngr.c (dirmngr_sighup_action): New.
147 * server.c (cmd_killdirmngr, cmd_reloaddirmngr): New.
148 (struct server_local_s): Add field STOPME.
149 (start_command_handler): Act on STOPME.
151 2010-08-06 Werner Koch <wk@g10code.com>
153 * dirmngr.c (JNLIB_NEED_AFLOCAL): Define macro.
154 (main): Use SUN_LEN macro.
155 (main) [W32]: Allow EEXIST in addition to EADDRINUSE.
157 2010-08-05 Werner Koch <wk@g10code.com>
159 * server.c (set_error, leave_cmd): New.
160 (cmd_validate, cmd_ldapserver, cmd_isvalid, cmd_checkcrl)
161 (cmd_checkocsp, cmd_lookup, cmd_listcrls, cmd_cachecert): Use
164 (data_line_cookie_write, data_line_cookie_close): New.
165 (cmd_listcrls): Replace assuan_get_data_fp by es_fopencookie.
167 * misc.c (create_estream_ksba_reader, my_estream_ksba_reader_cb): New.
168 * certcache.c (load_certs_from_dir): Use create_estream_ksba_reader.
169 * crlcache.c (crl_cache_load): Ditto.
171 2010-08-03 Werner Koch <wk@g10code.com>
173 * dirmngr_ldap.c (pth_enter, pth_leave) [USE_LDAPWRAPPER]: Turn
174 into functions for use in a 'for' control stmt.
176 2010-07-26 Werner Koch <wk@g10code.com>
178 * dirmngr_ldap.c (print_ldap_entries): Remove special fwrite case
179 for W32 because that is now handles by estream.
181 2010-07-25 Werner Koch <wk@g10code.com>
183 * Makefile.am (dirmngr_SOURCES) [!USE_LDAPWRAPPER]: Build
185 * ldap-wrapper-ce.c: New.
187 * dirmngr_ldap.c (opt): Remove global variable ...
188 (my_opt_t): ... and declare a type instead.
189 (main): Define a MY_OPT variable and change all references to OPT
191 (set_timeout, print_ldap_entries, fetch_ldap, process_url): Pass
194 2010-07-24 Werner Koch <wk@g10code.com>
196 * dirmngr_ldap.c (main): Init common subsystems. Call
199 2010-07-19 Werner Koch <wk@g10code.com>
201 * dirmngr.c: Include ldap-wrapper.h.
202 (launch_reaper_thread): Move code to ...
203 * ldap-wrapper.c (ldap_wrapper_launch_thread): .. here. Change
205 (ldap_wrapper_thread): Rename to ...
206 (wrapper_thread): this and make local.
208 * ldap.c (destroy_wrapper, print_log_line)
209 (read_log_data, ldap_wrapper_thread)
210 (ldap_wrapper_wait_connections, ldap_wrapper_release_context)
211 (ldap_wrapper_connection_cleanup, reader_callback, ldap_wrapper):
212 Factor code out to ...
213 * ldap-wrapper.c: new.
214 (ldap_wrapper): Make public.
215 (read_buffer): Copy from ldap.c.
216 * ldap-wrapper.h: New.
217 * Makefile.am (dirmngr_SOURCES): Add new files.
219 2010-07-16 Werner Koch <wk@g10code.com>
221 * http.c, http.h: Remove.
223 * dirmngr-err.h: New.
224 * dirmngr.h: Include dirmngr-err.h instead of gpg-error.h
226 * cdblib.c: Replace assignments to ERRNO by a call to
227 gpg_err_set_errno. Include dirmngr-err.h.
228 (cdb_free) [__MINGW32CE__]: Do not use get_osfhandle.
230 * dirmngr.c [!HAVE_SIGNAL_H]: Don't include signal.h.
231 (USE_W32_SERVICE): New. Use this to control the use of the W32
234 2010-07-06 Werner Koch <wk@g10code.com>
236 * dirmngr.c (main): Print note on directory name changes.
238 Replace almost all uses of stdio by estream.
240 * b64dec.c, b64enc.c: Remove. They are duplicated in ../common/.
242 2010-06-28 Werner Koch <wk@g10code.com>
244 * dirmngr_ldap.c (my_i18n_init): Remove.
245 (main): Call i18n_init instead of above function.
247 * dirmngr-client.c (my_i18n_init): Remove.
248 (main): Call i18n_init instead of above function.
250 * Makefile.am (dirmngr_LDADD): Add ../gl/libgnu.
251 (dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
253 2010-06-09 Werner Koch <wk@g10code.com>
257 * Makefile.am (no-libgcrypt.c): New rule.
259 * exechelp.h: Remove.
260 * exechelp.c: Remove.
261 (dirmngr_release_process): Change callers to use the gnupg func.
262 (dirmngr_wait_process): Likewise.
263 (dirmngr_kill_process): Likewise. This actually implements it for
265 * ldap.c (ldap_wrapper): s/get_dirmngr_ldap_path/gnupg_module_name/.
266 (ldap_wrapper_thread): Use gnupg_wait_process and adjust for
268 (ldap_wrapper): Replace xcalloc by xtrycalloc. Replace spawn
271 * server.c (start_command_handler): Remove assuan_set_log_stream.
273 * validate.c: Remove gcrypt.h and ksba.h.
275 * ldapserver.c: s/util.h/dirmngr.h/.
277 * dirmngr.c (sleep) [W32]: Remove macro.
278 (main): s/sleep/gnupg_sleep/.
279 (pid_suffix_callback): Change arg type.
280 (my_gcry_logger): Remove.
281 (fixed_gcry_pth_init): New.
285 2010-06-08 Werner Koch <wk@g10code.com>
287 * misc.h (copy_time): Remove and replace by gnupg_copy_time which
288 allows to set a null date.
289 * misc.c (dump_isotime, get_time, get_isotime, set_time)
290 (check_isotime, add_isotime): Remove and replace all calls by the
291 versions from common/gettime.c.
293 * crlcache.c, misc.c, misc.h: s/dirmngr_isotime_t/gnupg_isotime_t/.
294 * server.c, ldap.c: Reorder include directives.
295 * crlcache.h, misc.h: Remove all include directives.
297 * certcache.c (cmp_simple_canon_sexp): Remove.
298 (compare_serialno): Rewrite using cmp_simple_canon_sexp from
303 * dirmngr.c: Remove transitional option "--ignore-ocsp-servic-url".
304 (opts): Use ARGPARSE macros.
306 (main): Use GnuPG init functions.
308 * dirmngr.h: Remove duplicated stuff now taken from ../common.
310 * get-path.c, util.h: Remove.
312 * Makefile.am: Adjust to GnuPG system.
313 * estream.c, estream.h, estream-printf.c, estream-printf.h: Remove.
315 2010-06-07 Werner Koch <wk@g10code.com>
317 * OAUTHORS, ONEWS, ChangeLog.1: New.
319 * ChangeLog, Makefile.am, b64dec.c, b64enc.c, cdb.h, cdblib.c
320 * certcache.c, certcache.h, crlcache.c, crlcache.h, crlfetch.c
321 * crlfetch.h, dirmngr-client.c, dirmngr.c, dirmngr.h
322 * dirmngr_ldap.c, error.h, estream-printf.c, estream-printf.h
323 * estream.c, estream.h, exechelp.c, exechelp.h, get-path.c, http.c
324 * http.h, i18n.h, ldap-url.c, ldap-url.h, ldap.c, ldapserver.c
325 * ldapserver.h, misc.c, misc.h, ocsp.c, ocsp.h, server.c, util.h
326 * validate.c, validate.h: Imported from the current SVN of the
327 dirmngr package (only src/).
329 2010-03-13 Werner Koch <wk@g10code.com>
331 * dirmngr.c (int_and_ptr_u): New.
332 (pid_suffix_callback): Trick out compiler.
333 (start_connection_thread): Ditto.
334 (handle_connections): Ditto.
336 2010-03-09 Werner Koch <wk@g10code.com>
338 * dirmngr.c (set_debug): Allow numerical values.
340 2009-12-15 Werner Koch <wk@g10code.com>
342 * dirmngr.c: Add option --ignore-cert-extension.
343 (parse_rereadable_options): Implement.
344 * dirmngr.h (opt): Add IGNORED_CERT_EXTENSIONS.
345 * validate.c (unknown_criticals): Handle ignored extensions.
347 2009-12-08 Marcus Brinkmann <marcus@g10code.de>
349 * dirmngr-client.c (start_dirmngr): Convert posix FDs to assuan fds.
351 2009-11-25 Marcus Brinkmann <marcus@g10code.de>
353 * server.c (start_command_handler): Use assuan_fd_t and
354 assuan_fdopen on fds.
356 2009-11-05 Marcus Brinkmann <marcus@g10code.de>
358 * server.c (start_command_handler): Update use of
359 assuan_init_socket_server.
360 * dirmngr-client.c (start_dirmngr): Update use of
361 assuan_pipe_connect and assuan_socket_connect.
363 2009-11-04 Werner Koch <wk@g10code.com>
365 * server.c (register_commands): Add help arg to
366 assuan_register_command. Change all command comments to strings.
368 2009-11-02 Marcus Brinkmann <marcus@g10code.de>
370 * server.c (reset_notify): Take LINE argument, return gpg_error_t.
372 2009-10-16 Marcus Brinkmann <marcus@g10code.com>
374 * Makefile.am: (dirmngr_LDADD): Link to $(LIBASSUAN_LIBS) instead
375 of $(LIBASSUAN_PTH_LIBS).
376 * dirmngr.c: Invoke ASSUAN_SYSTEM_PTH_IMPL.
377 (main): Call assuan_set_system_hooks and assuan_sock_init.
379 2009-09-22 Marcus Brinkmann <marcus@g10code.de>
381 * dirmngr.c (main): Update to new Assuan interface.
382 * server.c (option_handler, cmd_ldapserver, cmd_isvalid)
383 (cmd_checkcrl, cmd_checkocsp, cmd_lookup, cmd_loadcrl)
384 (cmd_listcrls, cmd_cachecert, cmd_validate): Return gpg_error_t
386 (register_commands): Likewise for member HANDLER.
387 (start_command_handler): Allocate context with assuan_new before
388 starting server. Release on error.
389 * dirmngr-client.c (main): Update to new Assuan interface.
390 (start_dirmngr): Allocate context with assuan_new before
391 connecting to server. Release on error.
393 2009-08-12 Werner Koch <wk@g10code.com>
395 * dirmngr-client.c (squid_loop_body): Flush stdout. Suggested by
398 2009-08-07 Werner Koch <wk@g10code.com>
400 * crlfetch.c (my_es_read): Add explicit check for EOF.
402 * http.c (struct http_context_s): Turn IN_DATA and IS_HTTP_0_9 to
404 (struct cookie_s): Add CONTENT_LENGTH_VALID and CONTENT_LENGTH.
405 (parse_response): Parse the Content-Length header.
406 (cookie_read): Handle content length.
407 (http_open): Make NEED_HEADER the semi-default.
409 * http.h (HTTP_FLAG_IGNORE_CL): New.
411 2009-08-04 Werner Koch <wk@g10code.com>
413 * ldap.c (ldap_wrapper_thread): Factor some code out to ...
414 (read_log_data): ... new. Close the log fd on error.
415 (ldap_wrapper_thread): Delay cleanup until the log fd is closed.
416 (SAFE_PTH_CLOSE): New. Use it instead of pth_close.
418 2009-07-31 Werner Koch <wk@g10code.com>
420 * server.c (cmd_loadcrl): Add option --url.
421 * dirmngr-client.c (do_loadcrl): Make use of --url.
423 * crlfetch.c (crl_fetch): Remove HTTP_FLAG_NO_SHUTDOWN. Add
424 flag HTTP_FLAG_LOG_RESP with active DBG_LOOKUP.
426 * http.c: Require estream. Remove P_ES macro.
427 (write_server): Remove.
428 (my_read_line): Remove. Replace all callers by es_read_line.
429 (send_request): Use es_asprintf. Always store the cookie.
430 (http_wait_response): Remove the need to dup the socket. USe new
432 * http.h (HTTP_FLAG_NO_SHUTDOWN): Rename to HTTP_FLAG_SHUTDOWN.
434 * estream.c, estream.h, estream-printf.c, estream-printf.h: Update
435 from current libestream. This is provide es_asprintf.
437 2009-07-20 Werner Koch <wk@g10code.com>
439 * dirmngr.c (pid_suffix_callback): New.
440 (main): Use log_set_pid_suffix_cb.
441 (start_connection_thread): Put the fd into the tls.
443 * ldap.c (ldap_wrapper_thread): Print ldap worker stati.
444 (ldap_wrapper_release_context): Print a debug info.
445 (end_cert_fetch_ldap): Release the reader. Might fix bug#999.
447 2009-06-17 Werner Koch <wk@g10code.com>
449 * util.h: Remove unused dotlock.h.
451 2009-05-26 Werner Koch <wk@g10code.com>
453 * ldap.c (ldap_wrapper): Show reader object in diagnostics.
454 * crlcache.c (crl_cache_reload_crl): Ditto. Change debug messages
455 to regular diagnostics.
456 * dirmngr_ldap.c (print_ldap_entries): Add extra diagnostics.
458 2009-04-03 Werner Koch <wk@g10code.com>
460 * dirmngr.h (struct server_local_s): Move back to ...
461 * server.c (struct server_local_s): ... here.
462 (get_ldapservers_from_ctrl): New.
463 * ldapserver.h (ldapserver_iter_begin): Use it.
465 2008-10-29 Marcus Brinkmann <marcus@g10code.de>
467 * estream.c (es_getline): Add explicit cast to silence gcc -W
469 * crlcache.c (finish_sig_check): Likewise.
471 * dirmngr.c (opts): Add missing initializer to silence gcc
473 * server.c (register_commands): Likewise.
474 * dirmngr-client.c (opts): Likewise.
475 * dirmngr_ldap.c (opts): Likewise.
477 * dirmngr-client.c (status_cb, inq_cert, data_cb): Change return
478 type to gpg_error_t to silence gcc warning.
480 2008-10-21 Werner Koch <wk@g10code.com>
482 * certcache.c (load_certs_from_dir): Accept ".der" files.
484 * server.c (get_istrusted_from_client): New.
485 * validate.c (validate_cert_chain): Add new optional arg
486 R_TRUST_ANCHOR. Adjust all callers
487 * crlcache.c (crl_cache_entry_s): Add fields USER_TRUST_REQ
488 and CHECK_TRUST_ANCHOR.
489 (release_one_cache_entry): Release CHECK_TRUST_ANCHOR.
490 (list_one_crl_entry): Print info about the new fields.
491 (open_dir, write_dir_line_crl): Support the new U-flag.
492 (crl_parse_insert): Add arg R_TRUST_ANCHOR and set it accordingly.
493 (crl_cache_insert): Store trust anchor in entry object.
494 (cache_isvalid): Ask client for trust is needed.
496 * crlcache.c (open_dir): Replace xcalloc by xtrycalloc.
497 (next_line_from_file): Ditt. Add arg to return the gpg error.
499 (update_dir): Replace sprintf and malloc by estream_asprintf.
500 (crl_cache_insert): Ditto.
501 (crl_cache_isvalid): Replace xmalloc by xtrymalloc.
502 (get_auth_key_id): Ditto.
503 (crl_cache_insert): Ditto.
505 * crlcache.c (start_sig_check): Remove HAVE_GCRY_MD_DEBUG test.
506 * validate.c (check_cert_sig): Ditto. Remove workaround for bug
509 * estream.c, estream.h, estream-printf.c, estream-printf.h: Update
510 from current libestream (svn rev 61).
512 2008-09-30 Marcus Brinkmann <marcus@g10code.com>
514 * get-path.c (get_dirmngr_ldap_path): Revert last change.
515 Instead, use dirmngr_libexecdir().
516 (find_program_at_standard_place): Don't define for now.
518 2008-09-30 Marcus Brinkmann <marcus@g10code.com>
520 * get-path.c (dirmngr_cachedir): Make COMP a pointer to const to
522 (get_dirmngr_ldap_path): Look for dirmngr_ldap in the installation
525 2008-08-06 Marcus Brinkmann <marcus@g10code.com>
527 * dirmngr.c (main): Mark the ldapserverlist-file option as
530 2008-07-31 Werner Koch <wk@g10code.com>
532 * crlcache.c (start_sig_check) [!HAVE_GCRY_MD_DEBUG]: Use
535 2008-06-16 Werner Koch <wk@g10code.com>
537 * get-path.c (w32_commondir): New.
538 (dirmngr_sysconfdir): Use it here.
539 (dirmngr_datadir): Ditto.
541 2008-06-12 Marcus Brinkmann <marcus@g10code.de>
543 * Makefile.am (dirmngr_SOURCES): Add ldapserver.h and ldapserver.c.
544 * ldapserver.h, ldapserver.c: New files.
545 * ldap.c: Include "ldapserver.h".
546 (url_fetch_ldap): Use iterator to get session servers as well.
547 (attr_fetch_ldap, start_default_fetch_ldap): Likewise.
548 * dirmngr.c: Include "ldapserver.h".
549 (free_ldapservers_list): Removed. Change callers to
550 ldapserver_list_free.
551 (parse_ldapserver_file): Use ldapserver_parse_one.
552 * server.c: Include "ldapserver.h".
553 (cmd_ldapserver): New command.
554 (register_commands): Add new command LDAPSERVER.
555 (reset_notify): New function.
556 (start_command_handler): Register reset notify handler.
557 Deallocate session server list.
558 (lookup_cert_by_pattern): Use iterator to get session servers as well.
559 (struct server_local_s): Move to ...
560 * dirmngr.h (struct server_local_s): ... here. Add new member
563 2008-06-10 Werner Koch <wk@g10code.com>
565 Support PEM encoded CRLs. Fixes bug#927.
567 * crlfetch.c (struct reader_cb_context_s): New.
568 (struct file_reader_map_s): Replace FP by new context.
569 (register_file_reader, get_file_reader): Adjust accordingly.
570 (my_es_read): Detect Base64 encoded CRL and decode if needed.
571 (crl_fetch): Pass new context to the callback.
572 (crl_close_reader): Cleanup the new context.
573 * b64dec.c: New. Taken from GnuPG.
574 * util.h (struct b64state): Add new fields STOP_SEEN and
577 2008-05-26 Marcus Brinkmann <marcus@g10code.com>
579 * dirmngr.c (main) [HAVE_W32_SYSTEM]: Switch to system
580 configuration on gpgconf related commands, and make all options
583 2008-03-25 Marcus Brinkmann <marcus@g10code.de>
585 * dirmngr_ldap.c (print_ldap_entries): Add code alternative for
586 W32 console stdout (unused at this point).
588 2008-03-21 Marcus Brinkmann <marcus@g10code.de>
590 * estream.c (ESTREAM_MUTEX_DESTROY): New macro.
591 (es_create, es_destroy): Use it.
593 2008-02-21 Werner Koch <wk@g10code.com>
595 * validate.c (check_cert_sig) [HAVE_GCRY_MD_DEBUG]: Use new debug
596 function if available.
598 * crlcache.c (abort_sig_check): Mark unused arg.
600 * exechelp.c (dirmngr_release_process) [!W32]: Mark unsed arg.
602 * validate.c (is_root_cert): New. Taken from GnuPG.
603 (validate_cert_chain): Use it in place of the simple DN compare.
605 2008-02-15 Marcus Brinkmann <marcus@g10code.de>
607 * dirmngr.c (main): Reinitialize assuan log stream if necessary.
609 * crlcache.c (update_dir) [HAVE_W32_SYSTEM]: Remove destination
611 (crl_cache_insert) [HAVE_W32_SYSTEM]: Remove destination file
614 2008-02-14 Marcus Brinkmann <marcus@g10code.de>
616 * validate.c (check_cert_policy): Use ksba_free instead of xfree.
617 (validate_cert_chain): Likewise. Free SUBJECT on error.
618 (cert_usage_p): Likewise.
620 * crlcache.c (finish_sig_check): Undo last change.
621 (finish_sig_check): Close md.
622 (abort_sig_check): New function.
623 (crl_parse_insert): Use abort_sig_check to clean up.
625 * crlcache.c (crl_cache_insert): Clean up CDB on error.
627 2008-02-13 Marcus Brinkmann <marcus@g10code.de>
629 * crlcache.c (finish_sig_check): Call gcry_md_stop_debug.
630 * exechelp.h (dirmngr_release_process): New prototype.
631 * exechelp.c (dirmngr_release_process): New function.
632 * ldap.c (ldap_wrapper_thread): Release pid.
633 (destroy_wrapper): Likewise.
635 * dirmngr.c (launch_reaper_thread): Destroy tattr.
636 (handle_connections): Likewise.
638 2008-02-12 Marcus Brinkmann <marcus@g10code.de>
640 * ldap.c (pth_close) [! HAVE_W32_SYSTEM]: New macro.
641 (struct wrapper_context_s): New member log_ev.
642 (destroy_wrapper): Check FDs for != -1 rather than != 0. Use
643 pth_close instead of close. Free CTX->log_ev.
644 (ldap_wrapper_thread): Rewritten to use pth_wait instead of
645 select. Also use pth_read instead of read and pth_close instead
647 (ldap_wrapper): Initialize CTX->log_ev.
648 (reader_callback): Use pth_close instead of close.
649 * exechelp.c (create_inheritable_pipe) [HAVE_W32_SYSTEM]: Removed.
650 (dirmngr_spawn_process) [HAVE_W32_SYSTEM]: Use pth_pipe instead.
651 * dirmngr_ldap.c [HAVE_W32_SYSTEM]: Include <fcntl.h>.
652 (main) [HAVE_W32_SYSTEM]: Set mode of stdout to binary.
654 2008-02-01 Werner Koch <wk@g10code.com>
656 * ldap.c: Remove all ldap headers as they are unused.
658 * dirmngr_ldap.c (LDAP_DEPRECATED): New, to have OpenLDAP use the
661 2008-01-10 Werner Koch <wk@g10code.com>
663 * dirmngr-client.c: New option --local.
666 * server.c (lookup_cert_by_pattern): Implement local lookup.
667 (return_one_cert): New.
668 * certcache.c (hexsn_to_sexp): New.
669 (classify_pattern, get_certs_bypattern): New.
671 * misc.c (unhexify): Allow passing NULL for RESULT.
672 (cert_log_subject): Do not call ksba_free on an unused variable.
674 2008-01-02 Marcus Brinkmann <marcus@g10code.de>
676 * Makefile.am (dirmngr_LDADD, dirmngr_ldap_LDADD)
677 (dirmngr_client_LDADD): Add $(LIBICONV). Reported by Michael
680 2007-12-11 Werner Koch <wk@g10code.com>
682 * server.c (option_handler): New option audit-events.
683 * dirmngr.h (struct server_control_s): Add member AUDIT_EVENTS.
685 2007-11-26 Marcus Brinkmann <marcus@g10code.de>
687 * get-path.c (dirmngr_cachedir): Create intermediate directories.
688 (default_socket_name): Use CSIDL_WINDOWS.
690 2007-11-21 Werner Koch <wk@g10code.com>
692 * server.c (lookup_cert_by_pattern): Add args SINGLE and CACHE_ONLY.
693 (cmd_lookup): Add options --single and --cache-only.
695 2007-11-16 Werner Koch <wk@g10code.com>
697 * certcache.c (load_certs_from_dir): Also log the subject DN.
698 * misc.c (cert_log_subject): New.
700 2007-11-14 Werner Koch <wk@g10code.com>
702 * dirmngr-client.c: Replace --lookup-url by --url.
703 (main): Remove extra code for --lookup-url.
704 (do_lookup): Remove LOOKUP_URL arg and use the
705 global option OPT.URL.
707 * server.c (has_leading_option): New.
708 (cmd_lookup): Use it.
710 * crlfetch.c (fetch_cert_by_url): Use GPG_ERR_INV_CERT_OBJ.
711 (fetch_cert_by_url): Use gpg_error_from_syserror.
713 2007-11-14 Moritz <moritz@gnu.org> (wk)
715 * dirmngr-client.c: New command: --lookup-url <URL>.
716 (do_lookup): New parameter: lookup_url. If TRUE, include "--url"
717 switch in LOOKUP transaction.
718 (enum): New entry: oLookupUrl.
720 (main): Handle oLookupUrl. New variable: cmd_lookup_url, set
721 during option parsing, pass to do_lookup() and substitute some
722 occurences of "cmd_lookup" with "cmd_lookup OR cmd_lookup_url".
723 * crlfetch.c (fetch_cert_by_url): New function, uses
724 url_fetch_ldap() to create a reader object and libksba functions
725 to read a single cert from that reader.
726 * server.c (lookup_cert_by_url, lookup_cert_by_pattern): New
728 (cmd_lookup): Moved almost complete code ...
729 (lookup_cert_by_pattern): ... here.
730 (cmd_lookup): Support new optional argument: --url. Depending on
731 the presence of that switch, call lookup_cert_by_url() or
732 lookup_cert_by_pattern().
733 (lookup_cert_by_url): Heavily stripped down version of
734 lookup_cert_by_pattern(), using fetch_cert_by_url.
736 2007-10-24 Marcus Brinkmann <marcus@g10code.de>
738 * exechelp.c (dirmngr_spawn_process): Fix child handles.
740 2007-10-05 Marcus Brinkmann <marcus@g10code.de>
742 * dirmngr.h: Include assuan.h.
743 (start_command_handler): Change type of FD to assuan_fd_t.
744 * dirmngr.c: Do not include w32-afunix.h.
745 (socket_nonce): New global variable.
746 (create_server_socket): Use assuan socket wrappers. Remove W32
747 specific stuff. Save the server nonce.
748 (check_nonce): New function.
749 (start_connection_thread): Call it.
750 (handle_connections): Change args to assuan_fd_t.
751 * server.c (start_command_handler): Change type of FD to assuan_fd_t.
753 2007-09-12 Marcus Brinkmann <marcus@g10code.de>
755 * dirmngr.c (main): Percent escape pathnames in --gpgconf-list output.
757 2007-08-27 Moritz Schulte <moritz@g10code.com>
759 * src/Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SOCKETDIR based on
761 * src/get-path.c (default_socket_name): Use DIRMNGR_SOCKETDIR
762 instead of hard-coded "/var/run/dirmngr".
764 2007-08-16 Werner Koch <wk@g10code.com>
766 * get-path.c (get_dirmngr_ldap_path): Make PATHNAME const.
768 * dirmngr.c (my_ksba_hash_buffer): Mark unused arg.
769 (dirmngr_init_default_ctrl): Ditto.
770 (my_gcry_logger): Ditto.
771 * dirmngr-client.c (status_cb): Ditto.
772 * dirmngr_ldap.c (catch_alarm): Ditto.
773 * estream-printf.c (pr_bytes_so_far): Ditto.
774 * estream.c (es_func_fd_create): Ditto.
775 (es_func_fp_create): Ditto.
776 (es_write_hexstring): Ditto.
777 * server.c (cmd_listcrls): Ditto.
778 (cmd_cachecert): Ditto.
779 * crlcache.c (cache_isvalid): Ditto.
780 * ocsp.c (do_ocsp_request): Ditto.
781 * ldap.c (ldap_wrapper_thread): Ditto.
782 * http.c (http_register_tls_callback): Ditto.
783 (connect_server): Ditto.
784 (write_server) [!HTTP_USE_ESTREAM]: Don't build.
786 2007-08-14 Werner Koch <wk@g10code.com>
788 * get-path.c (dirmngr_cachedir) [W32]: Use CSIDL_LOCAL_APPDATA.
790 2007-08-13 Werner Koch <wk@g10code.com>
792 * dirmngr.c (handle_connections): Use a timeout in the accept
793 function. Block signals while creating a new thread.
794 (shutdown_pending): Needs to be volatile as also accessed bt the
796 (w32_service_control): Do not use the regular log fucntions here.
798 (main): With system_service in effect use aDaemon as default
800 (main) [W32]: Only temporary redefine main for the sake of Emacs's
803 * dirmngr-client.c (main) [W32]: Initialize sockets.
804 (start_dirmngr): Use default_socket_name instead of a constant.
805 * Makefile.am (dirmngr_client_SOURCES): Add get-path.c
807 2007-08-09 Werner Koch <wk@g10code.com>
809 * dirmngr.c (parse_ocsp_signer): New.
810 (parse_rereadable_options): Set opt.ocsp_signer to this.
811 * dirmngr.h (fingerprint_list_t): New.
812 * ocsp.c (ocsp_isvalid, check_signature, validate_responder_cert):
813 Allow for several default ocscp signers.
814 (ocsp_isvalid): Return GPG_ERR_NO_DATA for an unknwon status.
816 * dirmngr-client.c: New option --force-default-responder.
818 * server.c (has_option, skip_options): New.
819 (cmd_checkocsp): Add option --force-default-responder.
820 (cmd_isvalid): Ditto. Also add option --only-ocsp.
822 * ocsp.c (ocsp_isvalid): New arg FORCE_DEFAULT_RESPONDER.
824 * dirmngr.c: New option --ocsp-max-period.
825 * ocsp.c (ocsp_isvalid): Implement it and take care that a missing
826 next_update is to be ignored.
828 * crlfetch.c (my_es_read): New. Use it instead of es_read.
830 * estream.h, estream.c, estream-printf.c: Updated from current
833 2007-08-08 Werner Koch <wk@g10code.com>
835 * crlcache.c (crl_parse_insert): Hack to allow for a missing
838 * dirmngr_ldap.c (print_ldap_entries): Strip the extension from
841 * exechelp.c (dirmngr_wait_process): Reworked for clear error
843 * ldap.c (ldap_wrapper_thread): Adjust for new
844 dirmngr_wait_process semantics.
846 2007-08-07 Werner Koch <wk@g10code.com>
848 * get-path.c (default_socket_name) [!W32]: Fixed syntax error.
850 * ldap.c (X509CACERT, make_url, fetch_next_cert_ldap): Support
851 x509caCert as used by the Bundesnetzagentur.
852 (ldap_wrapper): Do not pass the prgtram name as the first
853 argument. dirmngr_spawn_process takes care of that.
855 2007-08-04 Marcus Brinkmann <marcus@g10code.de>
857 * dirmngr.h (opt): Add member system_service.
858 * dirmngr.c (opts) [HAVE_W32_SYSTEM]: New entry for option
860 (DEFAULT_SOCKET_NAME): Removed.
861 (service_handle, service_status,
862 w32_service_control) [HAVE_W32_SYSTEM]: New symbols.
863 (main) [HAVE_W32_SYSTEM]: New entry point for --service. Rename
865 (real_main) [HAVE_W32_SYSTEM]: ... this. Use default_socket_name
866 instead of DEFAULT_SOCKET_NAME, and similar for other paths.
867 Allow colons in Windows socket path name, and implement --service
869 * util.h (dirmngr_sysconfdir, dirmngr_libexecdir, dirmngr_datadir,
870 dirmngr_cachedir, default_socket_name): New prototypes.
871 * get-path.c (dirmngr_sysconfdir, dirmngr_libexecdir)
872 (dirmngr_datadir, dirmngr_cachedir, default_socket_name): New
874 (DIRSEP_C, DIRSEP_S): New macros.
876 2007-08-03 Marcus Brinkmann <marcus@g10code.de>
878 * get-path.c: Really add the file this time.
880 2007-07-31 Marcus Brinkmann <marcus@g10code.de>
882 * crlfetch.c: Include "estream.h".
883 (crl_fetch): Use es_read callback instead a file handle.
884 (crl_close_reader): Use es_fclose instead of fclose.
885 (struct file_reader_map_s): Change type of FP to estream_t.
886 (register_file_reader, crl_fetch, crl_close_reader): Likewise.
887 * ocsp.c: Include "estream.h".
888 (read_response): Change type of FP to estream_t.
889 (read_response, do_ocsp_request): Use es_* variants of I/O
892 * http.c: Include <pth.h>.
893 (http_wait_response) [HAVE_W32_SYSTEM]: Use DuplicateHandle.
894 (cookie_read): Use pth_read instead read.
895 (cookie_write): Use pth_write instead write.
897 2007-07-30 Marcus Brinkmann <marcus@g10code.de>
899 * ldap-url.c (ldap_str2charray): Fix buglet in ldap_utf8_strchr
902 2007-07-27 Marcus Brinkmann <marcus@g10code.de>
904 * estream.h, estream.c: Update from recent GnuPG.
906 * get-path.c: New file.
907 * Makefile.am (dirmngr_SOURCES): Add get-path.c.
908 * util.h (default_homedir, get_dirmngr_ldap_path): New prototypes.
909 * dirmngr.c (main): Use default_homedir().
910 * ldap-url.h: Remove japanese white space (sorry!).
912 2007-07-26 Marcus Brinkmann <marcus@g10code.de>
914 * ldap.c (pth_yield): Remove macro.
916 * ldap.c (pth_yield) [HAVE_W32_SYSTEM]: Define to Sleep(0).
918 * dirmngr_ldap.c [HAVE_W32_SYSTEM]: Do not include <ldap.h>, but
919 <winsock2.h>, <winldap.h> and "ldap-url.h".
920 * ldap.c [HAVE_W32_SYSTEM]: Do not include <ldap.h>, but
921 <winsock2.h> and <winldap.h>.
923 * ldap-url.c: Do not include <ldap.h>, but <winsock2.h>,
924 <winldap.h> and "ldap-url.h".
926 * ldap-url.h: New file.
927 * Makefile.am (ldap_url): Add ldap-url.h.
929 * Makefile.am (ldap_url): New variable.
930 (dirmngr_ldap_SOURCES): Add $(ldap_url).
931 (dirmngr_ldap_LDADD): Add $(LIBOBJS).
932 * ldap-url.c: New file, excerpted from OpenLDAP.
933 * dirmngr.c (main) [HAVE_W32_SYSTEM]: Avoid the daemonization.
934 * dirmngr_ldap.c: Include "util.h".
935 (main) [HAVE_W32_SYSTEM]: Don't set up alarm.
936 (set_timeout) [HAVE_W32_SYSTEM]: Likewise.
937 * ldap.c [HAVE_W32_SYSTEM]: Add macros for setenv and pth_yield.
938 * no-libgcrypt.h (NO_LIBGCRYPT): Define.
939 * util.h [NO_LIBGCRYPT]: Don't include <gcrypt.h>.
941 2007-07-23 Marcus Brinkmann <marcus@g10code.de>
943 * Makefile.am (dirmngr_SOURCES): Add exechelp.h and exechelp.c.
944 * exechelp.h, exechelp.c: New files.
945 * ldap.c: Don't include <sys/wait.h> but "exechelp.h".
946 (destroy_wrapper, ldap_wrapper_thread,
947 ldap_wrapper_connection_cleanup): Use dirmngr_kill_process instead
949 (ldap_wrapper_thread): Use dirmngr_wait_process instead of
951 (ldap_wrapper): Use dirmngr_spawn_process.
953 2007-07-20 Marcus Brinkmann <marcus@g10code.de>
955 * certcache.c (cert_cache_lock): Do not initialize statically.
956 (init_cache_lock): New function.
957 (cert_cache_init): Call init_cache_lock.
959 * estream.h, estream.c, estream-printf.h, estream-printf.c: New
961 * Makefile.am (dirmngr_SOURCES): Add estream.c, estream.h,
962 estream-printf.c, estream-printf.h.
964 * http.c: Update to latest version from GnuPG.
966 * Makefile.am (cdb_sources)
967 * cdblib.c: Port to windows (backport from tinycdb 0.76).
969 * crlcache.c [HAVE_W32_SYSTEM]: Don't include sys/utsname.h.
970 [MKDIR_TAKES_ONE_ARG]: Define mkdir as a macro for such systems.
971 (update_dir, crl_cache_insert) [HAVE_W32_SYSTEM]: Don't get uname.
972 * server.c (start_command_handler) [HAVE_W32_SYSTEM]: Don't log
975 * dirmngr.c [HAVE_W32_SYSTEM]: Do not include sys/socket.h or
976 sys/un.h, but ../jnlib/w32-afunix.h.
977 (sleep) [HAVE_W32_SYSTEM]: New macro.
978 (main) [HAVE_W32_SYSTEM]: Don't mess with SIGPIPE. Use W32 socket
980 (handle_signal) [HAVE_W32_SYSTEM]: Deactivate the bunch of the
982 (handle_connections) [HAVE_W32_SYSTEM]: don't handle signals.
984 2006-11-29 Werner Koch <wk@g10code.com>
986 * dirmngr.c (my_strusage): Use macro for the bug report address
987 and the copyright line.
988 * dirmngr-client.c (my_strusage): Ditto.
989 * dirmngr_ldap.c (my_strusage): Ditto.
991 * Makefile.am: Do not link against LIBICONV.
993 2006-11-19 Werner Koch <wk@g10code.com>
995 * dirmngr.c: Include i18n.h.
997 2006-11-17 Werner Koch <wk@g10code.com>
999 * Makefile.am (dirmngr_LDADD): Use LIBASSUAN_PTH_LIBS.
1001 2006-11-16 Werner Koch <wk@g10code.com>
1003 * server.c (start_command_handler): Replaced
1004 assuan_init_connected_socket_server by assuan_init_socket_server_ext.
1006 * crlcache.c (update_dir): Put a diagnostic into DIR.txt.
1007 (open_dir): Detect invalid and duplicate entries.
1008 (update_dir): Fixed search for second field.
1010 2006-10-23 Werner Koch <wk@g10code.com>
1012 * dirmngr.c (main): New command --gpgconf-test.
1014 2006-09-14 Werner Koch <wk@g10code.com>
1016 * server.c (start_command_handler): In vebose mode print
1017 information about the peer. This may later be used to restrict
1020 2006-09-12 Werner Koch <wk@g10code.com>
1022 * server.c (start_command_handler): Print a more informative hello
1024 * dirmngr.c: Moved config_filename into the opt struct.
1026 2006-09-11 Werner Koch <wk@g10code.com>
1028 Changed everything to use Assuan with gpg-error codes.
1029 * maperror.c: Removed.
1030 * server.c (map_to_assuan_status): Removed.
1031 * dirmngr.c (main): Set assuan error source.
1032 * dirmngr-client.c (main): Ditto.
1034 2006-09-04 Werner Koch <wk@g10code.com>
1036 * crlfetch.c (crl_fetch): Implement HTTP redirection.
1037 * ocsp.c (do_ocsp_request): Ditto.
1039 New HTTP code version taken from gnupg svn release 4236.
1040 * http.c (http_get_header): New.
1041 (capitalize_header_name, store_header): New.
1042 (parse_response): Store headers away.
1043 (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
1044 * http.h: New flag HTTP_FLAG_NEED_HEADER.
1046 2006-09-01 Werner Koch <wk@g10code.com>
1048 * crlfetch.c (register_file_reader, get_file_reader): New.
1049 (crl_fetch): Register the file pointer for HTTP.
1050 (crl_close_reader): And release it.
1052 * http.c, http.h: Updated from GnuPG SVN trunk. Changed all users
1053 to adopt the new API.
1054 * dirmngr.h: Moved inclusion of jnlib header to ...
1055 * util.h: .. here. This is required becuase http.c includes only
1056 a file util.h but makes use of log_foo. Include gcrypt.h so that
1057 gcry_malloc et al are declared.
1059 2006-08-31 Werner Koch <wk@g10code.com>
1061 * ocsp.c (check_signature): Make use of the responder id.
1063 2006-08-30 Werner Koch <wk@g10code.com>
1065 * validate.c (check_cert_sig): Workaround for rimemd160.
1066 (allowed_ca): Always allow trusted CAs.
1068 * dirmngr.h (cert_ref_t): New.
1069 (struct server_control_s): Add field OCSP_CERTS.
1070 * server.c (start_command_handler): Release new field
1071 * ocsp.c (release_ctrl_ocsp_certs): New.
1072 (check_signature): Store certificates in OCSP_CERTS.
1074 * certcache.c (find_issuing_cert): Reset error if cert was found
1076 (put_cert): Add new arg FPR_BUFFER. Changed callers.
1077 (cache_cert_silent): New.
1079 * dirmngr.c (parse_rereadable_options): New options
1080 --ocsp-max-clock-skew and --ocsp-current-period.
1081 * ocsp.c (ocsp_isvalid): Use them here.
1083 * ocsp.c (validate_responder_cert): New optional arg signer_cert.
1084 (check_signature_core): Ditto.
1085 (check_signature): Use the default signer certificate here.
1087 2006-06-27 Werner Koch <wk@g10code.com>
1089 * dirmngr-client.c (inq_cert): Take care of SENDCERT_SKI.
1091 2006-06-26 Werner Koch <wk@g10code.com>
1093 * crlcache.c (lock_db_file): Count open files when needed.
1094 (find_entry): Fixed deleted case.
1096 2006-06-23 Werner Koch <wk@g10code.com>
1098 * misc.c (cert_log_name): New.
1100 * certcache.c (load_certs_from_dir): Also print certificate name.
1101 (find_cert_bysn): Release ISSDN.
1103 * validate.h: New VALIDATE_MODE_CERT.
1104 * server.c (cmd_validate): Use it here so that no policy checks
1105 are done. Try to validated a cached copy of the target.
1107 * validate.c (validate_cert_chain): Implement a validation cache.
1108 (check_revocations): Print more diagnostics. Actually use the
1109 loop variable and not the head of the list.
1110 (validate_cert_chain): Do not check revocations of CRL issuer
1111 certificates in plain CRL check mode.
1112 * ocsp.c (ocsp_isvalid): Make sure it is reset for a status of
1115 2006-06-22 Werner Koch <wk@g10code.com>
1117 * validate.c (cert_use_crl_p): New.
1118 (cert_usage_p): Add a mode 6 for CRL signing.
1119 (validate_cert_chain): Check that the certificate may be used for
1120 CRL signing. Print a note when not running as system daemon.
1121 (validate_cert_chain): Reduce the maximum depth from 50 to 10.
1123 * certcache.c (find_cert_bysn): Minor restructuring
1124 (find_cert_bysubject): Ditto. Use get_cert_local when called
1126 * crlcache.c (get_crlissuer_cert_bysn): Removed.
1127 (get_crlissuer_cert): Removed.
1128 (crl_parse_insert): Use find_cert_bysubject and find_cert_bysn
1129 instead of the removed functions.
1131 2006-06-19 Werner Koch <wk@g10code.com>
1133 * certcache.c (compare_serialno): Silly me. Using 0 as true is
1134 that hard; tsss. Fixed call cases except for the only working one
1135 which are both numbers of the same length.
1137 2006-05-15 Werner Koch <wk@g10code.com>
1139 * crlfetch.c (crl_fetch): Use no-shutdown flag for HTTP. This
1140 seems to be required for "IBM_HTTP_Server/2.0.47.1 Apache/2.0.47
1143 * http.c (parse_tuple): Set flag to to indicate no value.
1144 (build_rel_path): Take care of it.
1146 * crlcache.c (crl_cache_reload_crl): Also iterate over all names
1149 2005-09-28 Marcus Brinkmann <marcus@g10code.de>
1151 * Makefile.am (dirmngr_LDADD): Add @LIBINTL@ and @LIBICONV@.
1152 (dirmngr_ldap_LDADD): Likewise.
1153 (dirmngr_client_LDADD): Likewise.
1155 2005-09-12 Werner Koch <wk@g10code.com>
1157 * dirmngr.c: Fixed description to match the one in gpgconf.
1159 2005-06-15 Werner Koch <wk@g10code.com>
1161 * server.c (cmd_lookup): Take care of NO_DATA which might get
1162 returned also by start_cert_fetch().
1164 2005-04-20 Werner Koch <wk@g10code.com>
1166 * ldap.c (ldap_wrapper_wait_connections): Set a shutdown flag.
1167 (ldap_wrapper_thread): Handle shutdown in a special way.
1169 2005-04-19 Werner Koch <wk@g10code.com>
1171 * server.c (get_cert_local, get_issuing_cert_local)
1172 (get_cert_local_ski): Bail out if called without a local context.
1174 2005-04-18 Werner Koch <wk@g10code.com>
1176 * certcache.c (find_issuing_cert): Fixed last resort method which
1177 should be finding by subject and not by issuer. Try to locate it
1178 also using the keyIdentifier method. Improve error reporting.
1179 (cmp_simple_canon_sexp): New.
1180 (find_cert_bysubject): New.
1181 (find_cert_bysn): Ask back to the caller before trying an extarnl
1183 * server.c (get_cert_local_ski): New.
1184 * crlcache.c (crl_parse_insert): Also try to locate issuer
1185 certificate using the keyIdentifier. Improved error reporting.
1187 2005-04-14 Werner Koch <wk@g10code.com>
1189 * ldap.c (start_cert_fetch_ldap): Really return ERR.
1191 2005-03-17 Werner Koch <wk@g10code.com>
1193 * http.c (parse_response): Changed MAXLEN and LEN to size_t to
1194 match the requirement of read_line.
1195 * http.h (http_context_s): Ditto for BUFFER_SIZE.
1197 2005-03-15 Werner Koch <wk@g10code.com>
1199 * ldap.c: Included time.h. Reported by Bernhard Herzog.
1201 2005-03-09 Werner Koch <wk@g10code.com>
1203 * dirmngr.c: Add a note to the help listing check the man page for
1206 2005-02-01 Werner Koch <wk@g10code.com>
1208 * crlcache.c (crl_parse_insert): Renamed a few variables and
1209 changed diagnostic strings for clarity.
1210 (get_issuer_cert): Renamed to get_crlissuer_cert. Try to locate
1211 the certificate from the cache using the subject name. Use new
1213 (get_crlissuer_cert_bysn): New.
1214 (crl_parse_insert): Use it here.
1215 * crlfetch.c (ca_cert_fetch): Changed interface.
1216 (fetch_next_ksba_cert): New.
1217 * ldap.c (run_ldap_wrapper): Add arg MULTI_MODE. Changed all
1219 (start_default_fetch_ldap): New
1220 * certcache.c (get_cert_bysubject): New.
1221 (clean_cache_slot, put_cert): Store the subject DN if available.
1222 (MAX_EXTRA_CACHED_CERTS): Increase limit of cachable certificates
1224 (find_cert_bysn): Loop until a certificate with a matching S/N has
1227 * dirmngr.c (main): Add honor-http-proxy to the gpgconf list.
1229 2005-01-31 Werner Koch <wk@g10code.com>
1231 * ldap.c: Started to work on support for userSMIMECertificates.
1233 * dirmngr.c (main): Make sure to always pass a server control
1234 structure to the caching functions. Reported by Neil Dunbar.
1236 2005-01-05 Werner Koch <wk@g10code.com>
1238 * dirmngr-client.c (read_pem_certificate): Skip trailing percent
1241 2005-01-03 Werner Koch <wk@g10code.com>
1243 * dirmngr-client.c (read_pem_certificate): New.
1244 (read_certificate): Divert to it depending on pem option.
1245 (squid_loop_body): New.
1246 (main): New options --pem and --squid-mode.
1248 2004-12-17 Werner Koch <wk@g10code.com>
1250 * dirmngr.c (launch_ripper_thread): Renamed to launch_reaper_thread.
1251 (shutdown_reaper): New. Use it for --server and --daemon.
1252 * ldap.c (ldap_wrapper_wait_connections): New.
1254 2004-12-17 Werner Koch <wk@g10code.com>
1256 * Makefile.am (dirmngr_ldap_LDADD): Adjusted for new LDAP checks.
1258 2004-12-16 Werner Koch <wk@g10code.com>
1260 * ldap.c (ldap_wrapper): Peek on the output to detect empty output
1263 2004-12-15 Werner Koch <wk@g10code.com>
1265 * ldap.c (ldap_wrapper): Print a diagnostic after forking for the
1267 * certcache.h (find_cert_bysn): Add this prototype.
1268 * crlcache.c (start_sig_check): Write CRL hash debug file.
1269 (finish_sig_check): Dump the signer's certificate.
1270 (crl_parse_insert): Try to get the issuing cert by authKeyId.
1271 Moved certificate retrieval after item processing.
1273 2004-12-13 Werner Koch <wk@g10code.com>
1275 * dirmngr_ldap.c (catch_alarm, set_timeout): new.
1276 (main): Install alarm handler. Add new option --only-search-timeout.
1277 (print_ldap_entries, fetch_ldap): Use set_timeout ();
1278 * dirmngr.h: Make LDAPTIMEOUT a simple unsigned int. Change all
1280 * ldap.c (start_cert_fetch_ldap, run_ldap_wrapper): Pass timeout
1281 option to the wrapper.
1282 (INACTIVITY_TIMEOUT): Depend on LDAPTIMEOUT.
1283 (run_ldap_wrapper): Add arg IGNORE_TIMEOUT.
1284 (ldap_wrapper_thread): Check for special timeout exit code.
1286 * dirmngr.c: Workaround a typo in gpgconf for
1287 ignore-ocsp-service-url.
1289 2004-12-10 Werner Koch <wk@g10code.com>
1291 * ldap.c (url_fetch_ldap): Use TMP and not a HOST which is always
1293 * misc.c (host_and_port_from_url): Fixed bad encoding detection.
1295 2004-12-03 Werner Koch <wk@g10code.com>
1297 * crlcache.c (crl_cache_load): Re-implement it.
1299 * dirmngr-client.c: New command --load-crl
1302 * dirmngr.c (parse_rereadable_options, main): Make --allow-ocsp,
1303 --ocsp-responder, --ocsp-signer and --max-replies re-readable.
1305 * ocsp.c (check_signature): try to get the cert from the cache
1307 (ocsp_isvalid): Print the next and this update times on time
1310 * certcache.c (load_certs_from_dir): Print the fingerprint for
1311 trusted certificates.
1312 (get_cert_byhexfpr): New.
1313 * misc.c (get_fingerprint_hexstring_colon): New.
1315 2004-12-01 Werner Koch <wk@g10code.com>
1317 * Makefile.am (dirmngr_LDADD): Don't use LDAP_LIBS.
1319 * validate.c (validate_cert_chain): Fixed test; as written in the
1320 comment we want to do this only in daemon mode. For clarity
1321 reworked by using a linked list of certificates and include root
1322 and tragte certificate.
1323 (check_revocations): Likewise. Introduced a recursion sentinel.
1325 2004-11-30 Werner Koch <wk@g10code.com>
1327 * crlfetch.c (ca_cert_fetch, crl_fetch_default): Do not use the
1328 binary prefix as this will be handled in the driver.
1330 * dirmngr_ldap.c: New option --log-with-pid.
1331 (fetch_ldap): Handle LDAP_NO_SUCH_OBJECT.
1332 * ldap.c (run_ldap_wrapper, start_cert_fetch_ldap): Use new log
1336 2004-11-25 Werner Koch <wk@g10code.com>
1338 * Makefile.am (dirmngr_ldap_CFLAGS): Added GPG_ERROR_CFLAGS.
1339 Noted by Bernhard Herzog.
1341 2004-11-24 Werner Koch <wk@g10code.com>
1343 * ldap.c (ldap_wrapper): Fixed default name of the ldap wrapper.
1345 * b64enc.c (b64enc_start, b64enc_finish): Use standard strdup/free
1348 * dirmngr.c: New options --ignore-http-dp, --ignore-ldap-dp and
1349 --ignore-ocsp-service-url.
1350 * crlcache.c (crl_cache_reload_crl): Implement them.
1351 * ocsp.c (ocsp_isvalid): Ditto.
1353 2004-11-23 Werner Koch <wk@g10code.com>
1355 * ldap.c (ldap_wrapper_thread, reader_callback, ldap_wrapper):
1356 Keep a timestamp and terminate the wrapper after some time of
1359 * dirmngr-client.c (do_lookup): New.
1360 (main): New option --lookup.
1362 * b64enc.c: New. Taken from GnuPG 1.9.
1363 * no-libgcrypt.c (gcry_strdup): Added.
1365 * ocsp.c (ocsp_isvalid): New arg CERT and lookup the issuer
1366 certificate using the standard methods.
1368 * server.c (cmd_lookup): Truncation is now also an indication for
1370 (cmd_checkocsp): Implemented.
1372 * dirmngr_ldap.c (fetch_ldap): Write an error marker for a
1374 * ldap.c (add_server_to_servers): Reactivated.
1375 (url_fetch_ldap): Call it here and try all configured servers in
1376 case of a a failed lookup.
1377 (fetch_next_cert_ldap): Detect the truncation error flag.
1378 * misc.c (host_and_port_from_url, remove_percent_escapes): New.
1380 2004-11-22 Werner Koch <wk@g10code.com>
1382 * dirmngr_ldap.c (main): New option --proxy.
1383 * ocsp.c (do_ocsp_request): Take care of opt.disable_http.
1384 * crlfetch.c (crl_fetch): Honor the --honor-http-proxy variable.
1385 (crl_fetch): Take care of opt.disable_http and disable_ldap.
1386 (crl_fetch_default, ca_cert_fetch, start_cert_fetch):
1387 * ldap.c (run_ldap_wrapper): New arg PROXY.
1388 (url_fetch_ldap, attr_fetch_ldap, start_cert_fetch_ldap): Pass it.
1390 * http.c (http_open_document): Add arg PROXY.
1392 (send_request): Ditto and implement it as an override.
1394 * ocsp.c (validate_responder_cert): Use validate_cert_chain.
1396 * Makefile.am (AM_CPPFLAGS): Add macros for a few system
1398 * dirmngr.h (opt): New members homedir_data, homedir_cache,
1399 ldap_wrapper_program, system_daemon, honor_http_proxy, http_proxy,
1400 ldap_proxy, only_ldap_proxy, disable_ldap, disable_http.
1401 * dirmngr.c (main): Initialize new opt members HOMEDIR_DATA and
1403 (parse_rereadable_options): New options --ldap-wrapper-program,
1404 --http-wrapper-program, --disable-ldap, --disable-http,
1405 --honor-http-proxy, --http-proxy, --ldap-proxy, --only-ldap-proxy.
1406 (reread_configuration): New.
1408 * ldap.c (ldap_wrapper): Use the correct name for the wrapper.
1410 * crlcache.c (DBDIR_D): Make it depend on opt.SYSTEM_DAEMON.
1411 (cleanup_cache_dir, open_dir, update_dir, make_db_file_name)
1412 (crl_cache_insert, create_directory_if_needed): Use opt.HOMEDIR_CACHE
1414 * validate.c (check_revocations): New.
1415 * crlcache.c (crl_cache_isvalid): Factored most code out to
1416 (cache_isvalid): .. new.
1417 (crl_cache_cert_isvalid): New.
1418 * server.c (cmd_checkcrl): Cleaned up by using this new function.
1419 (reload_crl): Moved to ..
1420 * crlcache.c (crl_cache_reload_crl): .. here and made global.
1422 * certcache.c (cert_compute_fpr): Renamed from computer_fpr and
1424 (find_cert_bysn): Try to lookup missing certs.
1425 (cert_cache_init): Intialize using opt.HOMEDIR_DATA.
1428 2004-11-19 Werner Koch <wk@g10code.com>
1430 * dirmngr-client.c (status_cb): New. Use it in very verbose mode.
1432 * server.c (start_command_handler): Malloc the control structure
1433 and properly release it. Removed the primary_connection
1434 hack. Cleanup running wrappers.
1435 (dirmngr_status): Return an error code.
1436 (dirmngr_tick): Return an error code and detect a
1437 cancellation. Use wall time and not CPU time.
1438 * validate.c (validate_cert_chain): Add CTRL arg and changed callers.
1439 * crlcache.c (crl_cache_isvalid):
1440 * crlfetch.c (ca_cert_fetch, start_cert_fetch, crl_fetch_default)
1442 * ldap.c (ldap_wrapper, run_ldap_wrapper, url_fetch_ldap)
1443 (attr_fetch_ldap, start_cert_fetch_ldap): Ditto.
1444 (ldap_wrapper_release_context): Reset the stored CTRL.
1445 (reader_callback): Periodically call dirmngr_tick.
1446 (ldap_wrapper_release_context): Print an error message for read
1448 (ldap_wrapper_connection_cleanup): New.
1450 2004-11-18 Werner Koch <wk@g10code.com>
1452 * dirmngr.c (main): Do not cd / if not running detached.
1454 * dirmngr-client.c: New options --cache-cert and --validate.
1455 (do_cache, do_validate): New.
1456 * server.c (cmd_cachecert, cmd_validate): New.
1458 * crlcache.c (get_issuer_cert): Make use of the certificate cache.
1459 (crl_parse_insert): Validate the issuer certificate.
1461 * dirmngr.c (handle_signal): Reinitialize the certificate cache on
1463 (struct opts): Add --homedir to enable the already implemented code.
1464 (handle_signal): Print stats on SIGUSR1.
1466 * certcache.c (clean_cache_slot, cert_cache_init)
1467 (cert_cache_deinit): New.
1468 (acquire_cache_read_lock, acquire_cache_write_lock)
1469 (release_cache_lock): New. Use them where needed.
1470 (put_cert): Renamed from put_loaded_cert.
1472 (cert_cache_print_stats): New.
1473 (compare_serialno): Fixed.
1475 2004-11-16 Werner Koch <wk@g10code.com>
1477 * Makefile.am (AM_CPPFLAGS): Define DIRMNGR_SYSCONFDIR and
1480 * misc.c (dump_isotime, dump_string, dump_cert): New. Taken from
1484 2004-11-15 Werner Koch <wk@g10code.com>
1486 * validate.c: New. Based on gnupg's certchain.c
1488 * ldap.c (get_cert_ldap): Removed.
1490 (start_cert_fetch_ldap, fetch_next_cert_ldap)
1491 (end_cert_fetch_ldap): Rewritten to make use of the ldap wrapper.
1493 2004-11-12 Werner Koch <wk@g10code.com>
1495 * http.c (insert_escapes): Print the percent sign too.
1497 * dirmngr-client.c (inq_cert): Ignore "SENDCERT" and
1500 * server.c (do_get_cert_local): Limit the length of a retruned
1501 certificate. Return NULL without an error if an empry value has
1504 * crlfetch.c (ca_cert_fetch): Use the ksba_reader_object.
1505 (setup_funopen, fun_reader, fun_closer): Removed.
1507 * crlcache.c (get_issuer_cert): Adjust accordingly.
1509 * ldap.c (attr_fetch_ldap_internal, attr_fetch_fun_closer)
1510 (attr_fetch_fun_reader, url_fetch_ldap_internal)
1511 (get_attr_from_result_ldap): Removed.
1512 (destroy_wrapper, print_log_line, ldap_wrapper_thread)
1513 (ldap_wrapper_release_context, reader_callback, ldap_wrapper)
1514 (run_ldap_wrapper): New.
1515 (url_fetch_ldap): Make use of the new ldap wrapper and return a
1516 ksba reader object instead of a stdio stream.
1517 (attr_fetch_ldap): Ditto.
1518 (make_url, escape4url): New.
1520 2004-11-11 Werner Koch <wk@g10code.com>
1522 * dirmngr.c (launch_ripper_thread): New.
1523 (main): Start it wheere appropriate. Always ignore SIGPIPE.
1524 (start_connection_thread): Maintain a connection count.
1525 (handle_signal, handle_connections): Use it here instead of the
1528 * crlcache.c (crl_cache_insert): Changed to use ksba reader
1529 object. Changed all callers to pass this argument.
1531 2004-11-08 Werner Koch <wk@g10code.com>
1533 * dirmngr_ldap.c: New.
1535 * crlcache.c (crl_cache_init): Don't return a cache object but
1536 keep it module local. We only need one.
1537 (crl_cache_deinit): Don't take cache object but work on existing
1539 (get_current_cache): New.
1540 (crl_cache_insert, crl_cache_list, crl_cache_load): Use the global
1541 cache object and removed the cache arg. Changed all callers.
1543 * dirmngr-client.c: New option --ping.
1545 * dirmngr.c (main): New option --daemon. Initialize PTH.
1546 (handle_connections, start_connection_thread): New.
1547 (handle_signal): New.
1548 (parse_rereadable_options): New. Changed main to make use of it.
1549 (set_debug): Don't bail out on invalid debug levels.
1550 (main): Init the crl_chache for server and daemon mode.
1552 * server.c (start_command_handler): New arg FD. Changed callers.
1554 2004-11-06 Werner Koch <wk@g10code.com>
1556 * server.c (map_assuan_err): Factored out to ..
1557 * maperror.c: .. new file.
1558 * util.h: Add prototype
1560 2004-11-05 Werner Koch <wk@g10code.com>
1562 * no-libgcrypt.c: New, used as helper for dirmngr-client which
1563 does not need libgcrypt proper but jnlib references the memory
1564 functions. Taken from gnupg 1.9.12.
1566 * dirmngr.h: Factored i18n and xmalloc code out to ..
1567 * i18n.h, util.h: .. New.
1569 * dirmngr-client.c: New. Some code taken from gnupg 1.9.12.
1570 * Makefile.am (bin_PROGRAMS) Add dirmngr-client.
1572 2004-11-04 Werner Koch <wk@g10code.com>
1574 * src/server.c (get_fingerprint_from_line, cmd_checkcrl)
1575 (cmd_checkocsp): New.
1576 (register_commands): Register new commands.
1577 (inquire_cert_and_load_crl): Factored most code out to ..
1578 (reload_crl): .. new function.
1579 * src/certcache.h, src/certcache.c: New.
1580 * src/Makefile.am (dirmngr_SOURCES): Add new files.
1582 2004-11-04 Werner Koch <wk@g10code.com>
1584 Please note that earlier entries are found in the top level
1586 [Update after merge with GnuPG: These old ChangeLog entries are
1587 found below up to ==END OLDEST CHANGELOG==]
1589 ==BEGIN OLDEST CHANGELOG==
1591 2004-10-04 Werner Koch <wk@g10code.com>
1593 * src/dirmngr.c: Changed an help entry description.
1595 2004-09-30 Werner Koch <wk@g10code.com>
1597 * src/dirmngr.c (i18n_init): Always use LC_ALL.
1599 2004-09-28 Werner Koch <wk@g10code.com>
1603 * config.guess, config.sub: Updated.
1605 2004-06-21 Werner Koch <wk@g10code.com>
1607 * src/crlfetch.c (crl_fetch): Bad hack to use the right attribute.
1609 2004-05-13 Werner Koch <wk@gnupg.org>
1613 * src/ldap.c (start_cert_fetch_ldap, start_cert_fetch_ldap): More
1614 detailed error messages.
1616 * src/crlcache.c (update_dir): Handle i-records properly.
1618 2004-04-29 Werner Koch <wk@gnupg.org>
1622 * src/crlcache.h (crl_cache_result_t): Add CRL_CACHE_CANTUSE.
1623 * src/server.c (cmd_isvalid): Handle it here.
1624 * src/crlcache.c (crl_cache_isvalid): Issue this code if the CRL
1626 (open_dir): Parse new fields 8,9 and 10 as well as the invalid flag.
1627 (write_dir_line_crl): Write new fields.
1628 (get_crl_number, get_auth_key_id): New.
1629 (crl_cache_insert): Fill new fields. Mark the entry invalid if
1630 the CRL is too old after an update or an unknown critical
1632 (list_one_crl_entry): Print the new fields.
1634 2004-04-28 Werner Koch <wk@gnupg.org>
1636 * configure.ac: Requires libksba 0.9.6.
1638 * src/dirmngr.c: New option --ocsp-signer.
1639 * src/dirmngr.h (opt): Renamed member OCSP_REPONDERS to
1640 OCSP_RESPONDER and made ist a simple string. Add OCSP_SIGNER.
1641 * src/ocsp.c (ocsp_isvalid): Changed it accordingly.
1642 (ocsp_isvalid): Pass the ocsp_signer to check_signature.
1643 (check_signature): New arg SIGNER_FPR. Use it to retrieve the
1644 certificate. Factored out common code to ..
1645 (check_signature_core): .. New.
1647 2004-04-27 Werner Koch <wk@gnupg.org>
1649 * src/server.c (start_command_handler): Keep track of the first
1651 (dirmngr_tick): New.
1652 * src/ldap.c (attr_fetch_fun_reader): Call it from time to time.
1654 2004-04-23 Werner Koch <wk@gnupg.org>
1656 * src/dirmngr.c (main): Removed the add-servers option from the
1657 gpgconf list. It is not really useful.
1659 2004-04-02 Thomas Schwinge <schwinge@nic-nac-project.de>
1661 * autogen.sh: Added ACLOCAL_FLAGS.
1663 2004-04-13 Werner Koch <wk@gnupg.org>
1665 * src/crlcache.c (update_dir): Do not double close FPOUT.
1667 2004-04-09 Werner Koch <wk@gnupg.org>
1669 * src/cdblib.c (cdb_make_start): Wipeout the entire buffer to
1671 (ewrite): Fixed writing bad data on EINTR.
1673 * src/ldap.c (get_attr_from_result_ldap): Fixed bad copy and
1674 terminate of a string.
1676 * src/crlfetch.c (crl_fetch): Fixed freeing of VALUE on error.
1678 2004-04-07 Werner Koch <wk@gnupg.org>
1680 * src/dirmngr.h (server_control_s): Add member force_crl_refresh.
1681 * src/server.c (option_handler): New.
1682 (start_command_handler): Register option handler
1683 * src/crlcache.c (crl_cache_isvalid): Add arg FORCE_REFRESH.
1684 (crl_cache_insert): Record last refresh in memory.
1686 * src/server.c (inquire_cert_and_load_crl): Renamed from
1689 2004-04-06 Werner Koch <wk@gnupg.org>
1693 * doc/dirmngr.texi: Updated.
1694 * doc/texinfo.tex: Updated.
1696 2004-04-05 Werner Koch <wk@gnupg.org>
1698 * src/ocsp.c (ocsp_isvalid): Check THIS_UPDATE.
1700 * src/misc.c (add_isotime): New.
1701 (date2jd, jd2date, days_per_month, days_per_year): New. Taken from
1702 my ancient (1988) code used in Wedit (time2.c).
1704 2004-04-02 Werner Koch <wk@gnupg.org>
1706 * autogen.sh: Check gettext version.
1707 * configure.ac: Add AM_GNU_GETTEXT.
1709 2004-04-02 gettextize <bug-gnu-gettext@gnu.org>
1711 * Makefile.am (SUBDIRS): Add intl.
1712 (EXTRA_DIST): Add config.rpath.
1713 * configure.ac (AC_CONFIG_FILES): Add intl/Makefile,
1715 2004-04-02 Werner Koch <wk@gnupg.org>
1717 Add i18n at most places.
1719 * src/dirmngr.c (i18n_init): New.
1721 * src/dirmngr.h: Add i18n stuff.
1723 2004-04-01 Werner Koch <wk@gnupg.org>
1725 * src/misc.c (get_fingerprint_hexstring): New.
1727 * src/server.c (dirmngr_status): New.
1729 2004-03-26 Werner Koch <wk@gnupg.org>
1731 * configure.ac: Add AC_SYS_LARGEFILE.
1733 * doc/dirmngr.texi: Changed the license to the GPL as per message
1734 by Mathhias Kalle Dalheimer of Klaralvdalens-Datakonsult dated
1736 * doc/fdl.texi: Removed.
1738 2004-03-25 Werner Koch <wk@gnupg.org>
1740 * src/dirmngr.c (main): New command --fetch-crl.
1742 2004-03-23 Werner Koch <wk@gnupg.org>
1744 * src/dirmngr.c: New option --allow-ocsp.
1745 * src/server.c (cmd_isvalid): Make use of allow_ocsp.
1747 2004-03-17 Werner Koch <wk@gnupg.org>
1749 * src/dirmngr.c (main) <gpgconf>: Fixed default value quoting.
1751 2004-03-16 Werner Koch <wk@gnupg.org>
1753 * src/dirmngr.c (main): Add ocsp-responder to the gpgconf list.
1754 Add option --debug-level.
1757 2004-03-15 Werner Koch <wk@gnupg.org>
1759 * src/misc.c (canon_sexp_to_grcy): New.
1761 2004-03-12 Werner Koch <wk@gnupg.org>
1763 * src/crlfetch.c (crl_fetch): Hack to substitute http for https.
1765 2004-03-10 Werner Koch <wk@gnupg.org>
1767 * src/dirmngr.c (parse_ldapserver_file): Don't skip the entire
1770 2004-03-09 Werner Koch <wk@gnupg.org>
1772 * src/dirmngr.c (my_ksba_hash_buffer): New.
1773 (main): Initialize the internal libksba hashing.
1775 * src/server.c (get_issuer_cert_local): Renamed to ...
1776 (get_cert_local): ... this. Changed all callers. Allow NULL for
1777 ISSUER to return the current target cert.
1778 (get_issuing_cert_local): New.
1779 (do_get_cert_local): Moved common code to here.
1781 2004-03-06 Werner Koch <wk@gnupg.org>
1785 * configure.ac: Fixed last change to check the API version of
1788 2004-03-05 Werner Koch <wk@gnupg.org>
1790 * configure.ac: Also check the SONAME of libgcrypt.
1792 2004-03-03 Werner Koch <wk@gnupg.org>
1794 * src/dirmngr.c: New option --ocsp-responder.
1795 * src/dirmngr.h (opt): Add member OCSP_RESPONDERS.
1797 2004-02-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
1799 * src/server.c (start_command_handler): Corrected typo and made
1800 dirmngr output it's version in the greeting message.
1802 2004-02-24 Marcus Brinkmann <marcus@g10code.de>
1804 * src/dirmngr.c (DEFAULT_ADD_SERVERS): Removed. If this were
1805 true, there'd be no way to disable it.
1806 (main): Dump options in new gpgconf format.
1808 2004-02-11 Werner Koch <wk@gnupg.org>
1810 * autogen.sh (check_version): Removed bashism and simplified.
1812 2004-02-06 Moritz Schulte <mo@g10code.com>
1814 * src/crlfetch.c (crl_fetch_default): Do not dereference VALUE,
1815 when checking for non-zero.
1817 2004-02-01 Marcus Brinkmann <marcus@g10code.de>
1819 * src/dirmngr.c (DEFAULT_ADD_SERVERS, DEFAULT_MAX_REPLIES)
1820 (DEFAULT_LDAP_TIMEOUT): New macros.
1822 (enum cmd_and_opt_values): New command aGPGConfList.
1823 (main): Add handler here.
1825 2004-01-17 Werner Koch <wk@gnupg.org>
1827 * configure.ac: Added AC_CHECK_FUNCS tests again, because the
1828 other test occurrences belong to the jnlib tests block.
1830 2004-01-15 Moritz Schulte <mo@g10code.com>
1832 * configure.ac: Fixed funopen replacement mechanism; removed
1833 unnecessary AC_CHECK_FUNCS calls.
1835 2004-01-14 Werner Koch <wk@gnupg.org>
1837 * src/crlcache.c (list_one_crl_entry): Don't use putchar.
1839 * src/server.c (cmd_listcrls): New.
1841 2003-12-23 Werner Koch <wk@gnupg.org>
1845 2003-12-17 Werner Koch <wk@gnupg.org>
1847 * configure.ac (CFLAGS): Add -Wformat-noliteral in gcc +
1849 (NEED_LIBASSUAN_VERSION): Bump up to 0.6.2.
1851 2003-12-16 Werner Koch <wk@gnupg.org>
1853 * configure.ac: Update the tests for jnlib.
1854 * src/dirmngr.c (main): Ignore SIGPIPE in server mode.
1856 2003-12-12 Werner Koch <wk@gnupg.org>
1858 * src/crlcache.c (hash_dbfile): Also hash version info of the
1861 * src/Makefile.am (dirmngr_SOURCES): Add http.h.
1863 * configure.ac: Removed checking for DB2. Add checking for mmap.
1864 * src/cdb.h, src/cdblib.h: New. Add a few comments from the
1865 original man page and fixed typos.
1866 * src/cdblib.c (cdb_findinit, cdb_findnext): Modified to allow
1867 walking over all entries.
1868 * src/crlcache.h: Removed DB2/4 cruft.
1869 (release_one_cache_entry, lock_db_file, crl_parse_insert)
1870 (crl_cache_insert, crl_cache_isvalid, list_one_crl_entry): Use the
1873 * src/dirmngr.c: Beautified the help messages.
1875 (main): new option --force. Revamped the command handling code.
1876 Allow to pass multiple CRLS as well as stdin to --local-crl.
1877 * src/crlcache.c (crl_cache_insert): Make --force work.
1879 2003-12-11 Werner Koch <wk@gnupg.org>
1881 * src/crlfetch.c (crl_fetch): Enhanced to allow fetching binary
1883 * src/http.c, src/http.h: Replaced by the code from gnupg 1.3 and
1884 modified acording to our needs.
1885 (read_line): New. Based on the code from GnuPG's iobuf_read_line.
1886 * configure.ac: Check for getaddrinfo.
1888 * src/dirmngr.c (parse_ldapserver_file): Close the stream.
1889 (main): Free ldapfile.
1891 * src/ocsp.c, src/ocsp.h: New. Albeit not functionality.
1893 * src/server.c (inquire_cert): Catch EOF when reading dist points.
1895 * src/crlcache.c (hash_dbfile, check_dbfile): New.
1896 (lock_db_file, crl_cache_insert): Use them here to detect
1897 corrupted CRL files.
1898 (open_dir): Read the new dbfile hash field.
1900 * src/crlfetch.c (crl_fetch, crl_fetch_default): Changed to retrun
1902 (fun_reader, fun_closer, setup_funopen): New.
1903 * src/server.c (inquire_cert): Changed to use the new stream interface
1906 2003-12-10 Werner Koch <wk@gnupg.org>
1908 * src/funopen.c: New.
1909 * configure.ac (funopen): Add test.
1910 * src/Makefile.am (dirmngr_LDADD): Add LIBOBJS.
1912 * src/crlcache.c (next_line_from_file): Remove the limit on the
1914 (crl_cache_new): Removed.
1915 (open_dbcontent): New.
1916 (crl_cache_init): Use it here.
1917 (crl_cache_flush): The DB content fie is now in the cache
1918 directory, so we can simplify it.
1919 (make_db_file_name, lock_db_file, unlock_db_file): New.
1920 (release_cache): Close the cached DB files.
1921 (crl_cache_isvalid): Make use of the new lock_db_file.
1922 (crl_cache_insert): Changed to take a stream as argument.
1923 (crl_parse_insert): Rewritten to use a temporary DB and to avoid
1924 using up large amounts of memory.
1925 (db_entry_new): Removed.
1926 (release_cache,release_one_cache_entry): Splitted up.
1927 (find_entry): Take care of the new deleted flag.
1928 (crl_cache_load): Simplified becuase we can now pass a FP to the
1930 (save_contents): Removed.
1932 (open_dbcontent_file): Renamed to open_dir_file.
1933 (check_dbcontent_version): Renamed to check_dir_version.
1934 (open_dbcontent): Renamed to open_dir.
1936 * src/dirmngr.c: New option --faked-system-time.
1937 * src/misc.c (faked_time_p, set_time, get_time): New. Taken from GnuPG.
1938 (check_isotime): New.
1939 (unpercent_string): New.
1941 2003-12-09 Werner Koch <wk@gnupg.org>
1943 * src/crlcache.h (DBDIR,DBCONTENTFILE): Changed value.
1945 * autogen.sh: Reworked.
1947 * configure.ac: Added min_automake_version.
1949 2003-12-03 Werner Koch <wk@gnupg.org>
1951 * src/server.c (cmd_lookup): Send an END line after each
1954 2003-11-28 Werner Koch <wk@gnupg.org>
1956 * src/Makefile.am (dirmngr_LDADD): Remove DB_LIBS
1957 because it never got defined and -ldb{2,4} is implictly set
1958 by the AC_CHECK_LIB test in configure.
1960 * src/crlcache.c (mydbopen): DB4 needs an extra parameter; I
1961 wonder who ever tested DB4 support. Add an error statement in
1962 case no DB support is configured.
1964 * tests/Makefile.am: Don't use AM_CPPFLAGS but AM_CFLAGS, replaced
1965 variables by configure templates.
1966 * src/Makefile.am: Ditto.
1968 2003-11-19 Werner Koch <wk@gnupg.org>
1970 * src/crlcache.c (list_one_crl_entry): Define X to nothing for non
1971 DB4 systems. Thanks to Luca M. G. Centamore.
1973 2003-11-17 Werner Koch <wk@gnupg.org>
1977 * src/crlcache.c (crl_cache_new): Fixed eof detection.
1979 * src/server.c (cmd_loadcrl): Do the unescaping.
1981 * doc/dirmngr.texi: Added a history section for this modified
1984 2003-11-14 Werner Koch <wk@gnupg.org>
1986 * tests/asschk.c: New. Taken from GnuPG.
1987 * tests/Makefile.am: Added asschk.
1989 2003-11-13 Werner Koch <wk@gnupg.org>
1991 * src/ldap.c (fetch_next_cert_ldap): Get the pattern switching
1994 * tests/test-dirmngr.c: Replaced a couple of deprecated types.
1996 * configure.ac (GPG_ERR_SOURCE_DEFAULT): Added.
1997 (fopencookie, asprintf): Removed unneeded test.
1998 (PRINTABLE_OS_NAME): Updated the test from gnupg.
1999 (CFLAGS): Do full warnings only in maintainer mode. Add flag
2000 --enable gcc-warnings to override it and to enable even more
2002 * acinclude.m4: Removed the libgcrypt test.
2004 * src/ldap.c (get_attr_from_result_ldap): Simplified the binary
2005 hack and return a proper gpg error.
2006 (attr_fetch_ldap_internal): Changed error handling.
2007 (attr_fetch_ldap): Reworked. Return configuration error if no
2008 servers are configured.
2009 (url_fetch_ldap, add_server_to_servers)
2010 (url_fetch_ldap_internal): Reworked.
2011 (struct cert_fetch_context_s): New to get rid of a global state.
2012 (start_cert_fetch_ldap): Allocate context and do a bind with a
2013 timeout. Parse pattern.
2014 (end_cert_fetch_ldap): Take context and don't return anything.
2015 (find_next_pattern): Removed.
2016 (parse_one_pattern): Redone.
2017 (get_cert_ldap): Redone.
2018 * src/server.c (cmd_lookup): Changed for changed fetch functions.
2020 * doc/dirmngr.texi: Reworked a bit to get rid of tex errors.
2022 * configure.ac: Enable makeinfo test.
2024 * src/crlcache.c (crl_cache_insert): Fixed for latest KSBA API
2026 * tests/test-dirmngr.c (main): Ditto. Also added some more error
2029 2003-11-11 Werner Koch <wk@gnupg.org>
2031 * src/cert.c (hashify_data, hexify_data, serial_hex)
2032 (serial_to_buffer): Moved all to ...
2033 * src/misc.c: .. here.
2034 * src/Makefile.am (cert.c, cert.h): Removed.
2035 * cert.c, cert.h: Removed.
2038 * configure.ac, Makefile.am: Include m4 directory support, updated
2039 required library versions.
2041 * src/cert.c (make_cert): Removed.
2043 * src/ldap.c (fetch_next_cert_ldap): Return a gpg style error.
2045 * src/misc.h (copy_time): New.
2046 * src/misc.c (get_isotime): New.
2047 (iso_string2time, iso_time2string): Removed.
2050 * src/crlcache.h (DBCONTENTSVERSION): Bumbed to 0.6.
2051 * src/crlcache.c (finish_sig_check): New. Factored out from
2052 crl_parse_insert and entirely redone.
2053 (do_encode_md): Removed.
2054 (print_time): Removed
2055 (crl_cache_isvalid): Reworked.
2057 2003-11-10 Werner Koch <wk@gnupg.org>
2059 * src/crlcache.c (make_db_val, parse_db_val): Removed.
2061 * src/cert.c (serial_to_buffer): New.
2063 * src/server.c (get_issuer_cert_local): Rewritten.
2065 * src/crlcache.c (crl_parse_insert): Rewritten. Takes now a CTRL
2066 instead of the Assuan context. Changed caller accordingly.
2067 (get_issuer_cert): Cleaned up.
2069 * src/crlfetch.c (crl_fetch): Changed VALUE to unsigned char* for
2070 documentation reasons. Make sure that VALUE is released on error.
2071 (crl_fetch_default, ca_cert_fetch): Ditto.
2073 * src/crlcache.c (release_cache): New.
2074 (crl_cache_deinit): Use it here.
2075 (crl_cache_flush): Redone.
2076 (save_contents): Redone.
2077 (crl_cache_list, list_one_crl_entry): Print error messages.
2079 2003-11-06 Werner Koch <wk@gnupg.org>
2081 * src/crlcache.c (create_directory_if_needed, cleanup_cache_dir):
2082 New. Factored out from crl_cache_new and mostly rewritten.
2083 (crl_cache_new): Rewritten.
2084 (next_line_from_file): New.
2085 (find_entry): Cleaned up.
2086 (crl_cache_deinit): Cleaned up.
2088 * src/dirmngr.c (dirmngr_init_default_ctrl): New stub.
2089 * src/dirmngr.h (ctrl_t): New.
2090 (DBG_ASSUAN,...): Added the usual debug test macros.
2091 * src/server.c: Removed the GET_PTR cruft, replaced it by ctrl_t.
2092 Removed the recursion flag.
2093 (get_issuer_cert_local): Allow for arbitary large
2094 certificates. 4096 is definitely too small.
2095 (inquire_cert): Ditto.
2096 (start_command_handler): Set a hello line and call the default
2098 (cmd_isvalid): Rewritten.
2099 (inquire_cert): Removed unused arg LINE. General cleanup.
2100 (map_assuan_err,map_to_assuan_status): New. Taken from gnupg 1.9.
2101 (cmd_lookup): Rewritten.
2102 (cmd_loadcrl): Started to rewrite it.
2104 2003-10-29 Werner Koch <wk@gnupg.org>
2106 * src/dirmngr.c (parse_ldapserver_file): Entirely rewritten.
2110 2003-10-28 Werner Koch <wk@gnupg.org>
2112 * src/dirmngr.h: Renamed dirmngr_opt to opt.
2114 * src/dirmngr.c (parse_ldapserver_file, free_ldapservers_list):
2115 Moved with this file. Cleaned up. Replaced too deep recursion in
2118 2003-10-21 Werner Koch <wk@gnupg.org>
2120 Changed all occurrences of assuan.h to use use the system provided
2122 * src/server.c (register_commands): Adjusted for Assuan API change.
2124 2003-08-14 Werner Koch <wk@gnupg.org>
2126 * src/Makefile.am: s/LIBKSBA_/KSBA_/. Changed for external Assuan lib.
2127 * tests/Makefile.am: Ditto.
2129 * configure.ac: Partly restructured, add standard checks for
2130 required libraries, removed included libassuan.
2131 * Makefile.am (SUBDIRS): Removed assuan becuase we now use the
2134 * src/dirmngr.c (main): Properly initialize Libgcrypt and libksba.
2136 2003-08-13 Werner Koch <wk@gnupg.org>
2138 * src/server.c (get_issuer_cert_local): Print error using
2141 * src/crlcache.c (do_encode_md, start_sig_check): Adjust for
2142 changed Libgcrypt API.
2144 2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2146 * configure.ac: Upped version to 0.4.7-cvs.
2148 2003-06-19 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2150 * configure.ac: Release 0.4.6.
2152 2003-06-17 Bernhard Reiter <bernhard@intevation.de>
2154 * src/ldap.c (url_fetch_ldap()):
2155 try other default servers when an url with hostname failed
2156 * AUTHORS: added Steffen and Werner
2157 * THANKS: Thanked people in the ChangeLog and the Ägypten-Team
2160 2003-06-16 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2162 * configure.ac, src/crlcache.h, src/crlcache.c: Added db4 support.
2163 * src/Makefile.am, tests/Makefile.am: Removed automake warning.
2164 * tests/test-dirmngr.c: Removed a warning.
2166 2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2168 * doc/Makefile.am: Added dirmngr.ops to DISTCLEANFILES.
2169 * ChangeLog, doc/ChangeLog, src/ChangeLog: Merged dirmngr ChangeLogs
2170 into one toplevel file.
2171 * acinclude.m4, configure.ac: Renamed PFX to PATH for consistency.
2173 2003-05-12 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2175 * src/ldap.c: Fixed end-of-certificates-list indication.
2177 2003-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2179 * src/server.c: Fixed iteration over server list
2181 2003-02-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2183 * src/crlcache.h, src/crlcache.c, src/dirmngr.c: Implemented --flush command.
2185 2003-02-07 Marcus Brinkmann <marcus@g10code.de>
2187 * configure.ac: Release 0.4.4.
2189 2003-02-05 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2191 * src/ldap.c: Try harder with and without ";binary" in the
2192 attribute name when fetching certificates.
2193 * src/ldap.c, src/server.c: Support multiple userCertificate attributes
2196 2003-02-04 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2198 * src/ldap.c: Include the sn attribute in the search filter.
2199 Better log messages.
2201 2002-11-20 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2203 * Doc updates (fixes #1373)
2204 * Fix for #1419 (crash in free_ldapservers_list())
2205 * Fix for #1375. Dirmngr now asks back with an INQUIRE SENDCERT before
2206 querying the LDAP servers for an issuer certificate to validate a CRL
2208 2002-11-12 Werner Koch <wk@gnupg.org>
2210 * config.sub, config.guess: Updated from ftp.gnu.org/gnu/config
2211 to version 2002-11-08.
2213 2002-11-12 Werner Koch <wk@gnupg.org>
2215 * dirmngr.c (main) <load_crl_filename>: Better pass NULL instead
2216 of an unitialized Assuan context. Let's hope that the other
2217 functions can cope with this.
2219 2002-10-25 Bernhard Reiter <bernhard@intevation.de>
2221 * src/ldap.c (get_attr_from_result_ldap()):
2222 added value extraction retry for CRLs and Certs without ";binary"
2223 * changed version number to reflect cvs status to "0.4.3-cvs"
2225 2002-08-21 Werner Koch <wk@gnupg.org>
2227 * dirmngr.c (main): Changed default homedir to .gnupg.
2229 2002-08-07 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2231 * Added configure check to examine whether db2 cursor() uses 3 or
2234 2002-07-31 Werner Koch <wk@gnupg.org>
2236 * doc/dirmngr.texi: Fixed the structure and added menu entries
2237 for the other nodes.
2239 2002-07-30 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2241 * Added doc dir and first steps towards manual.
2243 2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2245 * Got rid of the default server for CRL lookup. We now use the
2246 same list of servers that we use for cert. lookup.
2248 2002-07-29 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2250 * New option --add-servers to allow dirmngr to add LDAP servers
2251 found in CRL distribution points to the list of servers it
2252 searches. NOTE: The added servers are only active in the currently
2253 running dirmngr -- the info isn't written to persistens storage.
2255 2002-07-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2257 * Default LDAP timeout is 100 seconds now.
2259 * Use DB2 instead of DB1. Check for libresolv, fixed bug when
2260 libldap was found in the default search path.
2262 2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2264 * Implemented --load-crl <filename> option. Also available as
2265 LOADCRL assuan command when in server mode.
2267 2002-07-22 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2269 * Implemented new option --ldaptimeout to specify the number of seconds to
2270 wait for an LDAP request before timeout.
2272 * Added --list-crls option to print the contents of the CRL cache
2273 * Added some items to the dbcontents file to make printout nicer
2274 and updated it's version number
2276 2002-07-02 Werner Koch <wk@gnupg.org>
2278 * crlcache.c (crl_parse_insert): Fixed log_debug format string.
2280 2002-07-02 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2282 * configure.ac: Use DB->get() return value correctly.
2284 2002-06-28 Werner Koch <wk@gnupg.org>
2286 * crlcache.c (crl_parse_insert): Keep track of newly allocated
2287 ENTRY so that we don't free existing errors after a bad signature.
2289 * dirmngr.h: Include prototype for start_command_handler.
2291 * crlfetch.c, crlcache.c, http.c, cert.c, ldap.c: Include
2294 * crlcache.c (crl_parse_insert): Fixed format type specifiers for
2295 time_t variables in log_debug.
2297 * error.h: Use log_debug instead of dirmngr_debug. Changed all
2299 * Makefile.am (dirmngr_SOURCES): Removed error.c
2301 * dirmngr.c (main): Register gcrypt malloc functions with ksba so
2302 that we don't run into problems by using the wrong free function.
2303 The gcrypt malloc function have the additional benefit of a
2304 providing allocation sanity checks when compiled with that
2307 * crlcache.c (get_issuer_cert): Use xfree instead of ksba_free.
2310 2002-06-27 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2312 * ldap.c: Look for both userCertificate and caCertificate
2314 2002-06-26 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2316 * configure.ac: Upped version number to 0.3.1
2318 2002-06-25 Werner Koch <wk@gnupg.org>
2320 * server.c (cmd_lookup): Use assuan_write_status which ensures a
2323 2002-06-20 Werner Koch <wk@gnupg.org>
2325 * crlcache.c (crl_cache_isvalid): Started with some nicer logging.
2326 However, this will need a lot more work.
2327 (get_issuer_cert): Ditto.
2329 * dirmngr.c (main): Changed required libgcrypt version and don't
2330 print the prefix when using a logfile.
2332 2002-06-20 Werner Koch <wk@gnupg.org>
2334 * tests/Makefile.am (TESTS): Removed test-dirmngr because it
2335 is not a proper test program.
2336 (EXTRA_DIST): Removed the non-existent test certificate.
2338 2002-05-21 Werner Koch <wk@gnupg.org>
2340 * server.c (start_command_handler): Enable assuan debugging.
2342 2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2344 * Replaced gdbm check with db1 check
2346 2002-05-08 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2348 * Replaced gdbm with db1, updated file format version
2350 2002-03-01 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2352 * Added gdbm configure check
2354 2002-01-23 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2356 * Return ASSUAN_CRL_Too_Old if the CRL is too old
2359 2002-01-17 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2361 Added commandline options --ldapserver <host> --ldapport <port>
2362 --ldapuser <user> --ldappassword <passwd>.
2364 Cleaned up CRL parsing, signature evaluation a bit, changed
2365 datetime format in config file to ISO, added version string to
2366 contents format and cache file clean up code in case of mismatch.
2368 2002-01-14 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
2370 * Use dirmngr_opt.homedir for storing the db. Added Makefile.am to
2375 Loading/saving database (paths hardcoded)
2376 Fetching CRL from hardcoded server, parsing and inserting in database
2377 Answer ISVALID xxx.yyy requests
2379 Things that are missing:
2380 Some error-checking/handling
2381 Proper autoconf handling of gdbm and OpenLDAP
2382 Signature checking downloaded CRLs
2383 Answer LOOKUP requests
2388 ldapsearch -v -x -h www.trustcenter.de -b '<some-users-DN>' userCertificate -t
2389 cp /tmp/<cert-file> testcert.der
2392 ==END OLDEST CHANGELOG==
2394 Copyright 2004, 2005, 2006, 2007, 2008, 2009, 2010,
2395 2011 Free Software Foundation, Inc.
2397 This file is free software; as a special exception the author gives
2398 unlimited permission to copy and/or distribute it, with or without
2399 modifications, as long as this notice is preserved.
2401 This file is distributed in the hope that it will be useful, but
2402 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
2403 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.