[svn] GnuPG - r4092 - trunk/tools

Wed Apr 5 16:25:41 CEST 2006

Author: dshaw
Date: 2006-04-05 16:25:40 +0200 (Wed, 05 Apr 2006)
New Revision: 4092

Modified:
   trunk/tools/ChangeLog
   trunk/tools/make-dns-cert.c
Log:
* make-dns-cert.c: Some changes from Peter Palfrader to send errors to
stderr and allow spaces in a fingerprint.  Also warn when a key is
over 16k (as that is the default max-cert-size) and fail when a key is
over 64k as that is the DNS limit in many places.


Modified: trunk/tools/ChangeLog
===================================================================

--- trunk/tools/ChangeLog	2006-04-04 22:19:13 UTC (rev 4091)
+++ trunk/tools/ChangeLog	2006-04-05 14:25:40 UTC (rev 4092)
@@ -1,3 +1,11 @@
+2006-04-05  David Shaw  <dshaw at jabberwocky.com>
+
+	* make-dns-cert.c: Some changes from Peter Palfrader to send
+	errors to stderr and allow spaces in a fingerprint.  Also warn
+	when a key is over 16k (as that is the default max-cert-size) and
+	fail when a key is over 64k as that is the DNS limit in many
+	places.
+
 2006-04-04  David Shaw  <dshaw at jabberwocky.com>
 
 	* make-dns-cert.c: New program to generate properly formatted CERT

Modified: trunk/tools/make-dns-cert.c
===================================================================
--- trunk/tools/make-dns-cert.c	2006-04-04 22:19:13 UTC (rev 4091)
+++ trunk/tools/make-dns-cert.c	2006-04-05 14:25:40 UTC (rev 4092)
@@ -44,23 +44,28 @@
   fd=open(keyfile,O_RDONLY);
   if(fd==-1)
     {
-      printf("Cannot open key file %s: %s\n",keyfile,strerror(errno));
+      fprintf(stderr,"Cannot open key file %s: %s\n",keyfile,strerror(errno));
       return 1;
     }
 
   err=fstat(fd,&statbuf);
   if(err==-1)
     {
-      printf("Unable to stat key file %s: %s\n",keyfile,strerror(errno));
+      fprintf(stderr,"Unable to stat key file %s: %s\n",
+	      keyfile,strerror(errno));
       goto fail;
     }
 
-  if(statbuf.st_size>32768)
+  if(statbuf.st_size>65536)
     {
-      printf("Key %s too large for CERT encoding\n",keyfile);
+      fprintf(stderr,"Key %s too large for CERT encoding\n",keyfile);
       goto fail;
     }
 
+  if(statbuf.st_size>16384)
+    fprintf(stderr,"Warning: key file %s is larger than the default"
+	    " GnuPG max-cert-size\n",keyfile);
+
   printf("%s\tTYPE37\t\\# %u 0003 0000 00 ",
 	 name,(unsigned int)statbuf.st_size+5);
 
@@ -72,7 +77,8 @@
       err=read(fd,buffer,1024);
       if(err==-1)
 	{
-	  printf("Unable to read key file %s: %s\n",keyfile,strerror(errno));
+	  fprintf(stderr,"Unable to read key file %s: %s\n",
+		  keyfile,strerror(errno));
 	  goto fail;
 	}
 
@@ -97,10 +103,28 @@
 
   if(fpr)
     {
-      fprlen=strlen(fpr);
+      const char *tmp = fpr;
+      while (*tmp)
+	{
+	  if ((*tmp >= 'A' && *tmp <= 'F') ||
+	      (*tmp >= 'a' && *tmp <= 'f') ||
+	      (*tmp >= '0' && *tmp <= '9'))
+	    {
+	      fprlen++;
+	    }
+	  else if (*tmp != ' ' && *tmp != '\t')
+	    {
+	      fprintf(stderr,"Fingerprint must consist of only hex digits"
+		      " and whitespace\n");
+	      return 1;
+	    }
+
+	  tmp++;
+	}
+
       if(fprlen%2)
 	{
-	  printf("Fingerprint must be an even number of characters\n");
+	  fprintf(stderr,"Fingerprint must be an even number of characters\n");
 	  return 1;
 	}
 
@@ -113,7 +137,8 @@
 
   if(!fpr && !url)
     {
-      printf("Cannot generate a CERT without either a fingerprint or URL\n");
+      fprintf(stderr,
+	      "Cannot generate a CERT without either a fingerprint or URL\n");
       return 1;
     }
 
@@ -136,13 +161,13 @@
 }
 
 static void
-usage(void)
+usage(FILE *stream)
 {
-  printf("make-dns-cert\n");
-  printf("\t-f\tfingerprint\n");
-  printf("\t-u\tURL\n");
-  printf("\t-k\tkey file\n");
-  printf("\t-n\tDNS name\n");
+  fprintf(stream,"make-dns-cert\n");
+  fprintf(stream,"\t-f\tfingerprint\n");
+  fprintf(stream,"\t-u\tURL\n");
+  fprintf(stream,"\t-k\tkey file\n");
+  fprintf(stream,"\t-n\tDNS name\n");
 }
 
 int
@@ -153,7 +178,7 @@
 
   if(argc==1)
     {
-      usage();
+      usage(stderr);
       return 0;
     }
   else if(argc>1 && strcmp(argv[1],"--version")==0)
@@ -163,7 +188,7 @@
     }
   else if(argc>1 && strcmp(argv[1],"--help")==0)
     {
-      usage();
+      usage(stdout);
       return 0;
     }
 
@@ -172,7 +197,7 @@
       {
       default:
       case 'h':
-	usage();
+	usage(stdout);
 	exit(0);
 
       case 'f':
@@ -194,14 +219,14 @@
 
   if(!name)
     {
-      printf("No name provided\n");
+      fprintf(stderr,"No name provided\n");
       return 1;
     }
 
   if(keyfile && (fpr || url))
     {
-      printf("Cannot generate a CERT record with both a keyfile and"
-	     " a fingerprint or URL\n");
+      fprintf(stderr,"Cannot generate a CERT record with both a keyfile and"
+	      " a fingerprint or URL\n");
       return 1;
     }
 


