From cvs at cvs.gnupg.org  Tue Aug  1 12:29:37 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 11:49:08 2006
Subject: [svn] ksba - r249 - in trunk: . src tests
Message-ID: <E1G7qs4-0002TO-6I@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 12:29:36 +0200 (Tue, 01 Aug 2006)
New Revision: 249

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/README
   trunk/configure.ac
   trunk/src/ChangeLog
   trunk/src/dn.c
   trunk/tests/ChangeLog
   trunk/tests/Makefile.am
   trunk/tests/t-dnparser.c
Log:
Fixed a problem in the ksba_dn_teststr. Added a new test.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/ChangeLog	2006-08-01 10:29:36 UTC (rev 249)
@@ -1,3 +1,11 @@
+2006-08-01  Werner Koch  <wk@g10code.com>
+
+	Released 0.9.16.
+	
+	* configure.ac: Bumped LT version to C16/A8/R0.
+
+	* configure.ac: Changed to new style auto-svn init.
+
 2006-06-20  Werner Koch  <wk@g10code.com>
 
 	Released 0.9.15.

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/NEWS	2006-08-01 10:29:36 UTC (rev 249)
@@ -1,8 +1,10 @@
-Noteworthy changes in version 0.9.16
+Noteworthy changes in version 0.9.16 (2006-08-01)
 -------------------------------------------------
 
  * Fixed a character set conversion bug in BMPStrings.
 
+ * New function for better error reporting of DNs.
+
  * Interface changes relative to the 0.9.13 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ksba_dn_teststr                NEW

Modified: trunk/README
===================================================================
--- trunk/README	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/README	2006-08-01 10:29:36 UTC (rev 249)
@@ -1,8 +1,96 @@
-KSBA = rot13(digit_to_letter(x509)) to be pronounced as Kasbah
+                               LIBKSBA
+                              ---------
 
-See ksba-overview.txt in the aegypten-specs module for a brief
-overview of the problem domain.  A reference manual is included.
+                     Copyright 2001 g10 Code GmbH
 
+This file is free software; as a special exception the author gives
+unlimited permission to copy and/or distribute it, with or without
+modifications, as long as this notice is preserved.
 
-The ocsp feature has not yet been documented.  See the comments in
-src/ocsp.c and the example tests/t-ocsp.c
+This file is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE.
+
+
+Libksba itself is distributed under the trms of the GNU General Public
+License, see the file COPYING for details.
+
+
+                            KSBA Overview
+                            -------------
+
+KSBA (pronounced Kasbah) is a library to make X.509 certificates as
+well as the CMS easily accessible by other applications.  Both
+specifications are building blocks of S/MIME and TLS.
+
+In the first step we will concentrate on providing the profile
+required by the Aegypten project (i.e. the MailTrusT based BSI profile
+for SPHINX).  However, the architecture will be flexible enough to
+easily support other profiles too.
+
+KSBA will be made available as a standard shared library and reserves
+identifiers starting with "ksba" and "_ksba" (also uppercase and mixed
+case).  It does not rely on another cryptographic library but will
+provide hooks for easy integration with Libgcrypt.
+
+
+
+                            Documentation
+                            -------------
+
+A standard info format reference manual is included.  However the OCSP
+feature has not yet been documented.  See the comments in src/ocsp.c
+and the example tests/t-ocsp.c
+
+
+
+
+         Old Information which might not be correct anymore:
+         ---------------------------------------------------
+
+KSBA  provides these subsystems:
+
+
+* ASN.1 Parser  (ksba_asn_*)
+
+  KSBA provides a simple ASN.1 parser which can be used to read
+  definitions directly from an ASN.1 module without the need of
+  generating extra tables.  For ease of maintenance it also comes with
+  a tool to create static data structures to avoid that overhead and
+  the need to include ASN.1 modules.
+
+  The primary goal of this parser is to provide the ASN.1 syntax tree
+  to be used by other library modules.
+
+* BER Decoder (ksba_ber_decoder_*)
+
+  This is a decoder for the ASN.1 Basic Encoding Rules with a facility
+  to detect valid DER encoding (DER is a subset of BER).  By using
+  thresholds and pre-registered callout function it is possible to
+  work on indefinite length data stream and limiting the memory usage
+  to a fixed upper bound.
+
+* BER Encoder (ksba_ber_encoder_*)
+
+  This is the counterpart to the DER Decoder with the ability to
+  restrict the encoding to DER.
+
+* Certificate Handling (ksba_cert_*)
+
+  The main bulk of the provided functions are used to give a clean
+  interface to X.509 certificates by translating X.509 data types to
+  more standard data types.
+
+* CMS Handling (ksba_cms_*)
+
+  The Cryptographic Message Syntax is the core data type for S/MIME
+  and therefore KSBA provides an interface to parse and create these
+  objects without the need to cope with ASN.1.
+
+* Reader and Writer (ksba_reader_*, ksba_writer_*)
+
+  Abstraction objects to access memory areas, files or file
+  descriptor.
+
+

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/configure.ac	2006-08-01 10:29:36 UTC (rev 249)
@@ -22,17 +22,26 @@
 AC_PREREQ(2.57)
 min_automake_version="1.9.3"
 
-# Version number: Remember to change immediately *after* a release.
-#                 Append a "-cvs" for non-released versions.
-AC_INIT(libksba, 0.9.16-cvs, gpa-dev@gnupg.org)
+
+# Remember to change the version number immediately *after* a release.
+# Set my_issvn to "yes" for non-released code.  Remember to run an
+# "svn up" and "autogen.sh" right before creating a distribution.
+m4_define([my_version], [0.9.16])
+m4_define([my_issvn], [no])
+
+m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
+          || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
+AC_INIT([libksba], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]),
+        [gpa-dev@gnupg.org])
+
 # LT Version numbers: Remember to change them just *before* a release.
 #   (Interfaces removed:    CURRENT++, AGE=0, REVISION=0)
 #   (Interfaces added:      CURRENT++, AGE++, REVISION=0)
 #   (No interfaces changed:                   REVISION++)
 # Please remember to document interface changes in the NEWS file.
-LIBKSBA_LT_CURRENT=15
-LIBKSBA_LT_AGE=7
-LIBKSBA_LT_REVISION=2
+LIBKSBA_LT_CURRENT=16
+LIBKSBA_LT_AGE=8
+LIBKSBA_LT_REVISION=0
 #-------------------
 
 # fixme: When bouncing this to a newer version, you check whether the

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/src/ChangeLog	2006-08-01 10:29:36 UTC (rev 249)
@@ -1,3 +1,9 @@
+2006-08-01  Werner Koch  <wk@g10code.com>
+
+	* dn.c (ksba_dn_teststr): Bump nparts to actually allow returning
+	without an error.  Hmmm, why did did t-dnparser didn't caught this
+	problem?
+
 2006-07-19  Werner Koch  <wk@g10code.com>
 
 	* dn.c (put_stringbuf_mem_skip): New.

Modified: trunk/src/dn.c
===================================================================
--- trunk/src/dn.c	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/src/dn.c	2006-08-01 10:29:36 UTC (rev 249)
@@ -1286,7 +1286,7 @@
 
   *rerrlen = *rerroff = 0;
 
-  for (nparts=0, s=string; s && *s;)
+  for (nparts=0, s=string; s && *s; nparts++)
     {
       err = parse_rdn (s, &endp, NULL, &off, &len);
       if (err && !seq--)

Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/tests/ChangeLog	2006-08-01 10:29:36 UTC (rev 249)
@@ -1,3 +1,9 @@
+2006-08-01  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (TESTS): Add t-dnparser.
+
+	* t-dnparser.c (test_0): New.  We need this good case test.
+
 2006-07-03  Werner Koch  <wk@g10code.com>
 
 	* t-dnparser.c: Use ksba_dn_str2der isntead of internal functions.

Modified: trunk/tests/Makefile.am
===================================================================
--- trunk/tests/Makefile.am	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/tests/Makefile.am	2006-08-01 10:29:36 UTC (rev 249)
@@ -39,7 +39,7 @@
 BUILT_SOURCES = oidtranstbl.h
 CLEANFILES = oidtranstbl.h
 
-TESTS = cert-basic t-crl-parser
+TESTS = cert-basic t-crl-parser t-dnparser
 
 AM_CFLAGS = $(GPG_ERROR_CFLAGS)
 

Modified: trunk/tests/t-dnparser.c
===================================================================
--- trunk/tests/t-dnparser.c	2006-07-19 08:47:18 UTC (rev 248)
+++ trunk/tests/t-dnparser.c	2006-08-01 10:29:36 UTC (rev 249)
@@ -30,7 +30,43 @@
 #include "t-common.h"
 
 
+static void
+test_0 (void)
+{
+  static char *good_strings[] = {
+    "C=de,O=g10 Code,OU=qa,CN=P?p? le Moko",
+    "C= de,   O=g10 Code  ,  OU=qa ,CN=P?p? le Moko",
+    "CN=www.gnupg.org",
+    "   CN=www.gnupg.org  ",
+    "C=fr,L=Paris,CN=Julien Duvivier,EMAIL=julien@example.org",
+    NULL
+  };
+  gpg_error_t err;
+  int i;
+  unsigned char *buf;
+  size_t off, len;
 
+  for (i=0; good_strings[i]; i++)
+    {
+      err = ksba_dn_str2der (good_strings[i], &buf, &len);
+      if (err)
+        {
+          fprintf (stderr, "%s:%d: ksba_dn_str2der failed for `%s': %s\n",
+                   __FILE__,__LINE__, good_strings[i], gpg_strerror (err));
+          exit (1);
+        } 
+      err = ksba_dn_teststr (good_strings[i], 0, &off, &len);
+      if (err)
+        {
+          fprintf (stderr, "%s:%d: ksba_dn_teststr failed for `%s': %s\n",
+                   __FILE__,__LINE__, good_strings[i], gpg_strerror (err));
+          exit (1);
+        } 
+      xfree (buf);
+    }
+}
+
+
 static void
 test_1 (void)
 {
@@ -125,6 +161,7 @@
     }
   else if (argc == 1)
     {
+      test_0 ();
       test_1 ();
       test_2 ();
     }


From cvs at cvs.gnupg.org  Tue Aug  1 13:00:05 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 12:19:35 2006
Subject: [svn] ksba - r250 - tags
Message-ID: <E1G7rLY-0000Fv-El@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 13:00:04 +0200 (Tue, 01 Aug 2006)
New Revision: 250

Added:
   tags/libksba-0.9.16/
Log:


From cvs at cvs.gnupg.org  Tue Aug  1 13:00:53 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 12:20:22 2006
Subject: [svn] ksba - r251 - trunk
Message-ID: <E1G7rMJ-0000Lu-OP@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 13:00:53 +0200 (Tue, 01 Aug 2006)
New Revision: 251

Modified:
   trunk/NEWS
   trunk/configure.ac
Log:
post release updates


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-01 11:00:04 UTC (rev 250)
+++ trunk/NEWS	2006-08-01 11:00:53 UTC (rev 251)
@@ -1,3 +1,7 @@
+Noteworthy changes in version 0.9.16
+-------------------------------------------------
+
+
 Noteworthy changes in version 0.9.16 (2006-08-01)
 -------------------------------------------------
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-01 11:00:04 UTC (rev 250)
+++ trunk/configure.ac	2006-08-01 11:00:53 UTC (rev 251)
@@ -26,8 +26,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [0.9.16])
-m4_define([my_issvn], [no])
+m4_define([my_version], [0.9.17])
+m4_define([my_issvn], [yes])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
           || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))


From cvs at cvs.gnupg.org  Tue Aug  1 13:20:20 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 12:39:53 2006
Subject: [svn] GnuPG -  r4212 - in trunk: . g10
Message-ID: <E1G7rf9-00026d-I2@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 13:20:18 +0200 (Tue, 01 Aug 2006)
New Revision: 4212

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/README
   trunk/g10/ChangeLog
   trunk/g10/openfile.c
Log:
Preparing 1.4.5


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-07-31 11:40:14 UTC (rev 4211)
+++ trunk/ChangeLog	2006-08-01 11:20:18 UTC (rev 4212)
@@ -1,3 +1,11 @@
+2006-08-01  Werner Koch  <wk@g10code.com>
+
+	Released 1.4.5.
+
+2006-07-31  Werner Koch  <wk@g10code.com>
+
+	* README: Updated info on the key used to sign the tarball.
+
 2006-07-28  Werner Koch  <wk@g10code.com>
 
 	Released 1.4.5rc1.

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-07-31 11:40:14 UTC (rev 4211)
+++ trunk/NEWS	2006-08-01 11:20:18 UTC (rev 4212)
@@ -1,4 +1,4 @@
-Noteworthy changes in version 1.4.5
+Noteworthy changes in version 1.4.5 (2006-08-01)
 ------------------------------------------------
 
     * Reverted check for valid standard handles under Windows.

Modified: trunk/README
===================================================================
--- trunk/README	2006-07-31 11:40:14 UTC (rev 4211)
+++ trunk/README	2006-08-01 11:20:18 UTC (rev 4212)
@@ -1,7 +1,7 @@
 
 		    GnuPG - The GNU Privacy Guard
 		   -------------------------------
-			    Version 1.4.4
+			    Version 1.4.5
 
 	 Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004,
 		 2005, 2006 Free Software Foundation, Inc.
@@ -86,10 +86,10 @@
 	$ gpg --verify gnupg-x.y.z.tar.gz.sig
 
        This checks that the detached signature gnupg-x.y.z.tar.gz.sig
-       is indeed a signature of gnupg-x.y.z.tar.gz.  The key used to
-       create this signature is:
+       is indeed a signature of gnupg-x.y.z.tar.gz.  The key currently
+       used to create this signature is:
 
-       "pub  1024D/57548DCD 1998-07-07 Werner Koch (gnupg sig) <dd9jn@gnu.org>"
+       "pub  1024R/1CE0C630 2006-01-01 Werner Koch (dist sig) <dd9jn@gnu.org>"
 
        If you do not have this key, you can get it from the source in
        the file doc/samplekeys.asc (use "gpg --import  doc/samplekeys.asc"
@@ -97,7 +97,7 @@
        make sure that this is really the key and not a faked one. You
        can do this by comparing the output of:
 
-		$ gpg --fingerprint 0x57548DCD
+		$ gpg --fingerprint 0x1CE0C630
 
        with the fingerprint published elsewhere.
 

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-07-31 11:40:14 UTC (rev 4211)
+++ trunk/g10/ChangeLog	2006-08-01 11:20:18 UTC (rev 4212)
@@ -1,5 +1,8 @@
 2006-07-31  Werner Koch  <wk@g10code.com>
 
+	* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Search backwards for
+	the dot.  Fixes bug 654.
+
 	* passphrase.c (agent_open): Use log_info instead of log_error to
 	allow a fallback without having gpg return an error code.  Fixes
 	bug #655.

Modified: trunk/g10/openfile.c
===================================================================
--- trunk/g10/openfile.c	2006-07-31 11:40:14 UTC (rev 4211)
+++ trunk/g10/openfile.c	2006-08-01 11:20:18 UTC (rev 4212)
@@ -201,10 +201,10 @@
 #ifdef USE_ONLY_8DOT3
       if (opt.mangle_dos_filenames)
         {
-          /* It is quite common DOS system to have only one dot in a
+          /* It is quite common for DOS system to have only one dot in a
            * a filename So if we have something like this, we simple
-           * replace the suffix execpt in cases where the suffix is
-           * larger than 3 characters and not the same as.
+           * replace the suffix except in cases where the suffix is
+           * larger than 3 characters and not identlically to the new one.
            * We should really map the filenames to 8.3 but this tends to
            * be more complicated and is probaly a duty of the filesystem
            */
@@ -214,16 +214,22 @@
           
           buf = xmalloc(strlen(iname)+4+1);
           strcpy(buf,iname);
-          dot = strchr(buf, '.' );
+          dot = strrchr(buf, '.' );
           if ( dot && dot > buf && dot[1] && strlen(dot) <= 4
-				  && CMP_FILENAME(newsfx, dot) )
+               && CMP_FILENAME(newsfx, dot) 
+               && !(strchr (dot, '/') || strchr (dot, '\\')))
             {
-              strcpy(dot, newsfx );
+              /* There is a dot, the dot is not the first character,
+                 the suffix is not longer than 3, the suffix is not
+                 equal to the new suffix and tehre is no path delimter
+                 after the dot (e.g. foo.1/bar): Replace the
+                 suffix. */
+              strcpy (dot, newsfx );
             }
-          else if ( dot && !dot[1] ) /* don't duplicate a dot */
-            strcpy( dot, newsfx+1 );
+          else if ( dot && !dot[1] ) /* Don't duplicate a trailing dot. */
+            strcpy ( dot, newsfx+1 );
           else
-            strcat ( buf, newsfx );
+            strcat ( buf, newsfx ); /* Just append the new suffix. */
         }
       if (!buf)
 #endif /* USE_ONLY_8DOT3 */


From cvs at cvs.gnupg.org  Tue Aug  1 13:22:48 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 12:42:19 2006
Subject: [svn] GnuPG -  r4213 - trunk
Message-ID: <E1G7rhY-0002Nk-2P@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 13:22:48 +0200 (Tue, 01 Aug 2006)
New Revision: 4213

Modified:
   trunk/configure.ac
Log:
Forgot this one.


Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-01 11:20:18 UTC (rev 4212)
+++ trunk/configure.ac	2006-08-01 11:22:48 UTC (rev 4213)
@@ -27,7 +27,7 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [1.4.5rc1])
+m4_define([my_version], [1.4.5])
 m4_define([my_issvn], [no])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \


From cvs at cvs.gnupg.org  Tue Aug  1 14:10:02 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 13:29:33 2006
Subject: [svn] GnuPG -  r4214 - tags
Message-ID: <E1G7sRF-0000I8-S6@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 14:10:02 +0200 (Tue, 01 Aug 2006)
New Revision: 4214

Added:
   tags/gnupg-1.4.5/
Log:
Tagged release.


Copied: tags/gnupg-1.4.5 (from rev 4213, trunk)


From cvs at cvs.gnupg.org  Tue Aug  1 14:22:39 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 13:42:08 2006
Subject: [svn] GnuPG -  r4215 - / branches
Message-ID: <E1G7sdR-0002x2-Qf@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 14:22:38 +0200 (Tue, 01 Aug 2006)
New Revision: 4215

Added:
   branches/STABLE-BRANCH-1-4/
Removed:
   trunk/
Log:
MOves trunk to a new branch.


Copied: branches/STABLE-BRANCH-1-4 (from rev 4214, trunk)


From cvs at cvs.gnupg.org  Tue Aug  1 14:23:34 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 13:43:03 2006
Subject: [svn] GnuPG -  r4216 - / branches
Message-ID: <E1G7seK-0003pF-QA@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 14:23:34 +0200 (Tue, 01 Aug 2006)
New Revision: 4216

Added:
   trunk/
Removed:
   branches/GNUPG-1-9-BRANCH/
Log:
Moved 1.9 branch to trunk


Copied: trunk (from rev 4215, branches/GNUPG-1-9-BRANCH)


From cvs at cvs.gnupg.org  Tue Aug  1 14:27:10 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug  1 13:46:44 2006
Subject: [svn] GnuPG -  r4217 - in branches/STABLE-BRANCH-1-4: . po
Message-ID: <E1G7sho-0005WS-Mr@trithemius.gnupg.org>

Author: wk
Date: 2006-08-01 14:27:00 +0200 (Tue, 01 Aug 2006)
New Revision: 4217

Modified:
   branches/STABLE-BRANCH-1-4/NEWS
   branches/STABLE-BRANCH-1-4/configure.ac
   branches/STABLE-BRANCH-1-4/po/be.po
   branches/STABLE-BRANCH-1-4/po/ca.po
   branches/STABLE-BRANCH-1-4/po/cs.po
   branches/STABLE-BRANCH-1-4/po/da.po
   branches/STABLE-BRANCH-1-4/po/de.po
   branches/STABLE-BRANCH-1-4/po/el.po
   branches/STABLE-BRANCH-1-4/po/eo.po
   branches/STABLE-BRANCH-1-4/po/es.po
   branches/STABLE-BRANCH-1-4/po/et.po
   branches/STABLE-BRANCH-1-4/po/fi.po
   branches/STABLE-BRANCH-1-4/po/fr.po
   branches/STABLE-BRANCH-1-4/po/gl.po
   branches/STABLE-BRANCH-1-4/po/hu.po
   branches/STABLE-BRANCH-1-4/po/id.po
   branches/STABLE-BRANCH-1-4/po/it.po
   branches/STABLE-BRANCH-1-4/po/ja.po
   branches/STABLE-BRANCH-1-4/po/nb.po
   branches/STABLE-BRANCH-1-4/po/pl.po
   branches/STABLE-BRANCH-1-4/po/pt.po
   branches/STABLE-BRANCH-1-4/po/pt_BR.po
   branches/STABLE-BRANCH-1-4/po/ro.po
   branches/STABLE-BRANCH-1-4/po/ru.po
   branches/STABLE-BRANCH-1-4/po/sk.po
   branches/STABLE-BRANCH-1-4/po/sv.po
   branches/STABLE-BRANCH-1-4/po/tr.po
   branches/STABLE-BRANCH-1-4/po/zh_CN.po
   branches/STABLE-BRANCH-1-4/po/zh_TW.po
Log:
Post release updates.


Modified: branches/STABLE-BRANCH-1-4/NEWS
===================================================================
--- branches/STABLE-BRANCH-1-4/NEWS	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/NEWS	2006-08-01 12:27:00 UTC (rev 4217)
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.4.6
+------------------------------------------------
+
+
 Noteworthy changes in version 1.4.5 (2006-08-01)
 ------------------------------------------------
 

Modified: branches/STABLE-BRANCH-1-4/configure.ac
===================================================================
--- branches/STABLE-BRANCH-1-4/configure.ac	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/configure.ac	2006-08-01 12:27:00 UTC (rev 4217)
@@ -27,8 +27,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [1.4.5])
-m4_define([my_issvn], [no])
+m4_define([my_version], [1.4.6])
+m4_define([my_issvn], [yes])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
           || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))

Modified: branches/STABLE-BRANCH-1-4/po/be.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/be.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/be.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.2.2\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2003-10-30 16:35+0200\n"
 "Last-Translator: Ales Nyakhaychyk <nab@mail.by>\n"
 "Language-Team: Belarusian <i18n@mova.org>\n"
@@ -42,7 +42,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -78,8 +78,8 @@
 msgstr ""
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr ""
@@ -866,7 +866,7 @@
 msgid "no remote program execution supported\n"
 msgstr ""
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, fuzzy, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "%s: немагчыма стварыць тэчку: %s\n"
@@ -2269,7 +2269,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr ""
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr ""
@@ -4562,22 +4562,22 @@
 msgid "writing to stdout\n"
 msgstr "запіс у stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr ""
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr ""
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: тэчка створана\n"
@@ -6003,11 +6003,11 @@
 msgstr ""
 "па больш падрабязныя зьвесткі шукайце на http://www.gnupg.org/faq.html\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "дзеяньне немагчымае без распачатае бясьпечнае памяці\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr ""
 

Modified: branches/STABLE-BRANCH-1-4/po/ca.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/ca.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/ca.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -27,7 +27,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.4.0\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2005-02-04 02:04+0100\n"
 "Last-Translator: Jordi Mallach <jordi@gnu.org>\n"
 "Language-Team: Catalan <ca@dodds.net>\n"
@@ -62,7 +62,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -99,8 +99,8 @@
 msgstr "nota: el fitxer random_seed no s'ha actualitzat\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "no s'ha pogut crear «%s»: %s\n"
@@ -935,7 +935,7 @@
 msgid "no remote program execution supported\n"
 msgstr "no hi ha suport per a l'execució remota de programes\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "no es pot crear el directori «%s»: %s\n"
@@ -2490,7 +2490,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "no s'ha trobat cap anell escrivible: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "s'està escrivint en «%s»\n"
@@ -4999,23 +4999,23 @@
 msgid "writing to stdout\n"
 msgstr "s'està escrivint en stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "s'asumeix que hi ha dades signades en «%s»\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "s'ha creat el nou fitxer d'opcions «%s»\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "AVÍS: les opcions en «%s» encara no estan actives durant aquesta execució\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: s'ha creat el directori\n"
@@ -6582,11 +6582,11 @@
 
 # Últimament pense si «iniciar» no serà millor que «inicialitzar»?  ivb
 # Segons SC, hi ha diferència. jm
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "l'operació no és possible sense memòria segura inicialitzada\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(potser heu utilitzat el programa erroni per a aquesta tasca)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/cs.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/cs.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/cs.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: gnupg-1.3.92\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-11-26 09:12+0200\n"
 "Last-Translator: Roman Pavlik <rp@tns.cz>\n"
 "Language-Team: Czech <translations.cs@gnupg.cz>\n"
@@ -42,7 +42,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -78,8 +78,8 @@
 msgstr "pozn�mka: soubor random_seed nen� aktualizov�n\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "nemohu vytvo�it `%s': %s\n"
@@ -866,7 +866,7 @@
 msgid "no remote program execution supported\n"
 msgstr "spu�t�n� extern�ho programu nen� podporov�no\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "nemohu vytvo�it adres�� `%s': %s\n"
@@ -2412,7 +2412,7 @@
 msgstr "nenalezen zapisovateln� soubor kl��� (keyring): %s\n"
 
 # g10/import.c:766 g10/openfile.c:261#, c-format
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "zapisuji do '%s'\n"
@@ -4772,22 +4772,22 @@
 msgid "writing to stdout\n"
 msgstr "zapisuji do standardn�ho v�stupu\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "p�edpokl�d�m podepsan� data v `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "vytvo�en nov� konfigura�n� soubor `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "VAROV�N�: nastaven� z `%s' nejsou p�i tomto spu�t�n� zat�m aktivn�\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "adres�� `%s' vytvo�en\n"
@@ -6261,11 +6261,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "V�ce informac� naleznete na adrese http://www.gnupg.cz/faq.html\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "prov�st operaci nen� mo�n� bez inicializovan� bezpe�n� pam�ti\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(pravd�podobn� jste pro tento �kol pou�ili nespr�vn� program)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/da.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/da.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/da.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.0.0h\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2003-12-03 16:11+0100\n"
 "Last-Translator: Birger Langkjer <birger.langkjer@image.dk>\n"
 "Language-Team: Danish <dansk@klid.dk>\n"
@@ -43,7 +43,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -79,8 +79,8 @@
 msgstr ""
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, fuzzy, c-format
 msgid "can't create `%s': %s\n"
 msgstr "kan ikke oprette %s: %s\n"
@@ -892,7 +892,7 @@
 msgid "no remote program execution supported\n"
 msgstr ""
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, fuzzy, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "%s: kan ikke oprette mappe: %s\n"
@@ -2325,7 +2325,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "fejl ved skrivning af n�glering `%s': %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "skriver til `%s'\n"
@@ -4688,22 +4688,22 @@
 msgid "writing to stdout\n"
 msgstr "skriver til stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr ""
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr ""
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: mappe oprettet\n"
@@ -6162,11 +6162,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr ""
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "operation er ikke mulig uden beskyttet hukommelse indl�st\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(du kan have brugt et forkert program til denne opgave)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/de.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/de.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/de.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: gnupg-1.4.1\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2006-06-28 20:54+0200\n"
 "Last-Translator: Walter Koch <koch@u32.de>\n"
 "Language-Team: German <de@li.org>\n"
@@ -42,7 +42,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -79,8 +79,8 @@
 msgstr "Hinweis: 'random_seed'-Datei bleibt unver�ndert\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "'%s' kann nicht erzeugt werden: %s\n"
@@ -881,7 +881,7 @@
 msgid "no remote program execution supported\n"
 msgstr "Ausf�hren von externen Programmen wird nicht unterst�tzt\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "Verzeichnis `%s' kann nicht erzeugt werden: %s\n"
@@ -2426,7 +2426,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "kein schreibbarer Schl�sselbund gefunden: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "Schreiben nach '%s'\n"
@@ -4900,23 +4900,23 @@
 msgid "writing to stdout\n"
 msgstr "Schreiben auf die Standardausgabe\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "die unterzeichneten Daten sind wohl in '%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "Neue Konfigurationsdatei `%s' erstellt\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "WARNUNG: Optionen in `%s' sind w�hrend dieses Laufes noch nicht wirksam\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "Verzeichnis `%s' erzeugt\n"
@@ -6463,11 +6463,11 @@
 
 # "  Um dies zu vermeiden, kann das Programm suid(root) installiert werden.\n"
 # "  Bitte wenden Sie sich hierzu an den Systemadministrator.\n"
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "Vorgang ist ohne sicheren Hauptspeicher nicht m�glich\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr ""
 "(m�glicherweise haben Sie das falsche Programm f�r diese Aufgabe benutzt)\n"

Modified: branches/STABLE-BRANCH-1-4/po/el.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/el.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/el.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg-1.1.92\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2003-06-27 12:00+0200\n"
 "Last-Translator: Dokianakis Theofanis <madf@hellug.gr>\n"
 "Language-Team: Greek <nls@tux.hellug.gr>\n"
@@ -41,7 +41,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -79,8 +79,8 @@
 msgstr "��������: ��� ���� ��������� �� ������ random_seed\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "�������� ����������� ��� `%s': %s\n"
@@ -906,7 +906,7 @@
 msgid "no remote program execution supported\n"
 msgstr "��� ������������ � ������������� �������� ������������\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "�������� ����������� ��������� `%s': %s\n"
@@ -2445,7 +2445,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "��� ������� ��������� ����������: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "������� ���  `%s'\n"
@@ -4911,23 +4911,23 @@
 msgid "writing to stdout\n"
 msgstr "������� ���� stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "������� �������������� ��������� ��� `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "������������� ��� ������ �������� `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "�������������: �� �������� ��� `%s' ��� ����� ������� �� ���� ��� ��������\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: ��������� �������������\n"
@@ -6441,11 +6441,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "����� �� http://www.gnupg.org/faq.html ��� ������������ �����������\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "� ���������� ��� ����� ������ ����� �������������� ������ �����\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(���� ��������������� ����� ��������� ��� ���� ��� �������)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/eo.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/eo.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/eo.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.0.6d\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2002-04-14 14:33+0100\n"
 "Last-Translator: Edmund GRIMLEY EVANS <edmundo@rano.org>\n"
 "Language-Team: Esperanto <translation-team-eo@lists.sourceforge.net>\n"
@@ -41,7 +41,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -78,8 +78,8 @@
 msgstr "noto: dosiero random_seed ne aktualigita\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "ne povas krei '%s': %s\n"
@@ -894,7 +894,7 @@
 msgid "no remote program execution supported\n"
 msgstr ""
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, fuzzy, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "%s: ne povas krei dosierujon: %s\n"
@@ -2410,7 +2410,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "neniu skribebla �losilaro trovita: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "skribas al '%s'\n"
@@ -4871,22 +4871,22 @@
 msgid "writing to stdout\n"
 msgstr "skribas al la normala eligo\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "supozas subskribitajn datenojn en '%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, fuzzy, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "%s: nova opcio-dosiero kreita\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: dosierujo kreita\n"
@@ -6375,11 +6375,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "bonvolu vidi http://www.gnupg.org/faq.html por pliaj informoj\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "operacio ne eblas sen sekura memoro kun komenca valoro\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(eble vi uzis la mal�ustan programon por �i tiu tasko)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/es.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/es.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/es.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -10,7 +10,7 @@
 msgstr ""
 "Project-Id-Version: GNU gnupg 1.4.1\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2005-03-25 16:50+0100\n"
 "Last-Translator: Jaime Su�rez <jsuarez@ono.com>\n"
 "Language-Team: Spanish <es@li.org>\n"
@@ -45,7 +45,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -87,8 +87,8 @@
 msgstr "nota: el fichero de semillas aleatorias no se ha actualizado\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "no se puede crear %s: %s\n"
@@ -879,7 +879,7 @@
 msgid "no remote program execution supported\n"
 msgstr "no es posible ejecutar programas remotos\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "no se puede crear el directorio `%s': %s\n"
@@ -2414,7 +2414,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "anillo de claves no escribible encontrado: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "escribiendo en `%s'\n"
@@ -4771,22 +4771,22 @@
 msgid "writing to stdout\n"
 msgstr "escribiendo en stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "asumiendo que hay datos firmados en `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "creado un nuevo fichero de configuraci�n `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "AVISO: las opciones en `%s' no est�n a�n activas en esta ejecuci�n\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "directorio `%s' creado\n"
@@ -6297,11 +6297,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "por favor, vea http://www.gnupg.org/faq.html para m�s informaci�n\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "operaci�n imposible sin memoria segura inicializada\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(es posible que haya usado el programa incorrecto para esta tarea)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/et.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/et.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/et.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.2.2\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-06-17 11:04+0300\n"
 "Last-Translator: Toomas Soome <Toomas.Soome@microlink.ee>\n"
 "Language-Team: Estonian <et@li.org>\n"
@@ -41,7 +41,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -77,8 +77,8 @@
 msgstr "m�rkus: random_seed faili ei uuendatud\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "`%s' ei �nnestu luua: %s\n"
@@ -894,7 +894,7 @@
 msgid "no remote program execution supported\n"
 msgstr "mittelokaalse programmi k�ivitamist ei toetata\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "kataloogi `%s' ei �nnestu luua: %s\n"
@@ -2411,7 +2411,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "ei leia kirjutatavat v�tmehoidlat: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "kirjutan faili `%s'\n"
@@ -4840,22 +4840,22 @@
 msgid "writing to stdout\n"
 msgstr "kirjutan standardv�ljundisse\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "eeldan allkirjastatud andmeid failis `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "uus omaduste fail `%s' on loodud\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "HOIATUS: seaded failis `%s' pole seekord veel aktiivsed\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: kataloog on loodud\n"
@@ -6344,11 +6344,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "Lisainfot leiate lehelt http://www.gnupg.org/faq.html\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "initsialiseerimata turvalise m�luta ei ole operatsioon v�imalik\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(te kasutasite vahest selle t�� jaoks valet programmi)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/fi.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/fi.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/fi.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -22,7 +22,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.2.2\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-06-16 22:40+0300\n"
 "Last-Translator: Tommi Vainikainen <Tommi.Vainikainen@iki.fi>\n"
 "Language-Team: Finnish <translation-team-fi@lists.sourceforge.net>\n"
@@ -57,7 +57,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -94,8 +94,8 @@
 msgstr "huom: random_seed-tiedostoa ei päivitetty\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "tiedostoa \"%s\" ei voi luoda: %s\n"
@@ -914,7 +914,7 @@
 msgid "no remote program execution supported\n"
 msgstr "etäohjelman suorittamista ei tueta\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "hakemiston \"%s\" luominen ei onnistu: %s\n"
@@ -2443,7 +2443,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "kirjoitettavissa olevaa avainrengasta ei löydy: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "kirjoitetaan kohteeseen \"%s\"\n"
@@ -4896,24 +4896,24 @@
 msgid "writing to stdout\n"
 msgstr "kirjoitetaan vakiotulosteeseen\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "data kohteessa \"%s\" oletetaan allekirjoitetuksi\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "uusi asetustiedosto \"%s\" luotu\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "VAROITUS: asetukset tiedostossa \"%s\" eivät ole käytössä vielä tässä "
 "ajossa\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: hakemisto luotu\n"
@@ -6423,11 +6423,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "lisätietoja osoitteesta http://www.gnupg.org/faq.html\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "toiminto on mahdollinen vain, jos suojattu muisti alustetaan\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(olet ehkä käyttänyt tehtävään väärää ohjelmaa)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/fr.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/fr.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/fr.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -11,7 +11,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.4.2rc2\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2005-06-28 00:24+0200\n"
 "Last-Translator: Ga�l Qu�ri <gael@lautre.net>\n"
 "Language-Team: French <traduc@traduc.org>\n"
@@ -46,7 +46,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -84,8 +84,8 @@
 msgstr "note: le fichier `random_seed' n'a pas �t� mis � jour\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "impossible de cr�er `%s': %s\n"
@@ -892,7 +892,7 @@
 msgid "no remote program execution supported\n"
 msgstr "aucun programme d'ex�cution distante n'est support�\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "impossible de cr�er le r�pertoire `%s': %s\n"
@@ -2465,7 +2465,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "aucun porte-cl� n'a �t� trouv� avec des droits d'�criture : %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "�criture de `%s'\n"
@@ -4900,23 +4900,23 @@
 msgid "writing to stdout\n"
 msgstr "�criture vers la sortie standard\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "les donn�es sign�es sont suppos�es �tre dans `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr " nouveau fichier de configuration `%s' cr��\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "AVERTISSEMENT: les options de `%s' ne sont pas encore actives cette fois\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "r�pertoire `%s' cr��\n"
@@ -6442,13 +6442,13 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "voir http://www.gnupg.org/fr/faq.html pour plus d'informations\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr ""
 "l'op�ration n'est pas possible tant que la m�moire s�re n'est pas\n"
 "initialis�e\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(vous avez peut-�tre utilis� un programme non adapt� � cette fin)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/gl.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/gl.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/gl.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.2.4\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2003-12-04 11:39+0100\n"
 "Last-Translator: Jacobo Tarrio <jtarrio@trasno.net>\n"
 "Language-Team: Galician <gpul-traduccion@ceu.fi.udc.es>\n"
@@ -41,7 +41,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -77,8 +77,8 @@
 msgstr "nota: o ficheiro random_seed non se actualiza\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "non se pode crear `%s': %s\n"
@@ -904,7 +904,7 @@
 msgid "no remote program execution supported\n"
 msgstr "non se soporta a execuci�n remota de programas\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "non se pode crea-lo directorio `%s': %s\n"
@@ -2426,7 +2426,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "non se atopou un chaveiro no que se poida escribir: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "escribindo a `%s'\n"
@@ -4894,22 +4894,22 @@
 msgid "writing to stdout\n"
 msgstr "escribindo na sa�da est�ndar\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "suponse que hai datos asinados en `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr " creouse un novo ficheiro de configuraci�n `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "AVISO: as opci�ns de `%s' a�nda non est�n activas nesta execuci�n\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: directorio creado\n"
@@ -6421,11 +6421,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "mire en http://www.gnupg.org/faq.html para obter m�is informaci�n\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "a operaci�n non � posible sen memoria inicializada como segura\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(pode que usara o programa equivocado para esta tarefa)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/hu.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/hu.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/hu.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.2.5\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-06-19 21:53+0200\n"
 "Last-Translator: Nagy Ferenc L�szl� <nfl@nfllab.com>\n"
 "Language-Team: Hungarian <translation-team-hu@lists.sourceforge.net>\n"
@@ -41,7 +41,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -78,8 +78,8 @@
 msgstr "Megjegyz�s: random_seed �llom�nyt nem friss�tettem.\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "Nem tudom l�trehozni a(z) \"%s\" �llom�nyt: %s.\n"
@@ -894,7 +894,7 @@
 msgid "no remote program execution supported\n"
 msgstr "K�ls� program megh�v�sa nem t�mogatott.\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "Nem tudom a \"%s\" k�nyvt�rat l�trehozni: %s.\n"
@@ -2418,7 +2418,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "Nem �rhat� kulcskarik�t tal�ltam: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "�rok a \"%s\" �llom�nyba.\n"
@@ -4867,23 +4867,23 @@
 msgid "writing to stdout\n"
 msgstr "�rok a szabv�nyos kimenetre.\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "Azt felt�telezem, hogy az al��rt adat a %s �llom�nyban van.\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "\"%s\" �j konfigur�ci�s �llom�nyt l�trehoztam.\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "FIGYELEM: \"%s\" opci�i csak a k�vetkez� fut�skor lesznek �rv�nyesek!\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: K�nyvt�rat l�trehoztam.\n"
@@ -6386,11 +6386,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "Tov�bbi inform�ci� a http://www.gnupg.org/faq.html c�men tal�lhat�.\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "A m�velet nem lehets�ges biztons�gos mem�ria n�lk�l.\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(Lehet, hogy nem a megfelel� programot haszn�lja a feladatra.)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/id.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/id.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/id.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: gnupg-id\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-06-17 16:32+0700\n"
 "Last-Translator: Tedi Heriyanto <tedi_h@gmx.net>\n"
 "Language-Team: Indonesian <translation-team-id@lists.sourceforge.net>\n"
@@ -43,7 +43,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -79,8 +79,8 @@
 msgstr "catatan: file random_seed tidak diupdate\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "tidak dapat membuat %s: %s\n"
@@ -898,7 +898,7 @@
 msgid "no remote program execution supported\n"
 msgstr "tidak ada eksekusi program remote yang didukung\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "tidak dapat membuat direktori `%s': %s\n"
@@ -2433,7 +2433,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "tidak ditemukan keyring yang dapat ditulisi: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "menulis ke `%s'\n"
@@ -4875,22 +4875,22 @@
 msgid "writing to stdout\n"
 msgstr "menulis ke stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "mengasumsikan data bertanda dalam `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "file konfigurasi baru `%s' tercipta\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "PERINGATAN: opsi dalam `%s' belum aktif selama pelaksanaan ini\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: direktori tercipta\n"
@@ -6389,11 +6389,11 @@
 msgstr ""
 "silakan lihat http://www.gnupg.org/faq.html untuk informasi lebih lanjut\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "operasi tidak mungkin tanpa menginisialisasi memori yang aman\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(anda mungkin menggunakan program yang salah untuk tugas ini)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/it.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/it.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/it.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.1.92\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-06-16 17:01+0200\n"
 "Last-Translator: Marco d'Itri <md@linux.it>\n"
 "Language-Team: Italian <tp@lists.linux.it>\n"
@@ -41,7 +41,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -78,8 +78,8 @@
 msgstr "nota: il file random_seed non � stato aggiornato\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "impossibile creare `%s': %s\n"
@@ -909,7 +909,7 @@
 msgid "no remote program execution supported\n"
 msgstr "l'esecuzione remota dei programmi non � gestita\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "impossibile creare la directory `%s': %s\n"
@@ -2443,7 +2443,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "non � stato trovato un portachiavi scrivibile: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "scrittura in `%s'\n"
@@ -4900,24 +4900,24 @@
 msgid "writing to stdout\n"
 msgstr "scrivo su stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "suppongo che i dati firmati siano in `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "creato un nuovo file di configurazione `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "ATTENZIONE: le opzioni in `%s' non sono ancora attive durante questa\n"
 "esecuzione del programma\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: directory creata\n"
@@ -6440,11 +6440,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "visitare http://www.gnupg.org/faq.html per ulteriori informazioni\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "l'operazione non � possibile senza memoria sicura inizializzata\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(potresti avere usato il programma sbagliato per questa funzione)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/ja.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/ja.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/ja.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -9,7 +9,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.3.92\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-11-23 11:14+0900\n"
 "Last-Translator: IIDA Yosiaki <iida@gnu.org>\n"
 "Language-Team: Japanese <translation-team-ja@lists.sourceforge.net>\n"
@@ -44,7 +44,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -80,8 +80,8 @@
 msgstr "����: random_seed �ե�����ι����򤷤ޤ���\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "��%s�פ������Ǥ��ޤ���: %s\n"
@@ -862,7 +862,7 @@
 msgid "no remote program execution supported\n"
 msgstr "��֥ץ������μ¹Ԥϡ����ݡ��Ȥ��Ƥ��ޤ���\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "�ǥ��쥯�ȥ꡼��%s�פ������Ǥ��ޤ���: %s\n"
@@ -2370,7 +2370,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "����߲�ǽ�ʸ��ؤ����Ĥ���ޤ���: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "��%s�פؤν����\n"
@@ -4732,22 +4732,22 @@
 msgid "writing to stdout\n"
 msgstr "ɸ����Ϥ˽񤭹��ߤޤ�\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "��̾���줿�ǡ�������%s�פˤ�������ꤷ�ޤ�\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "�����������ե������%s�פ��Ǥ��ޤ���\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "�ٹ�: ��%s�פΥ��ץ����ϵ�ư���Ƥ���֡�ͭ���ˤʤ�ޤ���\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "�ǥ��쥯�ȥ꡼��%s�פ��Ǥ��ޤ���\n"
@@ -6195,11 +6195,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "�ܺ٤�http://www.gnupg.org/faq.html������������\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "������Ѥߤΰ����ʥ��꡼���ʤ����ˤ����Ǥ��ޤ���\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(������Ū�ˤϸ��ä��ץ�������Ȥä��ΤǤ��礦)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/nb.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/nb.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/nb.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -10,7 +10,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.4.3\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2006-06-13 20:31+0200\n"
 "Last-Translator: Trond Endrest�l <Trond.Endrestol@fagskolen.gjovik.no>\n"
 "Language-Team: Norwegian Bokm�l <i18n-nb@lister.ping.uio.no>\n"
@@ -45,7 +45,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -81,8 +81,8 @@
 msgstr "merk: random_seed-fila ble ikke oppdatert\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "kan ikke opprette �%s�: %s\n"
@@ -871,7 +871,7 @@
 msgid "no remote program execution supported\n"
 msgstr "fjernutf�ring av programmer er ikke st�ttet\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "kan ikke opprette katalogen �%s�: %s\n"
@@ -2305,7 +2305,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "ingen skrivbart n�kkelknippe funnet: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "skriver til �%s�\n"
@@ -4627,22 +4627,22 @@
 msgid "writing to stdout\n"
 msgstr "skriver til stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "antar at signert data er i �%s�\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "ny konfigurasjonsfil �%s� ble opprettet\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "ADVARSEL: valgene i �%s� er ikke aktive under denne kj�ringen\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "katalogen �%s� ble opprettet\n"
@@ -6081,11 +6081,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "vennligst se http://www.gnupg.org/faq.html for mere informasjon\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "operasjonen er ikke mulig uten initialisert sikkert minne\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(du kan ha brukt feil program for denne oppgaven)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/pl.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/pl.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/pl.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: gnupg-1.2.2\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-06-23 15:54+0200\n"
 "Last-Translator: Janusz A. Urbanowicz <alex@bofh.net.pl>\n"
 "Language-Team: Polish <pl@li.org>\n"
@@ -51,7 +51,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -88,8 +88,8 @@
 msgstr "uwaga: plik random_seed nie jest uaktualniony\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "nie mo�na utworzy� ,,%s'': %s\n"
@@ -918,7 +918,7 @@
 msgid "no remote program execution supported\n"
 msgstr "odwo�ania do zewn�trznych program�w s� wy��czone\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "nie mo�na utworzy� katalogu ,,%s'': %s\n"
@@ -2450,7 +2450,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "brak zapisywalnego zbioru kluczy: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "zapis do '%s'\n"
@@ -4905,22 +4905,22 @@
 msgid "writing to stdout\n"
 msgstr "zapisywanie na wyj�cie standardowe\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "przyj�to obecno�� podpisanych danych w '%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "nowy plik ustawie� ,,%s'' zosta� utworzony\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "OSTRZE�ENIE: opcje w ,,%s'' nie s� jeszcze uwzgl�dnione.\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: katalog utworzony\n"
@@ -6429,11 +6429,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "obja�nienie mo�na przeczyta� tutaj: http://www.gnupg.org/faq.html\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "bez zabezpieczenia pami�ci nie mo�na wykona� tej operacji\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(prawdopodobnie u�ywany program jest niew�a�ciwy dlatego zadania)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/pt.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/pt.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/pt.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -9,7 +9,7 @@
 msgstr ""
 "Project-Id-Version: gnupg\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2002-09-13 18:26+0100\n"
 "Last-Translator: Pedro Morais <morais@kde.org>\n"
 "Language-Team: pt <morais@kde.org>\n"
@@ -44,7 +44,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -81,8 +81,8 @@
 msgstr "nota: ficheiro random_seed n�o actualizado\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "imposs�vel criar `%s': %s\n"
@@ -900,7 +900,7 @@
 msgid "no remote program execution supported\n"
 msgstr ""
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, fuzzy, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "%s: imposs�vel criar directoria: %s\n"
@@ -2425,7 +2425,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "n�o foi encontrada nenhum porta-chaves onde escrever: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "a escrever para `%s'\n"
@@ -4877,22 +4877,22 @@
 msgid "writing to stdout\n"
 msgstr "a escrever em \"stdout\"\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "a assumir dados assinados em `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "criado um novo ficheiro de configura��o `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "AVISO: op��es em `%s' ainda n�o est�o activas nesta execu��o\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: directoria criada\n"
@@ -6393,11 +6393,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "por favor veja http://www.gnupg.org/faq.html para mais informa��es\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "a opera��o n�o � poss�vel sem mem�ria segura inicializada\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(voc� pode ter usado o programa errado para esta tarefa)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/pt_BR.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/pt_BR.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/pt_BR.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -13,7 +13,7 @@
 msgstr ""
 "Project-Id-Version: GNU gnupg 1.0\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 1998-11-20 23:46:36-0200\n"
 "Last-Translator:\n"
 "Language-Team: ?\n"
@@ -48,7 +48,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -85,8 +85,8 @@
 msgstr ""
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, fuzzy, c-format
 msgid "can't create `%s': %s\n"
 msgstr "imposs�vel criar %s: %s\n"
@@ -907,7 +907,7 @@
 msgid "no remote program execution supported\n"
 msgstr ""
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, fuzzy, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "%s: imposs�vel criar diret�rio: %s\n"
@@ -2389,7 +2389,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "imposs�vel escrever chaveiro: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "escrevendo para `%s'\n"
@@ -4829,22 +4829,22 @@
 msgid "writing to stdout\n"
 msgstr "escrevendo em \"stdout\"\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "assumindo dados assinados em `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, fuzzy, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "%s: novo arquivo de op��es criado\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: diret�rio criado\n"
@@ -6345,11 +6345,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr ""
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "a opera��o n�o � poss�vel sem mem�ria segura inicializada\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(voc� pode ter usado o programa errado para esta tarefa)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/ro.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/ro.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/ro.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -9,7 +9,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.4.2rc1\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2005-05-31 22:00-0500\n"
 "Last-Translator: Laurentiu Buzdugan <lbuz@rolix.org>\n"
 "Language-Team: Romanian <translation-team-ro@lists.sourceforge.net>\n"
@@ -45,7 +45,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -83,8 +83,8 @@
 msgstr "not�: fi�ierul random_seed nu a fost actualizat\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "nu pot crea `%s': %s\n"
@@ -876,7 +876,7 @@
 msgid "no remote program execution supported\n"
 msgstr "nu este suportat� execu�ia nici unui program la distan��\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "nu pot crea directorul `%s': %s\n"
@@ -2422,7 +2422,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "n-am g�sit nici un inel de chei ce poate fi scris: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "scriu �n `%s'\n"
@@ -4794,23 +4794,23 @@
 msgid "writing to stdout\n"
 msgstr "scriu la stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "presupun date semnate �n `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "fi�ier de configurare nou `%s' creat\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "AVERTISMENT: op�iunile din %s nu sunt �nc� active �n timpul acestei rul�ri\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "director `%s' creat\n"
@@ -6295,12 +6295,12 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "vede�i http://www.gnupg.org/faq.html pentru informa�ii suplimentare\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr ""
 "opera�ia nu este posibil� f�r� memorie protejat� (secure) ini�ializat�\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(a�i folosit probabil un program nepotrivit pentru aceast� sarcin�)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/ru.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/ru.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/ru.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: GnuPG 1.4.2\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2005-06-22 02:53+0200\n"
 "Last-Translator: Maxim Britov <maxbritov@tut.by>\n"
 "Language-Team: Russian <gnupg-ru@gnupg.org>\n"
@@ -43,7 +43,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -79,8 +79,8 @@
 msgstr "замечание: файл random_seed не обновлен\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "не могу создать `%s': %s\n"
@@ -865,7 +865,7 @@
 msgid "no remote program execution supported\n"
 msgstr "удаленный запуск программы не поддерживается\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "не могу создать каталог `%s': %s\n"
@@ -2396,7 +2396,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "нет доступной для записи таблицы ключей: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "сохраняю в `%s'\n"
@@ -4753,22 +4753,22 @@
 msgid "writing to stdout\n"
 msgstr "Вывод в stdout\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "принятие подписанных данных в `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "создан новый файл настроек `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "ВНИМАНИЕ: параметры в `%s' еще не активны при этом запуске\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "создан каталог `%s'\n"
@@ -6247,11 +6247,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "Для дополнительной информации см. http://www.gnupg.org/faq.html\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "операция невозможна без инициализации защищенной памяти\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr ""
 "(возможно, Вы используете неподходящее программное обеспечение\n"

Modified: branches/STABLE-BRANCH-1-4/po/sk.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/sk.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/sk.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -5,7 +5,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.2.5\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-07-20 15:52+0200\n"
 "Last-Translator: Michal Majer <mmajer@econ.umb.sk>\n"
 "Language-Team: Slovak <sk-i18n@lists.linux.sk>\n"
@@ -40,7 +40,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -76,8 +76,8 @@
 msgstr "pozn�mka: s�bor random_seed nie je aktualizovan�\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "nem��em vytvori� `%s': %s\n"
@@ -895,7 +895,7 @@
 msgid "no remote program execution supported\n"
 msgstr "�iadne vzialen� vykon�vanie programu nie je podporovan�\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "nem��em vytvori� adres�r `%s': %s\n"
@@ -2434,7 +2434,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "nen�jden� zapisovate�n� s�bor k���ov (keyring): %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "zapisujem do '%s'\n"
@@ -4882,22 +4882,22 @@
 msgid "writing to stdout\n"
 msgstr "zapisujem na �tandardn� v�stup (stdout)\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "predpoklad�m podp�san� d�ta v `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "vytvoren� nov� konfigura�n� s�bor `%s'\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "VAROVANIE: nastavenie v `%s' e�te nie je akt�vne\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: adres�r vytvoren�\n"
@@ -6397,11 +6397,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "Viac inform�ci� n�jdete na adrese http://www.gnupg.org/faq.html\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "vykonanie oper�cie nie je mo�n� bez inicializovanej bezpe�nej pam�te\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(pravdepodobne ste na t�to �lohu pou�ili nespr�vny program)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/sv.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/sv.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/sv.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -23,7 +23,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.2.6\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2004-12-01 17:49+0100\n"
 "Last-Translator: Per Tunedal <info@clipanish.com>\n"
 "Language-Team: Swedish <sv@li.org>\n"
@@ -59,7 +59,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -95,8 +95,8 @@
 msgstr "Obs: random_seed uppdaterades inte\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "kan inte skapa \"%s\": %s\n"
@@ -926,7 +926,7 @@
 msgid "no remote program execution supported\n"
 msgstr "ingen körning av fjärrprogram stöds\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "%s: kan inte skapa katalog: %s\n"
@@ -2491,7 +2491,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "hittade ingen nyckelring som gick att skriva till: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "skriver till \"%s\"\n"
@@ -4981,23 +4981,23 @@
 msgid "writing to stdout\n"
 msgstr "skriver till standard ut\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "antar att signera data finns i filen \"%s\"\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "ny konfigurationsfil `%s'skapad\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "VARNING: inställningar i `%s' är ännu inte aktiva under denna körning\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, fuzzy, c-format
 msgid "directory `%s' created\n"
 msgstr "%s: katalog skapad\n"
@@ -6540,11 +6540,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "se http://www.gnupg.org/faq.html för mer information\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "operationen är inte möjlig utan tillgång till säkert minne\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(du kan ha använt fel program för denna uppgift)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/tr.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/tr.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/tr.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.4.1\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2005-03-16 07:30+0300\n"
 "Last-Translator: Nilgün Belma Bugüner <nilgun@superonline.com>\n"
 "Language-Team: Turkish <gnu-tr-u12a@lists.sourceforge.net>\n"
@@ -42,7 +42,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -78,8 +78,8 @@
 msgstr "bilgi: \"random_seed\" dosyası güncel değil\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "\"%s\" oluşturulamıyor: %s\n"
@@ -867,7 +867,7 @@
 msgid "no remote program execution supported\n"
 msgstr "uzaktan uygulama çalıştırılması desteklenmiyor\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "`%s' dizini oluşturulamıyor: %s\n"
@@ -2375,7 +2375,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "yazılabilir bir anahtar zinciri yok: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "\"%s\"e yazıyor\n"
@@ -4773,23 +4773,23 @@
 msgid "writing to stdout\n"
 msgstr "standart çıktıya yazıyor\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "\"%s\" içindeki veri imzalı kabul ediliyor\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "yeni yapılandırma dosyası `%s' oluşturuldu\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr ""
 "UYARI: `%s' deki seçenekler bu çalıştırma sırasında henüz etkin değil\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "dizin `%s' oluşturuldu\n"
@@ -6276,11 +6276,11 @@
 "Daha geniş bilgi edinmek için http://www.gnupg.org/faq.html adresine "
 "bakınız\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "güvenli bellek hazırlanmadan işlem yapmak mümkün değil\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(bu görev için yanlış program kullanmış olabilirsiniz)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/zh_CN.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/zh_CN.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/zh_CN.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.4.4\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2006-07-02 10:58+0800\n"
 "Last-Translator: Meng Jie <zuxyhere@eastday.com>\n"
 "Language-Team: Chinese (simplified) <i18n-translation@lists.linux.net.cn>\n"
@@ -46,7 +46,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -82,8 +82,8 @@
 msgstr "注意：随机数种子文件未被更新\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "无法建立‘%s’：%s\n"
@@ -858,7 +858,7 @@
 msgid "no remote program execution supported\n"
 msgstr "不支持远程调用\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "无法建立目录‘%s’：%s\n"
@@ -2327,7 +2327,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "找不到可写的钥匙环：%s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "正在写入‘%s’\n"
@@ -4645,22 +4645,22 @@
 msgid "writing to stdout\n"
 msgstr "正在写入到标准输出\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "假定被签名的数据是‘%s’\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "新的配置文件‘%s’已建立\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "警告：在‘%s’里的选项于此次运行期间未被使用\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "已创建目录‘%s’\n"
@@ -6094,11 +6094,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "请访问 http://www.gnupg.org/faq.html 以获得更详细的信息\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "安全内存未初始化，不能进行操作\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(您可能使用了错误的程序来完成此项任务)\n"
 

Modified: branches/STABLE-BRANCH-1-4/po/zh_TW.po
===================================================================
--- branches/STABLE-BRANCH-1-4/po/zh_TW.po	2006-08-01 12:23:34 UTC (rev 4216)
+++ branches/STABLE-BRANCH-1-4/po/zh_TW.po	2006-08-01 12:27:00 UTC (rev 4217)
@@ -9,7 +9,7 @@
 msgstr ""
 "Project-Id-Version: gnupg 1.4.2\n"
 "Report-Msgid-Bugs-To: gnupg-i18n@gnupg.org\n"
-"POT-Creation-Date: 2006-07-28 11:12+0200\n"
+"POT-Creation-Date: 2006-08-01 13:07+0200\n"
 "PO-Revision-Date: 2005-07-29 09:49+0800\n"
 "Last-Translator: Jedi <Jedi@Jedi.org>\n"
 "Language-Team: Chinese (traditional) <zh-l10n@linux.org.tw>\n"
@@ -44,7 +44,7 @@
 #: cipher/random.c:448 g10/card-util.c:678 g10/card-util.c:747
 #: g10/dearmor.c:61 g10/dearmor.c:110 g10/encode.c:184 g10/encode.c:474
 #: g10/gpg.c:1003 g10/gpg.c:3461 g10/import.c:195 g10/keygen.c:2385
-#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:342
+#: g10/keyring.c:1525 g10/openfile.c:186 g10/openfile.c:348
 #: g10/plaintext.c:481 g10/sign.c:808 g10/sign.c:1001 g10/sign.c:1114
 #: g10/sign.c:1264 g10/tdbdump.c:141 g10/tdbdump.c:149 g10/tdbio.c:540
 #: g10/tdbio.c:605
@@ -80,8 +80,8 @@
 msgstr "請注意: random_seed 檔案未被更新\n"
 
 #: cipher/random.c:544 g10/exec.c:481 g10/gpg.c:1002 g10/keygen.c:2864
-#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:263
-#: g10/openfile.c:357 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
+#: g10/keygen.c:2894 g10/keyring.c:1201 g10/keyring.c:1501 g10/openfile.c:269
+#: g10/openfile.c:363 g10/sign.c:826 g10/sign.c:1130 g10/tdbio.c:536
 #, c-format
 msgid "can't create `%s': %s\n"
 msgstr "無法建立 `%s': %s\n"
@@ -856,7 +856,7 @@
 msgid "no remote program execution supported\n"
 msgstr "沒有已支援的遠端程式執行\n"
 
-#: g10/exec.c:176 g10/openfile.c:415
+#: g10/exec.c:176 g10/openfile.c:421
 #, c-format
 msgid "can't create directory `%s': %s\n"
 msgstr "無法建立目錄 `%s': %s\n"
@@ -2349,7 +2349,7 @@
 msgid "no writable keyring found: %s\n"
 msgstr "找不到可寫的鑰匙圈: %s\n"
 
-#: g10/import.c:802 g10/openfile.c:267 g10/sign.c:831 g10/sign.c:1135
+#: g10/import.c:802 g10/openfile.c:273 g10/sign.c:831 g10/sign.c:1135
 #, c-format
 msgid "writing to `%s'\n"
 msgstr "正在寫到 `%s'\n"
@@ -4684,22 +4684,22 @@
 msgid "writing to stdout\n"
 msgstr "正在寫入到標準輸出\n"
 
-#: g10/openfile.c:305
+#: g10/openfile.c:311
 #, c-format
 msgid "assuming signed data in `%s'\n"
 msgstr "假設被簽署的資料在 `%s'\n"
 
-#: g10/openfile.c:384
+#: g10/openfile.c:390
 #, c-format
 msgid "new configuration file `%s' created\n"
 msgstr "新的設定檔 `%s' 被建立了\n"
 
-#: g10/openfile.c:386
+#: g10/openfile.c:392
 #, c-format
 msgid "WARNING: options in `%s' are not yet active during this run\n"
 msgstr "警告: 在 `%s' 裡的選項於這次執行期間並沒有被啟用\n"
 
-#: g10/openfile.c:418
+#: g10/openfile.c:424
 #, c-format
 msgid "directory `%s' created\n"
 msgstr "目錄 `%s' 已建立\n"
@@ -6140,11 +6140,11 @@
 msgid "please see http://www.gnupg.org/faq.html for more information\n"
 msgstr "請參考 http://www.gnupg.org/faq.html 上進一步的資訊\n"
 
-#: util/secmem.c:350
+#: util/secmem.c:351
 msgid "operation is not possible without initialized secure memory\n"
 msgstr "尚未啟用安全的記憶體前, 不可能進行操作\n"
 
-#: util/secmem.c:351
+#: util/secmem.c:352
 msgid "(you may have used the wrong program for this task)\n"
 msgstr "(也許妳選錯程式來做這件事了)\n"
 


From cvs at cvs.gnupg.org  Fri Aug  4 12:18:16 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri Aug  4 11:37:28 2006
Subject: [svn] gcry - r1172 - in trunk: . cipher mpi tests
Message-ID: <E1G8w7R-00020B-4O@trithemius.gnupg.org>

Author: wk
Date: 2006-08-04 12:18:14 +0200 (Fri, 04 Aug 2006)
New Revision: 1172

Added:
   trunk/tests/t-mpi-bit.c
Modified:
   trunk/NEWS
   trunk/TODO
   trunk/cipher/ChangeLog
   trunk/cipher/random-daemon.c
   trunk/cipher/random.c
   trunk/cipher/random.h
   trunk/mpi/ChangeLog
   trunk/mpi/mpi-bit.c
   trunk/mpi/mpiutil.c
   trunk/tests/ChangeLog
   trunk/tests/Makefile.am
Log:
Fixed gcry_mpi_set_bit and enhanced mpi_rshift.
Cleaned up andom-daemon initialization.


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/NEWS	2006-08-04 10:18:14 UTC (rev 1172)
@@ -12,9 +12,11 @@
 
  * Support for SHA-224 and HMAC using SHA-384 and SHA-512.
 
+ * gcry_mpi_rshift does not anymore truncate the shift count.
+
  * Interface changes relative to the 1.2.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- gcry_fast_random_poll	NEW
+ gcry_fast_random_poll	 NEW
  gcry_pk_algo_name       CHANGED (minor change in respect to return value)
  gcry_cipher_algo_name   CHANGED (minor change in respect to return value)
  GCRY_MD_SHA224          NEW

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/TODO	2006-08-04 10:18:14 UTC (rev 1172)
@@ -1,5 +1,7 @@
 What's left to do                                 -*- outline -*-
 
+* Updated the FSF's directory.
+
 * Add more tests.
 
 * udiv-qrnbd.o should get build as *.lo [HPUX]

Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/cipher/ChangeLog	2006-08-04 10:18:14 UTC (rev 1172)
@@ -1,3 +1,15 @@
+2006-08-03  Werner Koch  <wk@g10code.com>
+
+	* random-daemon.c (_gcry_daemon_initialize_basics): Don't
+	initialize the socket.  Remove arg SOCKETNAME.
+	(connect_to_socket): Make sure that daemon is set to -1 on error.
+	(call_daemon): Initialize the socket on the first call.
+	(_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) 
+	(_gcry_daemon_create_nonce): New arg SOCKETNAME.
+	* random.c (initialize): Call new daemon initializator.
+	(get_random_bytes, gcry_randomize, gcry_create_nonce): Pass socket
+	name to daemon call and reset allow_daemon on failure.
+
 2006-07-26  Werner Koch  <wk@g10code.com>
 
 	* rmd160.c (_gcry_rmd160_mixblock): Add cast to transform call.

Modified: trunk/cipher/random-daemon.c
===================================================================
--- trunk/cipher/random-daemon.c	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/cipher/random-daemon.c	2006-08-04 10:18:14 UTC (rev 1172)
@@ -24,7 +24,7 @@
    gcryptrnd.  Such a daemon is useful to keep a persistent pool in
    memory over invocations of a single application and to allow
    prioritizing access to the actual entropy sources.  The drawback is
-   that we need to use IPC (i.e. unxi domain socket) to convey
+   that we need to use IPC (i.e. unix domain socket) to convey
    sensitive data.
  */
 
@@ -111,20 +111,22 @@
 
  out:
 
-  *sock = fd;
   gcry_free (srvr_addr);
-
   if (err)
-    close (fd);
+    {
+      close (fd);
+      fd = -1;
+    }
+  *sock = fd;
 
   return err;
 }
 
 
 /* Initialize basics of this module. This should be viewed as a
-   constroctur to prepare locking. */
+   constructor to prepare locking. */
 void
-_gcry_daemon_initialize_basics (const char *socketname)
+_gcry_daemon_initialize_basics (void)
 {
   static int initialized;
   int err;
@@ -135,16 +137,11 @@
       err = ath_mutex_init (&daemon_lock);
       if (err)
         log_fatal ("failed to create the daemon lock: %s\n", strerror (err) );
-
-      err = connect_to_socket (socketname ? socketname : RANDOM_DAEMON_SOCKET,
-			       &daemon_socket);
-      if (err)
-	log_info ("not using random daemon\n");
     }
 }
 
-
 
+
 /* Send LENGTH bytes of BUFFER to file descriptor FD.  Returns 0 on
    success or another value on write error. */
 static int
@@ -201,22 +198,47 @@
    data of random level LEVEL will be generated.  The retrieved random
    data will be stored in BUFFER.  Returns error code.  */
 static gcry_error_t
-call_daemon (void *buffer, size_t req_nbytes, int nonce,
+call_daemon (const char *socketname,
+             void *buffer, size_t req_nbytes, int nonce,
 	     enum gcry_random_level level)
 {
+  static int initialized;
   unsigned char buf[255];
-  gcry_error_t err;
+  gcry_error_t err = 0;
   size_t nbytes;
   size_t nread;
   int rc;
 
-  err = 0;
-
-  if (! req_nbytes)
+  if (!req_nbytes)
     return 0;
 
   ath_mutex_lock (&daemon_lock);
 
+  /* Open the socket if that has not been done. */
+  if (!initialized)
+    {
+      initialized = 1;
+      err = connect_to_socket (socketname ? socketname : RANDOM_DAEMON_SOCKET,
+			       &daemon_socket);
+      if (err)
+        {
+          daemon_socket = -1;
+          log_info ("not using random daemon\n");
+          ath_mutex_unlock (&daemon_lock);
+          return err;
+        }
+    }
+
+  /* Check that we have a valid socket descriptor. */
+  if ( daemon_socket == -1 )
+    {
+      ath_mutex_unlock (&daemon_lock);
+      return gcry_error (GPG_ERR_INTERNAL);
+    }
+
+
+  /* Do the real work.  */
+
   do
     {
       /* Process in chunks.  */
@@ -311,12 +333,13 @@
    support GCRY_STRONG_RANDOM and GCRY_VERY_STRONG_RANDOM here.
    Return 0 on success. */
 int
-_gcry_daemon_randomize (void *buffer, size_t length,
+_gcry_daemon_randomize (const char *socketname, 
+                        void *buffer, size_t length,
                         enum gcry_random_level level)
 {
   gcry_error_t err;
 
-  err = call_daemon (buffer, length, 0, level);
+  err = call_daemon (socketname, buffer, length, 0, level);
 
   return err ? -1 : 0;
 }
@@ -327,7 +350,8 @@
    that the IPC mechanism might have not stored it there.  Return a
    pointer to a newly alloced memory or NULL if it failed.  */
 void *
-_gcry_daemon_get_random_bytes (size_t nbytes, int level, int secure)
+_gcry_daemon_get_random_bytes (const char *socketname,
+                               size_t nbytes, int level, int secure)
 {
   gcry_error_t err;
   void *p;
@@ -336,7 +360,7 @@
   if (err)
     goto out;
 
-  err = call_daemon (p, nbytes, 0, level);
+  err = call_daemon (socketname, p, nbytes, 0, level);
 
  out:
 
@@ -353,11 +377,11 @@
 /* Internal function to fill BUFFER with NBYTES of data usable for a
    nonce.  Returns 0 on success. */
 int
-_gcry_daemon_create_nonce (void *buffer, size_t length)
+_gcry_daemon_create_nonce (const char *socketname, void *buffer, size_t length)
 {
   gcry_error_t err;
 
-  err = call_daemon (buffer, length, 1, 0);
+  err = call_daemon (socketname, buffer, length, 1, 0);
 
   return err ? -1 : 0;
 }

Modified: trunk/cipher/random.c
===================================================================
--- trunk/cipher/random.c	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/cipher/random.c	2006-08-04 10:18:14 UTC (rev 1172)
@@ -161,7 +161,7 @@
       if (err)
         log_fatal ("failed to create the nonce buffer lock: %s\n",
                    strerror (err) );
-      _gcry_daemon_initialize_basics (daemon_socket_name);
+      _gcry_daemon_initialize_basics ();
     }
 }
 
@@ -304,8 +304,11 @@
   /* Make sure the requested level is in range. */
   MASK_LEVEL(level);
 
-  if (allow_daemon && (p=_gcry_daemon_get_random_bytes (nbytes, level,secure)))
+  if (allow_daemon &&
+      (p=_gcry_daemon_get_random_bytes (daemon_socket_name,
+                                        nbytes, level,secure)))
     return p; /* The daemon succeeded. */
+  allow_daemon = 0; /* Daemon failed - switch off. */
 
   /* Lock the pool. */
   err = ath_mutex_lock (&pool_lock);
@@ -417,8 +420,10 @@
   /* Make sure the level is okay. */
   MASK_LEVEL(level);
 
-  if (allow_daemon && !_gcry_daemon_randomize (buffer, length, level))
+  if (allow_daemon
+      && !_gcry_daemon_randomize (daemon_socket_name, buffer, length, level))
     return; /* The daemon succeeded. */
+  allow_daemon = 0; /* Daemon failed - switch off. */
 
   /* Acquire the pool lock. */
   err = ath_mutex_lock (&pool_lock);
@@ -1233,8 +1238,10 @@
   if (!is_initialized)
     initialize ();
 
-  if (allow_daemon && !_gcry_daemon_create_nonce (buffer, length))
+  if (allow_daemon
+      && !_gcry_daemon_create_nonce (daemon_socket_name, buffer, length))
     return; /* The daemon succeeded. */
+  allow_daemon = 0; /* Daemon failed - switch off. */
 
   /* Acquire the nonce buffer lock. */
   err = ath_mutex_lock (&nonce_buffer_lock);

Modified: trunk/cipher/random.h
===================================================================
--- trunk/cipher/random.h	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/cipher/random.h	2006-08-04 10:18:14 UTC (rev 1172)
@@ -37,12 +37,14 @@
 void _gcry_fast_random_poll( void );
 
 /*-- random-daemon.c (only used from random.c) --*/
-void _gcry_set_random_daemon_socket (const char *socketname);
-void _gcry_daemon_initialize_basics (const char *socketname);
-int _gcry_daemon_randomize (void *buffer, size_t length,
+void _gcry_daemon_initialize_basics (void);
+int _gcry_daemon_randomize (const char *socketname,
+                            void *buffer, size_t length,
                             enum gcry_random_level level);
-void *_gcry_daemon_get_random_bytes (size_t nbytes, int level, int secure);
-int _gcry_daemon_create_nonce (void *buffer, size_t length);
+void *_gcry_daemon_get_random_bytes (const char *socketname,
+                                     size_t nbytes, int level, int secure);
+int _gcry_daemon_create_nonce (const char *socketname,
+                               void *buffer, size_t length);
 
 
 #endif /*G10_RANDOM_H*/

Modified: trunk/mpi/ChangeLog
===================================================================
--- trunk/mpi/ChangeLog	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/mpi/ChangeLog	2006-08-04 10:18:14 UTC (rev 1172)
@@ -1,3 +1,15 @@
+2006-08-04  Werner Koch  <wk@g10code.com>
+
+	* mpi-bit.c (gcry_mpi_rshift): Rewritten to remove the limitation
+	on N (which used to be less than BITS_PER_MPI_LIMB).
+
+2006-08-03  Werner Koch  <wk@g10code.com>
+
+	* mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit): Fixed
+	allocation.  Reported by bpgcrypt at itaparica.org.
+	* mpiutil.c (_gcry_mpi_resize): Clear the new part of the resized
+	limb space.
+
 2006-07-26  Werner Koch  <wk@g10code.com>
 
 	* mpiutil.c (gcry_mpi_randomize): Changed P to unsigned char*.

Modified: trunk/mpi/mpi-bit.c
===================================================================
--- trunk/mpi/mpi-bit.c	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/mpi/mpi-bit.c	2006-08-04 10:18:14 UTC (rev 1172)
@@ -1,5 +1,5 @@
 /* mpi-bit.c  -  MPI bit level fucntions
- * Copyright (C) 1998, 1999, 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2001, 2002, 2006 Free Software Foundation, Inc.
  *
  * This file is part of Libgcrypt.
  *
@@ -116,17 +116,17 @@
 void
 gcry_mpi_set_bit( gcry_mpi_t a, unsigned int n )
 {
-    unsigned int limbno, bitno;
+  unsigned int limbno, bitno;
 
-    limbno = n / BITS_PER_MPI_LIMB;
-    bitno  = n % BITS_PER_MPI_LIMB;
+  limbno = n / BITS_PER_MPI_LIMB;
+  bitno  = n % BITS_PER_MPI_LIMB;
 
-    if( limbno >= a->nlimbs ) { /* resize */
-	if( a->alloced >= limbno )
-	    mpi_resize(a, limbno+1 );
-	a->nlimbs = limbno+1;
+  if ( limbno >= a->nlimbs ) 
+    {
+      mpi_resize (a, limbno+1 );
+      a->nlimbs = limbno+1;
     }
-    a->d[limbno] |= (A_LIMB_1<<bitno);
+  a->d[limbno] |= (A_LIMB_1<<bitno);
 }
 
 /****************
@@ -135,20 +135,20 @@
 void
 gcry_mpi_set_highbit( gcry_mpi_t a, unsigned int n )
 {
-    unsigned int limbno, bitno;
-
-    limbno = n / BITS_PER_MPI_LIMB;
-    bitno  = n % BITS_PER_MPI_LIMB;
-
-    if( limbno >= a->nlimbs ) { /* resize */
-	if( a->alloced >= limbno )
-	    mpi_resize(a, limbno+1 );
-	a->nlimbs = limbno+1;
+  unsigned int limbno, bitno;
+  
+  limbno = n / BITS_PER_MPI_LIMB;
+  bitno  = n % BITS_PER_MPI_LIMB;
+  
+  if ( limbno >= a->nlimbs ) 
+    { 
+      mpi_resize (a, limbno+1 );
+      a->nlimbs = limbno+1;
     }
-    a->d[limbno] |= (A_LIMB_1<<bitno);
-    for( bitno++; bitno < BITS_PER_MPI_LIMB; bitno++ )
-	a->d[limbno] &= ~(A_LIMB_1 << bitno);
-    a->nlimbs = limbno+1;
+  a->d[limbno] |= (A_LIMB_1<<bitno);
+  for ( bitno++; bitno < BITS_PER_MPI_LIMB; bitno++ )
+    a->d[limbno] &= ~(A_LIMB_1 << bitno);
+  a->nlimbs = limbno+1;
 }
 
 /****************
@@ -188,26 +188,77 @@
 }
 
 
-/****************
- * Shift A by N bits to the right
- * FIXME: should use alloc_limb if X and A are same.
+/*
+ * Shift A by N bits to the right.
  */
 void
-gcry_mpi_rshift( gcry_mpi_t x, gcry_mpi_t a, unsigned n )
+gcry_mpi_rshift ( gcry_mpi_t x, gcry_mpi_t a, unsigned int n )
 {
-    mpi_ptr_t xp;
-    mpi_size_t xsize;
+  mpi_size_t xsize;
+  unsigned int i;
+  unsigned int nlimbs = (n/BITS_PER_MPI_LIMB);
+  unsigned int nbits = (n%BITS_PER_MPI_LIMB);
 
-    xsize = a->nlimbs;
-    x->sign = a->sign;
-    RESIZE_IF_NEEDED(x, xsize);
-    xp = x->d;
+  if ( x == a )
+    {
+      /* In-place operation.  */
+      if ( nlimbs >= x->nlimbs )
+        {
+          x->nlimbs = 0;
+          return;
+        }
 
-    if( xsize ) {
-	_gcry_mpih_rshift( xp, a->d, xsize, n);
-	MPN_NORMALIZE( xp, xsize);
+      if (nlimbs)
+        {
+          for (i=0; i < x->nlimbs - nlimbs; i++ )
+            x->d[i] = x->d[i+nlimbs];
+          x->d[i] = 0;
+          x->nlimbs -= nlimbs;
+
+        }
+      if ( x->nlimbs && nbits )
+        _gcry_mpih_rshift ( x->d, x->d, x->nlimbs, nbits );
     }
-    x->nlimbs = xsize;
+  else if ( nlimbs )
+    {
+      /* Copy and shift by more or equal bits than in a limb. */
+      xsize = a->nlimbs;
+      x->sign = a->sign;
+      RESIZE_IF_NEEDED (x, xsize);
+      x->nlimbs = xsize;
+      for (i=0; i < a->nlimbs; i++ )
+        x->d[i] = a->d[i];
+      x->nlimbs = i;
+
+      if ( nlimbs >= x->nlimbs )
+        {
+          x->nlimbs = 0;
+          return;
+        }
+
+      if (nlimbs)
+        {
+          for (i=0; i < x->nlimbs - nlimbs; i++ )
+            x->d[i] = x->d[i+nlimbs];
+          x->d[i] = 0;
+          x->nlimbs -= nlimbs;
+        }
+
+      if ( x->nlimbs && nbits )
+        _gcry_mpih_rshift ( x->d, x->d, x->nlimbs, nbits );
+    }
+  else
+    {
+      /* Copy and shift by less than bits in a limb.  */
+      xsize = a->nlimbs;
+      x->sign = a->sign;
+      RESIZE_IF_NEEDED (x, xsize);
+      x->nlimbs = xsize;
+      
+      if ( xsize )
+        _gcry_mpih_rshift (x->d, a->d, x->nlimbs, nbits );
+    }
+  MPN_NORMALIZE (x->d, x->nlimbs);
 }
 
 

Modified: trunk/mpi/mpiutil.c
===================================================================
--- trunk/mpi/mpiutil.c	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/mpi/mpiutil.c	2006-08-04 10:18:14 UTC (rev 1172)
@@ -115,17 +115,30 @@
 
 
 /****************
- * Resize the array of A to NLIMBS. the additional space is cleared
- * (set to 0) [done by gcry_realloc()]
+ * Resize the array of A to NLIMBS. The additional space is cleared
+ * (set to 0).
  */
 void
 _gcry_mpi_resize (gcry_mpi_t a, unsigned nlimbs)
 {
+  size_t i;
+
   if (nlimbs <= a->alloced)
-    return; /* no need to do it */
+    {
+      /* We only need to clear the new space (this is a nop if the
+         limb space is already of the correct size. */
+      for (i=a->nlimbs; i < a->alloced; i++)
+        a->d[i] = 0;
+      return; 
+    }
 
+  /* Actually resize the limb space.  */
   if (a->d)
-    a->d = gcry_xrealloc (a->d, nlimbs * sizeof (mpi_limb_t));
+    {
+      a->d = gcry_xrealloc (a->d, nlimbs * sizeof (mpi_limb_t));
+      for (i=a->alloced; i < nlimbs; i++)
+        a->d[i] = 0;
+    }
   else
     {
       if (a->flags & 1)

Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/tests/ChangeLog	2006-08-04 10:18:14 UTC (rev 1172)
@@ -1,3 +1,7 @@
+2006-08-03  Werner Koch  <wk@g10code.com>
+
+	* t-mpi-bit.c: New.
+
 2006-07-06  Werner Koch  <wk@g10code.com>
 
 	* benchmark.c (main): New option --use-random-daemon.  New command

Modified: trunk/tests/Makefile.am
===================================================================
--- trunk/tests/Makefile.am	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/tests/Makefile.am	2006-08-04 10:18:14 UTC (rev 1172)
@@ -18,7 +18,7 @@
 
 ## Process this file with automake to produce Makefile.in
 
-TESTS = prime register ac ac-schemes ac-data basic \
+TESTS = t-mpi-bit prime register ac ac-schemes ac-data basic \
         tsexp keygen pubkey benchmark pkbench hmac keygrip
 
 INCLUDES = -I$(top_srcdir)/src

Added: trunk/tests/t-mpi-bit.c
===================================================================
--- trunk/tests/t-mpi-bit.c	2006-07-29 00:11:31 UTC (rev 1171)
+++ trunk/tests/t-mpi-bit.c	2006-08-04 10:18:14 UTC (rev 1172)
@@ -0,0 +1,241 @@
+/* t-mpi-bit.c  - Tests for bit level functions
+ * Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, 
+ * MA 02110-1301, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <stdarg.h>
+
+#include "../src/gcrypt.h"
+
+#define PGM "t-mpi-bit"
+
+static const char *wherestr;
+static int verbose;
+static int error_count;
+
+#define xmalloc(a)    gcry_xmalloc ((a))
+#define xcalloc(a,b)  gcry_xcalloc ((a),(b))
+#define xfree(a)      gcry_free ((a))
+#define pass() do { ; } while (0)
+
+static void
+show (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  if (!verbose)
+    return;
+  fprintf (stderr, "%s: ", PGM);
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+}
+
+static void
+fail (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  fflush (stdout);
+  fprintf (stderr, "%s: ", PGM);
+  if (wherestr)
+    fprintf (stderr, "%s: ", wherestr);
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+  error_count++;
+}
+
+static void
+die (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  fflush (stdout);
+  fprintf (stderr, "%s: ", PGM);
+  if (wherestr)
+    fprintf (stderr, "%s: ", wherestr);
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+  exit (1);
+}
+
+/* Allocate a bit string consisting of '0' and '1' from the MPI
+   A. Return the LENGTH least significant bits. Caller needs to xfree
+   the result. */
+static char *
+mpi2bitstr (gcry_mpi_t a, size_t length)
+{
+  char *p, *buf;
+  
+  buf = p = xmalloc (length+1);
+  while (length--)
+    *p++ = gcry_mpi_test_bit (a, length) ? '1':'0';
+  *p = 0;
+
+  return buf;
+}
+
+/* Shift a bit string to the right. */
+static void
+rshiftbitstring (char *string, size_t n)
+{
+  size_t len = strlen (string);
+
+  if (n > len)
+    n = len;
+
+  memmove (string+n, string, len-n);
+  memset (string, '0', n);
+}
+
+
+/* This is to check a bug reported by bpgcrypt at itaparica.org on
+   2006-07-31 against libgcrypt 1.2.2.  */
+static void
+one_bit_only (int highbit)
+{
+  gcry_mpi_t a;
+  char *result;
+  int i;
+
+  wherestr = "one_bit_only";
+  show ("checking that set_%sbit does only set one bit\n", highbit?"high":"");
+
+  a = gcry_mpi_new (0);
+  gcry_mpi_randomize (a, 70, GCRY_WEAK_RANDOM);
+  gcry_mpi_set_ui (a, 0);
+
+  if (highbit)
+    gcry_mpi_set_highbit (a, 42);
+  else
+    gcry_mpi_set_bit (a, 42);
+  if (!gcry_mpi_test_bit (a, 42))
+    fail ("failed to set a bit\n");
+  gcry_mpi_clear_bit (a, 42);
+  if (gcry_mpi_test_bit (a, 42))
+    fail ("failed to clear a bit\n");
+  result = mpi2bitstr (a, 70);
+  assert (strlen (result) == 70);
+  show ("r=%s\n", result);
+  for (i=0; result[i]; i++)
+    if ( result[i] != '0' )
+      break;
+  if (result[i])
+    fail ("spurious bits detected\n");
+  xfree (result);
+  gcry_mpi_release (a);
+}
+
+/* Check that the shifting actually works for an amount larger than
+   the number of bits per limb. */
+static void
+test_rshift (int pass)
+{
+  gcry_mpi_t a, b;
+  char *result, *result2;
+  int i;
+
+  wherestr = "test_rshift";
+  show ("checking that rshift works as expected (pass %d)\n", pass);
+
+  a = gcry_mpi_new (0);
+  b = gcry_mpi_new (0);
+  gcry_mpi_randomize (a, 70, GCRY_WEAK_RANDOM);
+
+  for (i=0; i < 75; i++)
+    {
+      gcry_mpi_rshift (b, a, i);
+
+      result = mpi2bitstr (b, 72);
+      result2 = mpi2bitstr (a, 72);
+      rshiftbitstring (result2, i);
+      if (strcmp (result, result2))
+        {
+          show ("got =%s\n", result);
+          show ("want=%s\n", result2);
+          fail ("rshift by %d failed\n", i);
+        }
+      xfree (result);
+      xfree (result2);
+    }
+
+  /* Again. This time using in-place operation. */
+  gcry_mpi_randomize (a, 70, GCRY_WEAK_RANDOM);
+
+  for (i=0; i < 75; i++)
+    {
+      gcry_mpi_release (b);
+      b = gcry_mpi_copy (a);
+      gcry_mpi_rshift (b, b, i);
+
+      result = mpi2bitstr (b, 72);
+      result2 = mpi2bitstr (a, 72);
+      rshiftbitstring (result2, i);
+      if (strcmp (result, result2))
+        {
+          show ("got =%s\n", result);
+          show ("want=%s\n", result2);
+          fail ("in-place rshift by %d failed\n", i);
+        }
+      xfree (result2);
+      xfree (result);
+    }
+
+  gcry_mpi_release (b);
+  gcry_mpi_release (a);
+}
+
+
+int
+main (int argc, char **argv)
+{
+  int debug = 0;
+  int i;
+
+  if (argc > 1 && !strcmp (argv[1], "--verbose"))
+    verbose = 1;
+  else if (argc > 1 && !strcmp (argv[1], "--debug"))
+    verbose = debug = 1;
+
+  if (!gcry_check_version (GCRYPT_VERSION))
+    die ("version mismatch\n");
+
+  gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+  gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+  if (debug)
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
+  gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+
+  one_bit_only (0);
+  one_bit_only (1);
+  for (i=0; i < 5; i++)
+    test_rshift (i); /* Run several times due to random initializations. */
+  
+  show ("All tests completed. Errors: %d\n", error_count);
+  return error_count ? 1 : 0;
+}


From cvs at cvs.gnupg.org  Fri Aug 11 13:04:39 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri Aug 11 12:23:22 2006
Subject: [svn] GnuPG -  r4218 - trunk/common
Message-ID: <E1GBUAT-0000YW-Vm@trithemius.gnupg.org>

Author: wk
Date: 2006-08-11 13:04:38 +0200 (Fri, 11 Aug 2006)
New Revision: 4218

Added:
   trunk/common/http.c
   trunk/common/http.h
Modified:
   trunk/common/ChangeLog
   trunk/common/Makefile.am
   trunk/common/estream.c
Log:
Added http.c from 1.4.  
Added support for estream and gnutls.


Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog	2006-08-01 12:27:00 UTC (rev 4217)
+++ trunk/common/ChangeLog	2006-08-11 11:04:38 UTC (rev 4218)
@@ -1,3 +1,22 @@
+2006-08-11  Werner Koch  <wk@g10code.com>
+
+	* http.c: Major internal changes to optionallly support GNUTLS and
+	ESTREAM.
+	(http_open): Move initialization of the stream ...
+	(send_request): .. here.
+	(http_register_tls_callback): New.
+
+	* estream.c (es_writen): Try to seek only is a seek function has
+	been registered.
+
+2006-08-09  Werner Koch  <wk@g10code.com>
+
+	* http.c, http.h: New.  Taken from gnupg 1.4.5, merged with
+	changes done for the Dirmngr project (by g10 Code) and cleaned up
+	some stuff.
+	(make_header_line): New. Change all caller to make user of the new
+	* Makefile.am (libcommon_a_SOURCES): Added http.c and http.h.
+
 2006-05-23  Werner Koch  <wk@g10code.com>
 
 	* gettime.c (isotimestamp): New.

Modified: trunk/common/Makefile.am
===================================================================
--- trunk/common/Makefile.am	2006-08-01 12:27:00 UTC (rev 4217)
+++ trunk/common/Makefile.am	2006-08-11 11:04:38 UTC (rev 4218)
@@ -52,7 +52,8 @@
 	dynload.h \
 	estream.c estream.h \
 	dns-cert.c dns-cert.h \
-	pka.c pka.h 
+	pka.c pka.h \
+	http.c http.h 
 
 
 libsimple_pwquery_a_SOURCES = \

Modified: trunk/common/estream.c
===================================================================
--- trunk/common/estream.c	2006-08-01 12:27:00 UTC (rev 4217)
+++ trunk/common/estream.c	2006-08-11 11:04:38 UTC (rev 4218)
@@ -559,7 +559,7 @@
     es_func_mem_read,
     es_func_mem_write,
     es_func_mem_seek,
-    es_func_mem_destroy,
+    es_func_mem_destroy
   };
 
 /* Implementation of fd I/O.  */
@@ -1402,16 +1402,19 @@
   if (! (stream->flags & ES_FLAG_WRITING))
     {
       /* Switching to writing mode -> discard input data and seek to
-	 position at which reading has stopped.  */
-
-      err = es_seek (stream, 0, SEEK_CUR, NULL);
-      if (err)
-	{
-	  if (errno == ESPIPE)
-	    err = 0;
-	  else
-	    goto out;
-	}
+	 position at which reading has stopped.  We can do this only
+	 if a seek function has been registered. */
+      if (stream->intern->func_seek)
+        {
+          err = es_seek (stream, 0, SEEK_CUR, NULL);
+          if (err)
+            {
+              if (errno == ESPIPE)
+                err = 0;
+              else
+                goto out;
+            }
+        }
     }
 
   switch (stream->intern->strategy)

Added: trunk/common/http.c
===================================================================
--- trunk/common/http.c	2006-08-01 12:27:00 UTC (rev 4217)
+++ trunk/common/http.c	2006-08-11 11:04:38 UTC (rev 4218)
@@ -0,0 +1,1729 @@
+/* http.c  -  HTTP protocol handler
+ * Copyright (C) 1999, 2001, 2002, 2003, 2004,
+ *               2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+/* Simple HTTP client implementation.  We try to keep the code as
+   self-contained as possible.  There are some contraints however:
+
+  - stpcpy is required
+  - fixme: list other requirements.
+
+
+  - With HTTP_USE_ESTREAM defined, all I/O is done through estream.
+  - With HTTP_USE_GNUTLS support for https is provided (this also
+    requires estream).
+*/
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#ifdef HAVE_W32_SYSTEM
+# include <windows.h>
+#else /*!HAVE_W32_SYSTEM*/
+# include <unistd.h>
+# include <sys/types.h>
+# include <sys/socket.h>
+# include <sys/time.h>
+# include <time.h>
+# include <netinet/in.h>
+# include <arpa/inet.h>
+# include <netdb.h>
+#endif /*!HAVE_W32_SYSTEM*/
+
+#ifdef HTTP_USE_GNUTLS
+# include <gnutls/gnutls.h>
+/* For non-understandable reasons GNUTLS dropped the _t suffix from
+   all types. yes, ISO-C might be read as this but there are still
+   other name space conflicts and using _t is actually a Good
+   Thing. */
+typedef gnutls_session gnutls_session_t;
+typedef gnutls_transport_ptr gnutls_transport_ptr_t;
+#endif /*HTTP_USE_GNUTLS*/
+
+#include "util.h"
+#include "http.h"
+
+/* If we are not compiling with SRV record support we provide stub
+   data structures. */
+#ifndef USE_DNS_SRV
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
+struct srventry
+{
+  unsigned short priority;
+  unsigned short weight;
+  unsigned short port;
+  int run_count;
+  char target[MAXDNAME];
+};
+#endif/*!USE_DNS_SRV*/
+
+
+#ifdef HAVE_W32_SYSTEM
+#define sock_close(a)  closesocket(a)
+#else
+#define sock_close(a)  close(a)
+#endif
+
+#ifndef EAGAIN
+#define EAGAIN  EWOULDBLOCK
+#endif
+
+#define HTTP_PROXY_ENV           "http_proxy"
+#define MAX_LINELEN 20000  /* Max. length of a HTTP header line. */
+#define VALID_URI_CHARS "abcdefghijklmnopqrstuvwxyz"   \
+                        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"   \
+                        "01234567890@"                 \
+                        "!\"#$%&'()*+,-./:;<=>?[\\]^_{|}~"
+
+/* Define a prefix to map stream functions to the estream library. */
+#ifdef HTTP_USE_ESTREAM
+#define P_ES(a)  es_ ## a
+#else
+#define P_ES(a)  a
+#endif
+#ifndef HTTP_USE_GNUTLS
+typedef void * gnutls_session_t;
+#endif
+#if defined(HTTP_USE_GNUTLS) && !defined(HTTP_USE_ESTREAM)
+#error Use of GNUTLS also requires support for Estream
+#endif
+
+static gpg_error_t do_parse_uri (parsed_uri_t uri, int only_local_part);
+static int remove_escapes (char *string);
+static int insert_escapes (char *buffer, const char *string,
+                           const char *special);
+static uri_tuple_t parse_tuple (char *string);
+static gpg_error_t send_request (http_t hd,
+                                 const char *auth, const char *proxy);
+static char *build_rel_path (parsed_uri_t uri);
+static gpg_error_t parse_response (http_t hd);
+
+static int connect_server (const char *server, unsigned short port,
+                           unsigned int flags, const char *srvtag);
+static gpg_error_t write_server (int sock, const char *data, size_t length);
+
+#ifdef HTTP_USE_ESTREAM
+static ssize_t cookie_read (void *cookie, void *buffer, size_t size);
+static ssize_t cookie_write (void *cookie, const void *buffer, size_t size);
+static int cookie_close (void *cookie);
+
+static es_cookie_io_functions_t cookie_functions =
+  {
+    cookie_read,
+    cookie_write,
+    NULL,
+    cookie_close
+  };
+
+struct cookie_s 
+{
+  int fd;  /* File descriptor or -1 if already closed. */
+  gnutls_session_t tls_session;  /* TLS session context or NULL if not used. */
+  int keep_socket; /* Flag to communicate with teh close handler. */
+};
+typedef struct cookie_s *cookie_t;
+
+#endif /*HTTP_USE_ESTREAM*/
+
+#ifdef HTTP_USE_GNUTLS
+static gpg_error_t (*tls_callback) (http_t, gnutls_session_t, int);
+#endif /*HTTP_USE_GNUTLS*/
+
+
+
+#ifdef HAVE_W32_SYSTEM
+static void
+deinit_sockets (void)
+{
+  WSACleanup();
+}
+
+static void
+init_sockets (void)
+{
+  static int initialized;
+  static WSADATA wsdata;
+
+  if (initialized)
+    return;
+
+  if ( WSAStartup( 0x0101, &wsdata ) ) 
+    {
+      log_error ("error initializing socket library: ec=%d\n", 
+                 (int)WSAGetLastError () );
+      return;
+    }
+  if ( wsdata.wVersion < 0x0001 ) 
+    {
+      log_error ("socket library version is %x.%x - but 1.1 needed\n",
+                 LOBYTE(wsdata.wVersion), HIBYTE(wsdata.wVersion));
+      WSACleanup();
+      return;
+    }
+  atexit ( deinit_sockets );
+  initialized = 1;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+
+/*
+ * Helper function to create an HTTP header with hex encoded data.  A
+ * new buffer is returned.  This buffer is the concatenation of the
+ * string PREFIX, the hex-encoded DATA of length LEN and the string
+ * SUFFIX.  On error NULL is returned and ERRNO set.
+ */
+static char *
+make_header_line (const char *prefix, const char *suffix,
+                   const void *data, size_t len )
+{
+  static unsigned char bintoasc[] = 
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+    "abcdefghijklmnopqrstuvwxyz"
+    "0123456789+/";
+  const unsigned int *s = data;
+  char *buffer, *p;
+
+  buffer = xtrymalloc (strlen (prefix) + (len+2)/3*4 + strlen (suffix) + 1);
+  if (!buffer)
+    return NULL;
+  p = stpcpy (buffer, prefix);
+  for ( ; len >= 3 ; len -= 3, s += 3 )
+    {
+      *p++ = bintoasc[(s[0] >> 2) & 077];
+      *p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
+      *p++ = bintoasc[(((s[1]<<2)&074)|((s[2]>>6)&03))&077];
+      *p++ = bintoasc[s[2]&077];
+    }
+  if ( len == 2 ) 
+    {
+      *p++ = bintoasc[(s[0] >> 2) & 077];
+      *p++ = bintoasc[(((s[0] <<4)&060)|((s[1] >> 4)&017))&077];
+      *p++ = bintoasc[((s[1]<<2)&074)];
+      *p++ = '=';
+    }
+  else if ( len == 1 )
+    {
+      *p++ = bintoasc[(s[0] >> 2) & 077];
+      *p++ = bintoasc[(s[0] <<4)&060];
+      *p++ = '=';
+      *p++ = '=';
+    }
+  strcpy (p, suffix);
+  return buffer;
+}
+
+
+
+
+void
+http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) )
+{
+#ifdef HTTP_USE_GNUTLS
+  tls_callback = (gpg_error_t (*) (http_t, gnutls_session_t, int))cb;
+#endif  
+}
+
+
+
+gpg_error_t
+http_open (http_t hd, http_req_t reqtype, const char *url, 
+           const char *auth, unsigned int flags, const char *proxy,
+           void *tls_context)
+{
+  gpg_error_t err;
+
+  if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
+    return gpg_error (GPG_ERR_INV_ARG);
+
+  /* Initialize the handle. */
+  memset (hd, 0, sizeof *hd);
+  hd->sock = -1;
+  hd->initialized = 1;
+  hd->req_type = reqtype;
+  hd->flags = flags;
+  hd->tls_context = tls_context;
+
+  err = http_parse_uri (&hd->uri, url);
+  if (!err)
+    err = send_request (hd, auth, proxy);
+  
+  if (err)
+    {
+      if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
+        sock_close (hd->sock);
+      if (hd->fp_read)
+        P_ES(fclose) (hd->fp_read);
+      if (hd->fp_write)
+        P_ES(fclose) (hd->fp_write);
+      http_release_parsed_uri (hd->uri);
+      hd->initialized = 0;
+    }
+  return err;
+}
+
+
+void
+http_start_data (http_t hd)
+{
+  if (!hd->in_data)
+    {
+#ifdef HTTP_USE_ESTREAM
+      es_fputs ("\r\n", hd->fp_write);
+      es_fflush (hd->fp_write);
+#else
+      fflush (hd->fp_write);
+      write_server (hd->sock, "\r\n", 2);
+#endif
+      hd->in_data = 1;
+    }
+  else
+    P_ES(fflush) (hd->fp_write);
+}
+
+
+gpg_error_t
+http_wait_response (http_t hd, unsigned int *ret_status)
+{
+  gpg_error_t err;
+
+  /* Make sure that we are in the data. */
+  http_start_data (hd);	
+
+  /* We dup the socket, to cope with the fact that fclose closes the
+     underlying socket. In TLS mode we don't do that because we can't
+     close the socket gnutls is working on; instead we make sure that
+     the fclose won't close the socket in this case. */
+#ifdef HTTP_USE_ESTREAM
+  if (hd->write_cookie)
+    {
+      /* The write cookie is only set in the TLS case. */
+      cookie_t cookie = hd->write_cookie;
+      cookie->keep_socket = 1;
+    }
+  else
+#endif /*HTTP_USE_ESTREAM*/
+    {
+      hd->sock = dup (hd->sock);
+      if (hd->sock == -1)
+        return gpg_error_from_errno (errno);
+    }
+  P_ES(fclose) (hd->fp_write);
+  hd->fp_write = NULL;
+#ifdef HTTP_USE_ESTREAM
+  hd->write_cookie = NULL;
+#endif
+
+  if (!(hd->flags & HTTP_FLAG_NO_SHUTDOWN))
+    shutdown (hd->sock, 1);
+  hd->in_data = 0;
+
+#ifdef HTTP_USE_ESTREAM
+  {
+    cookie_t cookie;
+
+    cookie = xtrycalloc (1, sizeof *cookie);
+    if (!cookie)
+      return gpg_error_from_errno (errno);
+    cookie->fd = hd->sock;
+    if (hd->uri->use_tls)
+      cookie->tls_session = hd->tls_context;
+
+    hd->fp_read = es_fopencookie (cookie, "r", cookie_functions);
+    if (!hd->fp_read)
+      {
+        xfree (cookie);
+        return gpg_error_from_errno (errno);
+      }
+  }
+#else /*!HTTP_USE_ESTREAM*/
+  hd->fp_read = fdopen (hd->sock, "r");
+  if (!hd->fp_read)
+    return gpg_error_from_errno (errno);
+#endif /*!HTTP_USE_ESTREAM*/
+
+  err = parse_response (hd);
+  if (!err && ret_status)
+    *ret_status = hd->status_code;
+
+  return err;
+}
+
+
+/* Convenience function to send a request and wait for the response.
+   Closes the handle on error.  If PROXY is not NULL, this value will
+   be used as an HTTP proxy and any enabled $http_proxy gets
+   ignored. */
+gpg_error_t
+http_open_document (http_t hd, const char *document, 
+                    const char *auth, unsigned int flags, const char *proxy,
+                    void *tls_context)
+{
+  gpg_error_t err;
+
+  err = http_open (hd, HTTP_REQ_GET, document, auth, flags, proxy,tls_context);
+  if (err)
+    return err;
+
+  err = http_wait_response (hd, NULL);
+  if (err)
+    http_close (hd, 0);
+
+  return err;
+}
+
+
+void
+http_close (http_t hd, int keep_read_stream)
+{
+  if (!hd || !hd->initialized)
+    return;
+  if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
+    sock_close (hd->sock);
+  if (hd->fp_read && !keep_read_stream)
+    P_ES(fclose) (hd->fp_read);
+  if (hd->fp_write)
+    P_ES(fclose) (hd->fp_write);
+  http_release_parsed_uri (hd->uri);
+  xfree (hd->buffer);
+  hd->initialized = 0;
+}
+
+
+
+/*
+ * Parse an URI and put the result into the newly allocated RET_URI.
+ * The caller must always use release_parsed_uri() to releases the
+ * resources (even on error).
+ */
+gpg_error_t
+http_parse_uri (parsed_uri_t * ret_uri, const char *uri)
+{
+  *ret_uri = xcalloc (1, sizeof **ret_uri + strlen (uri));
+  strcpy ((*ret_uri)->buffer, uri);
+  return do_parse_uri (*ret_uri, 0);
+}
+
+void
+http_release_parsed_uri (parsed_uri_t uri)
+{
+  if (uri)
+    {
+      uri_tuple_t r, r2;
+
+      for (r = uri->query; r; r = r2)
+	{
+	  r2 = r->next;
+	  xfree (r);
+	}
+      xfree (uri);
+    }
+}
+
+
+static gpg_error_t
+do_parse_uri (parsed_uri_t uri, int only_local_part)
+{
+  uri_tuple_t *tail;
+  char *p, *p2, *p3;
+  int n;
+
+  p = uri->buffer;
+  n = strlen (uri->buffer);
+
+  /* Initialize all fields to an empty string or an empty list. */
+  uri->scheme = uri->host = uri->path = p + n;
+  uri->port = 0;
+  uri->params = uri->query = NULL;
+  uri->use_tls = 0;
+
+  /* A quick validity check. */
+  if (strspn (p, VALID_URI_CHARS) != n)
+    return gpg_error (GPG_ERR_BAD_URI);	/* Invalid characters found. */
+
+  if (!only_local_part)
+    {
+      /* Find the scheme. */
+      if (!(p2 = strchr (p, ':')) || p2 == p)
+	return gpg_error (GPG_ERR_BAD_URI); /* No scheme. */
+      *p2++ = 0;
+      strlwr (p);
+      uri->scheme = p;
+      if (!strcmp (uri->scheme, "http"))
+        uri->port = 80;
+#ifdef HTTP_USE_GNUTLS
+      else if (!strcmp (uri->scheme, "https"))
+        {
+          uri->port = 443;
+          uri->use_tls = 1;
+        }
+#endif
+      else if (!strcmp (uri->scheme, "hkp"))
+        uri->port = 11371;
+      else
+	return gpg_error (GPG_ERR_INV_URI); /* Unsupported scheme */
+
+      p = p2;
+
+      /* Find the hostname */
+      if (*p != '/')
+	return gpg_error (GPG_ERR_INV_URI); /* Does not start with a slash. */
+
+      p++;
+      if (*p == '/') /* There seems to be a hostname. */
+	{ 
+	  p++;
+	  if ((p2 = strchr (p, '/')))
+	    *p2++ = 0;
+
+          /* Check for username/password encoding */
+          if ((p3 = strchr (p, '@')))
+            {
+              uri->auth = p;
+              *p3++ = '\0';
+              p = p3;
+            }
+
+	  strlwr (p);
+	  uri->host = p;
+	  if ((p3 = strchr (p, ':')))
+	    {
+	      *p3++ = 0;
+	      uri->port = atoi (p3);
+	    }
+
+	  uri->host = p;
+	  if ((n = remove_escapes (uri->host)) < 0)
+	    return gpg_error (GPG_ERR_BAD_URI);
+	  if (n != strlen (p))
+	    return gpg_error (GPG_ERR_BAD_URI);	/* Hostname incudes a Nul. */
+	  p = p2 ? p2 : NULL;
+	}
+    } /* End global URI part. */
+
+  /* Parse the pathname part */
+  if (!p || !*p)
+    return 0;  /* We don't have a path.  Okay. */
+
+  /* TODO: Here we have to check params. */
+
+  /* Do we have a query part? */
+  if ((p2 = strchr (p, '?')))
+    *p2++ = 0;
+
+  uri->path = p;
+  if ((n = remove_escapes (p)) < 0)
+    return gpg_error (GPG_ERR_BAD_URI);
+  if (n != strlen (p))
+    return gpg_error (GPG_ERR_BAD_URI);	/* Path includes a Nul. */
+  p = p2 ? p2 : NULL;
+
+  if (!p || !*p)	
+    return 0; /* We don't have a query string.  Okay. */
+
+  /* Now parse the query string. */
+  tail = &uri->query;
+  for (;;)
+    {
+      uri_tuple_t elem;
+
+      if ((p2 = strchr (p, '&')))
+	*p2++ = 0;
+      if (!(elem = parse_tuple (p)))
+	return gpg_error (GPG_ERR_BAD_URI);
+      *tail = elem;
+      tail = &elem->next;
+
+      if (!p2)
+	break; /* Ready. */
+      p = p2;
+    }
+
+  return 0;
+}
+
+
+/*
+ * Remove all %xx escapes; this is done in-place.  Returns: New length
+ * of the string.
+ */
+static int
+remove_escapes (char *string)
+{
+  int n = 0;
+  unsigned char *p, *s;
+
+  for (p = s = (unsigned char*)string; *s; s++)
+    {
+      if (*s == '%')
+	{
+	  if (s[1] && s[2] && isxdigit (s[1]) && isxdigit (s[2]))
+	    {
+	      s++;
+	      *p = *s >= '0' && *s <= '9' ? *s - '0' :
+		*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
+	      *p <<= 4;
+	      s++;
+	      *p |= *s >= '0' && *s <= '9' ? *s - '0' :
+		*s >= 'A' && *s <= 'F' ? *s - 'A' + 10 : *s - 'a' + 10;
+	      p++;
+	      n++;
+	    }
+	  else
+	    {
+	      *p++ = *s++;
+	      if (*s)
+		*p++ = *s++;
+	      if (*s)
+		*p++ = *s++;
+	      if (*s)
+		*p = 0;
+	      return -1; /* Bad URI. */
+	    }
+	}
+      else
+	{
+	  *p++ = *s;
+	  n++;
+	}
+    }
+  *p = 0; /* Make sure to keep a string terminator. */
+  return n;
+}
+
+
+static int
+insert_escapes (char *buffer, const char *string,
+		const char *special)
+{
+  const unsigned char *s = (const unsigned char*)string;
+  int n = 0;
+
+  for (; *s; s++)
+    {
+      if (strchr (VALID_URI_CHARS, *s) && !strchr (special, *s))
+	{
+	  if (buffer)
+	    *(unsigned char*)buffer++ = *s;
+	  n++;
+	}
+      else
+	{
+	  if (buffer)
+	    {
+	      sprintf (buffer, "%%%02X", *s);
+	      buffer += 3;
+	    }
+	  n += 3;
+	}
+    }
+  return n;
+}
+
+
+static uri_tuple_t
+parse_tuple (char *string)
+{
+  char *p = string;
+  char *p2;
+  int n;
+  uri_tuple_t tuple;
+
+  if ((p2 = strchr (p, '=')))
+    *p2++ = 0;
+  if ((n = remove_escapes (p)) < 0)
+    return NULL; /* Bad URI. */
+  if (n != strlen (p))
+    return NULL; /* Name with a Nul in it. */
+  tuple = xtrycalloc (1, sizeof *tuple);
+  if (!tuple)
+    return NULL; /* Out of core. */
+  tuple->name = p;
+  if (!p2) /* We have only the name, so we assume an empty value string. */
+    {
+      tuple->value = p + strlen (p);
+      tuple->valuelen = 0;
+      tuple->no_value = 1; /* Explicitly mark that we have seen no '='. */
+    }
+  else /* Name and value. */
+    {
+      if ((n = remove_escapes (p2)) < 0)
+	{
+	  xfree (tuple);
+	  return NULL; /* Bad URI. */
+	}
+      tuple->value = p2;
+      tuple->valuelen = n;
+    }
+  return tuple;
+}
+
+
+/*
+ * Send a HTTP request to the server
+ * Returns 0 if the request was successful
+ */
+static gpg_error_t
+send_request (http_t hd, const char *auth, const char *proxy)
+{
+  gnutls_session_t tls_session;
+  gpg_error_t err;
+  const char *server;
+  char *request, *p;
+  unsigned short port;
+  const char *http_proxy = NULL;
+  char *proxy_authstr = NULL;
+  char *authstr = NULL;
+  int save_errno;
+
+  tls_session = hd->tls_context;
+  if (hd->uri->use_tls && !tls_session)
+    {
+      log_error ("TLS requested but no GNUTLS context provided\n");
+      return gpg_error (GPG_ERR_INTERNAL);
+    }
+
+  server = *hd->uri->host ? hd->uri->host : "localhost";
+  port = hd->uri->port ? hd->uri->port : 80;
+
+  if ( (proxy && *proxy)
+       || ( (hd->flags & HTTP_FLAG_TRY_PROXY)
+            && (http_proxy = getenv (HTTP_PROXY_ENV)) 
+            && *http_proxy ))
+    {
+      parsed_uri_t uri;
+
+      if (proxy)
+	http_proxy = proxy;
+
+      err = http_parse_uri (&uri, http_proxy);
+      if (err)
+	{
+	  log_error ("invalid HTTP proxy (%s): %s\n",
+		     http_proxy, gpg_strerror (err));
+	  http_release_parsed_uri (uri);
+	  return gpg_error (GPG_ERR_CONFIGURATION);
+
+	}
+
+      if (uri->auth)
+        {
+          remove_escapes (uri->auth);
+          proxy_authstr = make_header_line ("Proxy-Authorization: Basic ",
+                                            "\r\n",
+                                            uri->auth, strlen(uri->auth));
+          if (!proxy_authstr)
+            {
+              err = gpg_error_from_errno (errno);
+              http_release_parsed_uri (uri);
+              return err;
+            }
+        }
+
+      hd->sock = connect_server (*uri->host ? uri->host : "localhost",
+				 uri->port ? uri->port : 80,
+                                 hd->flags, hd->uri->scheme);
+      save_errno = errno;
+      http_release_parsed_uri (uri);
+    }
+  else
+    {
+      hd->sock = connect_server (server, port, hd->flags, hd->uri->scheme);
+      save_errno = errno;
+    }
+
+  if (hd->sock == -1)
+    {
+      xfree (proxy_authstr);
+      return gpg_error_from_errno (save_errno);
+    }
+
+#ifdef HTTP_USE_GNUTLS
+  if (hd->uri->use_tls)
+    {
+      int rc;
+
+      gnutls_transport_set_ptr (tls_session, (gnutls_transport_ptr_t)hd->sock);
+      do
+        {
+          rc = gnutls_handshake (tls_session);
+        }
+      while (rc == GNUTLS_E_INTERRUPTED || rc == GNUTLS_E_AGAIN);
+      if (rc < 0)
+        {
+          log_info ("TLS handshake failed: %s\n", gnutls_strerror (rc));
+          xfree (proxy_authstr);
+          return gpg_error (GPG_ERR_NETWORK);
+        }
+
+      if (tls_callback)
+        {
+          err = tls_callback (hd, tls_session, 0);
+          if (err)
+            {
+              log_info ("TLS connection authentication failed: %s\n",
+                        gpg_strerror (err));
+              xfree (proxy_authstr);
+              return err;
+            }
+        }
+    }
+#endif /*HTTP_USE_GNUTLS*/
+
+  if (auth || hd->uri->auth)
+    {
+      char *myauth;
+      
+      if (auth)
+        {
+          myauth = xtrystrdup (auth);
+          if (!myauth)
+            {
+              xfree (proxy_authstr);
+              return gpg_error_from_errno (errno);
+            }
+          remove_escapes (myauth);
+        }
+      else
+        {
+          remove_escapes (hd->uri->auth);
+          myauth = hd->uri->auth;
+        }
+
+      authstr = make_header_line ("Authorization: Basic %s", "\r\n",
+                                  myauth, strlen (myauth));
+      if (auth)
+        xfree (myauth);
+
+      if (!authstr)
+        {
+          xfree (proxy_authstr);
+          return gpg_error_from_errno (errno);
+        }
+    }
+  
+  p = build_rel_path (hd->uri);
+  if (!p)
+    return gpg_error_from_errno (errno);
+
+  request = xtrymalloc (2 * strlen (server) 
+                        + strlen (p)
+                        + (authstr?strlen(authstr):0)
+                        + (proxy_authstr?strlen(proxy_authstr):0)
+                        + 100);
+  if (!request)
+    {
+      err = gpg_error_from_errno (errno);
+      xfree (p);
+      xfree (authstr);
+      xfree (proxy_authstr);
+      return err;
+    }
+
+  if (http_proxy && *http_proxy)
+    {
+      sprintf (request, "%s http://%s:%hu%s%s HTTP/1.0\r\n%s%s",
+	       hd->req_type == HTTP_REQ_GET ? "GET" :
+	       hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
+	       hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
+	       server, port, *p == '/' ? "" : "/", p,
+	       authstr ? authstr : "",
+               proxy_authstr ? proxy_authstr : "");
+    }
+  else
+    {
+      char portstr[35];
+        
+      if (port == 80)
+        *portstr = 0;
+      else
+        sprintf (portstr, ":%u", port);
+
+      sprintf (request, "%s %s%s HTTP/1.0\r\nHost: %s%s\r\n%s",
+	       hd->req_type == HTTP_REQ_GET ? "GET" :
+	       hd->req_type == HTTP_REQ_HEAD ? "HEAD" :
+	       hd->req_type == HTTP_REQ_POST ? "POST" : "OOPS",
+	       *p == '/' ? "" : "/", p, server, portstr,
+               authstr? authstr:"");
+    }
+  xfree (p);
+
+
+#ifdef HTTP_USE_ESTREAM
+  /* First setup estream so that we can write even the first line
+     using estream.  This is also required for the sake of gnutls. */
+  {
+    cookie_t cookie;
+
+    cookie = xtrycalloc (1, sizeof *cookie);
+    if (!cookie)
+      {
+        err = gpg_error_from_errno (errno);
+        goto leave;
+      }
+    cookie->fd = hd->sock;
+    if (hd->uri->use_tls)
+      {
+        cookie->tls_session = tls_session;
+        hd->write_cookie = cookie;
+      }
+
+    hd->fp_write = es_fopencookie (cookie, "w", cookie_functions);
+    if (!hd->fp_write)
+      {
+        xfree (cookie);
+        err = gpg_error_from_errno (errno);
+      }
+    else if (es_fputs (request, hd->fp_write) || es_fflush (hd->fp_write))
+      err = gpg_error_from_errno (errno);
+    else
+      err = 0;
+  }
+
+ leave:
+
+#else /*!HTTP_USE_ESTREAM*/
+  /* We send out the start of the request through our own send
+     function and only then assign a stdio stream.  This allows for
+     better error reporting that through standard stdio means. */
+  err = write_server (hd->sock, request, strlen (request));
+  if (!err)
+    {
+      hd->fp_write = fdopen (hd->sock, "w");
+      if (!hd->fp_write)
+        err = gpg_error_from_errno (errno);
+    }
+#endif /*!HTTP_USE_ESTREAM*/
+
+  xfree (request);
+  xfree (authstr);
+  xfree (proxy_authstr);
+
+  return err;
+}
+
+
+/*
+ * Build the relative path from the parsed URI.  Minimal
+ * implementation.  May return NULL in case of memory failure; errno
+ * is then set accordingly.
+ */
+static char *
+build_rel_path (parsed_uri_t uri)
+{
+  uri_tuple_t r;
+  char *rel_path, *p;
+  int n;
+
+  /* Count the needed space. */
+  n = insert_escapes (NULL, uri->path, "%;?&");
+  /* TODO: build params. */
+  for (r = uri->query; r; r = r->next)
+    {
+      n++; /* '?'/'&' */
+      n += insert_escapes (NULL, r->name, "%;?&=");
+      if (!r->no_value)
+	{
+	  n++; /* '=' */
+	  n += insert_escapes (NULL, r->value, "%;?&=");
+	}
+    }
+  n++;
+
+  /* Now allocate and copy. */
+  p = rel_path = xtrymalloc (n);
+  if (!p)
+    return NULL;
+  n = insert_escapes (p, uri->path, "%;?&");
+  p += n;
+  /* TODO: add params. */
+  for (r = uri->query; r; r = r->next)
+    {
+      *p++ = r == uri->query ? '?' : '&';
+      n = insert_escapes (p, r->name, "%;?&=");
+      p += n;
+      if (!r->no_value)
+	{
+	  *p++ = '=';
+	  /* TODO: Use valuelen. */
+	  n = insert_escapes (p, r->value, "%;?&=");
+	  p += n;
+	}
+    }
+  *p = 0;
+  return rel_path;
+}
+
+
+
+/*
+   Same as fgets() but if the buffer is too short a larger one will be
+   allocated up to some limit *MAX_LENGTH.  A line is considered a
+   byte stream ending in a LF.  Returns the length of the line. EOF is
+   indicated by a line of length zero. The last LF may be missing due
+   to an EOF.  If MAX_LENGTH is zero on return, the line has been
+   truncated.  If the returned buffer is NULL, not enough memory was
+   enable to increase it, the return value will also be 0 and some
+   bytes might have been lost which should be no problem becuase
+   out-of-memory is pretty fatal for most applications.
+
+   If a line has been truncated, the file pointer is internally moved
+   forward to the end of the line.
+
+   Note: The returned buffer is allocated with enough extra space to
+   append a CR,LF,Nul
+ */
+static size_t
+my_read_line (
+#ifdef HTTP_USE_ESTREAM
+              estream_t fp,
+#else
+              FILE *fp,
+#endif
+              char **addr_of_buffer,
+              size_t *length_of_buffer, size_t *max_length)
+{
+  int c;
+  char *buffer = *addr_of_buffer;
+  size_t length = *length_of_buffer;
+  size_t nbytes = 0;
+  size_t maxlen = *max_length;
+  char *p;
+
+  if (!buffer) /* Must allocate a new buffer. */
+    {		
+      length = 256;
+      buffer = xtrymalloc (length);
+      *addr_of_buffer = buffer;
+      if (!buffer)
+	{
+	  *length_of_buffer = *max_length = 0;
+	  return 0;
+	}
+      *length_of_buffer = length;
+    }
+
+  length -= 3; /* Reserve 3 bytes (cr,lf,eol). */
+  p = buffer;
+  while ((c = P_ES(getc) (fp)) != EOF)
+    {
+      if (nbytes == length) /* Increase the buffer. */
+	{			
+	  if (length > maxlen) /* Limit reached. */
+	    {
+	      /* Skip the rest of the line. */
+	      while (c != '\n' && (c = P_ES(getc) (fp)) != EOF)
+		;
+	      *p++ = '\n'; /* Always append a LF (we reserved some space). */
+	      nbytes++;
+	      *max_length = 0; /* Indicate truncation */
+	      break; /*(the while loop)*/
+	    }
+	  length += 3; /* Adjust for the reserved bytes. */
+	  length += length < 1024 ? 256 : 1024;
+	  *addr_of_buffer = xtryrealloc (buffer, length);
+	  if (!*addr_of_buffer)
+	    {
+	      int save_errno = errno;
+	      xfree (buffer);
+	      *length_of_buffer = *max_length = 0;
+	      errno = save_errno;
+	      return 0;
+	    }
+	  buffer = *addr_of_buffer;
+	  *length_of_buffer = length;
+	  length -= 3; /* And re-adjust for the reservation. */
+	  p = buffer + nbytes;
+	}
+      *p++ = c;
+      nbytes++;
+      if (c == '\n')
+	break;
+    }
+  *p = 0; /* Make sure the line is a string. */
+
+  return nbytes;
+}
+
+
+/*
+ * Parse the response from a server.
+ * Returns: Errorcode and sets some files in the handle
+ */
+static gpg_error_t
+parse_response (http_t hd)
+{
+  char *line, *p, *p2;
+  size_t maxlen, len;
+
+  /* Wait for the status line. */
+  do
+    {
+      maxlen = MAX_LINELEN;
+      len = my_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
+      line = hd->buffer;
+      if (!line)
+	return gpg_error_from_errno (errno); /* Out of core. */
+      if (!maxlen)
+	return gpg_error (GPG_ERR_TRUNCATED); /* Line has been truncated. */
+      if (!len)
+	return gpg_error (GPG_ERR_EOF);
+    }
+  while (!*line);
+
+  if ((p = strchr (line, '/')))
+    *p++ = 0;
+  if (!p || strcmp (line, "HTTP"))
+    return 0; /* Assume http 0.9. */
+
+  if ((p2 = strpbrk (p, " \t")))
+    {
+      *p2++ = 0;
+      p2 += strspn (p2, " \t");
+    }
+  if (!p2)
+    return 0; /* Also assume http 0.9. */
+  p = p2;
+  /* TODO: Add HTTP version number check. */
+  if ((p2 = strpbrk (p, " \t")))
+    *p2++ = 0;
+  if (!isdigit ((unsigned int)p[0]) || !isdigit ((unsigned int)p[1])
+      || !isdigit ((unsigned int)p[2]) || p[3])
+    {
+      /* Malformed HTTP status code - assume http 0.9. */
+      hd->is_http_0_9 = 1;
+      hd->status_code = 200;
+      return 0;
+    }
+  hd->status_code = atoi (p);
+
+  /* Skip all the header lines and wait for the empty line. */
+  do
+    {
+      maxlen = MAX_LINELEN;
+      len = my_read_line (hd->fp_read, &hd->buffer, &hd->buffer_size, &maxlen);
+      line = hd->buffer;
+      if (!line)
+	return gpg_error_from_errno (errno); /* Out of core. */
+      /* Note, that we can silently ignore truncated lines. */
+      if (!len)
+	return gpg_error (GPG_ERR_EOF);
+      /* Trim line endings of empty lines. */
+      if ((*line == '\r' && line[1] == '\n') || *line == '\n')
+	*line = 0;
+    }
+  while (len && *line);
+
+  return 0;
+}
+
+#if 0
+static int
+start_server ()
+{
+  struct sockaddr_in mya;
+  struct sockaddr_in peer;
+  int fd, client;
+  fd_set rfds;
+  int addrlen;
+  int i;
+
+  if ((fd = socket (AF_INET, SOCK_STREAM, 0)) == -1)
+    {
+      log_error ("socket() failed: %s\n", strerror (errno));
+      return -1;
+    }
+  i = 1;
+  if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (byte *) & i, sizeof (i)))
+    log_info ("setsockopt(SO_REUSEADDR) failed: %s\n", strerror (errno));
+
+  mya.sin_family = AF_INET;
+  memset (&mya.sin_addr, 0, sizeof (mya.sin_addr));
+  mya.sin_port = htons (11371);
+
+  if (bind (fd, (struct sockaddr *) &mya, sizeof (mya)))
+    {
+      log_error ("bind to port 11371 failed: %s\n", strerror (errno));
+      sock_close (fd);
+      return -1;
+    }
+
+  if (listen (fd, 5))
+    {
+      log_error ("listen failed: %s\n", strerror (errno));
+      sock_close (fd);
+      return -1;
+    }
+
+  for (;;)
+    {
+      FD_ZERO (&rfds);
+      FD_SET (fd, &rfds);
+
+      if (select (fd + 1, &rfds, NULL, NULL, NULL) <= 0)
+	continue;		/* ignore any errors */
+
+      if (!FD_ISSET (fd, &rfds))
+	continue;
+
+      addrlen = sizeof peer;
+      client = accept (fd, (struct sockaddr *) &peer, &addrlen);
+      if (client == -1)
+	continue;		/* oops */
+
+      log_info ("connect from %s\n", inet_ntoa (peer.sin_addr));
+
+      fflush (stdout);
+      fflush (stderr);
+      if (!fork ())
+	{
+	  int c;
+	  FILE *fp;
+
+	  fp = fdopen (client, "r");
+	  while ((c = getc (fp)) != EOF)
+	    putchar (c);
+	  fclose (fp);
+	  exit (0);
+	}
+      sock_close (client);
+    }
+
+
+  return 0;
+}
+#endif
+
+/* Actually connect to a server.  Returns the file descripto or -1 on
+   error.  ERRNO is set on error. */
+static int
+connect_server (const char *server, unsigned short port,
+                unsigned int flags, const char *srvtag)
+{
+  int sock = -1;
+  int srvcount = 0;
+  int hostfound = 0;
+  int srv, connected;
+  int last_errno = 0;
+  struct srventry *serverlist = NULL;
+
+#ifdef HAVE_W32_SYSTEM
+  unsigned long inaddr;
+
+  init_sockets();
+  /* Win32 gethostbyname doesn't handle IP addresses internally, so we
+     try inet_addr first on that platform only. */
+  inaddr = inet_addr(server);
+  if ( inaddr != INADDR_NONE )
+    {
+      struct sockaddr_in addr;
+      
+      memset(&addr,0,sizeof(addr));
+      
+      sock = socket(AF_INET,SOCK_STREAM,0);
+      if ( sock==INVALID_SOCKET )
+	{
+	  log_error("error creating socket: ec=%d\n",(int)WSAGetLastError());
+	  return -1;
+	}
+
+      addr.sin_family = AF_INET; 
+      addr.sin_port = htons(port);
+      memcpy (&addr.sin_addr,&inaddr,sizeof(inaddr));      
+
+      if (!connect (sock,(struct sockaddr *)&addr,sizeof(addr)) )
+	return sock;
+      sock_close(sock);
+      return -1;
+    }
+#endif /*HAVE_W32_SYSTEM*/
+
+#ifdef USE_DNS_SRV
+  /* Do the SRV thing */
+  if ((flags & HTTP_FLAG_TRY_SRV) && srvtag)
+    {
+      /* We're using SRV, so append the tags. */
+      if (1+strlen (srvtag) + 6 + strlen (server) + 1 <= MAXDNAME)
+	{
+	  char srvname[MAXDNAME];
+
+	  stprcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
+                           "._tcp."), server);
+	  srvcount = getsrv (srvname, &serverlist);
+	}
+    }
+#endif /*USE_DNS_SRV*/
+
+  if (!serverlist)
+    {
+      /* Either we're not using SRV, or the SRV lookup failed.  Make
+	 up a fake SRV record. */
+      serverlist = xtrycalloc (1, sizeof *serverlist);
+      if (!serverlist)
+        return -1; /* Out of core.  */
+      serverlist->port = port;
+      strncpy (serverlist->target, server, MAXDNAME);
+      serverlist->target[MAXDNAME-1] = '\0';
+      srvcount = 1;
+    }
+
+#ifdef HAVE_GETADDRINFO
+  connected = 0;
+  for (srv=0; srv < srvcount && !connected; srv++)
+    {
+      struct addrinfo hints, *res, *ai;
+      char portstr[35];
+
+      sprintf (portstr, "%hu", port);
+      memset (&hints, 0, sizeof (hints));
+      hints.ai_socktype = SOCK_STREAM;
+      if (getaddrinfo (serverlist[srv].target, portstr, &hints, &res))
+        continue; /* Not found - try next one. */
+      hostfound = 1;
+
+      for (ai = res; ai && !connected; ai = ai->ai_next)
+        {
+          if (sock != -1)
+            sock_close (sock);
+          sock = socket (ai->ai_family, ai->ai_socktype, ai->ai_protocol);
+          if (sock == -1)
+            {
+              int save_errno = errno;
+              log_error ("error creating socket: %s\n", strerror (errno));
+              freeaddrinfo (res);
+              xfree (serverlist);
+              errno = save_errno;
+              return -1;
+            }
+          
+          if (connect (sock, ai->ai_addr, ai->ai_addrlen))
+            last_errno = errno;
+          else
+            connected = 1;
+        }
+      freeaddrinfo (res);
+    }
+#else /* !HAVE_GETADDRINFO */
+  connected = 0;
+  for (srv=0; srv < srvcount && !connected; srv++)
+    {
+      int i;
+      struct hostent *host = NULL;
+      struct sockaddr_in addr;
+
+      /* Note: This code is not thread-safe.  */
+
+      memset (&addr, 0, sizeof (addr));
+      host = gethostbyname (serverlist[srv].target);
+      if (!host)
+        continue;
+      hostfound = 1;
+
+      if (sock != -1)
+        sock_close (sock);
+      sock = socket (host->h_addrtype, SOCK_STREAM, 0);
+      if (sock == -1)
+        {
+          log_error (_("error creating socket: %s\n"), strerror (errno));
+          xfree (serverlist);
+          return -1;
+        }
+      
+      addr.sin_family = host->h_addrtype;
+      if (addr.sin_family != AF_INET)
+	{
+	  log_error ("unknown address family for `%s'\n",
+                     serverlist[srv].target);
+          xfree (serverlist);
+	  return -1;
+	}
+      addr.sin_port = htons (serverlist[srv].port);
+      if (host->h_length != 4)
+        {
+          log_error ("illegal address length for `%s'\n",
+                     serverlist[srv].target);
+          xfree (serverlist);
+          return -1;
+        }
+
+      /* Try all A records until one responds. */
+      for (i = 0; host->h_addr_list[i] && !connected; i++)
+        {
+          memcpy (&addr.sin_addr, host->h_addr_list[i], host->h_length);
+          if (connect (sock, (struct sockaddr *) &addr, sizeof (addr)))
+            last_errno = errno;
+          else
+            {
+              connected = 1;
+              break;
+            }
+        }
+    }
+#endif /* !HAVE_GETADDRINFO */
+
+  xfree (serverlist);
+
+  if (!connected)
+    {
+#ifdef HAVE_W32_SYSTEM
+      log_error ("can't connect to `%s': %s%sec=%d\n",
+                   server,
+                   hostfound? "":_("host not found"),
+                   hostfound? "":" - ", (int)WSAGetLastError());
+#else
+      log_error ("can't connect to `%s': %s\n",
+                 server,
+                 hostfound? strerror (last_errno):"host not found");
+#endif
+      if (sock != -1)
+	sock_close (sock);
+      errno = last_errno;
+      return -1;
+    }
+  return sock;
+}
+
+
+static gpg_error_t
+write_server (int sock, const char *data, size_t length)
+{
+  int nleft;
+
+  nleft = length;
+  while (nleft > 0)
+    {
+#ifdef HAVE_W32_SYSTEM
+      int nwritten;
+      
+      nwritten = send (sock, data, nleft, 0);
+      if ( nwritten == SOCKET_ERROR ) 
+        {
+          log_info ("network write failed: ec=%d\n", (int)WSAGetLastError ());
+          return G10ERR_NETWORK;
+        }
+#else /*!HAVE_W32_SYSTEM*/
+      int nwritten = write (sock, data, nleft);
+      if (nwritten == -1)
+	{
+	  if (errno == EINTR)
+	    continue;
+	  if (errno == EAGAIN)
+	    {
+	      struct timeval tv;
+
+	      tv.tv_sec = 0;
+	      tv.tv_usec = 50000;
+	      select (0, NULL, NULL, NULL, &tv);
+	      continue;
+	    }
+	  log_info ("network write failed: %s\n", strerror (errno));
+	  return gpg_error_from_errno (errno);
+	}
+#endif /*!HAVE_W32_SYSTEM*/
+      nleft -= nwritten;
+      data += nwritten;
+    }
+
+  return 0;
+}
+
+
+
+#ifdef HTTP_USE_ESTREAM
+/* Read handler for estream.  */
+static ssize_t
+cookie_read (void *cookie, void *buffer, size_t size)
+{
+  cookie_t c = cookie;
+  int nread;
+
+#ifdef HTTP_USE_GNUTLS
+  if (c->tls_session)
+    {
+    again:
+      nread = gnutls_record_recv (c->tls_session, buffer, size);
+      if (nread < 0)
+        {
+          if (nread == GNUTLS_E_INTERRUPTED)
+            goto again;
+          if (nread == GNUTLS_E_AGAIN)
+            {
+              struct timeval tv;
+              
+              tv.tv_sec = 0;
+              tv.tv_usec = 50000;
+              select (0, NULL, NULL, NULL, &tv);
+              goto again;
+            }
+          if (nread == GNUTLS_E_REHANDSHAKE)
+            goto again; /* A client is allowed to just ignore this request. */
+          log_info ("TLS network read failed: %s\n", gnutls_strerror (nread));
+          errno = EIO;
+          return -1;
+        }
+    }
+  else
+#endif /*HTTP_USE_GNUTLS*/
+    {
+      do
+        {
+          nread = read (c->fd, buffer, size);
+        }
+      while (nread == -1 && errno == EINTR);
+    }
+
+  return nread;
+}
+
+/* Write handler for estream.  */
+static ssize_t
+cookie_write (void *cookie, const void *buffer, size_t size)
+{
+  cookie_t c = cookie;
+  int nwritten = 0;
+
+#ifdef HTTP_USE_GNUTLS
+  if (c->tls_session)
+    {
+      int nleft = size;
+      while (nleft > 0)
+        {
+          nwritten = gnutls_record_send (c->tls_session, buffer, nleft); 
+          if (nwritten <= 0)
+            {
+              if (nwritten == GNUTLS_E_INTERRUPTED)
+                continue;
+              if (nwritten == GNUTLS_E_AGAIN)
+                {
+                  struct timeval tv;
+                  
+                  tv.tv_sec = 0;
+                  tv.tv_usec = 50000;
+                  select (0, NULL, NULL, NULL, &tv);
+                  continue;
+                }
+              log_info ("TLS network write failed: %s\n",
+                        gnutls_strerror (nwritten));
+              errno = EIO;
+              return -1;
+            }
+          nleft -= nwritten;
+          buffer += nwritten;
+        }
+    }
+  else
+#endif /*HTTP_USE_GNUTLS*/
+    {
+      if ( write_server (c->fd, buffer, size) )
+        {
+          errno = EIO;
+          nwritten = -1;
+        }
+      else
+        nwritten = size;
+    }
+
+  return nwritten;
+}
+
+/* Close handler for estream.  */
+static int
+cookie_close (void *cookie)
+{
+  cookie_t c = cookie;
+
+  if (!c)
+    return 0;
+
+ #ifdef HTTP_USE_GNUTLS
+  if (c->tls_session && !c->keep_socket)
+    {
+      gnutls_bye (c->tls_session, GNUTLS_SHUT_RDWR);
+    }
+#endif /*HTTP_USE_GNUTLS*/
+  if (c->fd != -1 && !c->keep_socket)
+    close (c->fd);
+
+  xfree (c);
+  return 0;
+}
+#endif /*HTTP_USE_ESTREAM*/
+
+
+
+
+/**** Test code ****/
+#ifdef TEST
+
+static gpg_error_t
+verify_callback (http_t hd, void *tls_context, int reserved)
+{
+  log_info ("verification of certificates skipped\n");
+  return 0;
+}
+
+
+
+/* static void */
+/* my_gnutls_log (int level, const char *text) */
+/* { */
+/*   fprintf (stderr, "gnutls:L%d: %s", level, text); */
+/* } */
+
+int
+main (int argc, char **argv)
+{
+  int rc;
+  parsed_uri_t uri;
+  uri_tuple_t r;
+  struct http_context_s hd;
+  int c;
+  gnutls_session_t tls_session = NULL;
+#ifdef HTTP_USE_GNUTLS
+  gnutls_certificate_credentials certcred;
+  const int certprio[] = { GNUTLS_CRT_X509, 0 };
+#endif /*HTTP_USE_GNUTLS*/
+
+#ifdef HTTP_USE_ESTREAM
+  es_init ();
+#endif
+  log_set_prefix ("http-test", 1 | 4);
+  if (argc == 1)
+    {
+      /*start_server (); */
+      return 0;
+    }
+
+  if (argc != 2)
+    {
+      fprintf (stderr, "usage: http-test uri\n");
+      return 1;
+    }
+  argc--;
+  argv++;
+
+#ifdef HTTP_USE_GNUTLS
+  rc = gnutls_global_init ();
+  if (rc)
+    log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
+  rc = gnutls_certificate_allocate_credentials (&certcred);
+  if (rc)
+    log_error ("gnutls_certificate_allocate_credentials failed: %s\n",
+               gnutls_strerror (rc));
+/*   rc = gnutls_certificate_set_x509_trust_file */
+/*     (certcred, "ca.pem", GNUTLS_X509_FMT_PEM); */
+/*   if (rc) */
+/*     log_error ("gnutls_certificate_set_x509_trust_file failed: %s\n", */
+/*                gnutls_strerror (rc)); */
+  rc = gnutls_init (&tls_session, GNUTLS_CLIENT);
+  if (rc)
+    log_error ("gnutls_init failed: %s\n", gnutls_strerror (rc));
+  rc = gnutls_set_default_priority (tls_session);
+  if (rc)
+    log_error ("gnutls_set_default_priority failed: %s\n",
+               gnutls_strerror (rc));
+  rc = gnutls_certificate_type_set_priority (tls_session, certprio);
+  if (rc)
+    log_error ("gnutls_certificate_type_set_priority failed: %s\n",
+               gnutls_strerror (rc));
+  rc = gnutls_credentials_set (tls_session, GNUTLS_CRD_CERTIFICATE, certcred);
+  if (rc)
+    log_error ("gnutls_credentials_set failed: %s\n", gnutls_strerror (rc));
+/*   gnutls_global_set_log_function (my_gnutls_log); */
+/*   gnutls_global_set_log_level (4); */
+
+  http_register_tls_callback (verify_callback);
+#endif /*HTTP_USE_GNUTLS*/
+
+  rc = http_parse_uri (&uri, *argv);
+  if (rc)
+    {
+      log_error ("`%s': %s\n", *argv, gpg_strerror (rc));
+      http_release_parsed_uri (uri);
+      return 1;
+    }
+
+  printf ("Scheme: %s\n", uri->scheme);
+  printf ("Host  : %s\n", uri->host);
+  printf ("Port  : %u\n", uri->port);
+  printf ("Path  : %s\n", uri->path);
+  for (r = uri->params; r; r = r->next)
+    {
+      printf ("Params: %s", r->name);
+      if (!r->no_value)
+	{
+	  printf ("=%s", r->value);
+	  if (strlen (r->value) != r->valuelen)
+	    printf (" [real length=%d]", (int) r->valuelen);
+	}
+      putchar ('\n');
+    }
+  for (r = uri->query; r; r = r->next)
+    {
+      printf ("Query : %s", r->name);
+      if (!r->no_value)
+	{
+	  printf ("=%s", r->value);
+	  if (strlen (r->value) != r->valuelen)
+	    printf (" [real length=%d]", (int) r->valuelen);
+	}
+      putchar ('\n');
+    }
+  http_release_parsed_uri (uri);
+  uri = NULL;
+
+  rc = http_open_document (&hd, *argv, NULL, HTTP_FLAG_NO_SHUTDOWN,
+                           NULL, tls_session);
+  if (rc)
+    {
+      log_error ("can't get `%s': %s\n", *argv, gpg_strerror (rc));
+      return 1;
+    }
+  log_info ("open_http_document succeeded; status=%u\n", hd.status_code);
+  while ((c = P_ES(getc) (hd.fp_read)) != EOF)
+    putchar (c);
+  http_close (&hd, 0);
+
+#ifdef HTTP_USE_GNUTLS
+  gnutls_deinit (tls_session);
+  gnutls_certificate_free_credentials (certcred);
+  gnutls_global_deinit ();
+#endif /*HTTP_USE_GNUTLS*/
+
+  return 0;
+}
+#endif /*TEST*/
+
+
+/*
+Local Variables:
+compile-command: "gcc -I.. -I../gl -DTEST -DHAVE_CONFIG_H -Wall -O2 -g -o http-test http.c -L. -lcommon -L../jnlib -ljnlib -lgcrypt -lpth -lgnutls"
+End:
+*/

Added: trunk/common/http.h
===================================================================
--- trunk/common/http.h	2006-08-01 12:27:00 UTC (rev 4217)
+++ trunk/common/http.h	2006-08-11 11:04:38 UTC (rev 4218)
@@ -0,0 +1,121 @@
+/* http.h  -  HTTP protocol handler
+ * Copyright (C) 1999, 2000, 2001, 2003,
+ *               2006 Free Software Foundation, Inc.
+ *     
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+#ifndef GNUPG_COMMON_HTTP_H
+#define GNUPG_COMMON_HTTP_H 
+
+#include <gpg-error.h>
+#ifdef HTTP_USE_ESTREAM
+#include "estream.h"
+#endif
+
+struct uri_tuple_s {
+  struct uri_tuple_s *next;
+  const char *name;	/* A pointer into name. */
+  char  *value;         /* A pointer to value (a Nul is always appended). */
+  size_t valuelen;	/* The real length of the value; we need it
+			   because the value may contain embedded Nuls. */
+  int no_value;         /* True if no value has been given in the URL. */
+};
+typedef struct uri_tuple_s *uri_tuple_t;
+
+struct parsed_uri_s 
+{
+  /* All these pointers point into BUFFER; most stuff is not escaped. */
+  char *scheme;	        /* Pointer to the scheme string (lowercase). */
+  int use_tls;          /* Whether TLS should be used. */
+  char *auth;           /* username/password for basic auth */
+  char *host; 	        /* Host (converted to lowercase). */
+  unsigned short port;  /* Port (always set if the host is set). */
+  char *path; 	        /* Path. */
+  uri_tuple_t params;	/* ";xxxxx" */
+  uri_tuple_t query;	/* "?xxx=yyy" */
+  char buffer[1];	/* Buffer which holds a (modified) copy of the URI. */
+};
+typedef struct parsed_uri_s *parsed_uri_t;
+
+typedef enum 
+  {
+    HTTP_REQ_GET  = 1,
+    HTTP_REQ_HEAD = 2,
+    HTTP_REQ_POST = 3
+  } 
+http_req_t;
+
+/* We put the flag values into an enum, so that gdb can display them. */
+enum
+  { 
+    HTTP_FLAG_TRY_PROXY = 1,
+    HTTP_FLAG_NO_SHUTDOWN = 2,
+    HTTP_FLAG_TRY_SRV = 4
+  };
+
+struct http_context_s 
+{
+  int initialized;
+  unsigned int status_code;
+  int sock;
+  int in_data;
+#ifdef HTTP_USE_ESTREAM
+  estream_t fp_read;
+  estream_t fp_write;
+  void *write_cookie;
+#else /*!HTTP_USE_ESTREAM*/
+  FILE *fp_read;
+  FILE *fp_write;
+#endif /*!HTTP_USE_ESTREAM*/
+  void *tls_context;
+  int is_http_0_9;
+  parsed_uri_t uri;
+  http_req_t req_type;
+  char *buffer;          /* Line buffer. */
+  size_t buffer_size;
+  unsigned int flags;
+};
+typedef struct http_context_s *http_t;
+
+void http_register_tls_callback (gpg_error_t (*cb) (http_t, void *, int));
+
+gpg_error_t http_parse_uri (parsed_uri_t *ret_uri, const char *uri);
+
+void http_release_parsed_uri (parsed_uri_t uri);
+
+gpg_error_t http_open (http_t hd, http_req_t reqtype,
+                       const char *url,
+                       const char *auth,
+                       unsigned int flags,
+                       const char *proxy,
+                       void *tls_context);
+
+void http_start_data (http_t hd);
+
+gpg_error_t http_wait_response (http_t hd, unsigned int *ret_status);
+
+void http_close (http_t hd, int keep_read_stream);
+
+gpg_error_t http_open_document (http_t hd,
+                                const char *document,
+                                const char *auth,
+                                unsigned int flags,
+                                const char *proxy,
+                                void *tls_context);
+
+#endif /*GNUPG_COMMON_HTTP_H*/


From cvs at cvs.gnupg.org  Mon Aug 14 16:40:08 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 14 15:58:20 2006
Subject: [svn] GnuPG -  r4219 - trunk/common
Message-ID: <E1GCcxM-0002JQ-2j@trithemius.gnupg.org>

Author: wk
Date: 2006-08-14 16:40:07 +0200 (Mon, 14 Aug 2006)
New Revision: 4219

Modified:
   trunk/common/ChangeLog
   trunk/common/estream.c
   trunk/common/estream.h
   trunk/common/http.c
   trunk/common/http.h
   trunk/common/xreadline.c
Log:
Changed HTTP API.


Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog	2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/ChangeLog	2006-08-14 14:40:07 UTC (rev 4219)
@@ -1,3 +1,21 @@
+2006-08-14  Werner Koch  <wk@g10code.com>
+
+	* http.h (struct http_context_s): Moved to implementation.
+	* http.c (http_open): Changed call to return a context.
+	(http_open_document): Ditto.
+	(http_get_read_ptr, http_get_read_ptr, http_get_status_code): New.
+	(do_parse_uri): Replaced strlwr by straight code to ease
+	standalone use of this file.
+	(http_wait_response): Removed arg STATUS_CODE as it is available
+	through an accessor function. Adjusted caller.
+	(http_escape_string): New.
+
+	* estream.c (es_read_line): Renamed to ..
+	(doreadline): .. this.  Changed all callers.
+	(es_read_line): New.  This is theusual limited getline variabnt as
+	used at several places.  Here taken and adjusted from xreadline.c
+	(es_free): New.
+
 2006-08-11  Werner Koch  <wk@g10code.com>
 
 	* http.c: Major internal changes to optionallly support GNUTLS and

Modified: trunk/common/estream.c
===================================================================
--- trunk/common/estream.c	2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/estream.c	2006-08-14 14:40:07 UTC (rev 4219)
@@ -1,5 +1,5 @@
-/* estream.c - Extended stream I/O/ Library
- * Copyright (C) 2004 g10 Code GmbH
+/* estream.c - Extended Stream I/O Library
+ * Copyright (C) 2004, 2006 g10 Code GmbH
  *
  * This file is part of Libestream.
  *
@@ -1501,9 +1501,9 @@
 
 
 static int
-es_read_line (estream_t ES__RESTRICT stream, size_t max_length,
-	      char *ES__RESTRICT *ES__RESTRICT line,
-	      size_t *ES__RESTRICT line_length)
+doreadline (estream_t ES__RESTRICT stream, size_t max_length,
+             char *ES__RESTRICT *ES__RESTRICT line,
+             size_t *ES__RESTRICT line_length)
 {
   size_t space_left;
   size_t line_size;
@@ -2386,7 +2386,7 @@
       int err;
       
       ESTREAM_LOCK (stream);
-      err = es_read_line (stream, n, &s, NULL);
+      err = doreadline (stream, n, &s, NULL);
       ESTREAM_UNLOCK (stream);
       if (! err)
 	ret = s;
@@ -2420,7 +2420,7 @@
   int err;
 
   ESTREAM_LOCK (stream);
-  err = es_read_line (stream, 0, &line, &line_n);
+  err = doreadline (stream, 0, &line, &line_n);
   ESTREAM_UNLOCK (stream);
   if (err)
     goto out;
@@ -2466,6 +2466,129 @@
 }
 
 
+
+/* Same as fgets() but if the provided buffer is too short a larger
+   one will be allocated.  This is similar to getline. A line is
+   considered a byte stream ending in a LF.
+
+   If MAX_LENGTH is not NULL, it shall point to a value with the
+   maximum allowed allocation.  
+
+   Returns the length of the line. EOF is indicated by a line of
+   length zero. A truncated line is indicated my setting the value at
+   MAX_LENGTH to 0.  If the returned value is less then 0 not enough
+   memory was enable or another error occurred; ERRNO is then set
+   accordingly.
+
+   If a line has been truncated, the file pointer is moved forward to
+   the end of the line so that the next read starts with the next
+   line.  Note that MAX_LENGTH must be re-initialzied in this case.
+
+   The caller initially needs to provide the address of a variable,
+   initialized to NULL, at ADDR_OF_BUFFER and don't change this value
+   anymore with the following invocations.  LENGTH_OF_BUFFER should be
+   the address of a variable, initialized to 0, which is also
+   maintained by this function.  Thus, both paramaters should be
+   considered the state of this function.
+
+   Note: The returned buffer is allocated with enough extra space to
+   allow the caller to append a CR,LF,Nul.  The buffer should be
+   released using es_free.
+ */
+ssize_t
+es_read_line (estream_t stream, 
+              char **addr_of_buffer, size_t *length_of_buffer,
+              size_t *max_length)
+{
+  int c;
+  char  *buffer = *addr_of_buffer;
+  size_t length = *length_of_buffer;
+  size_t nbytes = 0;
+  size_t maxlen = max_length? *max_length : 0;
+  char *p;
+
+  if (!buffer)
+    { 
+      /* No buffer given - allocate a new one. */
+      length = 256;
+      buffer = MEM_ALLOC (length);
+      *addr_of_buffer = buffer;
+      if (!buffer)
+        {
+          *length_of_buffer = 0;
+          if (max_length)
+            *max_length = 0;
+          return -1;
+        }
+      *length_of_buffer = length;
+    }
+
+  if (length < 4)
+    {
+      /* This should never happen. If it does, the fucntion has been
+         called with wrong arguments. */
+      errno = EINVAL;
+      return -1;
+    }
+  length -= 3; /* Reserve 3 bytes for CR,LF,EOL. */
+
+  ESTREAM_LOCK (stream);
+  p = buffer;
+  while  ((c = es_getc_unlocked (stream)) != EOF)
+    {
+      if (nbytes == length)
+        { 
+          /* Enlarge the buffer. */
+          if (maxlen && length > maxlen) 
+            {
+              /* We are beyond our limit: Skip the rest of the line. */
+              while (c != '\n' && (c=es_getc_unlocked (stream)) != EOF)
+                ;
+              *p++ = '\n'; /* Always append a LF (we reserved some space). */
+              nbytes++;
+              if (max_length)
+                *max_length = 0; /* Indicate truncation. */
+              break; /* the while loop. */
+            }
+          length += 3; /* Adjust for the reserved bytes. */
+          length += length < 1024? 256 : 1024;
+          *addr_of_buffer = MEM_REALLOC (buffer, length);
+          if (!*addr_of_buffer)
+            {
+              int save_errno = errno;
+              MEM_FREE (buffer); 
+              *length_of_buffer = *max_length = 0;
+              ESTREAM_UNLOCK (stream);
+              errno = save_errno;
+              return -1;
+            }
+          buffer = *addr_of_buffer;
+          *length_of_buffer = length;
+          length -= 3; 
+          p = buffer + nbytes;
+	}
+      *p++ = c;
+      nbytes++;
+      if (c == '\n')
+        break;
+    }
+  *p = 0; /* Make sure the line is a string. */
+  ESTREAM_UNLOCK (stream);
+
+  return nbytes;
+}
+
+/* Wrapper around free() to match the memory allocation system used
+   by estream.  Should be used for all buffers returned to the caller
+   by libestream. */
+void
+es_free (void *a)
+{
+  if (a)
+    MEM_FREE (a);
+}
+
+
 int
 es_vfprintf (estream_t ES__RESTRICT stream, const char *ES__RESTRICT format,
 	     va_list ap)
@@ -2616,3 +2739,4 @@
 
   return opaque;
 }
+

Modified: trunk/common/estream.h
===================================================================
--- trunk/common/estream.h	2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/estream.h	2006-08-14 14:40:07 UTC (rev 4219)
@@ -184,6 +184,10 @@
 ssize_t es_getline (char *ES__RESTRICT *ES__RESTRICT lineptr,
 		    size_t *ES__RESTRICT n,
 		    estream_t stream);
+ssize_t es_read_line (estream_t stream, 
+                      char **addr_of_buffer, size_t *length_of_buffer,
+                      size_t *max_length);
+void es_free (void *a);
 
 int es_fprintf (estream_t ES__RESTRICT stream,
 		const char *ES__RESTRICT format, ...);

Modified: trunk/common/http.c
===================================================================
--- trunk/common/http.c	2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/http.c	2006-08-14 14:40:07 UTC (rev 4219)
@@ -156,8 +156,32 @@
 static gpg_error_t (*tls_callback) (http_t, gnutls_session_t, int);
 #endif /*HTTP_USE_GNUTLS*/
 
+/* Our handle context. */
+struct http_context_s 
+{
+  unsigned int status_code;
+  int sock;
+  int in_data;
+#ifdef HTTP_USE_ESTREAM
+  estream_t fp_read;
+  estream_t fp_write;
+  void *write_cookie;
+#else /*!HTTP_USE_ESTREAM*/
+  FILE *fp_read;
+  FILE *fp_write;
+#endif /*!HTTP_USE_ESTREAM*/
+  void *tls_context;
+  int is_http_0_9;
+  parsed_uri_t uri;
+  http_req_t req_type;
+  char *buffer;          /* Line buffer. */
+  size_t buffer_size;
+  unsigned int flags;
+};
 
 
+
+
 #ifdef HAVE_W32_SYSTEM
 static void
 deinit_sockets (void)
@@ -253,20 +277,27 @@
 
 
 
+/* Start a HTTP retrieval and return on success in R_HD a context
+   pointer for completing the the request and to wait for the
+   response. */
 gpg_error_t
-http_open (http_t hd, http_req_t reqtype, const char *url, 
+http_open (http_t *r_hd, http_req_t reqtype, const char *url, 
            const char *auth, unsigned int flags, const char *proxy,
            void *tls_context)
 {
   gpg_error_t err;
+  http_t hd;
+  
+  *r_hd = NULL;
 
   if (!(reqtype == HTTP_REQ_GET || reqtype == HTTP_REQ_POST))
     return gpg_error (GPG_ERR_INV_ARG);
 
-  /* Initialize the handle. */
-  memset (hd, 0, sizeof *hd);
+  /* Create the handle. */
+  hd = xtrycalloc (1, sizeof *hd);
+  if (!hd)
+    return gpg_error_from_errno (errno);
   hd->sock = -1;
-  hd->initialized = 1;
   hd->req_type = reqtype;
   hd->flags = flags;
   hd->tls_context = tls_context;
@@ -284,8 +315,10 @@
       if (hd->fp_write)
         P_ES(fclose) (hd->fp_write);
       http_release_parsed_uri (hd->uri);
-      hd->initialized = 0;
+      xfree (hd);
     }
+  else
+    *r_hd = hd;
   return err;
 }
 
@@ -310,7 +343,7 @@
 
 
 gpg_error_t
-http_wait_response (http_t hd, unsigned int *ret_status)
+http_wait_response (http_t hd)
 {
   gpg_error_t err;
 
@@ -370,9 +403,6 @@
 #endif /*!HTTP_USE_ESTREAM*/
 
   err = parse_response (hd);
-  if (!err && ret_status)
-    *ret_status = hd->status_code;
-
   return err;
 }
 
@@ -382,19 +412,20 @@
    be used as an HTTP proxy and any enabled $http_proxy gets
    ignored. */
 gpg_error_t
-http_open_document (http_t hd, const char *document, 
+http_open_document (http_t *r_hd, const char *document, 
                     const char *auth, unsigned int flags, const char *proxy,
                     void *tls_context)
 {
   gpg_error_t err;
 
-  err = http_open (hd, HTTP_REQ_GET, document, auth, flags, proxy,tls_context);
+  err = http_open (r_hd, HTTP_REQ_GET, document, auth, flags,
+                   proxy, tls_context);
   if (err)
     return err;
 
-  err = http_wait_response (hd, NULL);
+  err = http_wait_response (*r_hd);
   if (err)
-    http_close (hd, 0);
+    http_close (*r_hd, 0);
 
   return err;
 }
@@ -403,7 +434,7 @@
 void
 http_close (http_t hd, int keep_read_stream)
 {
-  if (!hd || !hd->initialized)
+  if (!hd)
     return;
   if (!hd->fp_read && !hd->fp_write && hd->sock != -1)
     sock_close (hd->sock);
@@ -413,11 +444,41 @@
     P_ES(fclose) (hd->fp_write);
   http_release_parsed_uri (hd->uri);
   xfree (hd->buffer);
-  hd->initialized = 0;
+  xfree (hd);
 }
 
 
+#ifdef HTTP_USE_ESTREAM
+estream_t
+http_get_read_ptr (http_t hd)
+{
+  return hd?hd->fp_read:NULL;
+}
+estream_t
+http_get_write_ptr (http_t hd)
+{
+  return hd?hd->fp_write:NULL;
+}
+#else /*!HTTP_USE_ESTREAM*/
+FILE *
+http_get_read_ptr (http_t hd)
+{
+  return hd?hd->fp_read:NULL;
+}
+FILE *
+http_get_write_ptr (http_t hd)
+{
+  return hd?hd->fp_write:NULL;
+}
+#endif /*!HTTP_USE_ESTREAM*/
+unsigned int
+http_get_status_code (http_t hd)
+{
+  return hd?hd->status_code:0;
+}
 
+
+
 /*
  * Parse an URI and put the result into the newly allocated RET_URI.
  * The caller must always use release_parsed_uri() to releases the
@@ -452,7 +513,7 @@
 do_parse_uri (parsed_uri_t uri, int only_local_part)
 {
   uri_tuple_t *tail;
-  char *p, *p2, *p3;
+  char *p, *p2, *p3, *pp;
   int n;
 
   p = uri->buffer;
@@ -474,7 +535,8 @@
       if (!(p2 = strchr (p, ':')) || p2 == p)
 	return gpg_error (GPG_ERR_BAD_URI); /* No scheme. */
       *p2++ = 0;
-      strlwr (p);
+      for (pp=p; *pp; pp++)
+       *pp = tolower (*(unsigned char*)pp);
       uri->scheme = p;
       if (!strcmp (uri->scheme, "http"))
         uri->port = 80;
@@ -511,7 +573,8 @@
               p = p3;
             }
 
-	  strlwr (p);
+          for (pp=p; *pp; pp++)
+            *pp = tolower (*(unsigned char*)pp);
 	  uri->host = p;
 	  if ((p3 = strchr (p, ':')))
 	    {
@@ -648,6 +711,29 @@
 }
 
 
+/* Allocate a new string from STRING using standard HTTP escaping as
+   well as escaping of characters given in SPECIALS.  A common pattern
+   for SPECIALS is "%;?&=". However it depends on the needs, for
+   example "+" and "/: often needs to be escaped too.  Returns NULL on
+   failure and sets ERRNO. */
+char *
+http_escape_string (const char *string, const char *specials)
+{
+  int n;
+  char *buf;
+
+  n = insert_escapes (NULL, string, specials);
+  buf = xtrymalloc (n+1);
+  if (buf)
+    {
+      insert_escapes (buf, string, specials);
+      buf[n] = 0;
+    }
+  return buf;
+}
+
+
+
 static uri_tuple_t
 parse_tuple (char *string)
 {
@@ -1095,6 +1181,9 @@
 	return gpg_error (GPG_ERR_TRUNCATED); /* Line has been truncated. */
       if (!len)
 	return gpg_error (GPG_ERR_EOF);
+      if ( (hd->flags & HTTP_FLAG_LOG_RESP) )
+        log_info ("RESP: `%.*s'\n",
+                  (int)strlen(line)-(*line&&line[1]?2:0),line);
     }
   while (!*line);
 
@@ -1138,6 +1227,9 @@
       /* Trim line endings of empty lines. */
       if ((*line == '\r' && line[1] == '\n') || *line == '\n')
 	*line = 0;
+      if ( (hd->flags & HTTP_FLAG_LOG_RESP) )
+        log_info ("RESP: `%.*s'\n",
+                  (int)strlen(line)-(*line&&line[1]?2:0),line);
     }
   while (len && *line);
 
@@ -1603,7 +1695,7 @@
   int rc;
   parsed_uri_t uri;
   uri_tuple_t r;
-  struct http_context_s hd;
+  http_t hd;
   int c;
   gnutls_session_t tls_session = NULL;
 #ifdef HTTP_USE_GNUTLS
@@ -1706,10 +1798,11 @@
       log_error ("can't get `%s': %s\n", *argv, gpg_strerror (rc));
       return 1;
     }
-  log_info ("open_http_document succeeded; status=%u\n", hd.status_code);
-  while ((c = P_ES(getc) (hd.fp_read)) != EOF)
+  log_info ("open_http_document succeeded; status=%u\n",
+            http_get_status_code (hd));
+  while ((c = P_ES(getc) (http_get_read_ptr (hd))) != EOF)
     putchar (c);
-  http_close (&hd, 0);
+  http_close (hd, 0);
 
 #ifdef HTTP_USE_GNUTLS
   gnutls_deinit (tls_session);

Modified: trunk/common/http.h
===================================================================
--- trunk/common/http.h	2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/http.h	2006-08-14 14:40:07 UTC (rev 4219)
@@ -65,31 +65,11 @@
   { 
     HTTP_FLAG_TRY_PROXY = 1,
     HTTP_FLAG_NO_SHUTDOWN = 2,
-    HTTP_FLAG_TRY_SRV = 4
+    HTTP_FLAG_TRY_SRV = 4,
+    HTTP_FLAG_LOG_RESP = 8
   };
 
-struct http_context_s 
-{
-  int initialized;
-  unsigned int status_code;
-  int sock;
-  int in_data;
-#ifdef HTTP_USE_ESTREAM
-  estream_t fp_read;
-  estream_t fp_write;
-  void *write_cookie;
-#else /*!HTTP_USE_ESTREAM*/
-  FILE *fp_read;
-  FILE *fp_write;
-#endif /*!HTTP_USE_ESTREAM*/
-  void *tls_context;
-  int is_http_0_9;
-  parsed_uri_t uri;
-  http_req_t req_type;
-  char *buffer;          /* Line buffer. */
-  size_t buffer_size;
-  unsigned int flags;
-};
+struct http_context_s;
 typedef struct http_context_s *http_t;
 
 void http_register_tls_callback (gpg_error_t (*cb) (http_t, void *, int));
@@ -98,7 +78,7 @@
 
 void http_release_parsed_uri (parsed_uri_t uri);
 
-gpg_error_t http_open (http_t hd, http_req_t reqtype,
+gpg_error_t http_open (http_t *r_hd, http_req_t reqtype,
                        const char *url,
                        const char *auth,
                        unsigned int flags,
@@ -107,15 +87,27 @@
 
 void http_start_data (http_t hd);
 
-gpg_error_t http_wait_response (http_t hd, unsigned int *ret_status);
+gpg_error_t http_wait_response (http_t hd);
 
 void http_close (http_t hd, int keep_read_stream);
 
-gpg_error_t http_open_document (http_t hd,
+gpg_error_t http_open_document (http_t *r_hd,
                                 const char *document,
                                 const char *auth,
                                 unsigned int flags,
                                 const char *proxy,
                                 void *tls_context);
 
+#ifdef HTTP_USE_ESTREAM
+estream_t http_get_read_ptr (http_t hd);
+estream_t http_get_write_ptr (http_t hd);
+#else /*!HTTP_USE_ESTREAM*/
+FILE *http_get_read_ptr (http_t hd);
+FILE *http_get_write_ptr (http_t hd);
+#endif /*!HTTP_USE_ESTREAM*/
+unsigned int http_get_status_code (http_t hd);
+
+char *http_escape_string (const char *string, const char *specials);
+
+
 #endif /*GNUPG_COMMON_HTTP_H*/

Modified: trunk/common/xreadline.c
===================================================================
--- trunk/common/xreadline.c	2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/xreadline.c	2006-08-14 14:40:07 UTC (rev 4219)
@@ -40,8 +40,8 @@
    memory was enable and ERRNO is set accordingly.
 
    If a line has been truncated, the file pointer is moved forward to
-   the end of the line so that the next read start with the next
-   line.  Note that MAX_LENGTH must be re-initialzied in this case..
+   the end of the line so that the next read starts with the next
+   line.  Note that MAX_LENGTH must be re-initialzied in this case.
 
    Note: The returned buffer is allocated with enough extra space to
    append a CR,LF,Nul


From cvs at cvs.gnupg.org  Wed Aug 16 12:42:55 2006
From: cvs at cvs.gnupg.org (svn author twoaday)
Date: Wed Aug 16 12:00:54 2006
Subject: [svn] GPGol - r156 - trunk/src
Message-ID: <E1GDICh-0002Qu-Bp@trithemius.gnupg.org>

Author: twoaday
Date: 2006-08-16 12:42:52 +0200 (Wed, 16 Aug 2006)
New Revision: 156

Removed:
   trunk/src/olgpgcore.def
Modified:
   trunk/src/ChangeLog
   trunk/src/decrypt.bmp
   trunk/src/encrypt.bmp
   trunk/src/engine-gpgme.c
   trunk/src/gpgol-rsrcs.rc
   trunk/src/intern.h
   trunk/src/key_mana.bmp
   trunk/src/olflange.cpp
   trunk/src/passphrase-dialog.c
   trunk/src/recipient-dialog.c
   trunk/src/sign.bmp
Log:
2006-08-15  Timo Schulz  <ts@g10code.de>
                                                                                
        * decrypt.bmp, encrypt.bmp: Restore format.
        * olflange.cpp (OnWriteComplete): Correct exit code handling.
        * recipient-dialog.c (initialize_rsetbox): Correct column width.
        (recipient_dlg_proc): Do not show the cancel error any longer.
        * passphrase-dialog.c (decrypt_key_dlg_proc): Likewise.
        (decrypt_key_ext_dlg_proc): Ditto.
        * olgpgcore.def: Deleted unused file.



Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-06-14 15:49:15 UTC (rev 155)
+++ trunk/src/ChangeLog	2006-08-16 10:42:52 UTC (rev 156)
@@ -1,3 +1,13 @@
+2006-08-15  Timo Schulz  <ts@g10code.de>
+
+	* decrypt.bmp, encrypt.bmp: Restore format.
+	* olflange.cpp (OnWriteComplete): Correct exit code handling.
+	* recipient-dialog.c (initialize_rsetbox): Correct column width.
+	(recipient_dlg_proc): Do not show the cancel error any longer.
+	* passphrase-dialog.c (decrypt_key_dlg_proc): Likewise.
+	(decrypt_key_ext_dlg_proc): Ditto.
+	* olgpgcore.def: Deleted unused file.
+	
 2006-06-14  Timo Schulz  <ts@g10code.com>
 
 	* gpgol-rscs.rc (IDD_OPT): The English version of the dialog

Modified: trunk/src/decrypt.bmp
===================================================================
(Binary files differ)

Modified: trunk/src/encrypt.bmp
===================================================================
(Binary files differ)

Modified: trunk/src/engine-gpgme.c
===================================================================
--- trunk/src/engine-gpgme.c	2006-06-14 15:49:15 UTC (rev 155)
+++ trunk/src/engine-gpgme.c	2006-08-16 10:42:52 UTC (rev 156)
@@ -116,7 +116,6 @@
       return err;
     }
   
-  /*init_keycache_objects ();*/
   init_done = 1;
   return 0;
 }
@@ -178,7 +177,7 @@
    delete it if the TTL is 0 or an empty value is used. We also wipe
    the passphrase from the context here. */
 static void
-update_passphrase_cache (int err, struct decrypt_key_s *pass_cb_value)
+update_passphrase_cache (int err, struct passphrase_cb_s *pass_cb_value)
 {
   if (*pass_cb_value->keyid)
     {
@@ -227,15 +226,15 @@
 op_encrypt (const char *inbuf, char **outbuf, gpgme_key_t *keys,
             gpgme_key_t sign_key, int ttl)
 {
-  struct decrypt_key_s dk;
+  struct passphrase_cb_s cb;
   gpgme_data_t in = NULL;
   gpgme_data_t out = NULL;
   gpgme_error_t err;
   gpgme_ctx_t ctx = NULL;
     
-  memset (&dk, 0, sizeof dk);
-  dk.ttl = ttl;
-  dk.flags = 0x01; /* FIXME: what is that? */
+  memset (&cb, 0, sizeof cb);
+  cb.ttl = ttl;
+  cb.decrypt_cmd = 0;
 
   *outbuf = NULL;
 
@@ -256,14 +255,14 @@
   gpgme_set_armor (ctx, 1);
   if (sign_key)
     {
-      gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &dk);
-      dk.ctx = ctx;
+      gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cb);
+      cb.ctx = ctx;
       err = gpgme_signers_add (ctx, sign_key);
       if (!err)
         err = gpgme_op_encrypt_sign (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST,
                                      in, out);
-      dk.ctx = NULL;
-      update_passphrase_cache (err, &dk);
+      cb.ctx = NULL;
+      update_passphrase_cache (err, &cb);
     }
   else
     err = gpgme_op_encrypt (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
@@ -299,7 +298,7 @@
 op_encrypt_stream (LPSTREAM instream, LPSTREAM outstream, gpgme_key_t *keys,
                    gpgme_key_t sign_key, int ttl)
 {
-  struct decrypt_key_s dk;
+  struct passphrase_cb_s cb;
   struct gpgme_data_cbs cbs;
   gpgme_data_t in = NULL;
   gpgme_data_t out = NULL;
@@ -310,9 +309,9 @@
   cbs.read = stream_read_cb;
   cbs.write = stream_write_cb;
 
-  memset (&dk, 0, sizeof dk);
-  dk.ttl = ttl;
-  dk.flags = 1;
+  memset (&cb, 0, sizeof cb);
+  cb.ttl = ttl;
+  cb.decrypt_cmd = 0;
 
   err = gpgme_data_new_from_cbs (&in, &cbs, instream);
   if (err)
@@ -330,14 +329,14 @@
   /* FIXME:  We should not hardcode always trust. */
   if (sign_key)
     {
-      gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &dk);
-      dk.ctx = ctx;
+      gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cb);
+      cb.ctx = ctx;
       err = gpgme_signers_add (ctx, sign_key);
       if (!err)
         err = gpgme_op_encrypt_sign (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST,
                                      in, out);
-      dk.ctx = NULL;
-      update_passphrase_cache (err, &dk);
+      cb.ctx = NULL;
+      update_passphrase_cache (err, &cb);
     }
   else
     err = gpgme_op_encrypt (ctx, keys, GPGME_ENCRYPT_ALWAYS_TRUST, in, out);
@@ -361,15 +360,15 @@
 op_sign (const char *inbuf, char **outbuf, int mode,
          gpgme_key_t sign_key, int ttl)
 {
-  struct decrypt_key_s dk;
+  struct passphrase_cb_s cb;
   gpgme_error_t err;
   gpgme_data_t in = NULL;
   gpgme_data_t out = NULL;
   gpgme_ctx_t ctx = NULL;
 
-  memset (&dk, 0, sizeof dk);
-  dk.ttl = ttl;
-  dk.flags = 1;
+  memset (&cb, 0, sizeof cb);
+  cb.ttl = ttl;
+  cb.decrypt_cmd = 0;
 
   *outbuf = NULL;
   op_init ();
@@ -393,11 +392,11 @@
     gpgme_set_textmode (ctx, 1);
   gpgme_set_armor (ctx, 1);
 
-  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &dk);
-  dk.ctx = ctx;
+  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cb);
+  cb.ctx = ctx;
   err = gpgme_op_sign (ctx, in, out, mode);
-  dk.ctx = NULL;
-  update_passphrase_cache (err, &dk);
+  cb.ctx = NULL;
+  update_passphrase_cache (err, &cb);
 
   if (!err)
     {
@@ -427,7 +426,7 @@
                 gpgme_key_t sign_key, int ttl)
 {
   struct gpgme_data_cbs cbs;
-  struct decrypt_key_s dk;
+  struct passphrase_cb_s cb;
   gpgme_data_t in = NULL;
   gpgme_data_t out = NULL;
   gpgme_ctx_t ctx = NULL;
@@ -437,9 +436,9 @@
   cbs.read = stream_read_cb;
   cbs.write = stream_write_cb;
 
-  memset (&dk, 0, sizeof dk);
-  dk.ttl = ttl;
-  dk.flags = 0x01; /* fixme: Use a macro for documentation reasons. */
+  memset (&cb, 0, sizeof cb);
+  cb.ttl = ttl;
+  cb.decrypt_cmd = 0;
 
   err = gpgme_data_new_from_cbs (&in, &cbs, instream);
   if (err)
@@ -460,11 +459,11 @@
     gpgme_set_textmode (ctx, 1);
   gpgme_set_armor (ctx, 1);
 
-  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &dk);
-  dk.ctx = ctx;
+  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cb);
+  cb.ctx = ctx;
   err = gpgme_op_sign (ctx, in, out, mode);
-  dk.ctx = NULL;
-  update_passphrase_cache (err, &dk);
+  cb.ctx = NULL;
+  update_passphrase_cache (err, &cb);
   
  fail:
   if (in)
@@ -488,7 +487,7 @@
 op_decrypt (const char *inbuf, char **outbuf, int ttl, const char *filename,
             gpgme_data_t attestation, int preview_mode)
 {
-  struct decrypt_key_s dk;
+  struct passphrase_cb_s cb;
   gpgme_data_t in = NULL;
   gpgme_data_t out = NULL;
   gpgme_ctx_t ctx;
@@ -497,8 +496,9 @@
   *outbuf = NULL;
   op_init ();
 
-  memset (&dk, 0, sizeof dk);
-  dk.ttl = ttl;
+  memset (&cb, 0, sizeof cb);
+  cb.ttl = ttl;
+  cb.decrypt_cmd = 1;
 
   err = gpgme_new (&ctx);
   if (err)
@@ -511,14 +511,14 @@
   if (err)
     goto leave;
 
-  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &dk);
-  dk.ctx = ctx;
+  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cb);
+  cb.ctx = ctx;
   if (preview_mode)
     err = gpgme_op_decrypt (ctx, in, out);
   else
     err = gpgme_op_decrypt_verify (ctx, in, out);
-  dk.ctx = NULL;
-  update_passphrase_cache (err, &dk);
+  cb.ctx = NULL;
+  update_passphrase_cache (err, &cb);
 
   /* Act upon the result of the decryption operation. */
   if (!err && preview_mode) 
@@ -561,7 +561,7 @@
 
   /* If the callback indicated a cancel operation, set the error
      accordingly. */
-  if (err && (dk.opts & OPT_FLAG_CANCEL))
+  if (err && (cb.opts & OPT_FLAG_CANCEL))
     err = gpg_error (GPG_ERR_CANCELED);
   
 leave:    
@@ -585,25 +585,26 @@
                 const char *filename, gpgme_data_t attestation, 
                 int preview_mode)
 {    
-  struct decrypt_key_s dk;
+  struct passphrase_cb_s cb;
   gpgme_ctx_t ctx = NULL;
   gpgme_error_t err;
   
-  memset (&dk, 0, sizeof dk);
-  dk.ttl = ttl;
+  memset (&cb, 0, sizeof cb);
+  cb.ttl = ttl;
+  cb.decrypt_cmd = 1;
 
   err = gpgme_new (&ctx);
   if (err)
     goto fail;
 
-  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &dk);
-  dk.ctx = ctx;
+  gpgme_set_passphrase_cb (ctx, passphrase_callback_box, &cb);
+  cb.ctx = ctx;
   if (preview_mode)
     err = gpgme_op_decrypt (ctx, in, out);
   else
     err = gpgme_op_decrypt_verify (ctx, in, out);
-  dk.ctx = NULL;
-  update_passphrase_cache (err, &dk);
+  cb.ctx = NULL;
+  update_passphrase_cache (err, &cb);
   /* Act upon the result of the decryption operation. */
   if (!err && preview_mode) 
     ;
@@ -637,7 +638,7 @@
 
   /* If the callback indicated a cancel operation, set the error
      accordingly. */
-  if (err && (dk.opts & OPT_FLAG_CANCEL))
+  if (err && (cb.opts & OPT_FLAG_CANCEL))
     err = gpg_error (GPG_ERR_CANCELED);
 
  fail:

Modified: trunk/src/gpgol-rsrcs.rc
===================================================================
--- trunk/src/gpgol-rsrcs.rc	2006-06-14 15:49:15 UTC (rev 155)
+++ trunk/src/gpgol-rsrcs.rc	2006-08-16 10:42:52 UTC (rev 156)
@@ -1,5 +1,5 @@
 /* gpgol-rsrcs.rc - Main resources for this DLL        -*- c -*-
- *	Copyright (C) 2004, 2005 g10 Code GmbH
+ *	Copyright (C) 2004, 2005, 2006 g10 Code GmbH
  * 
  * This file is part of GPGol.
  * 
@@ -46,11 +46,11 @@
 FONT 8, "MS Sans Serif"
 BEGIN
     CONTROL         "List1",IDC_ENC_RSET1,"SysListView32",LVS_REPORT | 
-                    WS_BORDER | WS_TABSTOP,8,4,314,92
+                    LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,8,4,314,92
     LTEXT           "Ausgew�hlte Empf�nger:",IDC_STATIC,
                     8,98,130,8
     CONTROL         "List2",IDC_ENC_RSET2,"SysListView32",LVS_REPORT | 
-                    WS_BORDER | WS_TABSTOP,8,110,313,49
+                    LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,8,110,313,49
     LTEXT           "Empf�nger die NICHT gefunden wurden:",IDC_ENC_INFO,
                     8,161,128,8
     LISTBOX         IDC_ENC_NOTFOUND,8,170,313,22,LBS_SORT | 
@@ -265,9 +265,9 @@
 FONT 8, "MS Sans Serif"
 BEGIN
     CONTROL         "List1",IDC_ENC_RSET1,"SysListView32",LVS_REPORT | 
-                    WS_BORDER | WS_TABSTOP,8,4,314,92
+                    LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,8,4,314,92
     CONTROL         "List2",IDC_ENC_RSET2,"SysListView32",LVS_REPORT | 
-                    WS_BORDER | WS_TABSTOP,8,98,313,49
+                    LVS_NOSORTHEADER | WS_BORDER | WS_TABSTOP,8,98,313,49
     LTEXT           "Recipient which were NOT found",IDC_ENC_INFO,8,149,106,
                     8
     LISTBOX         IDC_ENC_NOTFOUND,8,158,313,22,LBS_SORT | 

Modified: trunk/src/intern.h
===================================================================
--- trunk/src/intern.h	2006-06-14 15:49:15 UTC (rev 155)
+++ trunk/src/intern.h	2006-08-16 10:42:52 UTC (rev 156)
@@ -1,6 +1,6 @@
 /* intern.h
  *	Copyright (C) 2004 Timo Schulz
- *	Copyright (C) 2005 g10 Code GmbH
+ *	Copyright (C) 2005, 2006 g10 Code GmbH
  *
  * This file is part of GPGol.
  *
@@ -38,6 +38,7 @@
 #endif
 
 
+/* Possible options for the recipient dialog. */
 enum
   {
     OPT_FLAG_TEXT     =  2,
@@ -71,16 +72,18 @@
 extern UINT      this_dll;
 
 
-struct decrypt_key_s 
+/* Passphrase callback structure. */
+struct passphrase_cb_s
 {
   gpgme_key_t signer;
+  gpgme_ctx_t ctx;
   char keyid[16+1];
   char *user_id;
   char *pass;    
-  void *ctx;
   int opts;
   int ttl;  /* TTL of the passphrase. */
-  unsigned int flags;
+  unsigned int decrypt_cmd:1; /* 1 = show decrypt dialog, otherwise secret key
+			         selection. */
   unsigned int hide_pwd:1;
   unsigned int last_was_bad:1;
 };
@@ -130,7 +133,7 @@
 void watcher_set_callback_ctx (void *cb);
 
 /*-- recipient-dialog.c --*/
-unsigned int recipient_dialog_box(gpgme_key_t **ret_rset);
+unsigned int recipient_dialog_box (gpgme_key_t **ret_rset);
 unsigned int recipient_dialog_box2 (gpgme_key_t *fnd, char **unknown,
                                     gpgme_key_t **ret_rset);
 
@@ -139,7 +142,7 @@
 gpgme_error_t passphrase_callback_box (void *opaque, const char *uid_hint, 
 			     const char *pass_info,
 			     int prev_was_bad, int fd);
-void free_decrypt_key (struct decrypt_key_s * ctx);
+void free_decrypt_key (struct passphrase_cb_s *ctx);
 const char *get_pubkey_algo_str (gpgme_pubkey_algo_t id);
 
 /*-- config-dialog.c --*/

Modified: trunk/src/key_mana.bmp
===================================================================
(Binary files differ)

Modified: trunk/src/olflange.cpp
===================================================================
--- trunk/src/olflange.cpp	2006-06-14 15:49:15 UTC (rev 155)
+++ trunk/src/olflange.cpp	2006-08-16 10:42:52 UTC (rev 156)
@@ -997,15 +997,15 @@
   HRESULT hr = pEECB->GetObject (&pMDB, (LPMAPIPROP *)&msg);
   if (SUCCEEDED (hr))
     {
-      SPropTagArray proparray;
+//      SPropTagArray proparray;
 
       GpgMsg *m = CreateGpgMsg (msg);
       m->setExchangeCallback ((void*)pEECB);
       if (m_pExchExt->m_gpgEncrypt && m_pExchExt->m_gpgSign)
         rc = m->signEncrypt (hWnd, m_want_html);
-      if (m_pExchExt->m_gpgEncrypt && !m_pExchExt->m_gpgSign)
+      else if (m_pExchExt->m_gpgEncrypt && !m_pExchExt->m_gpgSign)
         rc = m->encrypt (hWnd, m_want_html);
-      if (!m_pExchExt->m_gpgEncrypt && m_pExchExt->m_gpgSign)
+      else if (!m_pExchExt->m_gpgEncrypt && m_pExchExt->m_gpgSign)
         rc = m->sign (hWnd, m_want_html);
       else
         rc = 0;
@@ -1034,9 +1034,10 @@
           hrReturn = E_FAIL;
           m_bWriteFailed = TRUE;	
 
-          /* Due to a bug in Outlook the error is ignored and the
-             message sent out anyway.  Thus we better delete the stuff
-             now. */
+	  /* Outlook should now correctly react and do not deliver
+	     the message in case of an error.
+	   */
+	  #if 0
           if (m_pExchExt->m_gpgEncrypt)
             {
               log_debug ("%s:%s: deleting property PR_BODY due to error\n",
@@ -1050,7 +1051,7 @@
               /* FIXME: We should delete the attachments too. 
                  We really, really should do this!!!          */
             }
-          
+          #endif
         }
     }
 

Deleted: trunk/src/olgpgcore.def

Modified: trunk/src/passphrase-dialog.c
===================================================================
--- trunk/src/passphrase-dialog.c	2006-06-14 15:49:15 UTC (rev 155)
+++ trunk/src/passphrase-dialog.c	2006-08-16 10:42:52 UTC (rev 156)
@@ -20,7 +20,9 @@
  * 02110-1301, USA.
  */
 
+#ifdef HAVE_CONFIG_H
 #include <config.h>
+#endif
 
 #include <windows.h>
 #include <time.h>
@@ -38,7 +40,7 @@
 /* Object to maintai8n state in the dialogs. */
 struct dialog_context_s
 {
-  struct decrypt_key_s *dec; /* The decryption info. */
+  struct passphrase_cb_s *dec; /* The decryption info. */
 
   gpgme_key_t *keyarray;     /* NULL or an array of keys. */
 
@@ -54,7 +56,7 @@
 
 
 static void
-set_key_hint (struct decrypt_key_s *dec, HWND dlg, int ctrlid)
+set_key_hint (struct passphrase_cb_s *dec, HWND dlg, int ctrlid)
 {
   const char *s = dec->user_id;
   char *key_hint;
@@ -93,12 +95,11 @@
 {
   size_t n;
 
-  if (array)
-    {
-      for (n=0; array[n]; n++)
-        gpgme_key_release (array[n]);
-      xfree (array);
-    }
+  if (!array)
+    return;
+  for (n=0; array[n]; n++)
+    gpgme_key_release (array[n]);
+  xfree (array);
 }
 
 /* Return the number of keys in the key array KEYS. */
@@ -147,7 +148,10 @@
     goto fail;
   err = gpgme_op_keylist_start (keyctx, buffer, 0);
   if (err)
-    goto fail;
+    {
+      log_error ("failed to initialize keylisting: %s", gpg_strerror (err));
+      goto fail;
+    }
 
   while (!gpgme_op_keylist_next (keyctx, &key))
     {
@@ -304,9 +308,8 @@
   /* Fixme: We should not use a static here but keep it in an array
      index by DLG. */
   static struct dialog_context_s *context; 
-  struct decrypt_key_s *dec;
+  struct passphrase_cb_s *dec;
   size_t n;
-  const char *warn;
 
   if (msg == WM_INITDIALOG)
     {
@@ -356,11 +359,6 @@
       context->hide_state = 1;
       break;
 
-    case WM_SYSCOMMAND:
-      if (wparam == SC_CLOSE)
-        EndDialog (dlg, TRUE);
-      break;
-
     case WM_COMMAND:
       switch (HIWORD (wparam)) 
         {
@@ -405,28 +403,8 @@
           break;
           
 	case IDCANCEL:
-          if (context->no_encrypt_warning)
-            {
-              warn = _("If you cancel this dialog, the message will be sent"
-                       " in cleartext!\n\n"
-                       "Do you really want to cancel?");
-            }
-          else if (dec && context->use_as_cb && (dec->flags & 0x01)) 
-            {
-              warn = _("If you cancel this dialog, the message"
-                       " will be sent without signing.\n\n"
-                       "Do you really want to cancel?");
-            }
-          else
-            warn = NULL;
-
-          if (warn)
-            {
-              n = MessageBox (dlg, warn, _("Secret Key Dialog"),
-                              MB_ICONWARNING|MB_YESNO);
-              if (n == IDNO)
-                return FALSE;
-	    }
+	  /* Outlook show now correctly abort the sending process
+	     and thus no warning is shown any longer. */
           if (dec)
             {
               dec->opts = OPT_FLAG_CANCEL;
@@ -448,9 +426,8 @@
   /* Fixme: We should not use a static here but keep it in an array
      index by DLG. */
   static struct dialog_context_s *context; 
-  struct decrypt_key_s * dec;
+  struct passphrase_cb_s * dec;
   size_t n;
-  const char *warn;
 
   if (msg == WM_INITDIALOG)
     {
@@ -469,7 +446,7 @@
                       (dec && dec->last_was_bad)?
                       _("Invalid passphrase; please try again..."):"");
       if (dec)
-        load_recipbox (dlg, IDC_DECEXT_RSET, (gpgme_ctx_t)dec->ctx);
+        load_recipbox (dlg, IDC_DECEXT_RSET, dec->ctx);
 
       CheckDlgButton (dlg, IDC_DECEXT_HIDE, BST_CHECKED);
       center_window (dlg, NULL);
@@ -489,11 +466,6 @@
       context->hide_state = 1;
       break;
 
-    case WM_SYSCOMMAND:
-      if (wparam == SC_CLOSE)
-        EndDialog (dlg, TRUE);
-      break;
-
     case WM_COMMAND:
       switch (HIWORD (wparam)) 
         {
@@ -517,35 +489,14 @@
           n = SendDlgItemMessage (dlg, IDC_DECEXT_PASS, WM_GETTEXTLENGTH,0,0);
           if (n && dec) 
             {
-              dec->pass = xmalloc ( n + 2 );
-              GetDlgItemText (dlg, IDC_DECEXT_PASS, dec->pass, n+1 );
+              dec->pass = xmalloc (n + 2);
+              GetDlgItemText (dlg, IDC_DECEXT_PASS, dec->pass, n+1);
 	    }
           EndDialog (dlg, TRUE);
           break;
 
 	case IDCANCEL:
-          if (context->no_encrypt_warning)
-            {
-              warn = _("If you cancel this dialog, the message will be sent"
-                       " in cleartext!\n\n"
-                       "Do you really want to cancel?");
-            }
-          else if (dec && context->use_as_cb && (dec->flags & 0x01)) 
-            {
-              warn = _("If you cancel this dialog, the message"
-                       " will be sent without signing.\n"
-                       "Do you really want to cancel?");
-            }
-          else
-            warn = NULL;
-
-          if (warn)
-            {
-              n = MessageBox (dlg, warn, _("Secret Key Dialog"),
-                              MB_ICONWARNING|MB_YESNO);
-              if (n == IDNO)
-                return FALSE;
-	    }
+	  /* See comment in decrypt_key_dlg_proc. */
           if (dec)
             {
               dec->opts = OPT_FLAG_CANCEL;
@@ -568,7 +519,7 @@
 signer_dialog_box (gpgme_key_t *r_key, char **r_passwd, int encrypting)
 {
   struct dialog_context_s context; 
-  struct decrypt_key_s dec;
+  struct passphrase_cb_s dec;
   int resid;
 
   memset (&context, 0, sizeof context);
@@ -616,7 +567,7 @@
 			 const char *pass_info,
 			 int prev_was_bad, int fd)
 {
-  struct decrypt_key_s *dec = opaque;
+  struct passphrase_cb_s *dec = opaque;
   DWORD nwritten = 0;
   char keyidstr[16+1];
   int resid;
@@ -738,7 +689,7 @@
       xfree (dec->user_id);
       dec->user_id = utf8_to_native (s);
       dec->last_was_bad = prev_was_bad;
-      if (dec->flags & 0x01)
+      if (!dec->decrypt_cmd)
         {
           if (!strncmp (gettext_localename (), "de", 2))
             resid = IDD_DEC_DE;
@@ -782,7 +733,7 @@
 
 /* Release the context which was used in the passphrase callback. */
 void
-free_decrypt_key (struct decrypt_key_s * ctx)
+free_decrypt_key (struct passphrase_cb_s *ctx)
 {
     if (!ctx)
 	return;

Modified: trunk/src/recipient-dialog.c
===================================================================
--- trunk/src/recipient-dialog.c	2006-06-14 15:49:15 UTC (rev 155)
+++ trunk/src/recipient-dialog.c	2006-08-16 10:42:52 UTC (rev 156)
@@ -1,6 +1,6 @@
 /* recipient-dialog.c
  *	Copyright (C) 2004 Timo Schulz
- *	Copyright (C) 2005 g10 Code GmbH
+ *	Copyright (C) 2005, 2006 g10 Code GmbH
  *
  * This file is part of GPGol.
  * 
@@ -20,12 +20,19 @@
  * 02110-1301, USA.
  */
 
+#ifdef HAVE_CONFIG_H
 #include <config.h>
+#endif
 
+#ifndef _WIN32_IE /* allow to use advanced list view modes. */
+#define _WIN32_IE 0x0600
+#endif
+
 #include <windows.h>
 #include <commctrl.h>
 #include <time.h>
 #include <gpgme.h>
+#include <assert.h>
 
 #include "gpgol-ids.h"
 #include "intern.h"
@@ -87,29 +94,29 @@
     col.pszText = "E-Mail";
     col.cx = 100;
     col.iSubItem = 1;
-    ListView_InsertColumn( hwnd, 1, &col );
+    ListView_InsertColumn (hwnd, 1, &col);
 
     col.pszText = "Key-Info";
-    col.cx = 110;
+    col.cx = 100;
     col.iSubItem = 2;
-    ListView_InsertColumn( hwnd, 2, &col );
+    ListView_InsertColumn (hwnd, 2, &col);
 
     col.pszText = "Key ID";
-    col.cx = 70;
+    col.cx = 80;
     col.iSubItem = 3;
-    ListView_InsertColumn( hwnd, 3, &col );
+    ListView_InsertColumn (hwnd, 3, &col);
 
     col.pszText = "Validity";
     col.cx = 70;
     col.iSubItem = 4;
-    ListView_InsertColumn( hwnd, 4, &col );
+    ListView_InsertColumn (hwnd, 4, &col);
 
     col.pszText = "Index";
     col.cx = 0;  /* Hide it. */
     col.iSubItem = 5;
-    ListView_InsertColumn( hwnd, 5, &col );
+    ListView_InsertColumn (hwnd, 5, &col);
 
-/*     ListView_SetExtendedListViewStyleEx( hwnd, 0, LVS_EX_FULLROWSELECT ); */
+    ListView_SetExtendedListViewStyleEx (hwnd, 0, LVS_EX_FULLROWSELECT);
 }
 
 
@@ -126,12 +133,12 @@
   char keybuf[128], *s;
   const char *trust_items[] = 
     {
-      "UNKNOWN",
-      "UNDEFINED",
-      "NEVER",
-      "MARGINAL",
-      "FULL",
-      "ULTIMATE"
+      "Unknown",
+      "Undefined",
+      "Never",
+      "Marginal",
+      "Full",
+      "Ultimate"
     };
   enum {COL_NAME, COL_EMAIL, COL_KEYINF, COL_KEYID, COL_TRUST, COL_IDX};
   DWORD val;
@@ -208,8 +215,11 @@
       s = keybuf;
       ListView_SetItemText (hwnd, 0, COL_KEYINF, s);
       
-      if (key->subkeys->keyid  && strlen (key->subkeys->keyid) > 8)
-        ListView_SetItemText (hwnd, 0, COL_KEYID, key->subkeys->keyid+8);
+      if (key->subkeys->keyid  && strlen (key->subkeys->keyid) > 8) 
+	{
+	  _snprintf (keybuf, sizeof (keybuf)-1, "0x%s", key->subkeys->keyid+8);
+	  ListView_SetItemText (hwnd, 0, COL_KEYID, keybuf);
+	}
       
       val = key->uids->validity;
       if (val < 0 || val > 5) 
@@ -221,6 +231,8 @@
       /* I'd like to use SetItemData but that one is only available as
          a member function of CListCtrl; I haved not figured out how
          the vtable is made up.  Thus we use a string with the index. */
+      /* ts: this can be done via the lParam (LVIF_PARAM) item in LVITEM.
+             I will implement this ASAP. */
       sprintf (keybuf, "%u", (unsigned int)pos);
       s = keybuf;
       ListView_SetItemText (hwnd, 0, COL_IDX, s);
@@ -255,12 +267,11 @@
 {
   size_t n;
 
-  if (array)
-    {
-      for (n=0; n < count; n++)
-        gpgme_key_release (array[n]);
-      xfree (array);
-    }
+  if (!array)
+    return;
+  for (n=0; n < count; n++)
+    gpgme_key_release (array[n]);
+  xfree (array);
 }
 
 
@@ -352,10 +363,8 @@
 recipient_dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam)
 {
   static struct recipient_cb_s * rset_cb;
-  static int rset_state = 1;
   NMHDR *notify;
   HWND hrset;
-  const char *warn;
   size_t pos;
   int i, j;
 
@@ -363,7 +372,7 @@
     {
     case WM_INITDIALOG:
       rset_cb = (struct recipient_cb_s *)lparam;
-
+      assert (rset_cb != NULL);
       initialize_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET1));
       rset_cb->keyarray = load_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET1),
                                         &rset_cb->keyarray_count);
@@ -383,15 +392,6 @@
       SetForegroundWindow (dlg);
       return TRUE;
 
-    case WM_DESTROY:
-      rset_state = 1; /* reset to default. */
-      break;
-      
-    case WM_SYSCOMMAND:
-      if (wparam == SC_CLOSE)
-        EndDialog (dlg, TRUE);
-      break;
-
     case WM_NOTIFY:
       notify = (LPNMHDR)lparam;
       if (notify && notify->code == NM_DBLCLK
@@ -401,19 +401,6 @@
       break;
 
     case WM_COMMAND:
-      switch (HIWORD (wparam))
-        {
-	case BN_CLICKED:
-          if ((int)LOWORD (wparam) == IDC_ENC_OPTSYM)
-            {
-              rset_state ^= 1;
-              EnableWindow (GetDlgItem (dlg, IDC_ENC_RSET1), rset_state);
-              EnableWindow (GetDlgItem (dlg, IDC_ENC_RSET2), rset_state);
-              ListView_DeleteAllItems (GetDlgItem (dlg, IDC_ENC_RSET2));
-	    }
-          break;
-	}
-
       switch (LOWORD (wparam))
         {
 	case IDOK:
@@ -479,16 +466,10 @@
           break;
 
 	case IDCANCEL:
-          warn = _("If you cancel this dialog, the message will be sent"
-                   " in cleartext.\n\n"
-                   "Do you really want to cancel?");
-          i = MessageBox (dlg, warn, _("Recipient Dialog"),
-                          MB_ICONWARNING|MB_YESNO);
-          if (i != IDNO)
-            {
-              rset_cb->opts = OPT_FLAG_CANCEL;
-              EndDialog (dlg, FALSE);
-            }
+	  /* now that Outlook correctly aborts the delivery, we do not
+	     need any warning message if the user cancels thi dialog. */
+	  rset_cb->opts = OPT_FLAG_CANCEL;
+	  EndDialog (dlg, FALSE);
           break;
 	}
       break;

Modified: trunk/src/sign.bmp
===================================================================
(Binary files differ)


From cvs at cvs.gnupg.org  Wed Aug 16 12:43:14 2006
From: cvs at cvs.gnupg.org (svn author twoaday)
Date: Wed Aug 16 12:01:12 2006
Subject: [svn] GPGol - r157 - trunk
Message-ID: <E1GDICz-0002Rl-Rd@trithemius.gnupg.org>

Author: twoaday
Date: 2006-08-16 12:43:13 +0200 (Wed, 16 Aug 2006)
New Revision: 157

Modified:
   trunk/NEWS
   trunk/configure.ac
Log:



Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-16 10:42:52 UTC (rev 156)
+++ trunk/NEWS	2006-08-16 10:43:13 UTC (rev 157)
@@ -1,3 +1,12 @@
+Noteworthy changes for version 0.9.11 (unreleased)
+==================================================
+
+* Fix problem that message would be sent in clear
+  text if the user cancelled the operation.
+
+* Cosmetic updates for some dialogs.
+
+
 Noteworthy changes for version 0.9.10 (2006-04-25)
 ==================================================
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-16 10:42:52 UTC (rev 156)
+++ trunk/configure.ac	2006-08-16 10:43:13 UTC (rev 157)
@@ -16,8 +16,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [0.9.10])
-m4_define([my_issvn], [no])
+m4_define([my_version], [0.9.11])
+m4_define([my_issvn], [yes])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
             || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')]))


From cvs at cvs.gnupg.org  Wed Aug 16 12:48:01 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed Aug 16 12:06:02 2006
Subject: [svn] GnuPG - r4220 - in trunk: . agent common doc g10 include
	keyserver m4 sm
Message-ID: <E1GDIHd-0002WZ-I2@trithemius.gnupg.org>

Author: wk
Date: 2006-08-16 12:47:53 +0200 (Wed, 16 Aug 2006)
New Revision: 4220

Added:
   trunk/common/keyserver.h
   trunk/common/srv.c
   trunk/common/srv.h
Removed:
   trunk/include/keyserver.h
Modified:
   trunk/ChangeLog
   trunk/Makefile.am
   trunk/TODO
   trunk/agent/ChangeLog
   trunk/agent/preset-passphrase.c
   trunk/common/ChangeLog
   trunk/common/Makefile.am
   trunk/common/http.c
   trunk/configure.ac
   trunk/doc/gpg-agent.texi
   trunk/g10/ChangeLog
   trunk/g10/Makefile.am
   trunk/g10/call-agent.c
   trunk/g10/call-agent.h
   trunk/g10/gpg.c
   trunk/g10/gpgv.c
   trunk/g10/keydb.h
   trunk/g10/keygen.c
   trunk/g10/keyid.c
   trunk/g10/keyserver.c
   trunk/g10/misc.c
   trunk/g10/pubkey-enc.c
   trunk/include/ChangeLog
   trunk/include/distfiles
   trunk/include/http.h
   trunk/keyserver/ChangeLog
   trunk/keyserver/Makefile.am
   trunk/keyserver/curl-shim.c
   trunk/keyserver/curl-shim.h
   trunk/keyserver/gpgkeys_finger.c
   trunk/m4/Makefile.am
   trunk/m4/ldap.m4
   trunk/sm/certreqgen.c
Log:
With --enable-gpg the keyservers are now build and a first test using gpg2
shows no prblems.   Needs more testing of course.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/ChangeLog	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,10 @@
+2006-08-15  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (keyserver): Enable building of keyserver helpers.
+
+	* configure.ac: Merged with the current configure from 1.4.5.
+	Require libgpg-error 1.2 and libksba 0.9.16.
+
 2006-07-29  Marcus Brinkmann  <marcus@g10code.de>
 
 	* README: Spelling fixes.

Modified: trunk/Makefile.am
===================================================================
--- trunk/Makefile.am	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/Makefile.am	2006-08-16 10:47:53 UTC (rev 4220)
@@ -35,8 +35,7 @@
 
 if BUILD_GPG
 gpg = g10
-# fixme: Noy yet ready for a build
-keyserver = 
+keyserver = keyserver
 else
 gpg =
 keyserver = 

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/TODO	2006-08-16 10:47:53 UTC (rev 4220)
@@ -119,3 +119,9 @@
   Add completion support.
 ** yesno
   Update to gpg 1.4.3 version
+
+
+what about gnupg_use_iconv?  
+Extend selinux support to other modules
+Does the check for Linux capabilities still makes sense?
+

Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/agent/ChangeLog	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,9 @@
+2006-07-31  Werner Koch  <wk@g10code.com>
+
+	* preset-passphrase.c (make_hexstring): For conistency use
+	xtrymalloc and changed caller to use xfree.  Fixed function
+	comment.
+
 2006-07-29  Marcus Brinkmann  <marcus@g10code.de>
 
 	* preset-passphrase.c (preset_passphrase): Do not strip off last
@@ -23,7 +29,7 @@
 
 2006-06-26  Werner Koch  <wk@g10code.com>
 
-	* gpg-agent.c (handle_signal): Print infor for SIGUSR2 only in
+	* gpg-agent.c (handle_signal): Print info for SIGUSR2 only in
 	verbose mode.
 
 2006-06-22  Werner Koch  <wk@g10code.com>

Modified: trunk/agent/preset-passphrase.c
===================================================================
--- trunk/agent/preset-passphrase.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/agent/preset-passphrase.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -152,8 +152,8 @@
 }
 
       
-/* Percent-Escape special characters.  The string is valid until the
-   next invocation of the function.  */
+/* Convert the string SRC into HEX encoding.  Caller needs to xfree
+   the returned string.  */
 static char *
 make_hexstring (const char *src)
 {
@@ -161,7 +161,7 @@
   char *dst;
   char *res;
 
-  res = dst = malloc (len);
+  res = dst = xtrymalloc (len);
   if (!dst)
     {
       log_error ("can not escape string: %s\n",
@@ -225,7 +225,7 @@
   rc = asprintf (&line, "PRESET_PASSPHRASE %s -1 %s\n", keygrip,
 		 passphrase_esc);
   wipememory (passphrase_esc, strlen (passphrase_esc));
-  free (passphrase_esc);
+  xfree (passphrase_esc);
 
   if (rc < 0)
     {

Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/ChangeLog	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,11 @@
+2006-08-16  Werner Koch  <wk@g10code.com>
+
+	* keyserver.h: Moved from ../include to here.
+
+	* http.c: Include srv.h.
+
+	* srv.c, srv.h: New. Taken from GnuPG 1.4
+
 2006-08-14  Werner Koch  <wk@g10code.com>
 
 	* http.h (struct http_context_s): Moved to implementation.

Modified: trunk/common/Makefile.am
===================================================================
--- trunk/common/Makefile.am	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/Makefile.am	2006-08-16 10:47:53 UTC (rev 4220)
@@ -51,6 +51,7 @@
 	signal.c \
 	dynload.h \
 	estream.c estream.h \
+	srv.c srv.h \
 	dns-cert.c dns-cert.h \
 	pka.c pka.h \
 	http.c http.h 

Modified: trunk/common/http.c
===================================================================
--- trunk/common/http.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/http.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -67,10 +67,11 @@
 
 #include "util.h"
 #include "http.h"
-
+#ifdef USE_DNS_SRV
+#include "srv.h"
+#else /*!USE_DNS_SRV*/
 /* If we are not compiling with SRV record support we provide stub
    data structures. */
-#ifndef USE_DNS_SRV
 #ifndef MAXDNAME
 #define MAXDNAME 1025
 #endif
@@ -1366,7 +1367,7 @@
 	{
 	  char srvname[MAXDNAME];
 
-	  stprcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
+	  stpcpy (stpcpy (stpcpy (stpcpy (srvname,"_"), srvtag),
                            "._tcp."), server);
 	  srvcount = getsrv (srvname, &serverlist);
 	}

Copied: trunk/common/keyserver.h (from rev 4218, trunk/include/keyserver.h)
===================================================================
--- trunk/include/keyserver.h	2006-08-11 11:04:38 UTC (rev 4218)
+++ trunk/common/keyserver.h	2006-08-16 10:47:53 UTC (rev 4220)
@@ -0,0 +1,44 @@
+/* keyserver.h - Public definitions for gpg keyserver helpers.
+ * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef GNUPG_COMMON_KEYSERVER_H
+#define GNUPG_COMMON_KEYSERVER_H
+
+#define KEYSERVER_PROTO_VERSION    1
+
+/* These are usable for return codes for the gpgkeys_ process, and
+   also KEY FAILED codes. */
+#define KEYSERVER_OK               0 /* not an error */
+#define KEYSERVER_INTERNAL_ERROR   1 /* gpgkeys_ internal error */
+#define KEYSERVER_NOT_SUPPORTED    2 /* operation not supported */
+#define KEYSERVER_VERSION_ERROR    3 /* VERSION mismatch */
+#define KEYSERVER_GENERAL_ERROR    4 /* keyserver internal error */
+#define KEYSERVER_NO_MEMORY        5 /* out of memory */
+#define KEYSERVER_KEY_NOT_FOUND    6 /* key not found */
+#define KEYSERVER_KEY_EXISTS       7 /* key already exists */
+#define KEYSERVER_KEY_INCOMPLETE   8 /* key incomplete (EOF) */
+#define KEYSERVER_UNREACHABLE      9 /* unable to contact keyserver */
+#define KEYSERVER_TIMEOUT         10 /* timeout while accessing keyserver */
+
+/* Must be 127 due to shell internal magic. */
+#define KEYSERVER_SCHEME_NOT_FOUND 127
+
+#endif /*GNUPG_COMMON_KEYSERVER_H*/

Copied: trunk/common/srv.c (from rev 4219, branches/STABLE-BRANCH-1-4/util/srv.c)
===================================================================
--- branches/STABLE-BRANCH-1-4/util/srv.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/srv.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -0,0 +1,257 @@
+/* srv.c - DNS SRV code
+ * Copyright (C) 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#include <config.h>
+#include <sys/types.h>
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#endif
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include "util.h"
+#include "srv.h"
+
+/* Not every installation has gotten around to supporting SRVs
+   yet... */
+#ifndef T_SRV
+#define T_SRV 33
+#endif
+
+static int
+priosort(const void *a,const void *b)
+{
+  const struct srventry *sa=a,*sb=b;
+  if(sa->priority>sb->priority)
+    return 1;
+  else if(sa->priority<sb->priority)
+    return -1;
+  else
+    return 0;
+}
+
+int
+getsrv(const char *name,struct srventry **list)
+{
+  unsigned char answer[PACKETSZ];
+  int r,srvcount=0;
+  unsigned char *pt,*emsg;
+  u16 count,dlen;
+
+  *list=NULL;
+
+  r=res_query(name,C_IN,T_SRV,answer,PACKETSZ);
+  if(r<sizeof(HEADER) || r>PACKETSZ)
+    return -1;
+
+  if((((HEADER *)answer)->rcode)==NOERROR &&
+     (count=ntohs(((HEADER *)answer)->ancount)))
+    {
+      int i,rc;
+
+      emsg=&answer[r];
+      pt=&answer[sizeof(HEADER)];
+
+      /* Skip over the query */
+
+      rc=dn_skipname(pt,emsg);
+      if(rc==-1)
+	goto fail;
+
+      pt+=rc+QFIXEDSZ;
+
+      while(count-->0 && pt<emsg)
+	{
+	  struct srventry *srv=NULL;
+	  u16 type,class;
+
+	  *list=xrealloc(*list,(srvcount+1)*sizeof(struct srventry));
+	  memset(&(*list)[srvcount],0,sizeof(struct srventry));
+	  srv=&(*list)[srvcount];
+	  srvcount++;
+
+	  rc=dn_skipname(pt,emsg); /* the name we just queried for */
+	  if(rc==-1)
+	    goto fail;
+	  pt+=rc;
+
+	  /* Truncated message? */
+	  if((emsg-pt)<16)
+	    goto fail;
+
+	  type=*pt++ << 8;
+	  type|=*pt++;
+	  /* We asked for SRV and got something else !? */
+	  if(type!=T_SRV)
+	    goto fail;
+
+	  class=*pt++ << 8;
+	  class|=*pt++;
+	  /* We asked for IN and got something else !? */
+	  if(class!=C_IN)
+	    goto fail;
+
+	  pt+=4; /* ttl */
+	  dlen=*pt++ << 8;
+	  dlen|=*pt++;
+	  srv->priority=*pt++ << 8;
+	  srv->priority|=*pt++;
+	  srv->weight=*pt++ << 8;
+	  srv->weight|=*pt++;
+	  srv->port=*pt++ << 8;
+	  srv->port|=*pt++;
+
+	  /* Get the name.  2782 doesn't allow name compression, but
+	     dn_expand still works to pull the name out of the
+	     packet. */
+	  rc=dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
+	  if(rc==1 && srv->target[0]==0) /* "." */
+	    goto noanswer;
+	  if(rc==-1)
+	    goto fail;
+	  pt+=rc;
+	  /* Corrupt packet? */
+	  if(dlen!=rc+6)
+	    goto fail;
+
+#if 0
+	  printf("count=%d\n",srvcount);
+	  printf("priority=%d\n",srv->priority);
+	  printf("weight=%d\n",srv->weight);
+	  printf("port=%d\n",srv->port);
+	  printf("target=%s\n",srv->target);
+#endif
+	}
+
+      /* Now we have an array of all the srv records. */
+
+      /* Order by priority */
+      qsort(*list,srvcount,sizeof(struct srventry),priosort);
+
+      /* For each priority, move the zero-weighted items first. */
+      for(i=0;i<srvcount;i++)
+	{
+	  int j;
+
+	  for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+	    {
+	      if((*list)[j].weight==0)
+		{
+		  /* Swap j with i */
+		  if(j!=i)
+		    {
+		      struct srventry temp;
+
+		      memcpy(&temp,&(*list)[j],sizeof(struct srventry));
+		      memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
+		      memcpy(&(*list)[i],&temp,sizeof(struct srventry));
+		    }
+
+		  break;
+		}
+	    }
+	}
+
+      /* Run the RFC-2782 weighting algorithm.  We don't need very
+	 high quality randomness for this, so regular libc srand/rand
+	 is sufficient. */
+      srand(time(NULL)*getpid());
+
+      for(i=0;i<srvcount;i++)
+	{
+	  int j;
+	  float prio_count=0,chose;
+
+	  for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+	    {
+	      prio_count+=(*list)[j].weight;
+	      (*list)[j].run_count=prio_count;
+	    }
+
+	  chose=prio_count*rand()/RAND_MAX;
+
+	  for(j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
+	    {
+	      if(chose<=(*list)[j].run_count)
+		{
+		  /* Swap j with i */
+		  if(j!=i)
+		    {
+		      struct srventry temp;
+
+		      memcpy(&temp,&(*list)[j],sizeof(struct srventry));
+		      memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
+		      memcpy(&(*list)[i],&temp,sizeof(struct srventry));
+		    }
+		  break;
+		}
+	    }
+	}
+    }
+  
+  return srvcount;
+
+ noanswer:
+  xfree(*list);
+  *list=NULL;
+  return 0;
+
+ fail:
+  xfree(*list);
+  *list=NULL;
+  return -1;
+}
+
+#ifdef TEST
+int
+main(int argc,char *argv[])
+{
+  struct srventry *srv;
+  int rc,i;
+
+  rc=getsrv("_hkp._tcp.wwwkeys.pgp.net",&srv);
+  printf("Count=%d\n\n",rc);
+  for(i=0;i<rc;i++)
+    {
+      printf("priority=%hu\n",srv[i].priority);
+      printf("weight=%hu\n",srv[i].weight);
+      printf("port=%hu\n",srv[i].port);
+      printf("target=%s\n",srv[i].target);
+      printf("\n");
+    }
+
+  xfree(srv);
+
+  return 0;
+}
+#endif /* TEST */
+
+/*
+Local Variables:
+compile-command: "cc -DTEST -I.. -I../include -Wall -g -o srv srv.c -lresolv libutil.a"
+End:
+*/

Copied: trunk/common/srv.h (from rev 4219, branches/STABLE-BRANCH-1-4/util/srv.h)
===================================================================
--- branches/STABLE-BRANCH-1-4/util/srv.h	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/common/srv.h	2006-08-16 10:47:53 UTC (rev 4220)
@@ -0,0 +1,51 @@
+/* srv.h
+ * Copyright (C) 2003, 2004 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef GNUPG_COMMON_SRV_H
+#define GNUPG_COMMON_SRV_H
+
+#ifdef USE_DNS_SRV
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#endif /* !_WIN32 */
+#endif /* USE_DNS_SRV */
+
+
+#ifndef MAXDNAME
+#define MAXDNAME 1025
+#endif
+
+struct srventry
+{
+  unsigned short priority;
+  unsigned short weight;
+  unsigned short port;
+  int run_count;
+  char target[MAXDNAME];
+};
+
+int getsrv(const char *name,struct srventry **list);
+
+#endif /*GNUPG_COMMON_SRV_H*/

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/configure.ac	2006-08-16 10:47:53 UTC (rev 4220)
@@ -33,19 +33,20 @@
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
             || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')]))
 AC_INIT([gnupg], my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision]),
-        [gnupg-devel@gnupg.org])
+        [bug-gnupg@gnupg.org])
 # Set development_version to yes if the minor number is odd or you
 # feel that the default check for a development version is not
 # sufficient.
 development_version=yes
-NEED_GPG_ERROR_VERSION=1.0
 
+NEED_GPG_ERROR_VERSION=1.2
+
 NEED_LIBGCRYPT_API=1
 NEED_LIBGCRYPT_VERSION=1.1.94
 
 NEED_LIBASSUAN_VERSION=0.6.10
 
-NEED_KSBA_VERSION=0.9.13
+NEED_KSBA_VERSION=0.9.16
 
 
 PACKAGE=$PACKAGE_NAME
@@ -61,20 +62,24 @@
 
 AC_GNU_SOURCE
 
-# Some status variables to give feedback at the end of a configure run
+# Some status variables.
 have_gpg_error=no
 have_libgcrypt=no 
 have_libassuan=no
 have_ksba=no
 have_pth=no
 
+use_bzip2=yes
+use_exec=yes
+disable_keyserver_path=no
+
+
 GNUPG_BUILD_PROGRAM(gpg, no)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
 GNUPG_BUILD_PROGRAM(agent, yes)
 GNUPG_BUILD_PROGRAM(scdaemon, yes)
 GNUPG_BUILD_PROGRAM(symcryptrun, no)
 
-
 AC_SUBST(PACKAGE)
 AC_SUBST(PACKAGE_GT)
 AC_SUBST(VERSION)
@@ -140,8 +145,7 @@
       && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
 
 
-
-# Some folks want to use only the agent form this packet.  Make it
+# Some folks want to use only the agent from this packet.  Make it
 # easier for them by providing the configure option
 # --enable-only-agent.
 AC_ARG_ENABLE(agent-only,
@@ -149,9 +153,17 @@
     build_agent_only=$enableval)
 
 
+# SELinux support includes tracking of sensitive files to avoid
+# leaking their contents through processing these files by gpg itself
+AC_MSG_CHECKING([whether SELinux support is requested])
+AC_ARG_ENABLE(selinux-support,
+              AC_HELP_STRING([--enable-selinux-support],
+                             [enable SELinux support]),
+              selinux_support=$enableval, selinux_support=no)
+AC_MSG_RESULT($selinux_support)
+
 # Allow disabling of bzib2 support.
 # It is defined only after we confirm the library is available later
-use_bzip2=yes
 AC_MSG_CHECKING([whether to enable the BZIP2 compression algorithm])
 AC_ARG_ENABLE(bzip2,
    AC_HELP_STRING([--disable-bzip2],[disable the BZIP2 compression algorithm]),
@@ -204,92 +216,102 @@
   AC_MSG_RESULT($enableval)
 
   if test "$gnupg_cv_enable_keyserver_helpers" = yes ; then
+    # LDAP is defined only after we confirm the library is available later
     AC_MSG_CHECKING([whether LDAP keyserver support is requested])
     AC_ARG_ENABLE(ldap,
-    [  --disable-ldap          disable LDAP keyserver interface],
-        try_ldap=$enableval, try_ldap=yes)
+      AC_HELP_STRING([--disable-ldap],[disable LDAP keyserver interface only]),
+      try_ldap=$enableval, try_ldap=yes)
     AC_MSG_RESULT($try_ldap)
 
     AC_MSG_CHECKING([whether HKP keyserver support is requested])
     AC_ARG_ENABLE(hkp,
-    [  --disable-hkp           disable HKP keyserver interface],
-        try_hkp=$enableval, try_hkp=yes)
+      AC_HELP_STRING([--disable-hkp],[disable HKP keyserver interface only]),
+      try_hkp=$enableval, try_hkp=yes)
     AC_MSG_RESULT($try_hkp)
 
-    if test "$try_hkp" = yes ; then
-      AC_SUBST(GPGKEYS_HKP,"gpgkeys_hkp$EXEEXT")
-    fi
+    AC_MSG_CHECKING([whether finger key fetching support is requested])
+    AC_ARG_ENABLE(finger,
+      AC_HELP_STRING([--disable-finger],
+        [disable finger key fetching interface only]),
+      try_finger=$enableval, try_finger=yes)
+    AC_MSG_RESULT($try_finger)
 
+    AC_MSG_CHECKING([whether generic object key fetching support is requested])
+    AC_ARG_ENABLE(generic,
+      AC_HELP_STRING([--disable-generic],
+        [disable generic object key fetching interface only]),
+      try_generic=$enableval, try_generic=yes)
+    AC_MSG_RESULT($try_generic)
+
     AC_MSG_CHECKING([whether email keyserver support is requested])
     AC_ARG_ENABLE(mailto,
-    [  --disable-mailto        disable email keyserver interface],
-        try_mailto=$enableval, try_mailto=yes)
+      AC_HELP_STRING([--enable-mailto],
+	[enable email keyserver interface only]),
+      try_mailto=$enableval, try_mailto=no)
     AC_MSG_RESULT($try_mailto)
     fi
 
     AC_MSG_CHECKING([whether keyserver exec-path is enabled])
     AC_ARG_ENABLE(keyserver-path,
-        [  --disable-keyserver-path disable the exec-path option for keyserver helpers],
-        [if test "$enableval" = no ; then
-  	 AC_DEFINE(DISABLE_KEYSERVER_PATH,1,[define to disable exec-path for keyserver helpers])
-        fi],enableval=yes)
+      AC_HELP_STRING([--disable-keyserver-path],
+        [disable the exec-path option for keyserver helpers]),
+      [if test "$enableval" = no ; then
+         disable_keyserver_path=yes
+      fi],enableval=yes)
     AC_MSG_RESULT($enableval)
   fi
 
 
-dnl
-dnl Check for the key/uid cache size.  This can't be zero, but can be
-dnl pretty small on embedded systems.
-dnl
+#
+# Check for the key/uid cache size.  This can't be zero, but can be
+# pretty small on embedded systems.  This is used for the gpg part.
+#
 AC_MSG_CHECKING([for the size of the key and uid cache])
 AC_ARG_ENABLE(key-cache,
-	AC_HELP_STRING([--enable-key-cache=SIZE],[Set key cache to SIZE (default 4096)]),,enableval=4096)
-
+        AC_HELP_STRING([--enable-key-cache=SIZE],
+                       [Set key cache to SIZE (default 4096)]),,enableval=4096)
 if test "$enableval" = "no"; then
    enableval=5
 elif test "$enableval" = "yes" || test "$enableval" = ""; then
    enableval=4096
 fi
-
 changequote(,)dnl
 key_cache_size=`echo "$enableval" | sed 's/[A-Za-z]//g'`
 changequote([,])dnl
-
 if test "$enableval" != "$key_cache_size" || test "$key_cache_size" -lt 5; then
    AC_MSG_ERROR([invalid key-cache size])
 fi
-
 AC_MSG_RESULT($key_cache_size)
-AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,[Size of the key and UID caches])
+AC_DEFINE_UNQUOTED(PK_UID_CACHE_SIZE,$key_cache_size,
+                  [Size of the key and UID caches])
 
 
 
-dnl
-dnl Check whether we want to use Linux capabilities
-dnl
+#
+# Check whether we want to use Linux capabilities
+#
 AC_MSG_CHECKING([whether use of capabilities is requested])
 AC_ARG_WITH(capabilities,
     [  --with-capabilities     use linux capabilities [default=no]],
 [use_capabilities="$withval"],[use_capabilities=no])
 AC_MSG_RESULT($use_capabilities)
 
+#
+# To avoid double inclusion of config.h which might happen at some
+# places, we add the usual double inclusion protection at the top of
+# config.h.
+#
+AH_TOP([
+#ifndef GNUPG_CONFIG_H_INCLUDED
+#define GNUPG_CONFIG_H_INCLUDED
+])
 
+#
+# Stuff which goes at the bottom of config.h.
+#
 AH_BOTTOM([
-/* Some global constants. */
-#ifdef HAVE_DRIVE_LETTERS
-#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
-#elif defined(__VMS)
-#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" 
-#else
-#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
-#endif 
-#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
-
-/* Tell libgcrypt not to use its own libgpg-error implementation. */
-#define USE_LIBGPG_ERROR 1
-
 /* This is the major version number of GnuPG so that
-   source included files can test for this.  Note, that\
+   source included files can test for this.  Note, that
    we use 2 here even for GnuPG 1.9.x. */
 #define GNUPG_MAJOR_VERSION 2
 
@@ -322,6 +344,16 @@
 #define SAFE_VERSION_DOT  '.'
 #define SAFE_VERSION_DASH '-'
 
+/* Some global constants. */
+#ifdef HAVE_DRIVE_LETTERS
+#define GNUPG_DEFAULT_HOMEDIR "c:/gnupg"
+#elif defined(__VMS)
+#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" 
+#else
+#define GNUPG_DEFAULT_HOMEDIR "~/.gnupg"
+#endif 
+#define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d"
+
 /* For some systems (DOS currently), we hardcode the path here.  For
    POSIX systems the values are constructed by the Makefiles, so that
    the values may be overridden by the make invocations; this is to
@@ -357,13 +389,37 @@
 #define EXEC_TEMPFILE_ONLY
 #endif
 
-/* Temporary hacks to avoid requring a libgpg-error update. */
-#if !HAVE_DECL_GPG_ERR_LOCKED
-#define GPG_ERR_LOCKED  173
+
+/* We didn't define endianness above, so get it from OS macros.  This
+   is intended for making fat binary builds on OS X. */
+#if !defined(BIG_ENDIAN_HOST) && !defined(LITTLE_ENDIAN_HOST)
+#if defined(__BIG_ENDIAN__)
+#define BIG_ENDIAN_HOST 1
+#elif defined(__LITTLE_ENDIAN__)
+#define LITTLE_ENDIAN_HOST 1
+#else
+#error "No endianness found"
 #endif
+#endif
 
+
+/* Tell libgcrypt not to use its own libgpg-error implementation. */
+#define USE_LIBGPG_ERROR 1
+
+/* We use jnlib, so tell other modules about it.  */
+#define HAVE_JNLIB_LOGGING 1
+
+/* Our HTTP code is used in estream mode.  */
+#define HTTP_USE_ESTREAM 1
+
+/* We always include support for the OpenPGP card.  */
+#define ENABLE_CARD_SUPPORT 1
+
+
+#endif /*GNUPG_CONFIG_H_INCLUDED*/
 ])
 
+
 AM_MAINTAINER_MODE
 
 # Checks for programs.
@@ -380,7 +436,6 @@
 AC_PROG_CPP
 AC_PROG_INSTALL
 AC_PROG_LN_S
-AC_PROG_MAKE_SET
 AC_PROG_RANLIB
 AC_CHECK_TOOL(AR, ar, :)
 AC_PATH_PROG(PERL,"perl")
@@ -391,11 +446,13 @@
 AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
 GNUPG_CHECK_FAQPROG
 GNUPG_CHECK_DOCBOOK_TO_TEXI
+GNUPG_CHECK_USTAR
 
 
 try_gettext=yes
 have_dosish_system=no
 have_w32_system=no
+use_simple_gettext=no
 case "${host}" in
     *-mingw32*)
         # special stuff for Windoze NT
@@ -408,9 +465,11 @@
                   [because the Unix gettext has too much overhead on
                    MingW32 systems and these systems lack Posix functions,
                    we use a simplified version of gettext])
+        disable_keyserver_path=yes
         have_dosish_system=yes
         have_w32_system=yes
         try_gettext="no"
+	use_simple_gettext=yes
         ;;
     i?86-emx-os2 | i?86-*-os2*emx )
         # OS/2 with the EMX environment
@@ -448,11 +507,11 @@
         ;;
     *-dec-osf5*)
         if test -z "$GCC" ; then
-            # Use the newer compiler `-msg_disable ptrmismatch' to
+            # Use the newer compiler `-msg_disable ptrmismatch1' to
             # get rid of the unsigned/signed char mismatch warnings.
             # Using this may hide other pointer mismatch warnings, but
 	    # it at least lets other warning classes through
-            CFLAGS="$CFLAGS -msg_disable ptrmismatch"
+            CFLAGS="$CFLAGS -msg_disable ptrmismatch1"
         fi
         ;;
     m68k-atari-mint)
@@ -469,15 +528,31 @@
 fi
 AM_CONDITIONAL(HAVE_DOSISH_SYSTEM, test "$have_dosish_system" = yes)
 
+AM_CONDITIONAL(USE_SIMPLE_GETTEXT, test x"$use_simple_gettext" = xyes)
+
 if test "$have_w32_system" = yes; then
    AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
 fi
 AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
 
-# These need to go after AC_PROG_CC so that $EXEEXT is defined
+if test "$disable_keyserver_path" = yes; then
+    AC_DEFINE(DISABLE_KEYSERVER_PATH,1,
+              [Defined to disable exec-path for keyserver helpers])
+fi
+
+# (These need to go after AC_PROG_CC so that $EXEEXT is defined)
 AC_DEFINE_UNQUOTED(EXEEXT,"$EXEEXT",[The executable file extension, if any])
 
+if test x"$try_hkp" = xyes ; then
+  AC_SUBST(GPGKEYS_HKP,"gpg2keys_hkp$EXEEXT")
+fi
 
+if test x"$try_finger" = xyes ; then
+  AC_SUBST(GPGKEYS_FINGER,"gpg2keys_finger$EXEEXT")
+fi
+
+
+
 #
 # Checks for libraries.
 #
@@ -513,15 +588,12 @@
 # libksba is our X.509 support library
 #
 AM_PATH_KSBA("$NEED_KSBA_VERSION",have_ksba=yes,have_ksba=no)
-# fixme: Remove the following test and require newer libksba instead.
-_ksba_save_libs=$LIBS
-LIBS=$KSBA_LIBS
-AC_CHECK_FUNCS(ksba_dn_teststr)
-LIBS=$_ksba_save_libs
 
+
 #
 # libusb allows us to use the integrated CCID smartcard reader driver.
 #
+# FiXME: Use GNUPG_CHECK_LIBUSB and modify to use separate AC_SUBSTs.
 AC_CHECK_LIB(usb, usb_bulk_write,
               [ LIBUSB_LIBS="$LIBUSB_LIBS -lusb"
                 AC_DEFINE(HAVE_LIBUSB,1,
@@ -556,8 +628,9 @@
 	"${SHRED}", [defines the filename of the shred program])
 
 
+
 #
-# Check whether the (highly desirable) GNU Pth library is available
+# Check whether the GNU Pth library is available
 # Note, that we include a Pth emulation for W32.
 #
 AC_ARG_WITH(pth-prefix,
@@ -601,163 +674,166 @@
 AC_SUBST(PTH_LIBS)
 
 
-dnl Must check for network library requirements before doing link tests
-dnl for ldap, for example. If ldap libs are static (or dynamic and without
-dnl ELF runtime link paths), then link will fail and LDAP support won't
-dnl be detected.
-
+#
+# Must check for network library requirements before doing link tests
+# for ldap, for example. If ldap libs are static (or dynamic and without
+# ELF runtime link paths), then link will fail and LDAP support won't
+# be detected.
+#
 AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname,
 	[NETLIBS="-lnsl $NETLIBS"]))
 AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt,
 	[NETLIBS="-lsocket $NETLIBS"]))
 
-dnl Now try for the resolver functions so we can use DNS SRV
+#
+# Now try for the resolver functions so we can use DNS for SRV, PA and CERT.
+#
+if test x"$try_hkp" = xyes || test x"$try_http" = xyes ; then
+  AC_ARG_ENABLE(dns-srv,
+     AC_HELP_STRING([--disable-dns-srv],
+                    [disable the use of DNS SRV in HKP and HTTP]),
+                use_dns_srv=$enableval,use_dns_srv=yes)
+fi
 
-AC_ARG_ENABLE(dns-srv,
-   AC_HELP_STRING([--disable-dns-srv],[disable the use of DNS SRV in HKP]),
-   use_dns_srv=$enableval,use_dns_srv=yes)
+AC_ARG_ENABLE(dns-pka,
+   AC_HELP_STRING([--disable-dns-pka],
+	[disable the use of PKA records in DNS]),
+   use_dns_pka=$enableval,use_dns_pka=yes)
 
-if test x"$try_hkp" = xyes && test x"$use_dns_srv" = xyes ; then
-  _srv_save_libs=$LIBS
+AC_ARG_ENABLE(dns-cert,
+   AC_HELP_STRING([--disable-dns-cert],
+	[disable the use of CERT records in DNS]),
+   use_dns_cert=$enableval,use_dns_cert=yes)
+
+if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \
+   || test x"$use_dns_cert" = xyes; then
+  _dns_save_libs=$LIBS
   LIBS=""
   # the double underscore thing is a glibc-ism?
   AC_SEARCH_LIBS(res_query,resolv bind,,
-                 AC_SEARCH_LIBS(__res_query,resolv bind,,use_dns_srv=no))
+                 AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no))
   AC_SEARCH_LIBS(dn_expand,resolv bind,,
-                 AC_SEARCH_LIBS(__dn_expand,resolv bind,,use_dns_srv=no))
+                 AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no))
   AC_SEARCH_LIBS(dn_skipname,resolv bind,,
-                 AC_SEARCH_LIBS(__dn_skipname,resolv bind,,use_dns_srv=no))
+                 AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no))
 
-  if test x"$use_dns_srv" = xyes ; then
-     AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
-     SRVLIBS=$LIBS
-  else
-     AC_MSG_WARN([Resolver functions not found.  Disabling DNS SRV.])
-  fi
-  LIBS=$_srv_save_libs
-fi
+  if test x"$have_resolver" != xno ; then
 
-AC_SUBST(SRVLIBS)
+    # Make sure that the BIND 4 resolver interface is workable before
+    # enabling any code that calls it.  At some point I'll rewrite the
+    # code to use the BIND 8 resolver API.
 
-# Try and link a LDAP test program to weed out unusable LDAP
-# libraries.  -lldap [-llber [-lresolv]] is for OpenLDAP.  OpenLDAP in
-# general is terrible with creating weird dependencies.  If all else
-# fails, the user can play guess-the-dependency by using something
-# like ./configure LDAPLIBS="-Lfoo -lbar"
+    AC_MSG_CHECKING([whether the resolver is usable])
+    AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>],
+[[unsigned char answer[PACKETSZ];
+  res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+  dn_skipname(0,0); 
+  dn_expand(0,0,0,0,0);
+]])],have_resolver=yes,have_resolver=no)
+    AC_MSG_RESULT($have_resolver)
 
-if test "$try_ldap" = yes ; then
-  for MY_LDAPLIBS in ${LDAPLIBS+"$LDAPLIBS"} "-lldap" "-lldap -llber" "-lldap -llber -lresolv"; do
-    _ldap_save_libs=$LIBS
-    LIBS="$MY_LDAPLIBS $NETLIBS $LIBS"
+    # This is Apple-specific and somewhat bizarre as they changed the
+    # define in bind 8 for some reason.
 
-    AC_MSG_CHECKING([whether LDAP via \"$MY_LDAPLIBS\" is present and sane])
-    AC_TRY_LINK([#include <ldap.h>],[ldap_open("foobar",1234);],
-                [gnupg_cv_func_ldap_init=yes],[gnupg_cv_func_ldap_init=no])
-    AC_MSG_RESULT([$gnupg_cv_func_ldap_init])
-
-    if test $gnupg_cv_func_ldap_init = no; then
-      AC_MSG_CHECKING([whether I can make LDAP be sane with lber.h])
-      AC_TRY_LINK([#include <lber.h>
-#include <ldap.h>],[ldap_open("foobar",1234);],
-         [gnupg_cv_func_ldaplber_init=yes],[gnupg_cv_func_ldaplber_init=no])
-      AC_MSG_RESULT([$gnupg_cv_func_ldaplber_init])
+    if test x"$have_resolver" != xyes ; then
+       AC_MSG_CHECKING(
+             [whether I can make the resolver usable with BIND_8_COMPAT])
+       AC_LINK_IFELSE([AC_LANG_PROGRAM([#define BIND_8_COMPAT
+#include <sys/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>],
+[[unsigned char answer[PACKETSZ];
+  res_query("foo.bar",C_IN,T_A,answer,PACKETSZ);
+  dn_skipname(0,0); dn_expand(0,0,0,0,0);
+]])],[have_resolver=yes ; need_compat=yes])
+       AC_MSG_RESULT($have_resolver)
     fi
+  fi
 
-    if test "$gnupg_cv_func_ldaplber_init" = yes ; then
-       AC_DEFINE(NEED_LBER_H,1,[Define if the LDAP library requires including lber.h before ldap.h])
-    fi
+  if test x"$have_resolver" = xyes ; then
+     DNSLIBS=$LIBS
 
-    if test "$gnupg_cv_func_ldap_init" = yes || \
-  	test "$gnupg_cv_func_ldaplber_init" = yes ; then
-       LDAPLIBS=$MY_LDAPLIBS
-       GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT"
+     if test x"$use_dns_srv" = xyes ; then
+        AC_DEFINE(USE_DNS_SRV,1,[define to use DNS SRV])
+     fi
 
-       AC_MSG_CHECKING([whether LDAP supports ldap_get_option])
+     if test x"$use_dns_pka" = xyes ; then
+        AC_DEFINE(USE_DNS_PKA,1,[define to use our experimental DNS PKA])
+     fi
 
-       if test "$gnupg_cv_func_ldap_init" = yes ; then
-	  AC_TRY_LINK([#include <ldap.h>],
-	     [ldap_get_option((void *)0,0,(void *)0);],
-	     [gnupg_cv_func_ldap_get_option=yes],
-	     [gnupg_cv_func_ldap_get_option=no])
-	else
-	  AC_TRY_LINK([#include <lber.h>
-#include <ldap.h>],[ldap_get_option((void *)0,0,(void *)0);],
-	     [gnupg_cv_func_ldap_get_option=yes],
-	     [gnupg_cv_func_ldap_get_option=no])
-       fi
+     if test x"$use_dns_cert" = xyes ; then
+        AC_DEFINE(USE_DNS_CERT,1,[define to use DNS CERT])
+     fi
 
-       AC_MSG_RESULT([$gnupg_cv_func_ldap_get_option])
+     if test x"$need_compat" = xyes ; then
+        AC_DEFINE(BIND_8_COMPAT,1,[an Apple OSXism])
+     fi
+  else
+     use_dns_srv=no
+     use_dns_pka=no
+     use_dns_cert=no
+  fi
 
-       if test "$gnupg_cv_func_ldap_get_option" = yes ; then
-          AC_DEFINE(HAVE_LDAP_GET_OPTION,1,[Define if the LDAP library has ldap_get_option])
-       else
-          AC_MSG_CHECKING([whether LDAP supports ld_errno])
+  LIBS=$_dns_save_libs
+fi
 
-	  if test "$gnupg_cv_func_ldap_init" = yes ; then
-	    AC_TRY_COMPILE([#include <ldap.h>],
-	       [LDAP *ldap; ldap->ld_errno;],
-	       [gnupg_cv_func_ldap_ld_errno=yes],
-	       [gnupg_cv_func_ldap_ld_errno=no])
-	   else
-	    AC_TRY_LINK([#include <lber.h>
-#include <ldap.h>],[LDAP *ldap; ldap->ld_errno;],
-	       [gnupg_cv_func_ldap_ld_errno=yes],
-	       [gnupg_cv_func_ldap_ld_errno=no])
-          fi
+AC_SUBST(DNSLIBS)
 
-          AC_MSG_RESULT([$gnupg_cv_func_ldap_ld_errno])
+AM_CONDITIONAL(USE_DNS_SRV, test x"$use_dns_srv" = xyes)
 
-	  if test "$gnupg_cv_func_ldap_ld_errno" = yes ; then
-	     AC_DEFINE(HAVE_LDAP_LD_ERRNO,1,[Define if the LDAP library supports ld_errno])
-          fi
-       fi
-    fi
-
-    LIBS=$_ldap_save_libs
-
-    if test "$GPGKEYS_LDAP" != "" ; then break; fi
-  done
+#
+# Check for LDAP
+#
+if test "$try_ldap" = yes ; then
+   GNUPG_CHECK_LDAP($NETLIBS)
 fi
 
-AC_SUBST(GPGKEYS_LDAP)
-AC_SUBST(LDAPLIBS)
-
-
+#
 # Check for curl.  We fake the curl API if libcurl isn't installed.
+#
+LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
+AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
 
-# fixme: need to add this
-#LIBCURL_CHECK_CONFIG([yes],,,[fake_curl=yes])
-#AM_CONDITIONAL(FAKE_CURL,test x"$fake_curl" = xyes)
-AM_CONDITIONAL(FAKE_CURL,1)
-
 # Generic, for us, means curl
 
 if test x"$try_generic" = xyes ; then
-   AC_SUBST(GPGKEYS_CURL,"gpgkeys_curl$EXEEXT")
+   AC_SUBST(GPGKEYS_CURL,"gpg2keys_curl$EXEEXT")
 fi
 
-dnl This isn't necessarily sendmail itself, but anything that gives a
-dnl sendmail-ish interface to the outside world.  That includes qmail,
-dnl postfix, etc.  Basically, anything that can handle "sendmail -t".
-
+#
+# Check for sendmail
+#
+# This isn't necessarily sendmail itself, but anything that gives a
+# sendmail-ish interface to the outside world.  That includes Exim,
+# Postfix, etc.  Basically, anything that can handle "sendmail -t".
 if test "$try_mailto" = yes ; then
-  AC_ARG_WITH(mailprog,[  --with-mailprog=NAME    use "NAME -t" for mail transport],,with_mailprog=yes)
+  AC_ARG_WITH(mailprog,
+      AC_HELP_STRING([--with-mailprog=NAME],
+                     [use "NAME -t" for mail transport]),
+             ,with_mailprog=yes)
 
-  if test "$with_mailprog" = yes ; then
+  if test x"$with_mailprog" = xyes ; then
     AC_PATH_PROG(SENDMAIL,sendmail,,$PATH:/usr/sbin:/usr/libexec:/usr/lib)
     if test "$ac_cv_path_SENDMAIL" ; then
-      GPGKEYS_MAILTO="gpgkeys_mailto"
+      GPGKEYS_MAILTO="gpg2keys_mailto"
     fi
-  elif test "$with_mailprog" != no ; then
+  elif test x"$with_mailprog" != xno ; then
     AC_MSG_CHECKING([for a mail transport program])
     AC_SUBST(SENDMAIL,$with_mailprog)
     AC_MSG_RESULT($with_mailprog)
-    GPGKEYS_MAILTO="gpgkeys_mailto"
+    GPGKEYS_MAILTO="gpg2keys_mailto"
   fi
 fi
 
 AC_SUBST(GPGKEYS_MAILTO)
 
+#
+# Construct a printable name of the OS
+#
 case "${host}" in
     *-mingw32*)
         PRINTABLE_OS_NAME="MingW32"
@@ -783,6 +859,9 @@
                    [A human readable text with the name of the OS])
 
 
+#
+# Check for gettext
+#
 AM_GNU_GETTEXT_VERSION(0.14.1)
 if test "$try_gettext" = yes; then
   AM_GNU_GETTEXT(,[need-ngettext])
@@ -799,21 +878,50 @@
   AC_SUBST(USE_NLS)
   AC_SUBST(USE_INCLUDED_LIBINTL)
   AC_SUBST(BUILD_INCLUDED_LIBINTL)
+  AM_PO_SUBDIRS
 fi
 
+
+#
+# SELinux support
+#
+if test "$selinux_support" = yes ; then
+  AC_DEFINE(ENABLE_SELINUX_HACKS,1,[Define to enable SELinux support])
+fi
+
+
+#
 # Checks for header files.
+#
 AC_HEADER_STDC
-AC_CHECK_HEADERS(string.h unistd.h langinfo.h termio.h locale.h)
+AC_CHECK_HEADERS([string.h unistd.h langinfo.h termio.h locale.h getopt.h])
+AC_CHECK_HEADERS([pwd.h inttypes.h])
+# Note that we do not check for iconv here because this is done anyway
+# by the gettext checks and thus it allows us to disable the use of
+# iconv by using --disable-nls.
 
+
+#
 # Checks for typedefs, structures, and compiler characteristics.
+#
 AC_C_CONST
 AC_C_INLINE
+AC_C_VOLATILE
 AC_TYPE_SIZE_T
+AC_TYPE_MODE_T
 AC_TYPE_SIGNAL
 AC_DECL_SYS_SIGLIST
 
-GNUPG_CHECK_ENDIAN
+AC_ARG_ENABLE(endian-check,
+              AC_HELP_STRING([--disable-endian-check],
+	      [disable the endian check and trust the OS provided macros]),
+	      endiancheck=$enableval,endiancheck=yes)
 
+if test x"$endiancheck" = xyes ; then
+  GNUPG_CHECK_ENDIAN
+fi
+
+# fixme: we should get rid of the byte type
 GNUPG_CHECK_TYPEDEF(byte, HAVE_BYTE_TYPEDEF)
 GNUPG_CHECK_TYPEDEF(ushort, HAVE_USHORT_TYPEDEF)
 GNUPG_CHECK_TYPEDEF(ulong, HAVE_ULONG_TYPEDEF)
@@ -825,109 +933,69 @@
 AC_CHECK_SIZEOF(unsigned long)
 AC_CHECK_SIZEOF(unsigned long long)
 # Ensure that we have UINT64_C before we bother to check for uint64_t
-# fixme: really needed in gnupg?  I think it is only useful in libcgrypt.
+# Fixme: really needed in gnupg?  I think it is only useful in libcgrypt.
 AC_CACHE_CHECK([for UINT64_C],[gnupg_cv_uint64_c_works],
    AC_COMPILE_IFELSE(AC_LANG_PROGRAM([#include <inttypes.h>
-uint64_t foo=UINT64_C(42);]),gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
+       uint64_t foo=UINT64_C(42);]),
+     gnupg_cv_uint64_c_works=yes,gnupg_cv_uint64_c_works=no))
 if test "$gnupg_cv_uint64_c_works" = "yes" ; then
    AC_CHECK_SIZEOF(uint64_t)
 fi
- 
 
-
-
 if test "$ac_cv_sizeof_unsigned_short" = "0" \
    || test "$ac_cv_sizeof_unsigned_int" = "0" \
    || test "$ac_cv_sizeof_unsigned_long" = "0"; then
     AC_MSG_WARN([Hmmm, something is wrong with the sizes - using defaults]);
 fi
 
-dnl Do we have any 64-bit data types?
-if test "$ac_cv_sizeof_unsigned_int" != "8" \
-   && test "$ac_cv_sizeof_unsigned_long" != "8" \
-   && test "$ac_cv_sizeof_unsigned_long_long" != "8" \
-   && test "$ac_cv_sizeof_uint64_t" != "8"; then
-    AC_MSG_WARN([No 64-bit types.  Disabling SHA-384, and SHA-512])
-else
-  if test x"$use_sha512" = xyes ; then
-     AC_SUBST(SHA512_O,sha512.o)
-     AC_DEFINE(USE_SHA512,1,[Define to include the SHA-384 and SHA-512 digests])
-  fi
-fi
-
+#
 # fixme: do we really need this - it should be encapsulated in libassuan
+#
 GNUPG_SYS_SO_PEERCRED
 
+
+#
 # Checks for library functions.
+#
+AC_CHECK_DECLS(getpagesize)
 AC_FUNC_FSEEKO
 AC_FUNC_VPRINTF
 AC_FUNC_FORK
-AC_CHECK_FUNCS(strerror stpcpy strsep strlwr tcgetattr strtoul mmap)
-AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times gmtime_r)
-AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime)
-AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale)
-AC_CHECK_FUNCS(waitpid wait4 sigaction sigprocmask rand pipe stat getaddrinfo)
-AC_CHECK_FUNCS(fseeko ftello ttyname isascii)
+AC_CHECK_FUNCS([strerror stpcpy strsep strlwr tcgetattr strtoul mmap])
+AC_CHECK_FUNCS([strcasecmp strncasecmp ctermid times timegm gmtime_r])
+AC_CHECK_FUNCS([unsetenv getpwnam getpwuid fcntl ftruncate])
+AC_CHECK_FUNCS([memmove gettimeofday getrusage setrlimit clock_gettime])
+AC_CHECK_FUNCS([atexit raise getpagesize strftime nl_langinfo setlocale])
+AC_CHECK_FUNCS([waitpid wait4 sigaction sigprocmask pipe stat getaddrinfo])
+AC_CHECK_FUNCS([ttyname isascii memrchr rand ftello])
 
 AC_CHECK_TYPES([struct sigaction, sigset_t],,,[#include <signal.h>])
 
+#
 # gnulib checks
+#
 gl_SOURCE_BASE(gl)
 gl_M4_BASE(gl/m4)
 gl_MODULES(setenv strsep mkdtemp vasprintf xsize)
 gl_INIT
 
-# These are needed by libjnlib - fixme: we should have macros for them
-AC_CHECK_FUNCS(memicmp stpcpy strlwr strtoul memmove stricmp strtol)
-AC_CHECK_FUNCS(getrusage setrlimit stat setlocale)
-AC_CHECK_FUNCS(flockfile funlockfile fopencookie funopen)
 
-
 #
-# check for gethrtime and run a testprogram to see whether
-# it is broken.  It has been reported that some Solaris and HP UX systems 
-# raise an SIGILL
+# These are needed by libjnlib - fixme: we should have macros for them
 #
-#  fixme: Do we need this - iirc, this is only used by libgcrypt.
-#
-AC_CACHE_CHECK([for gethrtime], 
-               [gnupg_cv_func_gethrtime],
-               [AC_TRY_LINK([#include <sys/times.h>],[
-                   hrtime_t tv;
-                   tv = gethrtime();
-                 ],
-                 [gnupg_cv_func_gethrtime=yes],
-                 [gnupg_cv_func_gethrtime=no])
-               ])
-if test $gnupg_cv_func_gethrtime = yes; then
-     AC_DEFINE([HAVE_GETHRTIME], 1,
-               [Define if you have the `gethrtime(2)' function.])
-     AC_CACHE_CHECK([whether gethrtime is broken], 
-               [gnupg_cv_func_broken_gethrtime],
-               [AC_TRY_RUN([
-                   #include <sys/times.h>
-                   int main () {
-                   hrtime_t tv;
-                   tv = gethrtime(); 
-                 }
-                 ],
-                 [gnupg_cv_func_broken_gethrtime=no],
-                 [gnupg_cv_func_broken_gethrtime=yes],
-                 [gnupg_cv_func_broken_gethrtime=assume-no])
-                ])
-    if test $gnupg_cv_func_broken_gethrtime = yes; then
-      AC_DEFINE([HAVE_BROKEN_GETHRTIME], 1,
-      [Define if `gethrtime(2)' does not work correctly i.e. issues a SIGILL.])
-    fi
-fi
-     
+AC_CHECK_FUNCS([memicmp stpcpy strlwr strtoul memmove stricmp strtol])
+AC_CHECK_FUNCS([getrusage setrlimit stat setlocale])
+AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen])
 
+
+
 GNUPG_CHECK_MLOCK
+
 GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
 
-dnl
-dnl Check whether we can use Linux capabilities as requested
-dnl
+#
+# Check whether we can use Linux capabilities as requested
+#
 #  fixme: Still required?
 #
 if test "$use_capabilities" = "yes" ; then
@@ -956,13 +1024,15 @@
 fi
 fi
 
-
+#
 # Sanity check regex.  Tests adapted from mutt.
-
+# FIXME: We should use the the regex from gnulib
+#
 AC_MSG_CHECKING([whether regular expression support is requested])
 AC_ARG_ENABLE(regex,
-[  --disable-regex         do not handle regular expressions in trust sigs],
-     use_regex=$enableval, use_regex=yes)
+  AC_HELP_STRING([--disable-regex],
+    [do not handle regular expressions in trust signatures]),
+  use_regex=$enableval, use_regex=yes)
 AC_MSG_RESULT($use_regex)
 
 if test "$use_regex" = yes ; then
@@ -994,14 +1064,16 @@
   fi
 
   if test $gnupg_cv_included_regex = yes; then
-     AC_DEFINE(USE_GNU_REGEX,1,[ Define if you want to use the included regex lib ])
-     AC_SUBST(REGEX_O,regex.o)
+     AC_DEFINE(USE_INTERNAL_REGEX,1,[ Define if you want to use the included regex lib ])
   fi
 else
-
   AC_DEFINE(DISABLE_REGEX,1,[ Define to disable regular expression support ])
 fi
 
+AM_CONDITIONAL(USE_INTERNAL_REGEX, test x"$gnupg_cv_included_regex" = xyes)
+
+
+
 #
 # Do we have zlib? Must do it here because Solaris failed
 # when compiling a conftest (due to the "-lz" from LIBS).
@@ -1058,16 +1130,20 @@
 AC_SUBST(ZLIBS)
 
 
+# Check for readline support
+GNUPG_CHECK_READLINE
+
 # See wether we want to run the long test suite.
 AC_ARG_WITH(pkits-tests,
     AC_HELP_STRING([--with-pkits-tests],[run the PKITS based tests]),
     [run_pkits_tests=$withval], [run_pkits_tests=no])
 AM_CONDITIONAL(RUN_PKITS_TESTS, test "$run_pkits_tests" = "yes")
 
-
+#
 # Allow users to append something to the version string without
 # flagging it as development version.  The user version parts is
 # considered everything after a dash. 
+#
 if test "$development_version" != yes; then
   changequote(,)dnl
   tmp_pat='[a-zA-Z]'
@@ -1091,16 +1167,36 @@
    W32LIBS="-lwsock32"
 fi
 
+AC_SUBST(NETLIBS)
+AC_SUBST(W32LIBS)
 
+
+#
+# Setup gcc specific options
+#
 if test "$GCC" = yes; then
+    # Note that it is okay to use CFLAGS here because this are just
+    # warning options and the user should have a chance of overriding
+    # them.
     if test "$USE_MAINTAINER_MODE" = "yes"; then
         CFLAGS="$CFLAGS -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
-        CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security"
+        CFLAGS="$CFLAGS -Wno-format-y2k -Wformat-security -Wformat-nonliteral"
     else
         CFLAGS="$CFLAGS -Wall"
     fi
+
+    AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
+    _gcc_cflags_save=$CFLAGS
+    CFLAGS="-Wno-pointer-sign"
+    AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_psign=yes,_gcc_psign=no)
+    AC_MSG_RESULT($_gcc_psign)
+    CFLAGS=$_gcc_cflags_save;
+    if test x"$_gcc_psign" = xyes ; then
+       CFLAGS="$CFLAGS -Wno-pointer-sign"
+    fi
 fi
 
+
 #
 # This is handy for debugging so the compiler doesn't rearrange
 # things and eliminate variables.
@@ -1112,18 +1208,9 @@
                       CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
                    fi])
 
-
-
-
-AC_SUBST(NETLIBS)
-AC_SUBST(W32LIBS)
-
-
-# We use jnlib, so tell other modules about it
-AC_DEFINE(HAVE_JNLIB_LOGGING, 1,
-          [Defined if jnlib style logging functions are available])
-
+#
 # For W32 we need to use our Pth emulation code
+#
 if test "$have_w32_system" = yes; then
   AC_CONFIG_LINKS(pth.h:jnlib/w32-pth.h)
 fi
@@ -1254,13 +1341,13 @@
 sm/Makefile
 agent/Makefile
 scd/Makefile
+keyserver/Makefile
 tools/Makefile
 doc/Makefile
 tests/Makefile
 ])
 AC_OUTPUT
 
-#./autogen      keyserver/Makefile
 #tests/pkits/Makefile
 
 

Modified: trunk/doc/gpg-agent.texi
===================================================================
--- trunk/doc/gpg-agent.texi	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/doc/gpg-agent.texi	2006-08-16 10:47:53 UTC (rev 4220)
@@ -430,7 +430,7 @@
   hash mark, as well as empty lines are ignored.  To mark a key as trusted
   you need to enter its fingerprint followed by a space and a capital
   letter @code{S}.  Colons may optionally be used to separate the bytes of
-  a fingerprint; this allows to cut and paste the fingeperint from a key
+  a fingerprint; this allows to cut and paste the fingerprint from a key
   listing output.
   
   Here is an example where two keys are marked as ultimately trusted:

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/ChangeLog	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,21 @@
+2006-08-16  Werner Koch  <wk@g10code.com>
+
+	* keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_.  This is so
+	that we can install helpers from 1.4 and 2 without conflicts and
+	first of all don't get lost with weird bug reports.
+
+	* keyid.c (serialno_and_fpr_from_sk): New. Actually lost during
+	the last 1.4 to 1.9 merge.
+
+	* gpg.c (list_config): Output ccid-reader-id only for gnupg 1.
+
+	* call-agent.c (agent_scd_writekey): New.
+	(inq_writekey_parms): New.
+
+	* gpgv.c: Include call-agent.h for use by stubs.
+
+	* misc.c: Include call-agent.h for use by get_signature_count.
+
 2006-07-27  Werner Koch  <wk@g10code.com>
 
 	* parse-packet.c (parse_comment): Cap comments at 65k.

Modified: trunk/g10/Makefile.am
===================================================================
--- trunk/g10/Makefile.am	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/Makefile.am	2006-08-16 10:47:53 UTC (rev 4220)
@@ -108,7 +108,8 @@
 #	       ks-db.h \
 #	       $(common_source)
 
-LDADD =  $(needed_libs) $(ZLIBS) @LIBINTL@ @CAPLIBS@ @W32LIBS@ 
+LDADD =  $(needed_libs) $(ZLIBS) $(DNSLIBS) $(LIBREADLINE) \
+         $(LIBINTL) $(CAPLIBS) $(W32LIBS)
 gpg2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
 gpgv2_LDADD = $(LIBGCRYPT_LIBS) $(LDADD) -lassuan -lgpg-error
 

Modified: trunk/g10/call-agent.c
===================================================================
--- trunk/g10/call-agent.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/call-agent.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,5 +1,5 @@
 /* call-agent.c - divert operations to the agent
- *	Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2003, 2006 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -47,17 +47,26 @@
 # define DBG_ASSUAN 1
 #endif
 
-static ASSUAN_CONTEXT agent_ctx = NULL;
+static assuan_context_t agent_ctx = NULL;
 static int force_pipe_server = 1; /* FIXME: set this back to 0. */
 
-struct cipher_parm_s {
-  ASSUAN_CONTEXT ctx;
+struct cipher_parm_s 
+{
+  assuan_context_t ctx;
   const char *ciphertext;
   size_t ciphertextlen;
 };
 
-struct genkey_parm_s {
-  ASSUAN_CONTEXT ctx;
+struct writekey_parm_s
+{
+  assuan_context_t ctx;
+  const unsigned char *keydata;
+  size_t keydatalen;
+};
+
+struct genkey_parm_s 
+{
+  assuan_context_t ctx;
   const char *sexp;
   size_t sexplen;
 };
@@ -672,7 +681,49 @@
   return map_assuan_err (rc);
 }
 
+
 
+/* Handle a KEYDATA inquiry.  Note, we only send the data,
+   assuan_transact takes care of flushing and writing the end */
+static assuan_error_t
+inq_writekey_parms (void *opaque, const char *keyword)
+{
+  struct writekey_parm_s *parm = opaque; 
+
+  return assuan_send_data (parm->ctx, parm->keydata, parm->keydatalen);
+}
+
+
+/* Send a WRITEKEY command to the SCdaemon. */
+int 
+agent_scd_writekey (int keyno, const char *serialno,
+                    const unsigned char *keydata, size_t keydatalen)
+{
+  int rc;
+  char line[ASSUAN_LINELENGTH];
+  struct writekey_parm_s parms;
+
+  rc = start_agent ();
+  if (rc)
+    return rc;
+
+  memset (&parms, 0, sizeof parms);
+
+  snprintf (line, DIM(line)-1, "SCD WRITEKEY --force OPENPGP.%d", keyno);
+  line[DIM(line)-1] = 0;
+  parms.ctx = agent_ctx;
+  parms.keydata = keydata;
+  parms.keydatalen = keydatalen;
+  
+  rc = assuan_transact (agent_ctx, line, NULL, NULL,
+                        inq_writekey_parms, &parms, NULL, NULL);
+
+  return map_assuan_err (rc);
+}
+
+
+
+
 /* Status callback for the SCD GENKEY command. */
 static AssuanError
 scd_genkey_cb (void *opaque, const char *line)
@@ -765,7 +816,7 @@
 int
 agent_scd_pksign (const char *serialno, int hashalgo,
                   const unsigned char *indata, size_t indatalen,
-                  char **r_buf, size_t *r_buflen)
+                  unsigned char **r_buf, size_t *r_buflen)
 {
   int rc, i;
   char *p, line[ASSUAN_LINELENGTH];
@@ -822,7 +873,7 @@
 int
 agent_scd_pkdecrypt (const char *serialno,
                      const unsigned char *indata, size_t indatalen,
-                     char **r_buf, size_t *r_buflen)
+                     unsigned char **r_buf, size_t *r_buflen)
 {
   int rc, i;
   char *p, line[ASSUAN_LINELENGTH];

Modified: trunk/g10/call-agent.h
===================================================================
--- trunk/g10/call-agent.h	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/call-agent.h	2006-08-16 10:47:53 UTC (rev 4220)
@@ -82,6 +82,10 @@
                        const unsigned char *value, size_t valuelen,
                        const char *serialno);
 
+/* Send a WRITEKEY command to the SCdaemon. */
+int agent_scd_writekey (int keyno, const char *serialno,
+                        const unsigned char *keydata, size_t keydatalen);
+
 /* Send a GENKEY command to the SCdaemon. */
 int agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force,
                       const char *serialno);
@@ -89,12 +93,12 @@
 /* Send a PKSIGN command to the SCdaemon. */
 int agent_scd_pksign (const char *keyid, int hashalgo,
                       const unsigned char *indata, size_t indatalen,
-                      char **r_buf, size_t *r_buflen);
+                      unsigned char **r_buf, size_t *r_buflen);
 
 /* Send a PKDECRYPT command to the SCdaemon. */
 int agent_scd_pkdecrypt (const char *serialno,
                          const unsigned char *indata, size_t indatalen,
-                         char **r_buf, size_t *r_buflen);
+                         unsigned char **r_buf, size_t *r_buflen);
 
 /* Change the PIN of an OpenPGP card or reset the retry counter. */
 int agent_scd_change_pin (int chvno, const char *serialno);

Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/gpg.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1434,7 +1434,9 @@
 
       if(show_all || ascii_strcasecmp(name,"ccid-reader-id")==0)
 	{
-#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB)
+#if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) \
+    && GNUPG_MAJOR_VERSION == 1
+
           char *p, *p2, *list = ccid_get_reader_list ();
 
           for (p=list; p && (p2 = strchr (p, '\n')); p = p2+1)
@@ -3871,10 +3873,6 @@
 void
 g10_exit( int rc )
 {
-#ifdef ENABLE_CARD_SUPPORT
-  card_close ();
-#endif
-
   gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
   if ( (opt.debug & DBG_MEMSTAT_VALUE) )
     {

Modified: trunk/g10/gpgv.c
===================================================================
--- trunk/g10/gpgv.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/gpgv.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -49,6 +49,7 @@
 #include "ttyio.h"
 #include "i18n.h"
 #include "status.h"
+#include "call-agent.h"
 
 
 enum cmd_and_opt_values { aNull = 0,

Modified: trunk/g10/keydb.h
===================================================================
--- trunk/g10/keydb.h	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keydb.h	2006-08-16 10:47:53 UTC (rev 4220)
@@ -292,6 +292,8 @@
 const char *colon_expirestr_from_sig (PKT_signature *sig);
 byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf, size_t *ret_len );
 byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
+char *serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
+                                PKT_secret_key *sk);
 
 /*-- kbnode.c --*/
 KBNODE new_kbnode( PACKET *pkt );

Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keygen.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -2921,6 +2921,7 @@
   PKT_secret_key *sk = NULL;
   int i;
   size_t nskey, npkey;
+  gcry_sexp_t s_parms, s_key;
 
   npkey = pubkey_get_npkey (algo);
   nskey = pubkey_get_nskey (algo);
@@ -3613,8 +3614,8 @@
   if ( !info.n || !info.e )
     {
       log_error ("communication error with SCD\n");
-      mpi_free (info.n);
-      mpi_free (info.e);
+      gcry_mpi_release (info.n);
+      gcry_mpi_release (info.e);
       return gpg_error (GPG_ERR_GENERAL);
     }
   
@@ -3672,7 +3673,7 @@
   int rc;
   const char *s;
   PACKET *pkt;
-  PKT_secret_key *sk, *sk_unprotected, *sk_protected;
+  PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
   PKT_public_key *pk;
   size_t n;
   int i;
@@ -3697,7 +3698,7 @@
   n = pubkey_get_nskey (sk->pubkey_algo);
   for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
     {
-      mpi_free (sk->skey[i]);
+      gcry_mpi_release (sk->skey[i]);
       sk->skey[i] = NULL;
     }
   i = pubkey_get_npkey (sk->pubkey_algo);
@@ -3733,12 +3734,13 @@
     umask (oldmask);
     if (!fp) 
       {
+        rc = gpg_error_from_errno (errno);
 	log_error (_("can't create backup file `%s': %s\n"),
                    fname, strerror(errno) );
         xfree (fname);
         free_secret_key (sk_unprotected);
         free_secret_key (sk_protected);
-        return G10ERR_OPEN_FILE;
+        return rc;
       }
 
     pkt = xcalloc (1, sizeof *pkt);
@@ -3754,7 +3756,7 @@
       }
     else
       {
-        byte array[MAX_FINGERPRINT_LEN];
+        unsigned char array[MAX_FINGERPRINT_LEN];
         char *fprbuf, *p;
        
         iobuf_close (fp);
@@ -3831,11 +3833,11 @@
   assert (!sk->is_protected);
 
   /* Copy the parameters into straight buffers. */
-  rsa_n = mpi_get_secure_buffer (sk->skey[0], &rsa_n_len, NULL);
-  rsa_e = mpi_get_secure_buffer (sk->skey[1], &rsa_e_len, NULL);
-  rsa_p = mpi_get_secure_buffer (sk->skey[3], &rsa_p_len, NULL);
-  rsa_q = mpi_get_secure_buffer (sk->skey[4], &rsa_q_len, NULL);
-  if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
+  gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
+  gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
+  gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[2]);
+  gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[3]);
+   if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
     {
       rc = G10ERR_INV_ARG;
       goto leave;

Modified: trunk/g10/keyid.c
===================================================================
--- trunk/g10/keyid.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keyid.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -812,3 +812,28 @@
   *ret_len = len;
   return array;
 }
+
+
+/* Create a serialno/fpr string from the serial number and the secret
+   key.  Caller must free the returned string.  There is no error
+   return.  */
+char *
+serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen,
+                          PKT_secret_key *sk)
+{
+  unsigned char fpr[MAX_FINGERPRINT_LEN];
+  size_t fprlen;
+  char *buffer, *p;
+  int i;
+  
+  fingerprint_from_sk (sk, fpr, &fprlen);
+  buffer = p = xmalloc (snlen*2 + 1 + fprlen*2 + 1);
+  for (i=0; i < snlen; i++, p+=2)
+    sprintf (p, "%02X", sn[i]);
+  *p++ = '/';
+  for (i=0; i < fprlen; i++, p+=2)
+    sprintf (p, "%02X", fpr[i]);
+  *p = 0;
+  return buffer;
+}
+

Modified: trunk/g10/keyserver.c
===================================================================
--- trunk/g10/keyserver.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/keyserver.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -941,7 +941,11 @@
   return 0;
 }
 
+#if GNUPG_MAJOR_VERSION == 2
+#define GPGKEYS_PREFIX "gpg2keys_"
+#else
 #define GPGKEYS_PREFIX "gpgkeys_"
+#endif
 #define GPGKEYS_CURL GPGKEYS_PREFIX "curl" EXEEXT
 #define GPGKEYS_PREFIX_LEN (strlen(GPGKEYS_CURL))
 #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""

Modified: trunk/g10/misc.c
===================================================================
--- trunk/g10/misc.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/misc.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -64,6 +64,7 @@
 #include "main.h"
 #include "photoid.h"
 #include "options.h"
+#include "call-agent.h"
 #include "i18n.h"
 
 
@@ -490,7 +491,9 @@
 }
 #endif
 
-static unsigned long get_signature_count(PKT_secret_key *sk)
+
+static unsigned long 
+get_signature_count (PKT_secret_key *sk)
 {
 #ifdef ENABLE_CARD_SUPPORT
   if(sk && sk->is_protected && sk->protect.s2k.mode==1002)

Modified: trunk/g10/pubkey-enc.c
===================================================================
--- trunk/g10/pubkey-enc.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/g10/pubkey-enc.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -37,6 +37,7 @@
 #include "main.h"
 #include "i18n.h"
 #include "pkglue.h"
+#include "call-agent.h"
 
 
 static int get_it( PKT_pubkey_enc *k,

Modified: trunk/include/ChangeLog
===================================================================
--- trunk/include/ChangeLog	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/include/ChangeLog	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,8 @@
+2006-08-16  Werner Koch  <wk@g10code.com>
+
+	* keyserver.h:  Moved to ../common.
+	* http.h: Retired.
+
 2006-04-28  Werner Koch  <wk@g10code.com>
 
 	* cipher.h (DIGEST_ALGO_SHA224): Define it.

Modified: trunk/include/distfiles
===================================================================
--- trunk/include/distfiles	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/include/distfiles	2006-08-16 10:47:53 UTC (rev 4220)
@@ -7,7 +7,6 @@
 i18n.h
 host2net.h
 http.h
-keyserver.h
 _regex.h
 
 ChangeLog

Modified: trunk/include/http.h
===================================================================
--- trunk/include/http.h	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/include/http.h	2006-08-16 10:47:53 UTC (rev 4220)
@@ -23,6 +23,9 @@
 #ifndef G10_HTTP_H
 #define G10_HTTP_H 1
 
+#error this file should not be used anymore
+
+
 #include "../common/iobuf.h"
 
 struct uri_tuple {

Deleted: trunk/include/keyserver.h

Modified: trunk/keyserver/ChangeLog
===================================================================
--- trunk/keyserver/ChangeLog	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/ChangeLog	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,3 +1,20 @@
+2006-08-16  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am: Renamed all binaries to gpg2keys_*.
+	(gpg2keys_ldap_CPPFLAGS): Add AM_CPPFLAGS.
+
+2006-08-15  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am: Adjusted to the gnupg2 framework.
+
+2006-08-14  Werner Koch  <wk@g10code.com>
+
+	* curl-shil.c, curl-shim.h: Changed to make use of the new http.c
+	API.
+
+	* curl-shim.c (curl_easy_perform): Add missing http_close to the
+	POST case.
+
 2006-07-24  David Shaw  <dshaw@jabberwocky.com>  (wk)
 
 	* curl-shim.c (curl_easy_perform): Minor cleanup of proxy code.

Modified: trunk/keyserver/Makefile.am
===================================================================
--- trunk/keyserver/Makefile.am	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/Makefile.am	2006-08-16 10:47:53 UTC (rev 4220)
@@ -18,36 +18,47 @@
 
 ## Process this file with automake to produce Makefile.in
 
-INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
-EXTRA_PROGRAMS = gpgkeys_ldap gpgkeys_hkp gpgkeys_finger gpgkeys_curl
-EXTRA_SCRIPTS = gpgkeys_mailto
+EXTRA_PROGRAMS = gpg2keys_ldap gpg2keys_hkp gpg2keys_finger gpg2keys_curl
+EXTRA_SCRIPTS = gpg2keys_mailto
 
-gpglibexecdir = $(libexecdir)/@PACKAGE@
+AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl 
 
-gpglibexec_PROGRAMS = @GPGKEYS_LDAP@ @GPGKEYS_HKP@ @GPGKEYS_FINGER@ @GPGKEYS_CURL@
-gpglibexec_SCRIPTS = @GPGKEYS_MAILTO@
+AM_CFLAGS = $(LIBGCRYPT_CFLAGS)
+
+include $(top_srcdir)/am/cmacros.am
+
+libexec_PROGRAMS = $(GPGKEYS_LDAP) $(GPGKEYS_HKP) $(GPGKEYS_FINGER) \
+                   $(GPGKEYS_CURL)
+libexec_SCRIPTS = $(GPGKEYS_MAILTO)
 noinst_SCRIPTS = gpgkeys_test
 
-gpgkeys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
-gpgkeys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
-gpgkeys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
-gpgkeys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
-
+needed_libs = ../gl/libgnu.a ../common/libcommon.a ../jnlib/libjnlib.a
 other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS)
 
-gpgkeys_ldap_CPPFLAGS = @LDAP_CPPFLAGS@
-gpgkeys_ldap_LDADD = ../util/libutil.a @LDAPLIBS@ @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
+gpg2keys_ldap_SOURCES = gpgkeys_ldap.c ksutil.c ksutil.h
+gpg2keys_hkp_SOURCES = gpgkeys_hkp.c ksutil.c ksutil.h
+gpg2keys_finger_SOURCES = gpgkeys_finger.c ksutil.c ksutil.h
+gpg2keys_curl_SOURCES = gpgkeys_curl.c ksutil.c ksutil.h
 
-gpgkeys_finger_LDADD = ../util/libutil.a @NETLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
 
+gpg2keys_ldap_CPPFLAGS = $(LDAP_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_ldap_LDADD = $(needed_libs) $(LDAPLIBS) $(NETLIBS) \
+                      $(other_libs) $(W32LIBS)
+
+gpg2keys_finger_LDADD = $(needed_libs) $(LIBGCRYPT_LIBS) \
+                        $(NETLIBS) $(other_libs) $(W32LIBS)
+
 if FAKE_CURL
-gpgkeys_curl_SOURCES += curl-shim.c curl-shim.h
-gpgkeys_curl_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
-gpgkeys_hkp_SOURCES += curl-shim.c curl-shim.h
-gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @SRVLIBS@ $(other_libs) @GETOPT@ @W32LIBS@
+gpg2keys_curl_SOURCES += curl-shim.c curl-shim.h
+gpg2keys_curl_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
+	              $(other_libs) $(W32LIBS)
+gpg2keys_hkp_SOURCES += curl-shim.c curl-shim.h
+gpg2keys_hkp_LDADD = $(needed_libs) $(NETLIBS) $(DNSLIBS) \
+	             $(other_libs) $(W32LIBS)
 else
-gpgkeys_curl_CPPFLAGS = @LIBCURL_CPPFLAGS@
-gpgkeys_curl_LDADD = @LIBCURL@ @GETOPT@
-gpgkeys_hkp_CPPFLAGS = @LIBCURL_CPPFLAGS@
-gpgkeys_hkp_LDADD = @LIBCURL@ @GETOPT@
+gpg2keys_curl_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_curl_LDADD = $(LIBCURL) $(GETOPT)
+gpg2keys_hkp_CPPFLAGS = $(LIBCURL_CPPFLAGS) $(AM_CPPFLAGS)
+gpg2keys_hkp_LDADD = $(LIBCURL) $(GETOPT)
 endif
+

Modified: trunk/keyserver/curl-shim.c
===================================================================
--- trunk/keyserver/curl-shim.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/curl-shim.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -27,6 +27,7 @@
 #include <string.h>
 #include <stdio.h>
 #include <errno.h>
+
 #include "http.h"
 #include "util.h"
 #include "ksutil.h"
@@ -100,7 +101,11 @@
 void
 curl_easy_cleanup(CURL *curl)
 {
-  free(curl);
+  if (curl)
+    {
+      http_close (curl->hd);
+      free(curl);
+    }
 }
 
 CURLcode
@@ -177,42 +182,46 @@
 
   if(curl->flags.post)
     {
-      rc=http_open(&curl->hd,HTTP_REQ_POST,curl->url,curl->auth,0,proxy);
-      if(rc==0)
+      rc = http_open (&curl->hd, HTTP_REQ_POST, curl->url, curl->auth,
+                      0, proxy, NULL);
+      if (!rc)
 	{
-	  char content_len[50];
-	  unsigned int post_len=strlen(curl->postfields);
+	  unsigned int post_len = strlen(curl->postfields);
 
-	  iobuf_writestr(curl->hd.fp_write,
-			 "Content-Type: application/x-www-form-urlencoded\r\n");
-	  sprintf(content_len,"Content-Length: %u\r\n",post_len);
+	  es_fprintf (http_get_write_ptr (curl->hd),
+                      "Content-Type: application/x-www-form-urlencoded\r\n"
+                      "Content-Length: %u\r\n", post_len);
+	  http_start_data (curl->hd);
+	  es_write (http_get_write_ptr (curl->hd),
+                    curl->postfields, post_len, NULL);
 
-	  iobuf_writestr(curl->hd.fp_write,content_len);
-
-	  http_start_data(&curl->hd);
-	  iobuf_write(curl->hd.fp_write,curl->postfields,post_len);
-	  rc=http_wait_response(&curl->hd,&curl->status);
-	  if(rc==0 && curl->flags.failonerror && curl->status>=300)
-	    err=CURLE_HTTP_RETURNED_ERROR;
+	  rc = http_wait_response (curl->hd);
+          curl->status = http_get_status_code (curl->hd);
+	  if (!rc && curl->flags.failonerror && curl->status>=300)
+	    err = CURLE_HTTP_RETURNED_ERROR;
+          http_close(curl->hd);
+          curl->hd = NULL;
 	}
     }
   else
     {
-      rc=http_open(&curl->hd,HTTP_REQ_GET,curl->url,curl->auth,0,proxy);
-      if(rc==0)
+      rc = http_open (&curl->hd, HTTP_REQ_GET, curl->url, curl->auth,
+                      0, proxy, NULL);
+      if (!rc)
 	{
-	  rc=http_wait_response(&curl->hd,&curl->status);
-	  if(rc==0)
+	  rc = http_wait_response (curl->hd);
+          curl->status = http_get_status_code (curl->hd);
+	  if (!rc)
 	    {
-	      if(curl->flags.failonerror && curl->status>=300)
-		err=CURLE_HTTP_RETURNED_ERROR;
+	      if (curl->flags.failonerror && curl->status>=300)
+		err = CURLE_HTTP_RETURNED_ERROR;
 	      else
 		{
-		  unsigned int maxlen=1024,buflen,len;
-		  byte *line=NULL;
+		  unsigned int maxlen = 1024, buflen, len;
+		  unsigned char *line = NULL;
 
-		  while((len=iobuf_read_line(curl->hd.fp_read,
-					     &line,&buflen,&maxlen)))
+		  while ((len = es_read_line (http_get_read_ptr (curl->hd),
+                                              &line, &buflen, &maxlen)))
 		    {
 		      size_t ret;
 
@@ -226,12 +235,16 @@
 			}
 		    }
 
-		  xfree(line);
-		  http_close(&curl->hd);
+		  es_free (line);
+		  http_close(curl->hd);
+                  curl->hd = NULL;
 		}
 	    }
 	  else
-	    http_close(&curl->hd);
+            {
+              http_close (curl->hd);
+              curl->hd = NULL;
+            }
 	}
     }
 

Modified: trunk/keyserver/curl-shim.h
===================================================================
--- trunk/keyserver/curl-shim.h	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/curl-shim.h	2006-08-16 10:47:53 UTC (rev 4220)
@@ -73,7 +73,7 @@
     unsigned int failonerror:1;
     unsigned int verbose:1;
   } flags;
-  struct http_context hd;
+  http_t hd;
 } CURL;
 
 #define CURL_ERROR_SIZE 256

Modified: trunk/keyserver/gpgkeys_finger.c
===================================================================
--- trunk/keyserver/gpgkeys_finger.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/keyserver/gpgkeys_finger.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -46,6 +46,7 @@
 #include "util.h"
 #include "keyserver.h"
 #include "ksutil.h"
+#include "iobuf.h"
 
 #ifdef _WIN32
 #define sock_close(a)  closesocket(a)
@@ -289,7 +290,7 @@
 {
   int rc;
   int sock;
-  IOBUF fp_read;
+  iobuf_t fp_read;
   unsigned int maxlen, buflen, gotit=0;
   byte *line = NULL;
 

Modified: trunk/m4/Makefile.am
===================================================================
--- trunk/m4/Makefile.am	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/m4/Makefile.am	2006-08-16 10:47:53 UTC (rev 4220)
@@ -1,6 +1,6 @@
 EXTRA_DIST = intmax.m4 longdouble.m4 longlong.m4 printf-posix.m4 signed.m4 size_max.m4 wchar_t.m4 wint_t.m4 xsize.m4  codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 progtest.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4
 
-EXTRA_DIST += ldap.m4 
+EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
 
 EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4
 

Modified: trunk/m4/ldap.m4
===================================================================
--- trunk/m4/ldap.m4	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/m4/ldap.m4	2006-08-16 10:47:53 UTC (rev 4220)
@@ -65,7 +65,7 @@
     if test "$gnupg_cv_func_ldap_init" = yes || \
         test "$gnupg_cv_func_ldaplber_init" = yes ; then
        LDAPLIBS="$LDAP_LDFLAGS $MY_LDAPLIBS"
-       GPGKEYS_LDAP="gpgkeys_ldap$EXEEXT"
+       GPGKEYS_LDAP="gpg2keys_ldap$EXEEXT"
 
        AC_CHECK_FUNCS(ldap_get_option ldap_set_option ldap_start_tls_s)
 

Modified: trunk/sm/certreqgen.c
===================================================================
--- trunk/sm/certreqgen.c	2006-08-14 14:40:07 UTC (rev 4219)
+++ trunk/sm/certreqgen.c	2006-08-16 10:47:53 UTC (rev 4220)
@@ -467,7 +467,7 @@
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
   
-  /* check the keylength */
+  /* Check the keylength. */
   if (!get_parameter (para, pKEYLENGTH, 0))
     nbits = 1024;
   else
@@ -481,7 +481,7 @@
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
     
-  /* check the usage */
+  /* Check the usage. */
   if (parse_parameter_usage (para, pKEYUSAGE))
     return gpg_error (GPG_ERR_INV_PARAMETER);
 
@@ -493,7 +493,6 @@
       log_error (_("line %d: no subject name given\n"), r->lnr);
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
-#if HAVE_KSBA_DN_TESTSTR
   err = ksba_dn_teststr (s, 0, &erroff, &errlen);
   if (err)
     {
@@ -507,7 +506,6 @@
 
       return gpg_error (GPG_ERR_INV_PARAMETER);
     }
-#endif /*HAVE_KSBA_DN_TESTSTR*/
 
   /* Check that the optional email address is okay. */
   for (seq=0; (s=get_parameter_value (para, pNAMEEMAIL, seq)); seq++)


From cvs at cvs.gnupg.org  Thu Aug 17 20:01:27 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu Aug 17 19:19:44 2006
Subject: [svn] GnuPG -  r4222 - in trunk: . doc
Message-ID: <E1GDlWW-0000sq-SP@trithemius.gnupg.org>

Author: wk
Date: 2006-08-17 20:01:25 +0200 (Thu, 17 Aug 2006)
New Revision: 4222

Added:
   trunk/doc/yat2m.c
Modified:
   trunk/AUTHORS
   trunk/ChangeLog
   trunk/THANKS
   trunk/TODO
   trunk/configure.ac
   trunk/doc/ChangeLog
   trunk/doc/Makefile.am
   trunk/doc/gnupg.texi
   trunk/doc/gpg-agent.texi
   trunk/doc/gpg.texi
   trunk/doc/gpgsm.texi
   trunk/doc/scdaemon.texi
Log:
More man pages.


Modified: trunk/AUTHORS
===================================================================
--- trunk/AUTHORS	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/AUTHORS	2006-08-17 18:01:25 UTC (rev 4222)
@@ -3,9 +3,7 @@
 Bug reports: <bug-gnupg@gnu.org>
 Security related bug reports: <security@gnupg.org>
 
-Please note that this file is for the 1.9 branch of GnuPG.
 
-
 Authors
 =======
 

Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/ChangeLog	2006-08-17 18:01:25 UTC (rev 4222)
@@ -1,3 +1,11 @@
+2006-08-17  Werner Koch  <wk@g10code.com>
+
+	* THANKS: Merged with the 1.4 one.
+
+2006-08-16  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Removed test for capabilities and mlock.
+
 2006-08-15  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (keyserver): Enable building of keyserver helpers.

Modified: trunk/THANKS
===================================================================
--- trunk/THANKS	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/THANKS	2006-08-17 18:01:25 UTC (rev 4222)
@@ -1,9 +1,272 @@
+GnuPG was originally written by Werner Koch.  Other people contributed
+by reporting problems, suggesting various improvements or submitting
+actual code.  Here is a list of those people.  Help us keep it
+complete and free of errors.
 
-Alexander Belopolsky      belopolsky at mac.com
-Andrew J. Schorr          aschorr at telemetry-investments.com
-Carl Meijer               carlm at prism.co.za
-Charly Avital             shavital at mac.com
-Kazu Yamamoto             kazu at iij.ad.jp
-Michael Nottebrock        michaelnottebrock at gmx.net
-Ray Link                  rlink at pitt.edu
-Richard Lefebvre          rick at cerca.umontreal.ca
+
+Adam Mitchell		   adam at cafe21.org
+Albert Chin                china at thewrittenword.com
+Alec Habig		   habig at budoe2.bu.edu
+Alexander Belopolsky       belopolsky at mac.com
+Allan Clark		   allanc at sco.com
+Anand Kumria		   wildfire at progsoc.uts.edu.au
+Andreas Haumer             andreas at xss.co.at
+Andrew J. Schorr           aschorr at telemetry-investments.com
+Anthony Carrico            acarrico at memebeam.org
+Anthony Mulcahy 	   anthony at kcn.ne.jp
+Ariel T Glenn		   ariel at columbia.edu
+Bernhard Herzog            bh at intevation.de
+Bernhard Reiter            bernhard de intevation.de
+Bob Mathews                bobmathews at mindspring.com
+Bodo Moeller		   Bodo_Moeller at public.uni-hamburg.de
+Brendan O'Dea              bod at debian.org
+Brenno de Winter	   brenno at dewinter.com
+Brian M. Carlson           karlsson at hal-pc.org
+Brian Moore		   bem at cmc.net
+Brian Warner		   warner at lothar.com
+Bryan Fullerton 	   bryanf at samurai.com
+Bryce Nichols              bryce at bnichols.org
+Carl Meijer                carlm at prism.co.za
+Caskey L. Dickson	   caskey at technocage.com
+Cees van de Griend	   cees-list at griend.xs4all.nl
+Charles Levert		   charles at comm.polymtl.ca
+Charly Avital              shavital at mac.com
+Chip Salzenberg 	   chip at valinux.com
+Chris Adams                cmadams at hiwaay.net
+Christian Biere            christianbiere at gmx.de
+Christian Kurz		   shorty at debian.org
+Christian von Roques	   roques at pond.sub.org
+Christopher Oliver	   oliver at fritz.traverse.net
+Christian Recktenwald	   chris at citecs.de
+Daiki Ueno                 ueno at unixuser.org
+Dan Winship                danw at helixcode.com
+Daniel Eisenbud 	   eisenbud at cs.swarthmore.edu
+Daniel Koening		   dan at chaosdorf.de
+Daniel Resare		   daniel at resare.com
+Dany Nativel               dany at natzo.com
+Dave Dykstra		   dwd at bell-labs.com
+David C Niemi              niemi at tuxers.net
+David Champion             dgc at uchicago.edu
+David D. Scribner          dscribner at bigfoot.com
+David Ellement		   ellement at sdd.hp.com
+David Hallinan		   hallinan at rtd.com
+David Hollenberg           dhollen at ISI.EDU
+David Mathog               MATHOG at seqaxp.bio.caltech.edu
+David R. Bergstein         dbergstein at home.com
+David Shaw                 dshaw at jabberwocky.com
+Detlef Lannert		   lannert at lannert.rz.uni-duesseldorf.de
+Dimitri 		   dmitri at advantrix.com
+Dirk Lattermann 	   dlatt at t-online.de
+Dirk Meyer                 dirk.meyer at dinoex.sub.org
+Disastry                   Disastry at saiknes.lv
+Douglas Calvert            dfc at anize.org
+Ed Boraas		   ecxjo at esperanto.org
+Edmund GRIMLEY EVANS	   edmundo at rano.org
+Edwin Woudt                edwin at woudt.nl
+Enzo Michelangeli	   em at MailAndNews.com
+Ernst Molitor		   ernst.molitor at uni-bonn.de
+Evgeny Legerov
+Fabio Coatti		   cova at ferrara.linux.it
+Felix von Leitner	   leitner at amdiv.de
+fish stiqz                 fish at analog.org
+Florian Weimer             Florian.Weimer at rus.uni-stuttgart.de
+Francesco Potorti          pot at gnu.org
+Frank Donahoe		   fdonahoe at wilkes1.wilkes.edu
+Frank Heckenbach	   heckenb at mi.uni-erlangen.de
+Frank Stajano		   frank.stajano at cl.cam.ac.uk
+Frank Tobin		   ftobin at uiuc.edu
+Gabriel Rosenkoetter	   gr at eclipsed.net
+Ga?l Qu?ri		   gael at lautre.net
+Gene Carter                gcarter at lanier.com
+Geoff Keating		   geoffk at ozemail.com.au
+Georg Schwarz              georg.schwarz at iname.com
+Giampaolo Tomassoni        g.tomassoni at libero.it
+Gilbert Fernandes          gilbert_fernandes at hotmail.com
+Greg Louis		   glouis at dynamicro.on.ca
+Greg Troxel		   gdt at ir.bbn.com
+Gregory Steuck		   steuck at iname.com
+Harald Denker		   harry at hal.westfalen.de
+Holger Baust               Holger.Baust at freenet-ag.de
+Hendrik Buschkamp	   buschkamp at rheumanet.org
+Holger Schurig		   holger at d.om.org
+Holger Smolinski	   smolinsk at de.ibm.com
+Holger Trapp		   Holger.Trapp at informatik.tu-chemnitz.de
+Hugh Daniel		   hugh at toad.com
+Huy Le			   huyle at ugcs.caltech.edu
+Ian McKellar		   imckellar at harvestroad.com.au
+Ingo Kl?cker               kloecker at kde.org
+Ivo Timmermans		   itimmermans at bigfoot.com
+Jan Krueger		   max at physics.otago.ac.nz
+Jan Niehusmann             jan at gondor.com  
+Jan-0liver Wagner          jan @ intevation.de
+Janusz A. Urbanowicz	   alex at bofh.torun.pl
+James Troup		   james at nocrew.org
+Jean-loup Gailly	   gzip at prep.ai.mit.edu
+Jeff Long		   long at kestrel.cc.ukans.edu
+Jeffery Von Ronne          jronne at ics.uci.edu
+Jens Bachem		   bachem at rrz.uni-koeln.de
+Jeroen C. van Gelderen     jeroen at vangelderen.org
+J Horacio MG		   homega at ciberia.es
+J. Michael Ashley          jashley at acm.org
+Jim Bauer                  jfbauer at home.com
+Jim Small                  cavenewt at my-deja.com
+Joachim Backes		   backes at rhrk.uni-kl.de
+Joe Rhett                  jrhett at isite.net
+Joerg Honegger             Joerg.Honegger at hp.com
+John A. Martin		   jam at jamux.com
+John Clizbe                JPClizbe at comcast.net
+John R. Shannon            john at johnrshannon.com
+Johnny Teve?en		   j.tevessen at gmx.de
+J?rg Schilling		   schilling at fokus.gmd.de
+Jos Backus		   Jos.Backus at nl.origin-it.com
+Joseph Walton              joe at kafsemo.org
+Juan F. Codagnone          juam at arnet.com.ar
+Jun Kuriyama		   kuriyama at sky.rim.or.jp
+Kahil D. Jallad            kdj4 at cs.columbia.edu
+Karl Fogel		   kfogel at guanabana.onshore.com
+Karsten Thygesen	   karthy at kom.auc.dk
+Katsuhiro Kondou	   kondou at nec.co.jp
+Kazu Yamamoto              kazu at iij.ad.jp
+Kazuyoshi Kakihara         
+Keith Clayton              keith at claytons.org
+Kevin Ryde                 user42 at zip.com.au
+Klaus Singvogel            ks at caldera.de
+Kurt Garloff               garloff at suse.de
+Lars Kellogg-Stedman	   lars at bu.edu
+L. Sassaman		   rabbi at quickie.net
+M Taylor                   mctaylor at privacy.nb.ca                 
+Marcel Waldvogel           mwa at arl.wustl.edu
+Marco d'Itri               md at linux.it
+Marco Parrone              marc0 at autistici.org
+Marcus Brinkmann           Marcus.Brinkmann at ruhr-uni-bochum.de	
+Mark Adler		   madler at alumni.caltech.edu
+Mark Elbrecht		   snowball3 at bigfoot.com
+Mark Pettit                pettit at yahoo-inc.com
+Markus Friedl		   Markus.Friedl at informatik.uni-erlangen.de
+Martin Kahlert		   martin.kahlert at provi.de
+Martin Hamilton
+Martin Schulte		   schulte at thp.uni-koeln.de
+Matt Kraai                 kraai at alumni.carnegiemellon.edu
+Matthew Skala		   mskala at ansuz.sooke.bc.ca
+Matthew Wilcox             matthew at wil.cx
+Matthias Urlichs	   smurf at noris.de
+Max Valianskiy		   maxcom at maxcom.ml.org
+Michael Engels             michael.engels at uni-duesseldorf.de
+Michael Fischer v. Mollard mfvm at gmx.de
+Michael Nottebrock         michaelnottebrock at gmx.net
+Michael Roth		   mroth at nessie.de
+Michael Sobolev 	   mss at despair.transas.com
+Michael Tokarev 	   mjt at tls.msk.ru
+Mike Dowling               ML.Dowling at tu-bs.de
+Mike McEwan		   mike at lotusland.demon.co.uk
+Moritz Schulte             moritz at chaosdorf.de
+Neal H Walfield            neal at cs.uml.edu
+Nelson H. F. Beebe         beebe at math.utah.edu
+Nicolas Graner		   Nicolas.Graner at cri.u-psud.fr
+NIIBE Yutaka		   gniibe at chroot.org
+Niklas Hernaeus
+Nimrod Zimerman 	   zimerman at forfree.at
+Norihiko Murase            skeleten at shillest.net
+N J Doye		   nic at niss.ac.uk
+Oliver Haakert		   haakert at hsp.de
+Oskari J??skel?inen	   f33003a at cc.hut.fi
+Pascal Scheffers           Pascal at scheffers.net
+Paul D. Smith		   psmith at baynetworks.com
+Per Cederqvist             ceder at lysator.liu.se
+Phil Blundell              pb at debian.org
+Philippe Laliberte	   arsphl at oeil.qc.ca
+Peter Fales                psfales at lucent.com
+Peter Gutmann		   pgut001 at cs.auckland.ac.nz
+Peter Marschall 	   Peter.Marschall at gedos.de
+Peter Valchev              pvalchev at openbsd.org
+Phong Nguyen               Phong.Nguyen at ens.fr
+Piotr Krukowiecki          piotr at pingu.ii.uj.edu.pl
+QingLong		   qinglong at bolizm.ihep.su
+Ralph Gillen		   gillen at theochem.uni-duesseldorf.de
+Rat			   ratinox at peorth.gweep.net
+Ray Link                   rlink at pitt.edu
+Reinhard Wobst		   R.Wobst at ifw-dresden.de
+R?mi Guyomarch		   rguyom at mail.dotcom.fr
+Reuben Sumner		   rasumner at wisdom.weizmann.ac.il
+Richard Lefebvre           rick at cerca.umontreal.ca
+Richard Outerbridge	   outer at interlog.com
+Richard Patterson          vectro at yahoo.com
+Robert Joop                rj at rainbow.in-berlin.de
+Roddy Strachan		   roddy at satlink.com.au
+Roger Sondermann           r.so at bigfoot.com
+Roland Rosenfeld	   roland at spinnaker.rhein.de
+Roman Pavlik               rp at tns.cz
+Ross Golder		   rossigee at bigfoot.com
+Russell Coker              russell at coker.com.au
+Ryan Malayter              rmalayter at bai.org
+Sam Roberts		   sam at cogent.ca
+Sami Tolvanen              sami at tolvanen.com
+Sascha Kiefer              sk at intertivity.com
+Scott Worley               sworley at chkno.net
+Sean MacLennan		   seanm at netwinder.org
+Sebastian Klemke           packet at convergence.de
+Serge Munhoven		   munhoven at mema.ucl.ac.be
+SL Baur 		   steve at xemacs.org
+Stefan Bellon              sbellon at sbellon.de
+Dr.Stefan.Dalibor          Dr.Stefan.Dalibor at bfa.de
+Stefan Karrmann 	   S.Karrmann at gmx.net
+Stefan Keller		   dres at cs.tu-berlin.de
+Steffen Ullrich 	   ccrlphr at xensei.com
+Steffen Zahn		   zahn at berlin.snafu.de
+Steven Bakker		   steven at icoe.att.com
+Steven Murdoch             sjmurdoch at bigfoot.com
+Susanne Schultz 	   schultz at hsp.de
+Tavis Ormandy              taviso at gentoo.org
+Ted Cabeen		   secabeen at pobox.com
+Thiago Jung Bauermann	   jungmann at cwb.matrix.com.br
+Thijmen Klok               thijmen at xs4all.nl
+Thomas Roessler 	   roessler at guug.de
+Tim Mooney		   mooney at dogbert.cc.ndsu.nodak.edu
+Timo Schulz                twoaday at freakmail.de
+Tobias Winkler             tobias.winkler at s1998.tu-chemnitz.de
+Todd Vierling              tv at pobox.com
+TOGAWA Satoshi             Satoshi.Togawa at jp.yokogawa.com
+Tom Spindler		   dogcow at home.merit.edu
+Tom Zerucha		   tzeruch at ceddec.com
+Tomas Fasth		   tomas.fasth at twinspot.net
+Tommi Komulainen           Tommi.Komulainen at iki.fi
+Thomas Klausner 	   wiz at danbala.ifoer.tuwien.ac.at
+Tomasz Kozlowski           tomek at rentec.com
+Thomas Mikkelsen	   tbm at image.dk
+Ulf M?ller		   3umoelle at informatik.uni-hamburg.de
+Urko Lusa		   ulusa at euskalnet.net
+Vincent P. Broman          broman at spawar.navy.mil
+Volker Quetschke           quetschke at scytek.de
+W Lewis                    wiml at hhhh.org
+Walter Hofmann		   Walter.Hofmann at physik.stud.uni-erlangen.de
+Walter Koch		   koch at hsp.de
+Wayne Chapeskie 	   waynec at spinnaker.com
+Werner Koch		   wk at gnupg.org
+Wim Vandeputte		   bunbun at reptile.rug.ac.be
+Winona Brown               win at huh.org
+Yosiaki IIDA		   iida at ring.gr.jp
+Yoshihiro Kajiki	   kajiki at ylug.org
+			   nbecker at hns.com
+
+
+Thanks to the German Unix User Group for sponsoring this project,
+Martin Hamilton for hosting the first mailing list and OpenIT for
+hosting the server.
+
+The development of this software has partly (i.e. the Windows port)
+been funded by the German Ministry for Economics and Technology under
+grant VIB3-68553.168-001/1999.
+
+Many thanks to my wife Gerlinde for having so much patience with
+me while hacking late in the evening.
+
+ Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004
+           2006  Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/TODO	2006-08-17 18:01:25 UTC (rev 4222)
@@ -98,11 +98,14 @@
 
 * sm/
 ** check that we issue NO_SECKEY xxx if a -u key was not found
+   We don't. The messages retruned are also wrong (recipient vs. signer).
 
 * jnlib/
 ** provide jnlib_malloc and try to remove all jnlib_xmalloc.
+** Extend utf8conv.c to make use of iconv.
+   Need to merge with the code in 1.4/util/strgutil.c.
 
-* gpg/
+* g10/
 ** issue a NO_SECKEY xxxx if a -u key was not found.
 ** Replace DIGEST_ALGO_SHA224
    We can't do that right now because it is only defined by newer
@@ -121,7 +124,6 @@
   Update to gpg 1.4.3 version
 
 
-what about gnupg_use_iconv?  
-Extend selinux support to other modules
-Does the check for Linux capabilities still makes sense?
+* Extend selinux support to other modules
 
+

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/configure.ac	2006-08-17 18:01:25 UTC (rev 4222)
@@ -988,42 +988,12 @@
 AC_CHECK_FUNCS([flockfile funlockfile fopencookie funopen])
 
 
-
-GNUPG_CHECK_MLOCK
-
-GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
-
 #
-# Check whether we can use Linux capabilities as requested
+# W32 specific test
 #
-#  fixme: Still required?
-#
-if test "$use_capabilities" = "yes" ; then
-use_capabilities=no
-AC_CHECK_HEADERS(sys/capability.h)
-if test "$ac_cv_header_sys_capability_h" = "yes" ; then
-  AC_CHECK_LIB(cap, cap_init, ac_need_libcap=1)
-  if test "$ac_cv_lib_cap_cap_init" = "yes"; then
-     AC_DEFINE(USE_CAPABILITIES,1,
-               [define if capabilities should be used])
-     AC_SUBST(CAPLIBS,"-lcap")
-     use_capabilities=yes
-  fi
-fi
-if test "$use_capabilities" = "no" ; then
-    AC_MSG_WARN([[
-***
-*** The use of capabilities on this system is not possible.
-*** You need a recent Linux kernel and some patches:
-***   fcaps-2.2.9-990610.patch      (kernel patch for 2.2.9)
-***   fcap-module-990613.tar.gz     (kernel module)
-***   libcap-1.92.tar.gz            (user mode library and utilities)
-*** And you have to configure the kernel with CONFIG_VFS_CAP_PLUGIN
-*** set (filesystems menu). Be warned: This code is *really* ALPHA.
-***]])
-fi
-fi
+GNUPG_FUNC_MKDIR_TAKES_ONE_ARG
 
+
 #
 # Sanity check regex.  Tests adapted from mutt.
 # FIXME: We should use the the regex from gnulib

Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/ChangeLog	2006-08-17 18:01:25 UTC (rev 4222)
@@ -1,3 +1,9 @@
+2006-08-17  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am: Added rules to build man pages.
+
+	* yat2m.c: New.
+
 2006-02-14  Werner Koch  <wk@gnupg.org>
 
 	* gpgsm.texi (GPGSM Configuration): New section.

Modified: trunk/doc/Makefile.am
===================================================================
--- trunk/doc/Makefile.am	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/Makefile.am	2006-08-17 18:01:25 UTC (rev 4222)
@@ -27,6 +27,8 @@
 BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
                 gnupg-card-architecture.pdf
 
+noinst_PROGRAMS = yat2m
+
 info_TEXINFOS = gnupg.texi
 
 dist_pkgdata_DATA = qualified.txt
@@ -36,10 +38,24 @@
 	tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
 	sysnotes.texi gnupg-card-architecture.fig
 
-DISTCLEANFILES = gnupg.tmp gnupg.ops
+YAT2M_OPTIONS = \
+        --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
 
+myman_sources = gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi tools.texi
+myman_pages   = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 \
+                watchgnupg.1 gpgconf.1 addgnupghome.8
 
+man_MANS = $(myman_pages)
 
+
+watchgnupg_SOURCE = gnupg.texi
+
+DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
+		 $(myman_pages)
+
+yat2m_SOURCES = yat2m.c
+
+
 .fig.png:
 	fig2dev -L png `test -f '$<' || echo '$(srcdir)/'`$< $@
 
@@ -53,3 +69,26 @@
 	fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
 
 
+yat2m-stamp: $(myman_sources)
+	@rm -f yat2m-stamp.tmp
+	@touch yat2m-stamp.tmp
+	for file in $(myman_sources) ; do \
+              ./yat2m $(YAT2M_OPTIONS) --store \
+	          `test -f '$$file' || echo '$(srcdir)/'`$$file ; done
+	@mv -f yat2m-stamp.tmp $@
+
+yat2m-stamp: yat2m
+
+$(myman_pages) : yat2m-stamp
+	@if test -f $@; then :; else \
+            trap 'rm -rf yat2m-stamp yat2m-lock' 1 2 13 15; \
+               if mkdir yat2m-lock 2>/dev/null; then \
+                 rm -f yat2m-stamp; \
+                 $(MAKE) $(AM_MAKEFLAGS) yat2m-stamp; \
+                 rmdir yat2m-lock; \
+               else \
+                 while test -d yat2m-lock; do sleep 1; done; \
+                 test -f yat2m-stamp; exit $$?; \
+               fi; \
+             fi
+

Modified: trunk/doc/gnupg.texi
===================================================================
--- trunk/doc/gnupg.texi	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/gnupg.texi	2006-08-17 18:01:25 UTC (rev 4222)
@@ -34,7 +34,7 @@
 Boston, MA 02111-1307 USA
 @end iftex
 
-Copyright @copyright{} 2002, 2004, 2005 Free Software Foundation, Inc.
+Copyright @copyright{} 2002, 2004, 2005, 2006 Free Software Foundation, Inc.
 
 @quotation
 Permission is granted to copy, distribute and/or modify this document

Modified: trunk/doc/gpg-agent.texi
===================================================================
--- trunk/doc/gpg-agent.texi	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/gpg-agent.texi	2006-08-17 18:01:25 UTC (rev 4222)
@@ -8,8 +8,40 @@
 @cindex command options
 @cindex options, GPG-AGENT command
 
-@c man begin DESCRIPTION
+@manpage gpg-agent.1
+@ifset manverb
+.B gpg-agent
+.R \- Secret key management for GnuPG
+@end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]  
+.br
+.B  gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]  
+.B  \-\-server 
+.br
+.B  gpg-agent
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]  
+.B  \-\-daemon 
+.RI [ command_line ]
+@end ifset
+
+@mansect description
 @command{gpg-agent} is a daemon to manage secret (private) keys
 independently from any protocol.  It is used as a backend for
 @command{gpg} and @command{gpgsm} as well as for a couple of other
@@ -67,10 +99,10 @@
 pinentry (e.g. @file{/usr/bin/pinentry-gtk}) to the expected
 one (e.g. @file{/usr/bin/pinentry}).
 
-@c man end
-
+@manpause
 @noindent
-@xref{Option Index}, for an index to @command{GPG-AGENT}'s commands and options.
+@xref{Option Index},for an index to @command{GPG-AGENT}'s commands and options.
+@mancont
 
 @menu
 * Agent Commands::      List of all commands.
@@ -81,8 +113,7 @@
 * Agent Protocol::      The protocol the agent uses.
 @end menu
 
-@c man begin COMMANDS
-
+@mansect commands
 @node Agent Commands
 @section Commands
 
@@ -95,9 +126,10 @@
 Print the program version and licensing information.  Not that you can
 abbreviate this command.
 
-@item --help, -h
+@item --help
+@itemx -h
 @opindex help
-Print a usage message summarizing the most usefule command-line options.
+Print a usage message summarizing the most useful command-line options.
 Not that you can abbreviate this command.
 
 @item --dump-options
@@ -110,7 +142,7 @@
 Run in server mode and wait for commands on the @code{stdin}.  The
 default mode is to create a socket and listen for commands there.
 
-@item --daemon
+@item --daemon [@var{command line}]
 @opindex daemon
 Run the program in the background.  This option is required to prevent
 it from being accidently running in the background.  A common way to do
@@ -121,8 +153,7 @@
 @end table
 
 
-@c man begin OPTIONS
-
+@mansect options
 @node Agent Options
 @section Option Summary
 
@@ -152,7 +183,7 @@
 @opindex verbose
 Outputs additional information while running.
 You can increase the verbosity by giving several
-verbose commands to @sc{gpgsm}, such as @samp{-vv}.
+verbose commands to @command{gpgsm}, such as @samp{-vv}.
 
 @item -q
 @item --quiet
@@ -198,26 +229,26 @@
 any time without notice.  FLAGS are bit encoded and may be given in
 usual C-Syntax. The currently defined bits are:
 
-   @table @code
-   @item 0  (1)
-   X.509 or OpenPGP protocol related data
-   @item 1  (2)  
-   values of big number integers 
-   @item 2  (4)
-   low level crypto operations
-   @item 5  (32)
-   memory allocation
-   @item 6  (64)
-   caching
-   @item 7  (128)
-   show memory statistics.
-   @item 9  (512)
-   write hashed data to files named @code{dbgmd-000*}
-   @item 10 (1024)
-   trace Assuan protocol
-   @item 12 (4096)
-   bypass all certificate validation
-   @end table
+@table @code
+@item 0  (1)
+X.509 or OpenPGP protocol related data
+@item 1  (2)  
+values of big number integers 
+@item 2  (4)
+low level crypto operations
+@item 5  (32)
+memory allocation
+@item 6  (64)
+caching
+@item 7  (128)
+show memory statistics.
+@item 9  (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol
+@item 12 (4096)
+bypass all certificate validation
+@end table
 
 @item --debug-all
 @opindex debug-all
@@ -359,9 +390,9 @@
 @itemx --keep-display
 @opindex keep-tty
 @opindex keep-display
-Ignore requests to change change the current @sc{tty} respective the X
+Ignore requests to change change the current @code{tty} respective the X
 window system's @code{DISPLAY} variable.  This is useful to lock the
-pinentry to pop up at the @sc{tty} or display you started the agent.
+pinentry to pop up at the @code{tty} or display you started the agent.
 
 @anchor{option --enable-ssh-support}
 @item --enable-ssh-support
@@ -405,8 +436,7 @@
 stripping off the two leading dashes.
 
 
-@c man begin FILES
-
+@mansect files
 @node Agent Configuration
 @section Configuration
 
@@ -455,7 +485,7 @@
   even advisable to change the permissions to read-only so that this file
   can't be changed inadvertently.
   
-  @item sshcontrol
+@item sshcontrol
 
   This file is used when support for the secure shell agent protocol has
   been enabled (@pxref{option --enable-ssh-support}). Only keys present in
@@ -488,6 +518,7 @@
 @c
 @c Agent Signals
 @c
+@mansect signals
 @node Agent Signals
 @section Use of some signals.
 A running @command{gpg-agent} may be controlled by signals, i.e. using
@@ -533,19 +564,16 @@
 @c 
 @c  Examples
 @c
+@mansect examples
 @node Agent Examples
 @section Examples
 
-@c man begin EXAMPLES
-
 The usual way to invoke @command{gpg-agent} is
 
 @example
 $ eval `gpg-agent --daemon`
 @end example
 
-@c man end
-
 An alternative way is by replacing @command{ssh-agent} with
 @command{gpg-agent}.  If for example @command{ssh-agent} is started as
 part of the Xsession intialization you may simply replace
@@ -580,6 +608,7 @@
 @c 
 @c  Assuan Protocol
 @c
+@mansect assuan
 @node Agent Protocol
 @section Agent's Assuan Protocol
 

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/gpg.texi	2006-08-17 18:01:25 UTC (rev 4222)
@@ -9,14 +9,33 @@
 @cindex command options
 @cindex options, GPG command
 
-@c man begin DESCRIPTION
 
-@command{gpg2} is the OpenPGP part of GnuPG. It is a tool to provide
-digitla encryption and signing services using the OpenPGP
-standard. @command{gpg2} features complete key management and all bells
-and whistles you can expect from a decent OpenPGP implementation.
+@manpage gpg2.1
+@ifset manverb
+.B gpg2
+.R \- OpenPGP encryption and signing tool
+@end ifset
 
-In contrast to the standalone version @command{gpg,} which is more
+@mansect synopsis
+@ifset manverb
+.B  gpg2
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]  
+.I command
+.RI [ args ]
+@end ifset
+
+@mansect description
+@command{gpg2} is the OpenPGP part of the GNU Privacy Guard (GnuPG). It
+is a tool to provide digitla encryption and signing services using the
+OpenPGP standard. @command{gpg2} features complete key management and
+all bells and whistles you can expect from a decent OpenPGP
+implementation.
+
+In contrast to the standalone version @command{gpg}, which is more
 suited for server and embedded platforms, this version is installed
 under the name @command{gpg2} and more targeted to the desktop as it
 requires several other modules to be installed.  The standalone version
@@ -25,12 +44,12 @@
 should make use of something like @file{gpg.conf-2} instead of just
 @file{gpg.conf}.
 
+@manpause
 Documentation for the old standard @command{gpg} is available as man page
 man page and at @inforef{Top,GnuPG 1,gpg}.
 
-@c man end
-
 @xref{Option Index}, for an index to @command{GPG}'s commands and options.
+@mancont
 
 @menu
 * GPG Commands::        List of all commands.
@@ -44,13 +63,13 @@
 @end menu
 
 
+
 @c *******************************************
 @c ***************            ****************
 @c ***************  COMMANDS  ****************
 @c ***************            ****************
 @c *******************************************
-@c man begin COMMANDS
-
+@mansect commands
 @node GPG Commands
 @section Commands
 
@@ -86,7 +105,8 @@
 Print the program version and licensing information.  Note that you
 cannot abbreviate this command.
 
-@item --help, -h
+@item --help
+@itemx -h
 @opindex help
 Print a usage message summarizing the most useful command line options.
 Not that you cannot abbreviate this command.
@@ -111,7 +131,7 @@
 
 @table @gnupgtabopt
 
-@item --sign 
+@item --sign
 @itemx -s
 @opindex sign
 Make a signature. This command may be combined with --encrypt (for a
@@ -120,7 +140,7 @@
 together (for a signed message that may be decrypted via a secret key
 or a passphrase).
 
-@item --clearsign 
+@item --clearsign
 @opindex clearsign
 Make a clear text signature. The content in a clear text signature is
 readable without any special software. OpenPGP software is only
@@ -128,12 +148,12 @@
 end-of-line whitespace for platform independence and are not intended
 to be reversible.
 
-@item --detach-sign 
+@item --detach-sign
 @itemx -b
 @opindex detach-sign
 Make a detached signature.
 
-@item --encrypt 
+@item --encrypt
 @itemx -e
 @opindex encrypt
 Encrypt data. This option may be combined with --sign (for a signed
@@ -142,7 +162,7 @@
 together (for a signed message that may be decrypted via a secret key
 or a passphrase).
 
-@item --symmetric 
+@item --symmetric
 @itemx -c
 @opindex symmetric
 Encrypt with a symmetric cipher using a passphrase. The default
@@ -153,11 +173,11 @@
 --encrypt together (for a signed message that may be decrypted via a
 secret key or a passphrase).
 
-@item --store 
+@item --store
 @opindex store
 Store only (make a simple RFC1991 literal data packet).
 
-@item --decrypt 
+@item --decrypt
 @itemx -d
 @opindex decrypt
 Decrypt the file given on the command line (or @code{stdin} if no file
@@ -167,7 +187,7 @@
 writes to the filename which is included in the file and it rejects
 files which don't begin with an encrypted message.
 
-@item --verify 
+@item --verify
 @opindex verify
 Assume that the first argument is a signed file or a detached signature
 and verify it without generating any output. With no arguments, the
@@ -189,21 +209,21 @@
 and --decrypt. Note that `--multifile --verify' may not be used with
 detached signatures.
 
-@item --verify-files 
+@item --verify-files
 @opindex verify-files
 Identical to `--multifile --verify'.
 
-@item --encrypt-files 
+@item --encrypt-files
 @opindex encrypt-files
 Identical to `--multifile --encrypt'.
 
-@item --decrypt-files 
+@item --decrypt-files
 @opindex decrypt-files
 Identical to `--multifile --decrypt'.
 
-@item --list-keys 
+@item --list-keys
 @itemx -k
-@itemx --list-public-keys 
+@itemx --list-public-keys
 @opindex list-keys
 List all keys from the public keyrings, or just the ones given on the
 command line.
@@ -213,7 +233,7 @@
 machine-parseable key listing command that is appropriate for use in
 scripts and other programs.
 
-@item --list-secret-keys 
+@item --list-secret-keys
 @itemx -K
 @opindex list-secret-keys
 List all keys from the secret keyrings, or just the ones given on the
@@ -221,7 +241,7 @@
 secret key is not usable (for example, if it was created via
 --export-secret-subkeys).
 
-@item --list-sigs 
+@item --list-sigs
 @opindex list-sigs
 Same as --list-keys, but the signatures are listed too.
 
@@ -236,11 +256,11 @@
 --ask-cert-expire), and the numbers 1-9 or "T" for 10 and above to
 indicate trust signature levels (see the --edit-key command "tsign").
 
-@item --check-sigs 
+@item --check-sigs
 @opindex check-sigs
 Same as --list-sigs, but the signatures are verified.
 
-@item --fingerprint 
+@item --fingerprint
 @opindex fingerprint
 List all keys (or the specified ones) along with their
 fingerprints. This is the same output as --list-keys but with the
@@ -258,7 +278,7 @@
 @opindex card-edit
 Present a menu to work with a smartcard. The subcommand "help" provides
 an overview on available commands. For a detailed description, please
-see the Card HOWTO at 
+see the Card HOWTO at
 http://www.gnupg.org/documentation/howtos.html#GnuPG-cardHOWTO .
 
 @item --card-status
@@ -284,10 +304,10 @@
 
 @item --delete-secret-and-public-key @code{name}
 @opindex delete-secret-and-public-key
-Same as --delete-key, but if a secret key exists, it will be removed 
+Same as --delete-key, but if a secret key exists, it will be removed
 first. In batch mode the key must be specified by fingerprint.
 
-@item --export 
+@item --export
 @opindex export
 Either export all keys from all keyrings (default keyrings and those
 registered via option --keyring), or if at least one name is given,
@@ -295,15 +315,15 @@
 file given with option "output". Use together with --armor to mail those
 keys.
 
-@item --send-keys 
+@item --send-keys
 @opindex send-keys
 Same as --export but sends the keys to a keyserver.  Option --keyserver
 must be used to give the name of this keyserver. Don't send your
 complete keyring to a keyserver - select only those keys which are new
 or changed by you.
 
-@item --export-secret-keys 
-@itemx --export-secret-subkeys 
+@item --export-secret-keys
+@itemx --export-secret-subkeys
 @opindex export-secret-keys
 @opindex export-secret-subkeys
 Same as --export, but exports the secret keys instead.  This is normally
@@ -314,8 +334,8 @@
 --simple-sk-checksum if you want to import such an exported key with an
 older OpenPGP implementation.
 
-@item --import 
-@itemx --fast-import 
+@item --import
+@itemx --fast-import
 @opindex import
 Import/merge keys. This adds the given keys to the
 keyring. The fast version is currently just a synonym.
@@ -330,7 +350,7 @@
 Import the keys with the given key IDs from a keyserver. Option
 --keyserver must be used to give the name of this keyserver.
 
-@item --refresh-keys 
+@item --refresh-keys
 @opindex refresh-keys
 Request updates from a keyserver for keys that already exist on the
 local keyring. This is useful for updating a key with the latest
@@ -386,7 +406,7 @@
 as these values are the only ones which can't be re-created from a
 corrupted trust DB.
 
-@item --import-ownertrust 
+@item --import-ownertrust
 @opindex import-ownertrust
 Update the trustdb with the ownertrust values stored in @code{files} (or
 stdin if not given); existing values will be overwritten.
@@ -397,21 +417,21 @@
 to create signature caches in the keyring. It might be handy in other
 situations too.
 
-@item --print-md @code{algo} 
-@itemx --print-mds 
+@item --print-md @code{algo}
+@itemx --print-mds
 @opindex print-md
 Print message digest of algorithm ALGO for all given files or stdin.
 With the second form (or a deprecated "*" as algo) digests for all
 available algorithms are printed.
 
-@item --gen-random @code{0|1|2}  
+@item --gen-random @code{0|1|2}
 @opindex gen-random
 Emit @var{count} random bytes of the given quality level. If count is
 not given or zero, an endless sequence of random bytes will be emitted.
 PLEASE, don't use this command unless you know what you are doing; it
 may remove precious entropy from the system!
 
-@item --gen-prime @code{mode}  @code{bits}  
+@item --gen-prime @code{mode}  @code{bits}
 @opindex gen-prime
 Use the source, Luke :-). The output format is still subject to change.
 
@@ -449,7 +469,7 @@
 key.
 
 
-@item --edit-key 
+@item --edit-key
 @opindex edit-key
 Present a menu which enables you to do most of the key management
 related tasks.  It expects the specification of a key on the command
@@ -486,9 +506,11 @@
 or groups.
 @end table
 
+@c man:.RS
 Note that "l" (for local / non-exportable), "nr" (for non-revocable,
 and "t" (for trust) may be freely mixed and prefixed to "sign" to
 create a signature of any type desired.
+@c man:.RE
 
 @table @asis
 
@@ -573,7 +595,7 @@
 a subkey, once it has been send to the public (i.e. to a keyserver).  In
 that case you better use @code{revkey}.
 
-@item addrevoker 
+@item addrevoker
 @opindex keyedit:addrevoker
 Add a designated revoker. This takes one optional argument:
 "sensitive". If a designated revoker is marked as sensitive, it will not
@@ -698,11 +720,13 @@
 
 @end table
 
+@c man:.RS
 The listing shows you the key with its secondary keys and all user
 ids. Selected keys or user ids are indicated by an asterisk. The trust
 value is displayed with the primary key: the first is the assigned owner
 trust and the second is the calculated trust value. Letters are used for
 the values:
+@c man:.RE
 
 @table @asis
 
@@ -733,10 +757,10 @@
 @item --sign-key @code{name}
 @opindex sign-key
 Signs a public key with your secret key. This is a shortcut version of
-the subcommand "sign" from --edit. 
+the subcommand "sign" from --edit.
 
 @item --lsign-key @code{name}
-@opindex lsign-ket
+@opindex lsign-key
 Signs a public key with your secret key but marks it as
 non-exportable. This is a shortcut version of the subcommand "lsign"
 from --edit.
@@ -750,13 +774,14 @@
 @c ***************  OPTIONS   ****************
 @c ***************            ****************
 @c *******************************************
+@mansect options
 @node GPG Options
 @section Option Summary
 
 @command{GPG} comes features a bunch of options to control the exact
 behaviour and to change the default configuration.
 
-@menu 
+@menu
 * GPG Configuration Options::   How to change the configuration.
 * GPG Key related Options::     Key related options.
 * GPG Input and Output::        Input and Output.
@@ -764,8 +789,6 @@
 * GPG Esoteric Options::        Doing things one usually don't want to do.
 @end menu
 
-@c man begin OPTIONS
-
 Long options can be put in an options file (default
 "~/.gnupg/gpg.conf"). Short option names will not work - for example,
 "armor" is a valid option for the options file, while "a" is not. Do not
@@ -1053,7 +1076,7 @@
 your own secret keys. This option is useful if you
 don't want to keep your secret keys (or one of them)
 online but still want to be able to check the validity of a given
-recipient's or signator's key. 
+recipient's or signator's key.
 
 @item --trust-model @code{pgp|classic|direct|always|auto}
 Set what trust model GnuPG should follow. The models are:
@@ -1124,7 +1147,7 @@
 16-character key ID. Add an "0x" to either to include an "0x" at the
 beginning of the key ID, as in 0x99242560.
 
-@item --keyserver @code{name} 
+@item --keyserver @code{name}
 Use @code{name} as your keyserver. This is the server that
 --recv-keys, --send-keys, and --search-keys will communicate with to
 receive keys from, send keys to, and search for keys on. The format
@@ -1555,7 +1578,7 @@
 @item --no-options
 Shortcut for "--options /dev/null". This option is
 detected before an attempt to open an option file.
-Using this option will also prevent the creation of a 
+Using this option will also prevent the creation of a
 "~./gnupg" homedir.
 
 @item --load-extension @code{name}
@@ -1677,7 +1700,7 @@
 @item --sig-keyserver-url @code{string}
 Use @code{string} as a preferred keyserver URL for data signatures. If
 you prefix it with an exclamation mark, the keyserver URL packet will
-be flagged as critical. 
+be flagged as critical.
 
 The same %-expandos used for notation data are available here as well.
 
@@ -1851,7 +1874,7 @@
 
 @item --passphrase-file @code{file}
 Read the passphrase from file @code{file}. Only the first line will
-be read from file @code{file}. This can only be used if only one 
+be read from file @code{file}. This can only be used if only one
 passphrase is supplied. Obviously, a passphrase stored in a file is
 of questionable security if other users can read this file. Don't use
 this option if you can avoid it.
@@ -2290,7 +2313,7 @@
 used as the keyserver URL when writing a new self-signature on a key,
 which includes key generation and changing preferences.
 
-@item --list-config 
+@item --list-config
 @opindex list-config
 Display various internal configuration parameters of GnuPG. This
 option is intended for external programs that call GnuPG to perform
@@ -2309,7 +2332,7 @@
 @c ***************   FILES    ****************
 @c ***************            ****************
 @c *******************************************
-@c man begin FILES
+@mansect files
 @node GPG Configuration
 @section Configuration files
 
@@ -2329,6 +2352,7 @@
 
 @end table
 
+@c man:.RE
 Note that on larger installations, it is useful to put predefined files
 into the directory @file{/etc/skel/.gnupg/} so that newly created users
 start up with a working configuration.  For existing users the a small
@@ -2338,50 +2362,111 @@
 files; They all live in in the current home directory (@pxref{option
 --homedir}).  Only the @command{gpg2} may modify these files.
 
+
 @table @file
-@item pubring.gpg
-@cindex pubring.gpg
-xxx
-      
-@item random_seed
-@cindex random_seed
-xxxx
+@item ~/.gnupg/secring.gpg
+The secret keyring.
 
+@item ~/.gnupg/secring.gpg.lock
+and the lock file
+
+@item ~/.gnupg/pubring.gpg
+The public keyring
+
+@item ~/.gnupg/pubring.gpg.lock
+and the lock file
+
+@item ~/.gnupg/trustdb.gpg
+The trust database
+
+@item ~/.gnupg/trustdb.gpg.lock
+and the lock file
+
+@item ~/.gnupg/random_seed
+used to preserve the internal random pool
+
+@item /usr[/local]/share/gnupg/options.skel
+Skeleton options file
+
+@item /usr[/local]/lib/gnupg/
+Default location for extensions
+
 @end table
 
+@c man:.RE
+Operation is further controlled by a few environment variables:
 
+@table @asis
+
+@item HOME
+Used to locate the default home directory.
+
+@item GNUPGHOME
+If set directory used instead of "~/.gnupg".
+
+@item GPG_AGENT_INFO
+Used to locate the gpg-agent; only honored when
+--use-agent is set. The value consists of 3 colon delimited fields:
+The first is the path to the Unix Domain Socket, the second the PID of
+the gpg-agent and the protocol version which should be set to 1. When
+starting the gpg-agent as described in its documentation, this
+variable is set to the correct value. The option --gpg-agent-info can
+be used to override it.
+
+@item COLUMNS
+@itemx LINES
+Used to size some displays to the full size of the screen.
+
+@end table
+
+
 @c *******************************************
 @c ***************            ****************
 @c ***************  EXAMPLES  ****************
 @c ***************            ****************
 @c *******************************************
+@mansect examples
 @node GPG Examples
 @section Examples
 
-@c man begin EXAMPLES
+@table @asis
 
-@example
- fooo
-@end example
+@item gpg -se -r @code{Bob} @code{file}
+sign and encrypt for user Bob
 
-@c man end
+@item gpg --clearsign @code{file}
+make a clear text signature
 
+@item gpg -sb @code{file}
+make a detached signature
 
+@item gpg --list-keys @code{user_ID}
+show keys
 
+@item gpg --fingerprint @code{user_ID}
+show fingerprint
 
-ENDEND
+@item gpg --verify @code{pgpfile}
+@itemx gpg --verify @code{sigfile}
+Verify the signature of the file but do not output the data. The
+second form is used for detached signatures, where @code{sigfile}
+is the detached signature (either ASCII armored or binary) and
+are the signed data; if this is not given, the name of
+the file holding the signed data is constructed by cutting off the
+extension (".asc" or ".sig") of @code{sigfile} or by asking the
+user for the filename.
+@end table
 
 
+@mansect how to specify a user id
+@chapheading How to specify a user ID
 
-
-@c @chapheading How to specify a user ID
-
 There are different ways to specify a user ID to GnuPG; here are some
 examples:
 
 @table @asis
 
-@item 
+@item
 
 @item 234567C4
 @itemx 0F34E556E
@@ -2426,104 +2511,16 @@
 fingerprints. This flag tells GnuPG to use the specified primary or
 secondary key and not to try and calculate which primary or secondary
 key to use.
+
+@mansect return vaue
 @chapheading RETURN VALUE
 
 The program returns 0 if everything was fine, 1 if at least
 a signature was bad, and other error codes for fatal errors.
-@chapheading EXAMPLES
 
-@table @asis
+@mansect warnings
+@chapheading WARNINGS
 
-@item gpg -se -r @code{Bob} @code{file}
-sign and encrypt for user Bob
-
-@item gpg --clearsign @code{file}
-make a clear text signature
-
-@item gpg -sb @code{file}
-make a detached signature
-
-@item gpg --list-keys @code{user_ID}
-show keys
-
-@item gpg --fingerprint @code{user_ID}
-show fingerprint
-
-@item gpg --verify @code{pgpfile}
-@itemx gpg --verify @code{sigfile} 
-Verify the signature of the file but do not output the data. The
-second form is used for detached signatures, where @code{sigfile}
-is the detached signature (either ASCII armored or binary) and
-are the signed data; if this is not given, the name of
-the file holding the signed data is constructed by cutting off the
-extension (".asc" or ".sig") of @code{sigfile} or by asking the
-user for the filename.
-@end table
-
-@c @chapheading ENVIRONMENT
-
-@table @asis
-
-@item HOME
-Used to locate the default home directory.
-
-@item GNUPGHOME
-If set directory used instead of "~/.gnupg".
-
-@item GPG_AGENT_INFO
-Used to locate the gpg-agent; only honored when
---use-agent is set. The value consists of 3 colon delimited fields: 
-The first is the path to the Unix Domain Socket, the second the PID of
-the gpg-agent and the protocol version which should be set to 1. When
-starting the gpg-agent as described in its documentation, this
-variable is set to the correct value. The option --gpg-agent-info can
-be used to override it.
-
-@item COLUMNS
-@itemx LINES
-Used to size some displays to the full size of the screen.
-@end table
-@chapheading FILES
-
-@table @asis
-
-@item ~/.gnupg/secring.gpg
-The secret keyring
-
-@item ~/.gnupg/secring.gpg.lock
-and the lock file
-
-@item ~/.gnupg/pubring.gpg
-The public keyring
-
-@item ~/.gnupg/pubring.gpg.lock
-and the lock file
-
-@item ~/.gnupg/trustdb.gpg
-The trust database
-
-@item ~/.gnupg/trustdb.gpg.lock
-and the lock file
-
-@item ~/.gnupg/random_seed
-used to preserve the internal random pool
-
-@item ~/.gnupg/gpg.conf
-Default configuration file
-
-@item ~/.gnupg/options
-Old style configuration file; only used when gpg.conf
-is not found
-
-@item /usr[/local]/share/gnupg/options.skel
-Skeleton options file
-
-@item /usr[/local]/lib/gnupg/
-Default location for extensions
-@end table
-
-@c @chapheading WARNINGS
-
 Use a *good* password for your user account and a *good* passphrase
 to protect your secret key. This passphrase is the weakest part of the
 whole system. Programs to do dictionary attacks on your secret keyring
@@ -2536,6 +2533,8 @@
 If you are going to verify detached signatures, make sure that the
 program knows about it; either give both filenames on the command line
 or use @samp{-} to specify stdin.
+
+@mansect interoperability
 @chapheading INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
 
 GnuPG tries to be a very flexible implementation of the OpenPGP
@@ -2564,6 +2563,8 @@
 are safe as they do not force any particular algorithms in violation
 of OpenPGP, but rather reduce the available algorithms to a "PGP-safe"
 list.
+
+@mansect bugs
 @chapheading BUGS
 
 On many systems this program should be installed as setuid(root). This
@@ -2574,5 +2575,3 @@
 locking without being root. The program drops root privileges as soon
 as locked memory is allocated.
 
-
-

Modified: trunk/doc/gpgsm.texi
===================================================================
--- trunk/doc/gpgsm.texi	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/gpgsm.texi	2006-08-17 18:01:25 UTC (rev 4222)
@@ -8,17 +8,35 @@
 @cindex command options
 @cindex options, GPGSM command
 
-@c man begin DESCRIPTION
+@manpage gpgsm.1
+@ifset manverb
+.B gpgsm
+.R \- CMS encryption and signing tool
+@end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  gpgsm
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]  
+.I command
+.RI [ args ]
+@end ifset
+
+
+@mansect description
 @command{gpgsm} is a tool similar to @command{gpg} to provide digital
 encryption and signing servicesd on X.509 certificates and the CMS
 protocol.  It is mainly used as a backend for S/MIME mail processing.
 @command{gpgsm} includes a full features certificate management and
 complies with all rules defined for the German Sphinx project.
 
-@c man end
-
+@manpause
 @xref{Option Index}, for an index to @command{GPGSM}'s commands and options.
+@mancont
 
 @menu
 * GPGSM Commands::        List of all commands.
@@ -31,8 +49,12 @@
 * GPGSM Protocol::        The protocol the server mode uses.
 @end menu
 
-@c man begin COMMANDS
-
+@c *******************************************
+@c ***************            ****************
+@c ***************  COMMANDS  ****************
+@c ***************            ****************
+@c *******************************************
+@mansect commands
 @node GPGSM Commands
 @section Commands
 
@@ -45,6 +67,10 @@
 * Certificate Management::        How to manage certificates.
 @end menu
 
+
+@c *******************************************
+@c **********  GENERAL COMMANDS  *************
+@c *******************************************
 @node General GPGSM Commands
 @subsection Commands not specific to the function
 
@@ -59,6 +85,10 @@
 Print a usage message summarizing the most usefule command-line options.
 Not that you can abbreviate this command.
 
+@item --warranty
+@opindex warranty
+Print warranty information.
+
 @item --dump-options
 @opindex dump-options
 Print a list of all available options and commands.  Not that you can
@@ -66,7 +96,9 @@
 @end table
 
 
-
+@c *******************************************
+@c ********  OPERATIONAL COMMANDS  ***********
+@c *******************************************
 @node Operational GPGSM Commands
 @subsection Commands to select the type of operation
 
@@ -122,8 +154,11 @@
 @end table
 
 
+@c *******************************************
+@c *******  CERTIFICATE MANAGEMENT  **********
+@c *******************************************
 @node Certificate Management
-@subsection How to manage the certificate and keys
+@subsection How to manage the certificates and keys
 
 @table @gnupgtabopt
 @item --gen-key
@@ -200,8 +235,8 @@
 @item --learn-card
 @opindex learn-card
 Read information about the private keys from the smartcard and import
-the certificates from there.  This command utilizes the @sc{gpg-agent}
-and in turn the @sc{scdaemon}.
+the certificates from there.  This command utilizes the @command{gpg-agent}
+and in turn the @command{scdaemon}.
 
 @item --passwd @var{user_id}
 @opindex passwd
@@ -212,6 +247,12 @@
 @end table
 
 
+@c *******************************************
+@c ***************            ****************
+@c ***************  OPTIONS   ****************
+@c ***************            ****************
+@c *******************************************
+@mansect options
 @node GPGSM Options
 @section Option Summary
 
@@ -226,8 +267,10 @@
 * Esoteric Options::        Doing things one usually don't want to do.
 @end menu
 
-@c man begin OPTIONS
 
+@c *******************************************
+@c ********  CONFIGURATION OPTIONS  **********
+@c *******************************************
 @node Configuration Options
 @subsection How to change the configuration
 
@@ -296,6 +339,9 @@
 @end table
 
 
+@c *******************************************
+@c ********  CERTIFICATE OPTIONS  ************
+@c *******************************************
 @node Certificate Options
 @subsection Certificate related options
 
@@ -335,7 +381,7 @@
 the loading for short time intervalls (e.g. 30 minutes). This option
 is useful to make sure that a fresh CRL is available for certificates
 hold in the keybox.  The suggested way of doing this is by using it
-along with the option @option{--with-validation} for a ke listing
+along with the option @option{--with-validation} for a key listing
 command.  This option should not be used in a configuration file. 
 
 @item  --enable-ocsp
@@ -352,6 +398,9 @@
 
 @end table
 
+@c *******************************************
+@c ***********  INPUT AND OUTPUT  ************
+@c *******************************************
 @node Input and Output
 @subsection Input and Output
 
@@ -411,6 +460,9 @@
 
 @end table
 
+@c *******************************************
+@c *************  CMS OPTIONS  ***************
+@c *******************************************
 @node CMS Options
 @subsection How to change how the CMS is created.
 
@@ -425,6 +477,9 @@
 
 
 
+@c *******************************************
+@c ********  ESOTERIC OPTIONS  ***************
+@c *******************************************
 @node Esoteric Options
 @subsection Doing things one usually don't want to do.
 
@@ -527,8 +582,12 @@
 stripping off the two leading dashes.
 
 
-@c man begin FILES
-
+@c *******************************************
+@c ***************            ****************
+@c ***************   FILES    ****************
+@c ***************            ****************
+@c *******************************************
+@mansect files
 @node GPGSM Configuration
 @section Configuration files
 
@@ -558,10 +617,12 @@
 For example, to allow only the policy 2.289.9.9, the file should look
 like this:
 
+@c man:.RS
 @example
 # Allowed policies
 2.289.9.9  
 @end example
+@c man:.RE
 
 @item qualified.txt
 @cindex qualified.txt
@@ -601,16 +662,17 @@
 
 @end table
 
+@c man:.RE
 Note that on larger installations, it is useful to put predefined files
 into the directory @file{/etc/skel/.gnupg/} so that newly created users
 start up with a working configuration.  For existing users the a small
 helper script is provided to create these files (@pxref{addgnupghome}).
 
-
 For internal purposes gpgsm creates and maintaines a few other files;
 They all live in in the current home directory (@pxref{option
 --homedir}).  Only @command{gpgsm} may modify these files.
 
+
 @table @file
 @item pubring.kbx
 @cindex pubring.kbx
@@ -627,25 +689,28 @@
 @end table
 
 
-@c 
-@c  Examples
-@c
+@c *******************************************
+@c ***************            ****************
+@c ***************  EXAMPLES  ****************
+@c ***************            ****************
+@c *******************************************
+@mansect examples
 @node GPGSM Examples
 @section Examples
 
-@c man begin EXAMPLES
-
 @example
 $ gpgsm -er goo@@bar.net <plaintext >ciphertext
 @end example
 
+
 @c man end
 
 
-
-@c ---------------------------------
-@c    The machine interface
-@c --------------------------------
+@c *******************************************
+@c ***************              **************
+@c ***************  UNATTENDED  **************
+@c ***************              **************
+@c *******************************************
 @node Unattended Usage
 @section Unattended Usage
 
@@ -704,9 +769,12 @@
 @end table
 
 
-@c 
-@c  Assuan Protocol
-@c
+@c *******************************************
+@c ***************           *****************
+@c ***************  ASSSUAN  *****************
+@c ***************           *****************
+@c *******************************************
+@mansect assuan
 @node GPGSM Protocol
 @section The Protocol the Server Mode Uses.
 

Modified: trunk/doc/scdaemon.texi
===================================================================
--- trunk/doc/scdaemon.texi	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/scdaemon.texi	2006-08-17 18:01:25 UTC (rev 4222)
@@ -8,15 +8,42 @@
 @cindex command options
 @cindex options, SCDAEMON command
 
-@c man begin DESCRIPTION
+@manpage scdaemon.1
+@ifset manverb
+.B scdaemon
+.R \- Smartcard daemon for the GnuPG system
+@end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  scdaemon
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]  
+.B  \-\-server 
+.br
+.B  scdaemon
+.RB [ \-\-homedir
+.IR dir ]
+.RB [ \-\-options
+.IR file ]
+.RI [ options ]  
+.B  \-\-daemon 
+.RI [ command_line ]
+@end ifset
+
+
+@mansect description
 The @command{scdaemon} is a daemon to manage smartcards.  It is usually
-invoked by gpg-agent and in general not used directly.
+invoked by @command{gpg-agent} and in general not used directly.
 
-@c man end
+@manpause
+@xref{Option Index}, for an index to @command{scdaemon}'s commands and
+options.
+@mancont
 
-@xref{Option Index}, for an index to GPG-AGENTS's commands and options.
-
 @menu
 * Scdaemon Commands::      List of all commands.
 * Scdaemon Options::       List of all options.
@@ -25,7 +52,7 @@
 * Scdaemon Protocol::      The protocol the daemon uses.
 @end menu
 
-@c man begin COMMANDS
+@mansect commands
 
 @node Scdaemon Commands
 @section Commands
@@ -73,7 +100,7 @@
 @end table
 
 
-@c man begin OPTIONS
+@mansect options
 
 @node Scdaemon Options
 @section Option Summary
@@ -109,18 +136,18 @@
 Select the debug level for investigating problems. @var{level} may be
 one of:
 
-   @table @code
-   @item none
-   no debugging at all.
-   @item basic  
-   some basic debug messages
-   @item advanced
-   more verbose debug messages
-   @item expert
-   even more detailed messages
-   @item guru
-   all of the debug messages you can get
-   @end table
+@table @code
+@item none
+no debugging at all.
+@item basic  
+some basic debug messages
+@item advanced
+more verbose debug messages
+@item expert
+even more detailed messages
+@item guru
+all of the debug messages you can get
+@end table
 
 How these messages are mapped to the actual debugging flags is not
 specified and may change with newer releaes of this program. They are
@@ -139,26 +166,26 @@
 any time without notice.  FLAGS are bit encoded and may be given in
 usual C-Syntax. The currently defined bits are:
 
-   @table @code
-   @item 0  (1)
-   command I/O
-   @item 1  (2)  
-   values of big number integers 
-   @item 2  (4)
-   low level crypto operations
-   @item 5  (32)
-   memory allocation
-   @item 6  (64)
-   caching
-   @item 7  (128)
-   show memory statistics.
-   @item 9  (512)
-   write hashed data to files named @code{dbgmd-000*}
-   @item 10 (1024)
-   trace Assuan protocol
-   @item 11 (2048)
-   trace APDU I/O to the card.  This may reveal sensitive data.
-   @end table
+@table @code
+@item 0  (1)
+command I/O
+@item 1  (2)  
+values of big number integers 
+@item 2  (4)
+low level crypto operations
+@item 5  (32)
+memory allocation
+@item 6  (64)
+caching
+@item 7  (128)
+show memory statistics.
+@item 9  (512)
+write hashed data to files named @code{dbgmd-000*}
+@item 10 (1024)
+trace Assuan protocol
+@item 11 (2048)
+trace APDU I/O to the card.  This may reveal sensitive data.
+@end table
 
 @item --debug-all
 @opindex debug-all
@@ -256,8 +283,7 @@
 stripping off the two leading dashes.
 
 
-@c man begin CARD APPLICATIONS
-
+@mansect card applications
 @node Card applications
 @section Description of card applications
 
@@ -304,6 +330,7 @@
 @c 
 @c  Examples
 @c
+@mansect examples
 @node Scdaemon Examples
 @section Examples
 
@@ -318,6 +345,7 @@
 @c 
 @c  Assuan Protocol
 @c
+@mansect assuan
 @node Scdaemon Protocol
 @section Scdaemon's Assuan Protocol
 

Added: trunk/doc/yat2m.c
===================================================================
--- trunk/doc/yat2m.c	2006-08-16 14:54:19 UTC (rev 4221)
+++ trunk/doc/yat2m.c	2006-08-17 18:01:25 UTC (rev 4222)
@@ -0,0 +1,1031 @@
+/* yat2m.c - Yet Another Texi 2 Man converter
+ *	Copyright (C) 2005 g10 Code GmbH
+ *      Copyright (C) 2006 2006 Free Software Foundation, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/*
+    This is a simple textinfo to man page converter.  It needs some
+    special markup in th e texinfo and tries best to get a create man
+    page.  It has been designed for the GnuPG man pages and thus only
+    a few texinfo commands are supported.
+
+    To use this you need to add the following macros into your texinfo
+    source:
+
+      @macro manpage {a}
+      @end macro
+      @macro mansect {a}
+      @end macro
+      @macro manpause 
+      @end macro
+      @macro mancont
+      @end macro
+      
+    They are used by yat2m to select parts of the Texinfo which should
+    go into the man page. These macros need to be used without leading
+    left space. Processing starts after a "manpage" macro has been
+    seen.  "mansect" identifies the section and yat2m make sure to
+    emit the sections in the proper order.  To insert verbatim troff
+    markup, the follwing texinfo code may be used:
+
+      @ifset manverb
+      .B whateever you want
+      @end ifset
+
+    alternativly a special comment may be used:
+
+      @c man:.B whatever you want
+
+    This is useful in case you need just one line.  @section is
+    ignored, however @subsection gets rendered as ".SS".  @menu is
+    completely skipped. Several man pages may be extracted from one
+    file, either using the --store or the --select option.
+    Makefile snippet from GnuPG:
+
+
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <errno.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <ctype.h>
+#include <time.h>
+
+
+#define PGM "yat2m"
+#define VERSION "0.5"
+
+/* The maximum length of a line including the linefeed and one extra
+   character. */
+#define LINESIZE 1024
+
+/* Option flags. */
+static int verbose;
+static int quiet;
+static int debug;
+static const char *opt_source; 
+static const char *opt_release; 
+static const char *opt_select;
+static int opt_store;
+
+
+/* Flag to keep track whether any error occurred.  */
+static int any_error;
+
+
+/* Object to store one line of content.  */
+struct line_buffer_s
+{
+  struct line_buffer_s *next;
+  int verbatim;  /* True if LINE contains verbatim data.  The default
+                    is Texinfo source.  */
+  char *line;
+};
+typedef struct line_buffer_s *line_buffer_t;
+
+
+/* Object to collect the data of a section.  */
+struct section_buffer_s
+{
+  char *name;           /* Malloced name of the section. This may be
+                           NULL to indicate this slot is not used.  */
+  line_buffer_t lines;  /* Linked list with the lines of the section.  */
+  line_buffer_t *lines_tail; /* Helper for faster appending to the
+                                linked list.  */
+  line_buffer_t last_line;   /* Points to the last line appended.  */
+};
+typedef struct section_buffer_s *section_buffer_t;
+
+/* Variable to keep info about the current page together.  */
+static struct 
+{
+  /* Filename of the current page or NULL if no page is active.  Malloced. */
+  char *name;
+
+  /* Number of allocated elements in SECTIONS below.  */
+  size_t n_sections;       
+  /* Array with the data of the sections.  */
+  section_buffer_t sections; 
+
+} thepage;
+
+
+/* The list of standard section names.  */
+static const char * const standard_sections[] = 
+  { "NAME",  "SYNOPSIS",  "DESCRIPTION",
+    "RETURN VALUE", "EXIT STATUS", "ERROR HANDLING", "ERRORS",
+    "OPTIONS", "USAGE", "EXAMPLES", "FILES",
+    "ENVIRONMENT", "DIAGNOSTICS", "SECURITY", "CONFORMING TO",
+    "NOTES", "BUGS", "AUTHOR", "SEE ALSO", NULL };
+
+
+/*-- Local prototypes.  --*/
+static void proc_texi_buffer (FILE *fp, const char *line, size_t len,
+                              int *table_level, int *eol_action);
+
+
+
+/* Print diagnostic message and exit with failure. */
+static void
+die (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  fflush (stdout);
+  fprintf (stderr, "%s: ", PGM);
+
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+  putc ('\n', stderr);
+
+  exit (1);
+}
+
+
+/* Print diagnostic message. */
+static void
+err (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  fflush (stdout);
+  if (strncmp (format, "%s:%d:", 6))
+    fprintf (stderr, "%s: ", PGM);
+
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+  putc ('\n', stderr);
+  any_error = 1;
+}
+
+/* Print diagnostic message. */
+static void
+inf (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  fflush (stdout);
+  fprintf (stderr, "%s: ", PGM);
+
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+  putc ('\n', stderr);
+}
+
+
+static void *
+xmalloc (size_t n)
+{
+  void *p = malloc (n);
+  if (!p)
+    die ("out of core: %s", strerror (errno));
+  return p;
+}
+
+static void *
+xcalloc (size_t n, size_t m)
+{
+  void *p = calloc (n, m);
+  if (!p)
+    die ("out of core: %s", strerror (errno));
+  return p;
+}
+
+static void *
+xrealloc (void *old, size_t n)
+{
+  void *p = realloc (old, n);
+  if (!p)
+    die ("out of core: %s", strerror (errno));
+  return p;
+}
+
+static char *
+xstrdup (const char *string)
+{
+  void *p = malloc (strlen (string)+1);
+  if (!p)
+    die ("out of core: %s", strerror (errno));
+  strcpy (p, string);
+  return p;
+}
+
+
+/* Uppercase the ascii characters in STRING.  */
+static char *
+ascii_strupr (char *string)
+{
+  char *p;
+
+  for (p = string; *p; p++)
+    if (!(*p & 0x80))
+      *p = toupper (*p);
+  return string;
+}
+
+
+/* Return the current date as an ISO string.  */
+const char *
+isodatestring (void)
+{
+  static char buffer[11+5];
+  struct tm *tp;
+  time_t atime = time (NULL);
+  
+  if (atime < 0)
+    strcpy (buffer, "????" "-??" "-??");
+  else
+    {
+      tp = gmtime (&atime);
+      sprintf (buffer,"%04d-%02d-%02d",
+               1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
+    }
+  return buffer;
+}
+
+
+
+/* Return a section buffer for the section NAME.  Allocate a new buffer
+   if this is a new section.  Keep track of the sections in THEPAGE.
+   This function may reallocate the section array in THEPAGE.  */
+static section_buffer_t
+get_section_buffer (const char *name)
+{
+  int i;
+  section_buffer_t sect; 
+
+  /* If there is no section we put everything into the required NAME
+     section.  Given that this is the first one listed it is likely
+     that error are easily visible.  */
+  if (!name)
+    name = "NAME";
+
+  for (i=0; i < thepage.n_sections; i++)
+    {
+      sect = thepage.sections + i;
+      if (sect->name && !strcmp (name, sect->name))
+        return sect;
+    }
+  for (i=0; i < thepage.n_sections; i++)
+    if (!thepage.sections[i].name)
+      break;
+  if (i < thepage.n_sections)
+    sect = thepage.sections + i;
+  else
+    {
+      /* We need to allocate or reallocate the section array.  */
+      size_t old_n = thepage.n_sections;
+      size_t new_n = 20;
+
+      if (!old_n)
+        thepage.sections = xcalloc (new_n, sizeof *thepage.sections);
+      else
+        {
+          thepage.sections = xrealloc (thepage.sections,
+                                       ((old_n + new_n)
+                                        * sizeof *thepage.sections));
+          memset (thepage.sections + old_n, 0,
+                  new_n * sizeof *thepage.sections);
+        }
+      thepage.n_sections += new_n;
+
+      /* Setup the tail pointers.  */
+      for (i=old_n; i < thepage.n_sections; i++)
+        {
+          sect = thepage.sections + i;
+          sect->lines_tail = &sect->lines;
+        }
+      sect = thepage.sections + old_n;
+    }
+
+  /* Store the name.  */
+  assert (!sect->name);
+  sect->name = xstrdup (name);
+  return sect;
+}
+
+
+
+/* Add the content of LINE to the section named SECTNAME.  */
+static void
+add_content (const char *sectname, char *line, int verbatim)
+{
+  section_buffer_t sect;
+  line_buffer_t lb;
+
+  
+  sect = get_section_buffer (sectname);
+  if (sect->last_line && !sect->last_line->verbatim == !verbatim)
+    {
+      /* Lets append that line to the last one.  We do this to keep
+         all lines of the same kind (i.e.verbatim or not) together in
+         one large buffer.  */
+      size_t n1, n;
+
+      lb = sect->last_line;
+      n1 = strlen (lb->line);
+      n = n1 + 1 + strlen (line) + 1;
+      lb->line = xrealloc (lb->line, n);
+      strcpy (lb->line+n1, "\n");
+      strcpy (lb->line+n1+1, line);
+    }
+  else
+    {
+      lb = xcalloc (1, sizeof *lb);
+      lb->verbatim = verbatim;
+      lb->line = xstrdup (line);
+      sect->last_line = lb;
+      *sect->lines_tail = lb;
+      sect->lines_tail = &lb->next;
+    }
+}
+
+
+/* Prepare for a new man page using the filename NAME. */
+static void
+start_page (char *name)
+{
+  if (verbose)
+    inf ("starting page `%s'", name);
+  assert (!thepage.name);
+  thepage.name = xstrdup (name);
+  thepage.n_sections = 0;
+}
+
+
+/* Write the .TH entry of the current page.  Return -1 if there is a
+   problem with the page. */
+static int
+write_th (FILE *fp)
+{
+  char *name, *p;
+
+  name = ascii_strupr (xstrdup (thepage.name));
+  p = strrchr (name, '.');
+  if (!p || !p[1])
+    {
+      err ("no section name in man page `%s'", thepage.name);
+      free (name);
+      return -1;
+    }
+  *p++ = 0;
+  fprintf (fp, ".TH %s %s %s \"%s\" \"%s\"\n",
+           name, p, isodatestring (), opt_release, opt_source);
+  return 0;
+}
+
+
+/* Process the texinfo command COMMAND (without the leading @) and
+   write output if needed to FP. REST is the remainer of the line
+   which should either point to an opening brace or to a white space.
+   The function returns the number of characters already processed
+   from REST.  LEN is the usable length of REST.  TABLE_LEVEL is used to
+   control the indentation of tables.  */
+static size_t
+proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len,
+               int *table_level, int *eol_action)
+{
+  static struct {
+    const char *name;    /* Name of the command.  */
+    int what;            /* What to do with this command. */
+    const char *lead_in; /* String to print with a opening brace.  */
+    const char *lead_out;/* String to print with the closing brace. */
+  } cmdtbl[] = {
+    { "command", 0, "\\fB", "\\fR" },
+    { "code",    0, "\\fB", "\\fR" },
+    { "var",     0, "\\fI", "\\fR" },
+    { "samp",    0, "\n'",  "'\n"  },
+    { "file",    0, "`\\fI","\\fR'" }, 
+    { "env",     0, "`\\fI","\\fR'" }, 
+    { "acronym", 0 },
+    { "option",  0, "\\fB", "\\fR"   },
+    { "example", 1, ".RS 2\n.nf\n" },
+    { "smallexample", 1, ".RS 2\n.nf\n" },
+    { "asis",    7 },
+    { "anchor",  7 },
+    { "cartouche", 1 },
+    { "xref",    0, "see: [", "]" },
+    { "pxref",   0, "see: [", "]" },
+    { "uref",    0, "(\\fB", "\\fR)" },
+    { "footnote",0, " ([", "])" },
+    { "emph",    0, "\\fI", "\\fR" },
+    { "w",       1 },                                 
+    { "c",       5 },
+    { "opindex", 1 },
+    { "cpindex", 1 },
+    { "cindex",  1 },
+    { "node",    1 },
+    { "noindent", 0 },
+    { "section", 1 },
+    { "subsection", 6, "\n.SS " },
+    { "chapheading", 0},
+    { "item",    2, ".TP\n.B " },
+    { "itemx",   2, ".TP\n.B " },
+    { "table",   3 }, 
+    { "end",     4 },
+    { "quotation",1, ".RS\n\\fB" },
+    { NULL }
+  };
+  size_t n;
+  int i;
+  const char *s;
+  const char *lead_out = NULL;
+  int ignore_args = 0;
+
+  for (i=0; cmdtbl[i].name && strcmp (cmdtbl[i].name, command); i++)
+    ;
+  if (cmdtbl[i].name)
+    {
+      s = cmdtbl[i].lead_in;
+      if (s)
+        fputs (s, fp);
+      lead_out = cmdtbl[i].lead_out;
+      switch (cmdtbl[i].what)
+        {
+        case 1: /* Throw away the entire line.  */
+          s = memchr (rest, '\n', len);
+          return s? (s-rest)+1 : len;  
+        case 2: /* Handle @item.  */
+          break;
+        case 3: /* Handle table.  */
+          if (++(*table_level) > 1)
+            fputs (".RS\n", fp);
+          /* Now throw away the entire line. */
+          s = memchr (rest, '\n', len);
+          return s? (s-rest)+1 : len;  
+          break;
+        case 4: /* Handle end.  */
+          for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--)
+            ;
+          if (n >= 5 && !memcmp (s, "table", 5)
+              && (!n || s[5] == ' ' || s[5] == '\t' || s[5] == '\n'))
+            {
+              if ((*table_level)-- > 1)
+                fputs (".RE\n", fp);
+            }
+          else if (n >= 7 && !memcmp (s, "example", 7)
+              && (!n || s[7] == ' ' || s[7] == '\t' || s[7] == '\n'))
+            {
+              fputs (".fi\n.RE\n", fp);
+            }
+          else if (n >= 12 && !memcmp (s, "smallexample", 12)
+              && (!n || s[12] == ' ' || s[12] == '\t' || s[12] == '\n'))
+            {
+              fputs (".fi\n.RE\n", fp);
+            }
+          else if (n >= 9 && !memcmp (s, "quotation", 9)
+              && (!n || s[9] == ' ' || s[9] == '\t' || s[9] == '\n'))
+            {
+              fputs ("\\fR\n.RE\n", fp);
+            }
+          /* Now throw away the entire line. */
+          s = memchr (rest, '\n', len);
+          return s? (s-rest)+1 : len;  
+        case 5: /* Handle special comments. */
+          for (s=rest, n=len; n && (*s == ' ' || *s == '\t'); s++, n--)
+            ;
+          if (n >= 4 && !memcmp (s, "man:", 4))
+            {
+              for (s+=4, n-=4; n && *s != '\n'; n--, s++)
+                putc (*s, fp);
+              putc ('\n', fp);
+            }
+          /* Now throw away the entire line. */
+          s = memchr (rest, '\n', len);
+          return s? (s-rest)+1 : len;  
+        case 6:
+          *eol_action = 1;
+          break;
+        case 7:
+          ignore_args = 1;
+          break;
+        default:
+          break;
+        }
+    }
+  else
+    {
+      inf ("texinfo command `%s' not supported (%.*s)", command,
+           ((s = memchr (rest, '\n', len)), (s? (s-rest) : len)), rest);
+    }
+
+  if (*rest == '{')
+    {
+      /* Find matching closing brace.  */
+      for (s=rest+1, n=1, i=1; i && *s && n < len; s++, n++)
+        if (*s == '{')
+          i++;
+        else if (*s == '}')
+          i--;
+      if (i)
+        {
+          err ("closing brace for command `%s' not found", command);
+          return len;
+        }
+      if (n > 2 && !ignore_args)
+        proc_texi_buffer (fp, rest+1, n-2, table_level, eol_action);
+    }
+  else
+    n = 0;
+
+  if (lead_out)
+    fputs (lead_out, fp);
+
+  return n;
+}
+
+
+
+/* Process the string LINE with LEN bytes of Texinfo content. */
+static void
+proc_texi_buffer (FILE *fp, const char *line, size_t len,
+                  int *table_level, int *eol_action)
+{
+  const char *s;
+  char cmdbuf[256];
+  int cmdidx = 0;
+  int in_cmd = 0;
+  size_t n;
+
+  for (s=line; *s && len; s++, len--)
+    {
+      if (in_cmd)
+        {
+          if (in_cmd == 1)
+            {
+              switch (*s)
+                {
+                case '@': case '{': case '}': 
+                  putc (*s, fp); in_cmd = 0; 
+                  break;
+                case ':': /* Not ending a sentence flag.  */
+                  in_cmd = 0;
+                  break;
+                case '.': case '!': case '?': /* Ending a sentence. */
+                  putc (*s, fp); in_cmd = 0; 
+                  break;
+                case ' ': case '\t': case '\n': /* Non collapsing spaces.  */
+                  putc (*s, fp); in_cmd = 0; 
+                  break;
+                default:
+                  cmdidx = 0;
+                  cmdbuf[cmdidx++] = *s;
+                  in_cmd++;
+                  break;
+                }
+            }
+          else if (*s == '{' || *s == ' ' || *s == '\t' || *s == '\n')
+            {
+              cmdbuf[cmdidx] = 0;
+              n = proc_texi_cmd (fp, cmdbuf, s, len, table_level, eol_action);
+              assert (n <= len);
+              s += n; len -= n;
+              s--; len++;
+              in_cmd = 0;
+            }
+          else if (cmdidx < sizeof cmdbuf -1)  
+            cmdbuf[cmdidx++] = *s;
+          else
+            {
+              err ("texinfo command too long - ignored");
+              in_cmd = 0;
+            }
+        }
+      else if (*s == '@')
+        in_cmd = 1;
+      else if (*s == '\n')
+        {
+          switch (*eol_action)
+            {
+            case 1: /* Create a dummy paragraph. */
+              fputs ("\n\\ \n", fp);
+              break;
+            default:
+              putc (*s, fp);
+            }
+          *eol_action = 0;
+        }
+      else
+        putc (*s, fp);
+    }
+}
+
+
+/* Do something with the Texinfo line LINE.  */
+static void
+parse_texi_line (FILE *fp, const char *line, int *table_level)
+{
+  int eol_action = 0;
+
+  /* A quick test whether there are any texinfo commands.  */
+  if (!strchr (line, '@'))
+    {
+      fputs (line, fp);
+      putc ('\n', fp);
+      return;
+    }
+  proc_texi_buffer (fp, line, strlen (line), table_level, &eol_action);
+  putc ('\n', fp);
+}
+
+
+/* Write all the lines LINES to FP.  */
+static void
+write_content (FILE *fp, line_buffer_t lines)
+{
+  line_buffer_t line;
+  int table_level = 0;
+
+  for (line = lines; line; line = line->next)
+    {
+      if (line->verbatim)
+        {
+          fputs (line->line, fp);
+          putc ('\n', fp);
+        }
+      else
+        {
+/*           fputs ("TEXI---", fp); */
+/*           fputs (line->line, fp); */
+/*           fputs ("---\n", fp); */
+          parse_texi_line (fp, line->line, &table_level);
+        }
+    }  
+}
+
+
+
+static int
+is_standard_section (const char *name)
+{
+  int i;
+  const char *s;
+
+  for (i=0; (s=standard_sections[i]); i++)
+    if (!strcmp (s, name))
+      return 1;
+  return 0;
+}
+
+
+/* Finish a page; that is sort the data and write it out to the file.  */
+static void
+finish_page (void)
+{
+  FILE *fp;
+  section_buffer_t sect;
+  int idx;
+  const char *s;
+  int i;
+
+  if (!thepage.name)
+    return; /* No page active.  */
+
+  if (verbose)
+    inf ("finishing page `%s'", thepage.name);
+
+  if (opt_select)
+    {
+      if (!strcmp (opt_select, thepage.name))
+        {
+          inf ("selected `%s'", thepage.name );
+          fp = stdout;
+        }
+      else
+        {
+          fp = fopen ( "/dev/null", "w" );
+          if (!fp)
+            die ("failed to open /dev/null: %s\n", strerror (errno));
+        }
+    }
+  else if (opt_store)
+    {
+      inf ("writing `%s'", thepage.name );
+      fp = fopen ( thepage.name, "w" );
+      if (!fp)
+        die ("failed to create `%s': %s\n", thepage.name, strerror (errno));
+    }
+  else
+    fp = stdout;
+
+  if (write_th (fp))
+    goto leave;
+
+  for (idx=0; (s=standard_sections[idx]); idx++)
+    {
+      for (i=0; i < thepage.n_sections; i++)
+        {
+          sect = thepage.sections + i;
+          if (sect->name && !strcmp (s, sect->name))
+            break;
+        }
+      if (i == thepage.n_sections)
+        sect = NULL;
+
+      if (sect)
+        {
+          fprintf (fp, ".SH %s\n", sect->name);
+          write_content (fp, sect->lines);
+          /* Now continue with all non standard sections directly
+             following this one. */
+          for (i++; i < thepage.n_sections; i++)
+            {
+              sect = thepage.sections + i;
+              if (sect->name && is_standard_section (sect->name))
+                break;
+              if (sect->name)
+                {
+                  fprintf (fp, ".SH %s\n", sect->name);
+                  write_content (fp, sect->lines);
+                }
+            }
+          
+        }
+    }
+
+
+ leave:
+  if (fp != stdout)
+    fclose (fp);
+  free (thepage.name);
+  thepage.name = NULL;
+  /* FIXME: Cleanup the content.  */
+}
+
+
+
+
+/* Parse one Texinfo file and create manpages according to the
+   embedded instructions.  */
+static void
+parse_file (const char *fname, FILE *fp)
+{
+  char *line;
+  int lnr = 0;
+  int in_verbatim = 0;
+  int in_pause = 0;
+  char *section_name = NULL;  /* Name of the current section or NULL
+                                 if not in a section.  */
+  int skip_to_end = 0;        /* Used to skip over menu entries. */
+
+  line = xmalloc (LINESIZE);
+  while (fgets (line, LINESIZE, fp))
+    {
+      size_t n = strlen (line);
+      int got_line = 0;
+      char *p;
+
+      lnr++;
+      if (!n || line[n-1] != '\n')
+        {
+          err ("%s:$d: trailing linefeed missing, line too long or "
+               "embedded Nul character", fname, lnr);
+          break;
+        }
+      line[--n] = 0;
+      /* We only parse lines we need and ignore the rest.  There are a
+         few macros used to control this as well as one @ifset
+         command.  Parts we know about are saved away into containers
+         separate for each section. */
+      if (*line == '@')
+        {
+          for (p=line+1, n=1; *p && *p != ' ' && *p != '\t'; p++)
+            n++;
+          while (*p == ' ' || *p == '\t')
+            p++;
+
+          if (skip_to_end 
+              &&n == 4 && !memcmp (line, "@end", 4)
+              && (line[4]==' '||line[4]=='\t'||!line[4]))
+            {
+              skip_to_end = 0;
+            }
+          else if (n == 6 && !memcmp (line, "@ifset", 6)
+              && !strncmp (p, "manverb", 7) && (p[7]==' '||p[7]=='\t'||!p[7]))
+            {
+              if (in_verbatim)
+                err ("%s:%d: nested \"@ifset manverb\"", fname, lnr);
+              else
+                in_verbatim = 1;
+            }
+          else if (in_verbatim && n == 4 && !memcmp (line, "@end", 4)
+                   && !strncmp (p, "ifset", 5)
+                   && (p[5]==' '||p[5]=='\t'||!p[5]))
+            {
+              in_verbatim = 0;
+            }
+          else if (in_verbatim)
+            {
+              got_line = 1;
+            }
+          else if (n == 8 && !memcmp (line, "@manpage", 8))
+            {
+              free (section_name);
+              section_name = NULL;
+              finish_page ();
+              start_page (p);
+              in_pause = 0;
+            }
+          else if (n == 8 && !memcmp (line, "@mansect", 8))
+            {
+              if (!thepage.name)
+                err ("%s:%d: section outside of a man page", fname, lnr);
+              else
+                {
+                  free (section_name);
+                  section_name = ascii_strupr (xstrdup (p));
+                  in_pause = 0;
+                }
+            }
+          else if (n == 9 && !memcmp (line, "@manpause", 9))
+            {
+              if (!section_name)
+                err ("%s:%d: pausing outside of a man section", fname, lnr);
+              else if (in_pause)
+                err ("%s:%d: already pausing", fname, lnr);
+              else
+                in_pause = 1;
+            }
+          else if (n == 8 && !memcmp (line, "@mancont", 8))
+            {
+              if (!section_name)
+                err ("%s:%d: continue outside of a man section", fname, lnr);
+              else if (!in_pause)
+                err ("%s:%d: continue while not pausing", fname, lnr);
+              else
+                in_pause = 0;
+            }
+          else if (n == 5 && !memcmp (line, "@menu", 5)
+                   && (line[5]==' '||line[5]=='\t'||!line[5]))
+            {
+              skip_to_end = 1;
+            }
+          else
+            got_line = 1;
+        }
+      else if (!skip_to_end)
+        got_line = 1;
+
+      if (got_line && in_verbatim)
+        add_content (section_name, line, 1);
+      else if (got_line && thepage.name && section_name && !in_pause)
+        add_content (section_name, line, 0);
+
+    }
+  if (ferror (fp))
+    err ("%s:%d: read error: %s", fname, lnr, strerror (errno));
+  finish_page ();
+  free (section_name);
+  free (line);
+}
+
+
+
+
+
+
+
+int 
+main (int argc, char **argv)
+{
+  int last_argc = -1;
+
+  opt_source = "GNU";
+  opt_release = "";
+
+  if (argc)
+    {
+      argc--; argv++;
+    }
+  while (argc && last_argc != argc )
+    {
+      last_argc = argc;
+      if (!strcmp (*argv, "--"))
+        {
+          argc--; argv++;
+          break;
+        }
+      else if (!strcmp (*argv, "--help"))
+        {
+          puts (
+                "Usage: " PGM " [OPTION] [FILE]\n"
+                "Extract man pages from a Texinfo source.\n\n"
+                "  --source NAME    use NAME as source field\n"
+                "  --release STRING use STRING as the release field\n"
+                "  --store          write output using @manpage name\n"
+                "  --select NAME    only output pages with @manpage NAME\n"
+                "  --verbose        enable extra informational output\n"
+                "  --debug          enable additional debug output\n"
+                "  --help           display this help and exit\n\n"
+                "With no FILE, or when FILE is -, read standard input.\n\n"
+                "Report bugs to <bugs@g10code.com>.");
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--version"))
+        {
+          puts (PGM " " VERSION "\n"
+               "Copyright (C) 2005 g10 Code GmbH\n"
+               "This program comes with ABSOLUTELY NO WARRANTY.\n"
+               "This is free software, and you are welcome to redistribute it\n"
+                "under certain conditions. See the file COPYING for details.");
+          exit (0);
+        }
+      else if (!strcmp (*argv, "--verbose"))
+        {
+          verbose = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--quiet"))
+        {
+          quiet = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--debug"))
+        {
+          verbose = debug = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--source"))
+        {
+          argc--; argv++;
+          if (argc)
+            {
+              opt_source = *argv;
+              argc--; argv++;
+            }
+        }
+      else if (!strcmp (*argv, "--release"))
+        {
+          argc--; argv++;
+          if (argc)
+            {
+              opt_release = *argv;
+              argc--; argv++;
+            }
+        }
+      else if (!strcmp (*argv, "--store"))
+        {
+          opt_store = 1;
+          argc--; argv++;
+        }
+      else if (!strcmp (*argv, "--select"))
+        {
+          argc--; argv++;
+          if (argc)
+            {
+              opt_select = strrchr (*argv, '/');
+              if (opt_select)
+                opt_select++;
+              else 
+                opt_select = *argv;
+              argc--; argv++;
+            }
+        }
+    }          
+ 
+  if (argc > 1)
+    die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n");
+
+  /* Start processing. */
+  if (argc && strcmp (*argv, "-"))
+    {
+      FILE *fp = fopen (*argv, "rb");
+      if (!fp)
+        die ("%s:0: can't open file: %s", *argv, strerror (errno));
+      parse_file (*argv, fp);
+      fclose (fp);
+    }
+  else
+    parse_file ("-", stdin);
+
+  return !!any_error;
+}
+
+
+/*
+Local Variables:
+compile-command: "gcc -Wall -g -Wall -o yat2m yat2m.c"
+End:
+*/


From cvs at cvs.gnupg.org  Thu Aug 17 21:58:28 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu Aug 17 21:16:23 2006
Subject: [svn] GnuPG -  r4223 - trunk/doc
Message-ID: <E1GDnLk-0005sG-4q@trithemius.gnupg.org>

Author: wk
Date: 2006-08-17 21:58:28 +0200 (Thu, 17 Aug 2006)
New Revision: 4223

Modified:
   trunk/doc/gpg-agent.texi
   trunk/doc/gpg.texi
   trunk/doc/gpgsm.texi
   trunk/doc/scdaemon.texi
   trunk/doc/tools.texi
   trunk/doc/yat2m.c
Log:
include support and texi fixes


Modified: trunk/doc/gpg-agent.texi
===================================================================
--- trunk/doc/gpg-agent.texi	2006-08-17 18:01:25 UTC (rev 4222)
+++ trunk/doc/gpg-agent.texi	2006-08-17 19:58:28 UTC (rev 4223)
@@ -11,7 +11,7 @@
 @manpage gpg-agent.1
 @ifset manverb
 .B gpg-agent
-.R \- Secret key management for GnuPG
+\- Secret key management for GnuPG
 @end ifset
 
 @mansect synopsis

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2006-08-17 18:01:25 UTC (rev 4222)
+++ trunk/doc/gpg.texi	2006-08-17 19:58:28 UTC (rev 4223)
@@ -13,7 +13,7 @@
 @manpage gpg2.1
 @ifset manverb
 .B gpg2
-.R \- OpenPGP encryption and signing tool
+\- OpenPGP encryption and signing tool
 @end ifset
 
 @mansect synopsis

Modified: trunk/doc/gpgsm.texi
===================================================================
--- trunk/doc/gpgsm.texi	2006-08-17 18:01:25 UTC (rev 4222)
+++ trunk/doc/gpgsm.texi	2006-08-17 19:58:28 UTC (rev 4223)
@@ -11,7 +11,7 @@
 @manpage gpgsm.1
 @ifset manverb
 .B gpgsm
-.R \- CMS encryption and signing tool
+\- CMS encryption and signing tool
 @end ifset
 
 @mansect synopsis

Modified: trunk/doc/scdaemon.texi
===================================================================
--- trunk/doc/scdaemon.texi	2006-08-17 18:01:25 UTC (rev 4222)
+++ trunk/doc/scdaemon.texi	2006-08-17 19:58:28 UTC (rev 4223)
@@ -11,7 +11,7 @@
 @manpage scdaemon.1
 @ifset manverb
 .B scdaemon
-.R \- Smartcard daemon for the GnuPG system
+\- Smartcard daemon for the GnuPG system
 @end ifset
 
 @mansect synopsis

Modified: trunk/doc/tools.texi
===================================================================
--- trunk/doc/tools.texi	2006-08-17 18:01:25 UTC (rev 4222)
+++ trunk/doc/tools.texi	2006-08-17 19:58:28 UTC (rev 4223)
@@ -25,9 +25,18 @@
 @node watchgnupg
 @section Read logs from a socket
 @ifset manverb
- watchgnupg \-  Read and print logs from a socket
+.B watchgnupg
+\- Read and print logs from a socket
 @end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  watchgnupg
+.RB [ \-\-force ]
+.RB [ \-\-verbose ]
+.I socketname
+@end ifset
+
 @mansect description
 Most of the main utilities are able to write there log files to a
 Unix Domain socket if configured that way.  @command{watchgnupg} is a simple
@@ -35,11 +44,9 @@
 stamp and makes sure that long lines are not interspersed with log
 output from other utilities.
 
-@manpause
 @noindent
 @command{watchgnupg} is commonly invoked as
 
-@mansect synopsis
 @example
 watchgnupg --force ~/.gnupg/S.log
 @end example
@@ -49,11 +56,11 @@
 This starts it on the current terminal for listening on the socket
 @file{~/.gnupg/S.log}.  
 
+@mansect options
 @noindent
 @command{watchgnupg} understands these options:
 
 @table @gnupgtabopt
-@mansect options
 
 @item --force 
 @opindex force
@@ -71,10 +78,16 @@
 @opindex help
 Display a brief help page and exit
 
-@manpause
 @end table
 
+@mansect see also
+@command{gpg}(1), 
+@command{gpgsm}(1), 
+@command{gpg-agent}(1), 
+@command{scdaemon}(1)
+@include see-also-note.texi
 
+
 @c
 @c    ADDGNUPGHOME
 @c
@@ -82,9 +95,17 @@
 @node addgnupghome
 @section Create .gnupg home directories.
 @ifset manverb
- addgnupghome \-  Create .gnupg home directories
+.B addgnupghome 
+\- Create .gnupg home directories
 @end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  addgnupghome
+.I account_1
+.IR account_2 ... account_n
+@end ifset
+
 @mansect description
 If GnuPG is installed on a system with existing user accounts, it is
 sometimes required to populate the GnuPG home directory with existing
@@ -94,11 +115,9 @@
 directories of the accounts given on the command line.  It takes care
 not to overwrite existing GnuPG home directories.
 
-@manpause
 @noindent
 @command{addgnupghome} is invoked by root as:
 
-@mansect synopsis
 @example
 addgnupghome account1 account2 ... accountn
 @end example
@@ -111,9 +130,26 @@
 @node gpgconf
 @section Modify .gnupg home directories.
 @ifset manverb
-  gpgconf \- Modify .gnupg home directories
+.B gpgconf
+\- Modify .gnupg home directories
 @end ifset
 
+@mansect synopsis
+@ifset manverb
+.B gpgconf
+.RI [ options ]
+.BI --list-components
+.br
+.B gpgconf
+.RI [ options ]
+.BI --list-options component
+.br
+.B gpgconf
+.RI [ options ]
+.BI --change-options component
+@end ifset
+
+
 @mansect description
 The @command{gpgconf} is a utility to automatically and reasonable
 safely query and modify configuration files in the @file{.gnupg} home
@@ -148,7 +184,6 @@
 program that uses @command{gpgconf} in this way will be called GUI
 throughout this section.
 
-@manpause
 @menu
 * Invoking gpgconf::      List of all commands and options.
 * Format conventions::    Formatting conventions relevant for all commands.
@@ -164,9 +199,7 @@
 @mansect commands
 One of the following commands must be given:
 
-@manpause
 @table @gnupgtabopt
-@mancont
 
 @item --list-components
 List all components.  This is the default command used if none is
@@ -184,9 +217,7 @@
 
 The following options may be used:
 
-@manpause
 @table @gnupgtabopt
-@mancont
 @c FIXME: Not yet supported.
 @c @item -o @var{file}
 @c @itemx --output @var{file}

Modified: trunk/doc/yat2m.c
===================================================================
--- trunk/doc/yat2m.c	2006-08-17 18:01:25 UTC (rev 4222)
+++ trunk/doc/yat2m.c	2006-08-17 19:58:28 UTC (rev 4223)
@@ -446,6 +446,7 @@
     { "table",   3 }, 
     { "end",     4 },
     { "quotation",1, ".RS\n\\fB" },
+    { "ifset",   1 },
     { NULL }
   };
   size_t n;
@@ -780,14 +781,12 @@
 /* Parse one Texinfo file and create manpages according to the
    embedded instructions.  */
 static void
-parse_file (const char *fname, FILE *fp)
+parse_file (const char *fname, FILE *fp, char **section_name)
 {
   char *line;
   int lnr = 0;
   int in_verbatim = 0;
   int in_pause = 0;
-  char *section_name = NULL;  /* Name of the current section or NULL
-                                 if not in a section.  */
   int skip_to_end = 0;        /* Used to skip over menu entries. */
 
   line = xmalloc (LINESIZE);
@@ -842,8 +841,8 @@
             }
           else if (n == 8 && !memcmp (line, "@manpage", 8))
             {
-              free (section_name);
-              section_name = NULL;
+              free (*section_name);
+              *section_name = NULL;
               finish_page ();
               start_page (p);
               in_pause = 0;
@@ -854,14 +853,14 @@
                 err ("%s:%d: section outside of a man page", fname, lnr);
               else
                 {
-                  free (section_name);
-                  section_name = ascii_strupr (xstrdup (p));
+                  free (*section_name);
+                  *section_name = ascii_strupr (xstrdup (p));
                   in_pause = 0;
                 }
             }
           else if (n == 9 && !memcmp (line, "@manpause", 9))
             {
-              if (!section_name)
+              if (!*section_name)
                 err ("%s:%d: pausing outside of a man section", fname, lnr);
               else if (in_pause)
                 err ("%s:%d: already pausing", fname, lnr);
@@ -870,7 +869,7 @@
             }
           else if (n == 8 && !memcmp (line, "@mancont", 8))
             {
-              if (!section_name)
+              if (!*section_name)
                 err ("%s:%d: continue outside of a man section", fname, lnr);
               else if (!in_pause)
                 err ("%s:%d: continue while not pausing", fname, lnr);
@@ -882,6 +881,21 @@
             {
               skip_to_end = 1;
             }
+          else if (n == 8 && !memcmp (line, "@include", 8)
+                   && (line[8]==' '||line[8]=='\t'||!line[8]))
+            {
+              char *incname = xstrdup (p);
+              FILE *incfp = fopen (incname, "r");
+
+              if (!incfp)
+                err ("can't open include file `%s':%s",
+                     incname, strerror (errno));
+              else
+                {
+                  parse_file (incname, incfp, section_name);
+                  fclose (incfp);
+                }
+            }
           else
             got_line = 1;
         }
@@ -889,24 +903,28 @@
         got_line = 1;
 
       if (got_line && in_verbatim)
-        add_content (section_name, line, 1);
-      else if (got_line && thepage.name && section_name && !in_pause)
-        add_content (section_name, line, 0);
+        add_content (*section_name, line, 1);
+      else if (got_line && thepage.name && *section_name && !in_pause)
+        add_content (*section_name, line, 0);
 
     }
   if (ferror (fp))
     err ("%s:%d: read error: %s", fname, lnr, strerror (errno));
-  finish_page ();
-  free (section_name);
   free (line);
 }
 
 
+static void
+top_parse_file (const char *fname, FILE *fp)
+{
+  char *section_name = NULL;  /* Name of the current section or NULL
+                                 if not in a section.  */
+  parse_file (fname, fp, &section_name);
+  free (section_name);
+  finish_page ();
+}
 
 
-
-
-
 int 
 main (int argc, char **argv)
 {
@@ -1014,11 +1032,11 @@
       FILE *fp = fopen (*argv, "rb");
       if (!fp)
         die ("%s:0: can't open file: %s", *argv, strerror (errno));
-      parse_file (*argv, fp);
+      top_parse_file (*argv, fp);
       fclose (fp);
     }
   else
-    parse_file ("-", stdin);
+    top_parse_file ("-", stdin);
 
   return !!any_error;
 }


From cvs at cvs.gnupg.org  Fri Aug 18 15:05:40 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Fri Aug 18 14:23:28 2006
Subject: [svn] GnuPG -  r4224 - in trunk: . doc
Message-ID: <E1GE3Nj-0005yA-Tz@trithemius.gnupg.org>

Author: wk
Date: 2006-08-18 15:05:39 +0200 (Fri, 18 Aug 2006)
New Revision: 4224

Added:
   trunk/doc/opt-homedir.texi
   trunk/doc/see-also-note.texi
Modified:
   trunk/NEWS
   trunk/README
   trunk/doc/Makefile.am
   trunk/doc/gpg-agent.texi
   trunk/doc/gpg.texi
   trunk/doc/gpgsm.texi
   trunk/doc/scdaemon.texi
   trunk/doc/tools.texi
   trunk/doc/yat2m.c
Log:
More man pages.  Added include files for 2 common paragraphs.


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/NEWS	2006-08-18 13:05:39 UTC (rev 4224)
@@ -1,8 +1,15 @@
 Noteworthy changes in version 1.9.23
 -------------------------------------------------
 
+ * man pages for most tools are now build directly from the texinfo
+   source.
 
+ * The gpg code from 1.4.5 has been fully merged into this release.
+   The configure option --enable-gpg is still required to build this
+   gpg part.  For production use of OpenPGP the gpg version 1.4.5 is
+   still recommended.
 
+
 Noteworthy changes in version 1.9.22 (2006-07-27)
 -------------------------------------------------
 

Modified: trunk/README
===================================================================
--- trunk/README	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/README	2006-08-18 13:05:39 UTC (rev 4224)
@@ -55,11 +55,12 @@
 installation. gpg2 behaves just like gpg; it is however suggested to
 keep using gpg 1.2.x or 1.3.x. gpg2 is not even build by default.
 
-In case of problem please ask on gpa-dev@gnupg.org for advise.  Note
+In case of problem please ask on gnupg-dev@gnupg.org for advise.  Note
 that this release is only expected to build on GNU and *BSD systems.
 
-A texinfo manual named `gnupg.info' will get installed.  Some commands
-and options given below.  See also the section `SMARTCARD INTRO'.
+A texinfo manual named `gnupg.info' will get installed. man pages for
+all major components are also provided. Some commands and options
+given below.  See also the section `SMARTCARD INTRO'.
 
 
 COMMANDS

Modified: trunk/doc/Makefile.am
===================================================================
--- trunk/doc/Makefile.am	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/Makefile.am	2006-08-18 13:05:39 UTC (rev 4224)
@@ -22,7 +22,8 @@
 EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \
              gnupg-badge-openpgp.pdf \
              gnupg-card-architecture.eps gnupg-card-architecture.png \
-             gnupg-card-architecture.pdf
+             gnupg-card-architecture.pdf \
+             opt-homedir.texi see-also-note.texi
 
 BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
                 gnupg-card-architecture.pdf
@@ -38,12 +39,16 @@
 	tools.texi debugging.texi glossary.texi contrib.texi gpl.texi \
 	sysnotes.texi gnupg-card-architecture.fig
 
-YAT2M_OPTIONS = \
+AM_MAKEFINFOFLAGS = -I $(srcdir)
+
+YAT2M_OPTIONS = -I $(srcdir) \
         --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
 
 myman_sources = gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi tools.texi
 myman_pages   = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 \
-                watchgnupg.1 gpgconf.1 addgnupghome.8
+                watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
+		gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
+		gpgsm-gencert.sh.1
 
 man_MANS = $(myman_pages)
 

Modified: trunk/doc/gpg-agent.texi
===================================================================
--- trunk/doc/gpg-agent.texi	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/gpg-agent.texi	2006-08-18 13:05:39 UTC (rev 4224)
@@ -168,15 +168,9 @@
 below the home directory of the user.
 
 @anchor{option --homedir}
-@item --homedir @var{dir}
-@opindex homedir
-Set the name of the home directory to @var{dir}. If his option is not
-used, the home directory defaults to @file{~/.gnupg}.  It is only
-recognized when given on the command line.  It also overrides any home
-directory stated through the environment variable @env{GNUPGHOME} or
-(on W32 systems) by means on the Registry entry
-@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+@include opt-homedir.texi
 
+
 @item -v
 @item --verbose
 @opindex v

Modified: trunk/doc/gpg.texi
===================================================================
--- trunk/doc/gpg.texi	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/gpg.texi	2006-08-18 13:05:39 UTC (rev 4224)
@@ -1501,12 +1501,9 @@
 be in the GnuPG home directory ("~/.gnupg" if --homedir or $GNUPGHOME
 is not used).
 
-@item --homedir @code{directory}
-Set the name of the home directory to @code{directory} If this option is not
-used it defaults to "~/.gnupg". It does not make sense to use this in
-a options file. This also overrides the environment variable
-$GNUPGHOME.
+@include opt-homedir.texi
 
+
 @item --pcsc-driver @code{file}
 Use @code{file} to access the smartcard reader. The current default is
 `libpcsclite.so.1' for GLIBC based systems,

Modified: trunk/doc/gpgsm.texi
===================================================================
--- trunk/doc/gpgsm.texi	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/gpgsm.texi	2006-08-18 13:05:39 UTC (rev 4224)
@@ -286,14 +286,7 @@
 @file{gpgsm.conf} and expected in the @file{.gnupg} directory directly
 below the home directory of the user.
 
-@item --homedir @var{dir}
-@opindex homedir
-Set the name of the home directory to @var{dir}. If his option is not
-used, the home directory defaults to @file{~/.gnupg}.  It is only
-recognized when given on the command line.  It also overrides any home
-directory stated through the environment variable @env{GNUPGHOME} or
-(on W32 systems) by means on the Registry entry
-@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+@include opt-homedir.texi
 
 
 @item -v

Added: trunk/doc/opt-homedir.texi
===================================================================
--- trunk/doc/opt-homedir.texi	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/opt-homedir.texi	2006-08-18 13:05:39 UTC (rev 4224)
@@ -0,0 +1,14 @@
+@c This option is included at several places.
+@item --homedir @var{dir}
+@opindex homedir
+Set the name of the home directory to @var{dir}. If his option is not
+used, the home directory defaults to @file{~/.gnupg}.  It is only
+recognized when given on the command line.  It also overrides any home
+directory stated through the environment variable @env{GNUPGHOME} or
+(on W32 systems) by means on the Registry entry
+@ifset isman
+@var{HKCU\\Software\\GNU\\GnuPG:HomeDir}.
+@end ifset
+@ifclear isman
+@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+@end ifclear

Modified: trunk/doc/scdaemon.texi
===================================================================
--- trunk/doc/scdaemon.texi	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/scdaemon.texi	2006-08-18 13:05:39 UTC (rev 4224)
@@ -114,15 +114,9 @@
 @file{scdaemon.conf} and expected in the @file{.gnupg} directory directly
 below the home directory of the user.
 
-@item --homedir @var{dir}
-@opindex homedir
-Set the name of the home directory to @var{dir}. If his option is not
-used, the home directory defaults to @file{~/.gnupg}.  It is only
-recognized when given on the command line.  It also overrides any home
-directory stated through the environment variable @env{GNUPGHOME} or
-(on W32 systems) by means on the Registry entry
-@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+@include opt-homedir.texi
 
+
 @item -v
 @item --verbose
 @opindex v

Added: trunk/doc/see-also-note.texi
===================================================================
--- trunk/doc/see-also-note.texi	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/see-also-note.texi	2006-08-18 13:05:39 UTC (rev 4224)
@@ -0,0 +1,14 @@
+@c We append this note to all ``see also'' sections of the man pages
+
+@ifset isman
+The full documentation for this tool is maintained as a Texinfo manual.
+If GnuPG and the info program are properly installed at your site, the
+command
+
+@example
+info gnupg
+@end example
+
+should give you access to the complete manual including a menu structure
+and an index.
+@end ifset

Modified: trunk/doc/tools.texi
===================================================================
--- trunk/doc/tools.texi	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/tools.texi	2006-08-18 13:05:39 UTC (rev 4224)
@@ -138,15 +138,17 @@
 @ifset manverb
 .B gpgconf
 .RI [ options ]
-.BI --list-components
+.B \-\-list-components
 .br
 .B gpgconf
 .RI [ options ]
-.BI --list-options component
+.B \-\-list-options 
+.I component
 .br
 .B gpgconf
 .RI [ options ]
-.BI --change-options component
+.B \-\-change-options
+.I component
 @end ifset
 
 
@@ -192,7 +194,7 @@
 * Changing options::      Changing options of a component.
 @end menu
 
-
+@manpause
 @node Invoking gpgconf
 @subsection Invoking gpgconf
 
@@ -210,7 +212,6 @@
 
 @item --change-options @var{component}
 Change the options of the component @var{component}.
-@manpause
 @end table
 
 @mansect options
@@ -650,29 +651,70 @@
 The @code{--runtime} option can influence when the changes take
 effect.
 
+@mansect see also
+@command{gpg}(1), 
+@command{gpgsm}(1), 
+@command{gpg-agent}(1), 
+@command{scdaemon}(1),
+@command{dirmngr}(1)
+@include see-also-note.texi
+
+
 @manpause
 @c
 @c    GPGSM-GENCERT.SH
 @c
 @node gpgsm-gencert.sh
 @section Generate an X.509 certificate request
+@manpage gpgsm-gencert.sh.1
+@ifset manverb
+.B gpgsm-gencert.sh
+\- Generate an X.509 certificate request
+@end ifset 
 
+@mansect synopsis
+@ifset manverb
+.B  gpgsm-gencert.sh
+@end ifset
+
+@mansect description
 This is a simple tool to interactivly generate a certificate request
 which will be printed to stdout.
 
+@manpause
 @noindent
 @command{gpgsm-gencert.sh} is invoked as:
 
 @samp{gpgsm-cencert.sh}
 
+@mansect see also
+@command{gpgsm}(1), 
+@command{gpg-agent}(1), 
+@command{scdaemon}(1)
+@include see-also-note.texi
 
 
+
 @c
 @c   GPG-PRESET-PASSPHRASE
 @c
 @node gpg-preset-passphrase
 @section Put a passphrase into the cache.
+@manpage gpg-preset-passphrase.1
+@ifset manverb
+.B gpg-preset-passphrase
+\- Put a passphrase into gpg-agent's cache
+@end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  gpg-preset-passphrase
+.RI [ options ]
+.RI [ command ]
+.I keygrip
+@end ifset
+
+@mansect description
 The @command{gpg-preset-passphrase} is a utility to seed the internal
 cache of a running @command{gpg-agent} with passphrases.  It is mainly
 useful for unattended machines, where the usual @command{pinentry} tool
@@ -690,9 +732,10 @@
 * Invoking gpg-preset-passphrase::   List of all commands and options.
 @end menu
 
-
+@manpause
 @node Invoking gpg-preset-passphrase
 @subsection List of all commands and options.
+@mancont
 
 @noindent
 @command{gpg-preset-passphrase} is invoked this way:
@@ -709,11 +752,13 @@
 
 @table @gnupgtabopt
 @item --preset
+@opindex preset
 Preset a passphrase. This is what you usually will
 use. @command{gpg-preset-passphrase} will then read the passphrase from
 @code{stdin}.
 
 @item --forget
+@opindex forget
 Flush the passphrase for the given keygrip from the cache.
 
 @end table
@@ -735,6 +780,12 @@
 for other users.
 @end table
 
+@mansect see also
+@command{gpg}(1), 
+@command{gpgsm}(1), 
+@command{gpg-agent}(1), 
+@command{scdaemon}(1)
+@include see-also-note.texi
 
 
 
@@ -743,8 +794,20 @@
 @c   GPG-CONNECT-AGENT
 @c
 @node gpg-connect-agent
-@section Communicate with a runnig agent.
+@section Communicate with a running agent.
+@manpage gpg-connect-agent.1
+@ifset manverb
+.B gpg-connect-agent
+\- Communicate with a running agent
+@end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  gpg-connect-agent
+.RI [ options ]
+@end ifset
+
+@mansect description
 The @command{gpg-connect-agent} is a utility to communicate with a
 running @command{gpg-agent}.  It is useful to check out the commands
 gpg-agent provides using the Assuan interface.  It might also be useful
@@ -758,9 +821,10 @@
 * Invoking gpg-connect-agent::   List of all commands and options.
 @end menu
 
-
+@manpause
 @node Invoking gpg-connect-agent
 @subsection List of all commands and options.
+@mancont
 
 @noindent
 @command{gpg-connect-agent} is invoked this way:
@@ -784,16 +848,8 @@
 @opindex quiet
 Try to be as quiet as possible.
 
-@item --homedir @var{dir}
-@opindex homedir
-Set the name of the home directory to @var{dir}. If his option is not
-used, the home directory defaults to @file{~/.gnupg}.  It is only
-recognized when given on the command line.  It also overrides any home
-directory stated through the environment variable @env{GNUPGHOME} or
-(on W32 systems) by means on the Registry entry
-@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+@include opt-homedir.texi
 
-
 @item -S
 @itemx --raw-socket @var{name}
 @opindex S        
@@ -802,16 +858,36 @@
 Do not run any special initializations or environment checks.  This may
 be used to directly connect to any Assuan style socket server.
 
-
 @end table
 
+@mansect see also
+@command{gpg-agent}(1), 
+@command{scdaemon}(1)
+@include see-also-note.texi
+
+
+
 @c
 @c   GPGPARSEMAIL
 @c
 @node gpgparsemail
 @section Parse a mail message into an annotated format
 
-The @command{gpgparsemail} is a utility currentlu only useful for
+@manpage gpgparsemail.1
+@ifset manverb
+.B gpgparsemail
+\- Parse a mail message into an annotated format
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B  gpgparsemail
+.RI [ options ]
+.RI [ file ]
+@end ifset
+
+@mansect description
+The @command{gpgparsemail} is a utility currently only useful for
 debugging.  Run it with @code{--help} for usage information.
 
 
@@ -821,7 +897,26 @@
 @c
 @node symcryptrun
 @section Call a simple symmetric encryption tool.
+@manpage symcryptrun.1
+@ifset manverb
+.B symcryptrun
+\- Call a simple symmetric encryption tool
+@end ifset
 
+@mansect synopsis
+@ifset manverb
+.B  symcryptrun
+.B \-\-class
+.I class
+.B \-\-program
+.I program
+.B \-\-keyfile
+.I keyfile
+.RB [ --decrypt | --encrypt ]
+.RI [ inputfile ]
+@end ifset
+
+@mansect description
 Sometimes simple encryption tools are already in use for a long time and
 there might be a desire to integrate them into the GnuPG framework.  The
 protocols and encryption methods might be non-standard or not even
@@ -838,7 +933,7 @@
 * Invoking symcryptrun::   List of all commands and options.
 @end menu
 
-
+@manpause
 @node Invoking symcryptrun
 @subsection List of all commands and options.
 
@@ -849,6 +944,7 @@
 symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE 
    [--decrypt | --encrypt] [inputfile]
 @end example
+@mancont
 
 For encryption, the plain text must be provided on STDIN or as the
 argument @var{inputfile}, and the ciphertext will be output to STDOUT.
@@ -882,15 +978,9 @@
 @opindex quiet
 Try to be as quiet as possible.
 
-@item --homedir @var{dir}
-@opindex homedir
-Set the name of the home directory to @var{dir}. If his option is not
-used, the home directory defaults to @file{~/.gnupg}.  It is only
-recognized when given on the command line.  It also overrides any home
-directory stated through the environment variable @env{GNUPGHOME} or
-(on W32 systems) by means on the Registry entry
-@var{HKCU\Software\GNU\GnuPG:HomeDir}.
+@include opt-homedir.texi
 
+
 @item --log-file @var{file}
 @opindex log-file
 Append all logging output to @var{file}.  Default is to write logging
@@ -913,3 +1003,9 @@
 
 @end table
 
+@mansect see also
+@command{gpg}(1), 
+@command{gpgsm}(1), 
+@command{gpg-agent}(1), 
+@include see-also-note.texi
+

Modified: trunk/doc/yat2m.c
===================================================================
--- trunk/doc/yat2m.c	2006-08-17 19:58:28 UTC (rev 4223)
+++ trunk/doc/yat2m.c	2006-08-18 13:05:39 UTC (rev 4224)
@@ -85,6 +85,7 @@
 static const char *opt_source; 
 static const char *opt_release; 
 static const char *opt_select;
+static const char *opt_include;
 static int opt_store;
 
 
@@ -335,7 +336,6 @@
   section_buffer_t sect;
   line_buffer_t lb;
 
-  
   sect = get_section_buffer (sectname);
   if (sect->last_line && !sect->last_line->verbatim == !verbatim)
     {
@@ -447,6 +447,7 @@
     { "end",     4 },
     { "quotation",1, ".RS\n\\fB" },
     { "ifset",   1 },
+    { "ifclear",   1 },
     { NULL }
   };
   size_t n;
@@ -501,6 +502,11 @@
             {
               fputs ("\\fR\n.RE\n", fp);
             }
+          else if (n >= 5 && !memcmp (s, "ifset", 5)
+              && (!n || s[5] == ' ' || s[5] == '\t' || s[5] == '\n'))
+            {
+              fputs ("\\fR\n.RE\n", fp);
+            }
           /* Now throw away the entire line. */
           s = memchr (rest, '\n', len);
           return s? (s-rest)+1 : len;  
@@ -815,8 +821,8 @@
           while (*p == ' ' || *p == '\t')
             p++;
 
-          if (skip_to_end 
-              &&n == 4 && !memcmp (line, "@end", 4)
+          if (skip_to_end
+              && n == 4 && !memcmp (line, "@end", 4)
               && (line[4]==' '||line[4]=='\t'||!line[4]))
             {
               skip_to_end = 0;
@@ -881,12 +887,29 @@
             {
               skip_to_end = 1;
             }
+          else if (n == 8 && !memcmp (line, "@ifclear", 8)
+              && !strncmp (p, "isman", 5) && (p[5]==' '||p[5]=='\t'||!p[5]))
+            {
+              skip_to_end = 1;
+            }
           else if (n == 8 && !memcmp (line, "@include", 8)
                    && (line[8]==' '||line[8]=='\t'||!line[8]))
             {
               char *incname = xstrdup (p);
               FILE *incfp = fopen (incname, "r");
 
+              if (!incfp && opt_include && *opt_include && *p != '/')
+                {
+                  free (incname);
+                  incname = xmalloc (strlen (opt_include) + 1
+                                     + strlen (p) + 1);
+                  strcpy (incname, opt_include);
+                  if ( incname[strlen (incname)-1] != '/' )
+                    strcat (incname, "/");
+                  strcat (incname, p);
+                  incfp = fopen (incname, "r");
+                }
+
               if (!incfp)
                 err ("can't open include file `%s':%s",
                      incname, strerror (errno));
@@ -895,8 +918,9 @@
                   parse_file (incname, incfp, section_name);
                   fclose (incfp);
                 }
+              free (incname);
             }
-          else
+          else if (!skip_to_end)
             got_line = 1;
         }
       else if (!skip_to_end)
@@ -956,7 +980,8 @@
                 "  --select NAME    only output pages with @manpage NAME\n"
                 "  --verbose        enable extra informational output\n"
                 "  --debug          enable additional debug output\n"
-                "  --help           display this help and exit\n\n"
+                "  --help           display this help and exit\n"
+                "  -I DIR           also search in include DIR\n\n"
                 "With no FILE, or when FILE is -, read standard input.\n\n"
                 "Report bugs to <bugs@g10code.com>.");
           exit (0);
@@ -1021,6 +1046,15 @@
               argc--; argv++;
             }
         }
+      else if (!strcmp (*argv, "-I"))
+        {
+          argc--; argv++;
+          if (argc)
+            {
+              opt_include = *argv;
+              argc--; argv++;
+            }
+        }
     }          
  
   if (argc > 1)


From cvs at cvs.gnupg.org  Mon Aug 21 10:40:45 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 21 09:58:17 2006
Subject: [svn] GnuPG -  r4225 - trunk/scd
Message-ID: <E1GF4fl-0001VT-OV@trithemius.gnupg.org>

Author: wk
Date: 2006-08-21 10:40:45 +0200 (Mon, 21 Aug 2006)
New Revision: 4225

Modified:
   trunk/scd/ChangeLog
   trunk/scd/pcsc-wrapper.c
Log:
disconnectafter wake-up bug fix by Bob Dunlop.


Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog	2006-08-18 13:05:39 UTC (rev 4224)
+++ trunk/scd/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
@@ -1,3 +1,12 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* pcsc-wrapper.c (handle_open, handle_close): Reset card and
+	protocol on error/close.
+	(handle_status): Don't set the stae if the state is unknown.
+	(handle_reset): Ignore an error if already disconnected.  May
+	happen due to system wake-up after hibernation.  Suggested by Bob
+	Dunlop.
+
 2006-06-28  Werner Koch  <wk@g10code.com>
 
 	* app-openpgp.c (do_writekey): Fixed computation of memmove

Modified: trunk/scd/pcsc-wrapper.c
===================================================================
--- trunk/scd/pcsc-wrapper.c	2006-08-18 13:05:39 UTC (rev 4224)
+++ trunk/scd/pcsc-wrapper.c	2006-08-21 08:40:45 UTC (rev 4225)
@@ -474,6 +474,8 @@
       pcsc_release_context (pcsc_context);
       free (current_rdrname);
       current_rdrname = NULL;
+      pcsc_card = 0;
+      pcsc_protocol = 0;
       request_failed (err);
       return;
     }      
@@ -527,6 +529,8 @@
   free (current_rdrname);
   current_rdrname = NULL;
   pcsc_release_context (pcsc_context);
+  pcsc_card = 0;
+  pcsc_protocol = 0;
 
   request_succeeded (NULL, 0);
 }
@@ -567,17 +571,20 @@
     }
 
   status = 0;
-  if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) )
-    status |= 2;
-  if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) )
-    status |= 4;
-  /* We indicate a useful card if it is not in use by another
-     application.  This is because we only use exclusive access
-     mode.  */
-  if ( (status & 6) == 6
-       && !(rdrstates[0].event_state & PCSC_STATE_INUSE) )
-    status |= 1;
-  
+  if ( !(rdrstates[0].event_state & PCSC_STATE_UNKNOWN) )
+    {
+      if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) )
+        status |= 2;
+      if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) )
+        status |= 4;
+      /* We indicate a useful card if it is not in use by another
+         application.  This is because we only use exclusive access
+         mode.  */
+      if ( (status & 6) == 6
+           && !(rdrstates[0].event_state & PCSC_STATE_INUSE) )
+        status |= 1;
+    }
+
   /* First word is identical to the one used by apdu.c. */
   buf[0] = 0;
   buf[1] = 0;
@@ -618,6 +625,8 @@
   if (pcsc_card)
     {
       err = pcsc_disconnect (pcsc_card, PCSC_LEAVE_CARD);
+      if (err == 0x80100003)  /* Invalid handle.  (already disconnected) */
+        err = 0;
       if (err)
         {
           fprintf (stderr, PGM": pcsc_disconnect failed: %s (0x%lx)\n",


From cvs at cvs.gnupg.org  Mon Aug 21 22:20:27 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 21 21:37:56 2006
Subject: [svn] GnuPG - r4226 - in trunk: . common doc g10 tests
	tests/openpgp tools
Message-ID: <E1GFFao-0001BO-NH@trithemius.gnupg.org>

Author: wk
Date: 2006-08-21 22:20:23 +0200 (Mon, 21 Aug 2006)
New Revision: 4226

Added:
   trunk/common/openpgpdefs.h
   trunk/doc/DETAILS
   trunk/doc/HACKING
   trunk/doc/KEYSERVER
   trunk/doc/OpenPGP
   trunk/doc/TRANSLATE
   trunk/doc/faq.raw
   trunk/doc/samplekeys.asc
   trunk/tests/cms/
   trunk/tests/openpgp/
   trunk/tests/openpgp/ChangeLog
   trunk/tests/openpgp/Makefile.am
   trunk/tests/openpgp/armdetach.test
   trunk/tests/openpgp/armdetachm.test
   trunk/tests/openpgp/armencrypt.test
   trunk/tests/openpgp/armencryptp.test
   trunk/tests/openpgp/armor.test
   trunk/tests/openpgp/armsignencrypt.test
   trunk/tests/openpgp/armsigs.test
   trunk/tests/openpgp/clearsig.test
   trunk/tests/openpgp/conventional-mdc.test
   trunk/tests/openpgp/conventional.test
   trunk/tests/openpgp/decrypt-dsa.test
   trunk/tests/openpgp/decrypt.test
   trunk/tests/openpgp/defs.inc
   trunk/tests/openpgp/detach.test
   trunk/tests/openpgp/detachm.test
   trunk/tests/openpgp/encrypt-dsa.test
   trunk/tests/openpgp/encrypt.test
   trunk/tests/openpgp/encryptp.test
   trunk/tests/openpgp/genkey1024.test
   trunk/tests/openpgp/gpg.conf.tmpl
   trunk/tests/openpgp/mds.test
   trunk/tests/openpgp/mkdemodirs
   trunk/tests/openpgp/multisig.test
   trunk/tests/openpgp/pgp263-test.pub.asc
   trunk/tests/openpgp/pgp263-test.sec.asc
   trunk/tests/openpgp/plain-1-pgp.asc
   trunk/tests/openpgp/plain-1.asc
   trunk/tests/openpgp/plain-1o.asc
   trunk/tests/openpgp/plain-2.asc
   trunk/tests/openpgp/plain-2o.asc
   trunk/tests/openpgp/plain-3.asc
   trunk/tests/openpgp/plain-3o.asc
   trunk/tests/openpgp/pubdemo.asc
   trunk/tests/openpgp/pubring.asc
   trunk/tests/openpgp/pubring.pkr.asc
   trunk/tests/openpgp/seat.test
   trunk/tests/openpgp/secdemo.asc
   trunk/tests/openpgp/secring.asc
   trunk/tests/openpgp/secring.skr.asc
   trunk/tests/openpgp/signdemokey
   trunk/tests/openpgp/signencrypt-dsa.test
   trunk/tests/openpgp/signencrypt.test
   trunk/tests/openpgp/sigs-dsa.test
   trunk/tests/openpgp/sigs.test
   trunk/tests/openpgp/verify.test
   trunk/tests/openpgp/version.test
   trunk/tools/clean-sat.c
   trunk/tools/convert-from-106
   trunk/tools/crlf.c
   trunk/tools/gpg-zip.in
   trunk/tools/gpgsplit.c
   trunk/tools/lspgpot
   trunk/tools/mail-signed-keys
   trunk/tools/make-dns-cert.c
   trunk/tools/mk-tdata.c
   trunk/tools/pgpgroup-to-gpggroup
Modified:
   trunk/ChangeLog
   trunk/Makefile.am
   trunk/THANKS
   trunk/TODO
   trunk/common/ChangeLog
   trunk/common/Makefile.am
   trunk/configure.ac
   trunk/doc/ChangeLog
   trunk/doc/Makefile.am
   trunk/g10/ChangeLog
   trunk/g10/gpg.c
   trunk/g10/keydb.h
   trunk/g10/keygen.c
   trunk/g10/keyserver-internal.h
   trunk/g10/mainproc.c
   trunk/g10/packet.h
   trunk/g10/skclist.c
   trunk/tests/ChangeLog
   trunk/tests/Makefile.am
   trunk/tools/ChangeLog
   trunk/tools/Makefile.am
Log:
Migrated more stuff to doc/
Migrated the gpg regression tests.
Some changes tp the gpg code to fix bugs and
for the use in testing. 
make distcheck works now with gpg enabled.


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
@@ -1,3 +1,10 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Removed docbook tests.
+	(AC_CONFIG_FILES): Added gpgkeys_test and gpgkeys_mailto.
+
+	* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Enable gpg.
+
 2006-08-17  Werner Koch  <wk@g10code.com>
 
 	* THANKS: Merged with the 1.4 one.

Modified: trunk/Makefile.am
===================================================================
--- trunk/Makefile.am	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/Makefile.am	2006-08-21 20:20:23 UTC (rev 4226)
@@ -22,6 +22,7 @@
 
 ACLOCAL_AMFLAGS = -I m4 -I gl/m4
 AUTOMAKE_OPTIONS = dist-bzip2
+DISTCHECK_CONFIGURE_FLAGS = --enable-gpg
 
 EXTRA_DIST = scripts/config.rpath autogen.sh README.CVS
 DISTCLEANFILES = g10defs.h 

Modified: trunk/THANKS
===================================================================
--- trunk/THANKS	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/THANKS	2006-08-21 20:20:23 UTC (rev 4226)
@@ -17,6 +17,7 @@
 Ariel T Glenn		   ariel at columbia.edu
 Bernhard Herzog            bh at intevation.de
 Bernhard Reiter            bernhard de intevation.de
+Bob Dunlop                 bob at xyzzy.org.uk
 Bob Mathews                bobmathews at mindspring.com
 Bodo Moeller		   Bodo_Moeller at public.uni-hamburg.de
 Brendan O'Dea              bod at debian.org

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/TODO	2006-08-21 20:20:23 UTC (rev 4226)
@@ -115,6 +115,9 @@
    Remove the whole stuff?
 ** qbits
    We pass a new qbit parameter to genkey - implement this in libgcrypt.
+** skclist.c
+   As soon as we switch to libgcrypt 1.3 we should remove the hard
+   coded constant in random_is_faked.
 
 
 * common/

Modified: trunk/common/ChangeLog
===================================================================
--- trunk/common/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/common/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
@@ -1,3 +1,9 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (libcommon_a_SOURCES): Added keyserver.h
+
+	* openpgpdefs.h: New.  Stripped from ..g10/packet.h.
+
 2006-08-16  Werner Koch  <wk@g10code.com>
 
 	* keyserver.h: Moved from ../include to here.

Modified: trunk/common/Makefile.am
===================================================================
--- trunk/common/Makefile.am	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/common/Makefile.am	2006-08-21 20:20:23 UTC (rev 4226)
@@ -30,6 +30,8 @@
 libcommon_a_SOURCES = \
 	util.h i18n.h \
 	errors.h \
+	openpgpdefs.h \
+	keyserver.h \
 	sexp-parse.h \
 	sexputil.c \
 	maperror.c \
@@ -56,7 +58,6 @@
 	pka.c pka.h \
 	http.c http.h 
 
-
 libsimple_pwquery_a_SOURCES = \
 	simple-pwquery.c simple-pwquery.h asshelp.c asshelp.h
 

Added: trunk/common/openpgpdefs.h
===================================================================
--- trunk/common/openpgpdefs.h	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/common/openpgpdefs.h	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,89 @@
+/* openpgpdefs.h - Constants from the OpenPGP standard (rfc2440)
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
+ *               2006 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+#ifndef GNUPG_COMMON_OPENPGPDEFS_H
+#define GNUPG_COMMON_OPENPGPDEFS_H
+
+typedef enum 
+  {
+    PKT_NONE	      = 0,
+    PKT_PUBKEY_ENC    = 1,  /* Public key encrypted packet. */
+    PKT_SIGNATURE     = 2,  /* Secret key encrypted packet. */
+    PKT_SYMKEY_ENC    = 3,  /* Session key packet. */
+    PKT_ONEPASS_SIG   = 4,  /* One pass sig packet. */
+    PKT_SECRET_KEY    = 5,  /* Secret key. */
+    PKT_PUBLIC_KEY    = 6,  /* Public key. */
+    PKT_SECRET_SUBKEY = 7,  /* Secret subkey. */
+    PKT_COMPRESSED    = 8,  /* Compressed data packet. */
+    PKT_ENCRYPTED     = 9,  /* Conventional encrypted data. */
+    PKT_MARKER	      = 10, /* Marker packet. */
+    PKT_PLAINTEXT     = 11, /* Literal data packet. */
+    PKT_RING_TRUST    = 12, /* Keyring trust packet. */
+    PKT_USER_ID	      = 13, /* User id packet. */
+    PKT_PUBLIC_SUBKEY = 14, /* Public subkey. */
+    PKT_OLD_COMMENT   = 16, /* Comment packet from an OpenPGP draft. */
+    PKT_ATTRIBUTE     = 17, /* PGP's attribute packet. */
+    PKT_ENCRYPTED_MDC = 18, /* Integrity protected encrypted data. */
+    PKT_MDC 	      = 19, /* Manipulation detection code packet. */
+    PKT_COMMENT	      = 61, /* new comment packet (GnuPG specific). */
+    PKT_GPG_CONTROL   = 63  /* internal control packet (GnuPG specific). */
+  } 
+pkttype_t;
+
+
+typedef enum 
+  {
+    SIGSUBPKT_TEST_CRITICAL = -3,
+    SIGSUBPKT_LIST_UNHASHED = -2,
+    SIGSUBPKT_LIST_HASHED   = -1,
+    SIGSUBPKT_NONE	    =  0,
+    SIGSUBPKT_SIG_CREATED   =  2, /* Signature creation time. */
+    SIGSUBPKT_SIG_EXPIRE    =  3, /* Signature expiration time. */
+    SIGSUBPKT_EXPORTABLE    =  4, /* Exportable. */
+    SIGSUBPKT_TRUST	    =  5, /* Trust signature. */
+    SIGSUBPKT_REGEXP	    =  6, /* Regular expression. */
+    SIGSUBPKT_REVOCABLE     =  7, /* Revocable. */
+    SIGSUBPKT_KEY_EXPIRE    =  9, /* Key expiration time. */
+    SIGSUBPKT_ARR	    = 10, /* Additional recipient request. */
+    SIGSUBPKT_PREF_SYM	    = 11, /* Preferred symmetric algorithms. */
+    SIGSUBPKT_REV_KEY	    = 12, /* Revocation key. */
+    SIGSUBPKT_ISSUER	    = 16, /* Issuer key ID. */
+    SIGSUBPKT_NOTATION	    = 20, /* Notation data. */
+    SIGSUBPKT_PREF_HASH     = 21, /* Preferred hash algorithms. */
+    SIGSUBPKT_PREF_COMPR    = 22, /* Preferred compression algorithms. */
+    SIGSUBPKT_KS_FLAGS	    = 23, /* Key server preferences. */
+    SIGSUBPKT_PREF_KS	    = 24, /* Preferred key server. */
+    SIGSUBPKT_PRIMARY_UID   = 25, /* Primary user id. */
+    SIGSUBPKT_POLICY	    = 26, /* Policy URL. */
+    SIGSUBPKT_KEY_FLAGS     = 27, /* Key flags. */
+    SIGSUBPKT_SIGNERS_UID   = 28, /* Signer's user id. */
+    SIGSUBPKT_REVOC_REASON  = 29, /* Reason for revocation. */
+    SIGSUBPKT_FEATURES      = 30, /* Feature flags. */
+                              
+    SIGSUBPKT_SIGNATURE     = 32, /* Embedded signature. */
+                              
+    SIGSUBPKT_FLAG_CRITICAL = 128
+  } 
+sigsubpkttype_t;
+
+
+#endif /*GNUPG_COMMON_OPENPGPDEFS_H*/

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/configure.ac	2006-08-21 20:20:23 UTC (rev 4226)
@@ -442,10 +442,7 @@
 AC_ISC_POSIX
 gl_EARLY
 AC_SYS_LARGEFILE
-AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no)
-AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
 GNUPG_CHECK_FAQPROG
-GNUPG_CHECK_DOCBOOK_TO_TEXI
 GNUPG_CHECK_USTAR
 
 
@@ -1312,9 +1309,13 @@
 agent/Makefile
 scd/Makefile
 keyserver/Makefile
+keyserver/gpgkeys_mailto
+keyserver/gpgkeys_test
+tools/gpg-zip
 tools/Makefile
 doc/Makefile
 tests/Makefile
+tests/openpgp/Makefile
 ])
 AC_OUTPUT
 

Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/doc/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
@@ -1,3 +1,7 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am: Added other doc files from gpg 1.4.
+
 2006-08-17  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am: Added rules to build man pages.

Copied: trunk/doc/DETAILS (from rev 4225, branches/STABLE-BRANCH-1-4/doc/DETAILS)

Copied: trunk/doc/HACKING (from rev 4225, branches/STABLE-BRANCH-1-4/doc/HACKING)

Copied: trunk/doc/KEYSERVER (from rev 4225, branches/STABLE-BRANCH-1-4/doc/KEYSERVER)

Modified: trunk/doc/Makefile.am
===================================================================
--- trunk/doc/Makefile.am	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/doc/Makefile.am	2006-08-21 20:20:23 UTC (rev 4226)
@@ -19,20 +19,22 @@
 
 ## Process this file with automake to produce Makefile.in
 
-EXTRA_DIST = gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \
+EXTRA_DIST = DETAILS HACKING TRANSLATE OpenPGP KEYSERVER samplekeys.asc \
+	     gnupg-badge-openpgp.eps gnupg-badge-openpgp.jpg \
              gnupg-badge-openpgp.pdf \
              gnupg-card-architecture.eps gnupg-card-architecture.png \
              gnupg-card-architecture.pdf \
-             opt-homedir.texi see-also-note.texi
+             faq.raw FAQ faq.html \
+             opt-homedir.texi see-also-note.texi 
 
 BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
-                gnupg-card-architecture.pdf
+                gnupg-card-architecture.pdf FAQ faq.html
 
 noinst_PROGRAMS = yat2m
 
 info_TEXINFOS = gnupg.texi
 
-dist_pkgdata_DATA = qualified.txt
+dist_pkgdata_DATA = qualified.txt FAQ faq.html
 
 gnupg_TEXINFOS = \
 	gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi assuan.texi \
@@ -55,6 +57,9 @@
 
 watchgnupg_SOURCE = gnupg.texi
 
+
+CLEANFILES = faq.raw.xref
+
 DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
 		 $(myman_pages)
 
@@ -74,6 +79,25 @@
 	fig2dev -L pdf `test -f '$<' || echo '$(srcdir)/'`$< $@
 
 
+FAQ : faq.raw
+if WORKING_FAQPROG
+	$(FAQPROG) -f $<  $@ || $(FAQPROG) -f $< $@
+else
+	: Warning: missing faqprog.pl, cannot make $@
+	echo "No $@ due to missing faqprog.pl" > $@
+	echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
+endif
+
+faq.html : faq.raw
+if WORKING_FAQPROG
+	$(FAQPROG) -h -f $< $@ 2>&1 || $(FAQPROG) -h -f $< $@
+else
+	: Warning: missing faqprog.pl, cannot make $@
+	echo "No $@ due to missing faqprog.pl" > $@
+	echo "See ftp://ftp.gnupg.org/gcrypt/contrib/faqprog.pl" >> $@
+endif
+
+
 yat2m-stamp: $(myman_sources)
 	@rm -f yat2m-stamp.tmp
 	@touch yat2m-stamp.tmp

Copied: trunk/doc/OpenPGP (from rev 4225, branches/STABLE-BRANCH-1-4/doc/OpenPGP)

Copied: trunk/doc/TRANSLATE (from rev 4225, branches/STABLE-BRANCH-1-4/doc/TRANSLATE)

Copied: trunk/doc/faq.raw (from rev 4225, branches/STABLE-BRANCH-1-4/doc/faq.raw)

Copied: trunk/doc/samplekeys.asc (from rev 4225, branches/STABLE-BRANCH-1-4/doc/samplekeys.asc)

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
@@ -1,3 +1,17 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* skclist.c (random_is_faked): Implemented.
+	(is_insecure): Also test for the old uppercase version of the
+	insecure string.
+	* gpg.c (main): Renamed --quick-random to debug-quick-quick-random.
+
+	* gpg.c (print_mds): Do not use the USE_SHA macros.
+
+	* mainproc.c (proc_encrypted): Remove assign inside condition for
+	better readibility.
+
+	* packet.h: Moved consts to new header ../common/openpgpdefs.h.
+
 2006-08-16  Werner Koch  <wk@g10code.com>
 
 	* keyserver.c (GPGKEYS_PREFIX): Rename to gpg2keys_.  This is so

Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/gpg.c	2006-08-21 20:20:23 UTC (rev 4226)
@@ -568,7 +568,7 @@
     { oPasswdFile, "passphrase-file",2, "@" },
     { oCommandFD, "command-fd",1, "@" },
     { oCommandFile, "command-file",2, "@" },
-    { oQuickRandom, "quick-random", 0, "@"},
+    { oQuickRandom, "debug-quick-random", 0, "@"},
     { oNoVerbose, "no-verbose", 0, "@"},
     { oTrustDBName, "trustdb-name", 2, "@" },
     { oNoSecmemWarn, "no-secmem-warning", 0, "@" },
@@ -2152,8 +2152,9 @@
             gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
             opt.list_sigs=0;
             break;
-          /* Disabled for now:
-          case oQuickRandom: quick_random_gen(1); break;*/
+          case oQuickRandom: 
+            gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+            break;
 	  case oEmitVersion: opt.no_version=0; break;
 	  case oNoEmitVersion: opt.no_version=1; break;
 	  case oCompletesNeeded: opt.completes_needed = pargs.r.ret_int; break;
@@ -2162,17 +2163,17 @@
 	  case oTrustDBName: trustdb_name = pargs.r.ret_str; break;
 	  case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break;
 	  case oDefRecipient:
-		    if( *pargs.r.ret_str )
-			opt.def_recipient = make_username(pargs.r.ret_str);
-		    break;
+            if( *pargs.r.ret_str )
+              opt.def_recipient = make_username(pargs.r.ret_str);
+            break;
 	  case oDefRecipientSelf:
-		    xfree(opt.def_recipient); opt.def_recipient = NULL;
-		    opt.def_recipient_self = 1;
-		    break;
+            xfree(opt.def_recipient); opt.def_recipient = NULL;
+            opt.def_recipient_self = 1;
+            break;
 	  case oNoDefRecipient:
-		    xfree(opt.def_recipient); opt.def_recipient = NULL;
-		    opt.def_recipient_self = 0;
-		    break;
+            xfree(opt.def_recipient); opt.def_recipient = NULL;
+            opt.def_recipient_self = 0;
+            break;
 	  case oNoOptions: opt.no_homedir_creation = 1; break; /* no-options */
 	  case oHomedir: break;
 	  case oNoBatch: opt.batch = 0; break;
@@ -4031,14 +4032,14 @@
 	gcry_md_enable (md, GCRY_MD_MD5);
 	gcry_md_enable (md, GCRY_MD_SHA1);
 	gcry_md_enable (md, GCRY_MD_RMD160);
-#ifdef USE_SHA256
-	gcry_md_enable (md, DIGEST_ALGO_SHA224);
-	gcry_md_enable (md, GCRY_MD_SHA256);
-#endif
-#ifdef USE_SHA512
-	gcry_md_enable (md, GCRY_MD_SHA384);
-	gcry_md_enable (md, GCRY_MD_SHA512);
-#endif
+        if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
+          gcry_md_enable (md, DIGEST_ALGO_SHA224);
+        if (!openpgp_md_test_algo (GCRY_MD_SHA256))
+          gcry_md_enable (md, GCRY_MD_SHA256);
+        if (!openpgp_md_test_algo (GCRY_MD_SHA384))
+          gcry_md_enable (md, GCRY_MD_SHA384);
+        if (!openpgp_md_test_algo (GCRY_MD_SHA512))
+          gcry_md_enable (md, GCRY_MD_SHA512);
     }
 
     while( (n=fread( buf, 1, DIM(buf), fp )) )
@@ -4054,15 +4055,14 @@
                 print_hashline( md, GCRY_MD_MD5, fname );
                 print_hashline( md, GCRY_MD_SHA1, fname );
                 print_hashline( md, GCRY_MD_RMD160, fname );
-#ifdef USE_SHA256
-                if (!gcry_md_test_algo (DIGEST_ALGO_SHA224)
+                if (!gcry_md_test_algo (DIGEST_ALGO_SHA224))
                     print_hashline (md, DIGEST_ALGO_SHA224, fname);
-                print_hashline( md, GCRY_MD_SHA256, fname );
-#endif
-#ifdef USE_SHA512
-		print_hashline( md, GCRY_MD_SHA384, fname );
-		print_hashline( md, GCRY_MD_SHA512, fname );
-#endif
+                if (!gcry_md_test_algo (GCRY_MD_SHA256))
+                    print_hashline( md, GCRY_MD_SHA256, fname );
+                if (!gcry_md_test_algo (GCRY_MD_SHA384))
+                    print_hashline ( md, GCRY_MD_SHA384, fname );
+                if (!gcry_md_test_algo (GCRY_MD_SHA512))
+                    print_hashline ( md, GCRY_MD_SHA512, fname );
             }
         }
         else {
@@ -4072,15 +4072,14 @@
                 print_hex( md, GCRY_MD_MD5, fname );
                 print_hex( md, GCRY_MD_SHA1, fname );
                 print_hex( md, GCRY_MD_RMD160, fname );
-#ifdef USE_SHA256
-                if (!gcry_md_test_algo (DIGEST_ALGO_SHA224)
+                if (!gcry_md_test_algo (DIGEST_ALGO_SHA224))
                     print_hex (md, DIGEST_ALGO_SHA224, fname);
-                print_hex( md, GCRY_MD_SHA256, fname );
-#endif
-#ifdef USE_SHA512
-		print_hex( md, GCRY_MD_SHA384, fname );
-		print_hex( md, GCRY_MD_SHA512, fname );
-#endif
+                if (!gcry_md_test_algo (GCRY_MD_SHA256))
+                    print_hex( md, GCRY_MD_SHA256, fname );
+                if (!gcry_md_test_algo (GCRY_MD_SHA384))
+                    print_hex( md, GCRY_MD_SHA384, fname );
+                if (!gcry_md_test_algo (GCRY_MD_SHA512))
+                    print_hex( md, GCRY_MD_SHA512, fname );
             }
         }
     }

Modified: trunk/g10/keydb.h
===================================================================
--- trunk/g10/keydb.h	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/keydb.h	2006-08-21 20:20:23 UTC (rev 4226)
@@ -190,6 +190,7 @@
 int  select_mdc_from_pklist (PK_LIST pk_list);
 
 /*-- skclist.c --*/
+int  random_is_faked (void);
 void release_sk_list( SK_LIST sk_list );
 int  build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
 					    int unlock, unsigned use );

Modified: trunk/g10/keygen.c
===================================================================
--- trunk/g10/keygen.c	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/keygen.c	2006-08-21 20:20:23 UTC (rev 4226)
@@ -1949,11 +1949,9 @@
 	if( *amail )
 	    p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
 
-	/* append a warning if we do not have dev/random
-	 * or it is switched into  quick testmode */
-        /* FIXME: see skclist.c:random_is_faked */
-        /* 	if( quick_random_gen(-1)  ) */
-        /* 	    strcpy(p, " (INSECURE!)" ); */
+	/* Append a warning if the RNG is switched into fake mode.  */
+        if ( random_is_faked ()  )
+          strcpy(p, " (insecure!)" );
 
 	/* print a note in case that UTF8 mapping has to be done */
 	for(p=uid; *p; p++ ) {

Modified: trunk/g10/keyserver-internal.h
===================================================================
--- trunk/g10/keyserver-internal.h	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/keyserver-internal.h	2006-08-21 20:20:23 UTC (rev 4226)
@@ -23,7 +23,7 @@
 #define _KEYSERVER_INTERNAL_H_
 
 #include <time.h>
-#include "keyserver.h"
+#include "../common/keyserver.h"
 #include "../common/iobuf.h"
 #include "types.h"
 

Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/mainproc.c	2006-08-21 20:20:23 UTC (rev 4226)
@@ -508,8 +508,9 @@
 	  }
 	else
 	  {
-	    /* assume this is old style conventional encrypted data */
-	    if ( (algo = opt.def_cipher_algo))
+	    /* Assume this is old style conventional encrypted data. */
+	    algo = opt.def_cipher_algo;
+	    if ( algo )
 	      log_info (_("assuming %s encrypted data\n"),
                         gcry_cipher_algo_name (algo));
 	    else if ( gcry_cipher_test_algo (CIPHER_ALGO_IDEA) )
@@ -680,6 +681,8 @@
     }
 
     rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
+    if (rc)
+      log_debug ("handle_plaintext failed: err=%d\n", rc);
     if( gpg_err_code (rc) == GPG_ERR_ENOENT && !c->sigs_only) 
       {
 #warning We need to change the test for the error code

Modified: trunk/g10/packet.h
===================================================================
--- trunk/g10/packet.h	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/packet.h	2006-08-21 20:20:23 UTC (rev 4226)
@@ -28,32 +28,10 @@
 #include "../jnlib/strlist.h"
 #include "cipher.h"
 #include "filter.h"
+#include "../common/openpgpdefs.h"
 
 #define DEBUG_PARSE_PACKET 1
 
-typedef enum {
-	PKT_NONE	   =0,
-	PKT_PUBKEY_ENC	   =1, /* public key encrypted packet */
-	PKT_SIGNATURE	   =2, /* secret key encrypted packet */
-	PKT_SYMKEY_ENC	   =3, /* session key packet (OpenPGP)*/
-	PKT_ONEPASS_SIG    =4, /* one pass sig packet (OpenPGP)*/
-	PKT_SECRET_KEY	   =5, /* secret key */
-	PKT_PUBLIC_KEY	   =6, /* public key */
-	PKT_SECRET_SUBKEY  =7, /* secret subkey (OpenPGP) */
-	PKT_COMPRESSED	   =8, /* compressed data packet */
-	PKT_ENCRYPTED	   =9, /* conventional encrypted data */
-	PKT_MARKER	  =10, /* marker packet (OpenPGP) */
-	PKT_PLAINTEXT	  =11, /* plaintext data with filename and mode */
-	PKT_RING_TRUST	  =12, /* keyring trust packet */
-	PKT_USER_ID	  =13, /* user id packet */
-	PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */
-	PKT_OLD_COMMENT   =16, /* comment packet from an OpenPGP draft */
-	PKT_ATTRIBUTE     =17, /* PGP's attribute packet */
-	PKT_ENCRYPTED_MDC =18, /* integrity protected encrypted data */
-	PKT_MDC 	  =19, /* manipulation detection code packet */
-	PKT_COMMENT	  =61, /* new comment packet (private) */
-        PKT_GPG_CONTROL   =63  /* internal control packet */
-} pkttype_t;
 
 typedef struct packet_struct PACKET;
 
@@ -373,39 +351,7 @@
 			    (a)->pkt.generic = NULL;	\
 		       } while(0)
 
-typedef enum {
-    SIGSUBPKT_TEST_CRITICAL=-3,
-    SIGSUBPKT_LIST_UNHASHED=-2,
-    SIGSUBPKT_LIST_HASHED  =-1,
-    SIGSUBPKT_NONE	   = 0,
-    SIGSUBPKT_SIG_CREATED  = 2, /* signature creation time */
-    SIGSUBPKT_SIG_EXPIRE   = 3, /* signature expiration time */
-    SIGSUBPKT_EXPORTABLE   = 4, /* exportable */
-    SIGSUBPKT_TRUST	   = 5, /* trust signature */
-    SIGSUBPKT_REGEXP	   = 6, /* regular expression */
-    SIGSUBPKT_REVOCABLE    = 7, /* revocable */
-    SIGSUBPKT_KEY_EXPIRE   = 9, /* key expiration time */
-    SIGSUBPKT_ARR	   =10, /* additional recipient request */
-    SIGSUBPKT_PREF_SYM	   =11, /* preferred symmetric algorithms */
-    SIGSUBPKT_REV_KEY	   =12, /* revocation key */
-    SIGSUBPKT_ISSUER	   =16, /* issuer key ID */
-    SIGSUBPKT_NOTATION	   =20, /* notation data */
-    SIGSUBPKT_PREF_HASH    =21, /* preferred hash algorithms */
-    SIGSUBPKT_PREF_COMPR   =22, /* preferred compression algorithms */
-    SIGSUBPKT_KS_FLAGS	   =23, /* key server preferences */
-    SIGSUBPKT_PREF_KS	   =24, /* preferred key server */
-    SIGSUBPKT_PRIMARY_UID  =25, /* primary user id */
-    SIGSUBPKT_POLICY	   =26, /* policy URL */
-    SIGSUBPKT_KEY_FLAGS    =27, /* key flags */
-    SIGSUBPKT_SIGNERS_UID  =28, /* signer's user id */
-    SIGSUBPKT_REVOC_REASON =29, /* reason for revocation */
-    SIGSUBPKT_FEATURES     =30, /* feature flags */
 
-    SIGSUBPKT_SIGNATURE    =32, /* embedded signature */
-
-    SIGSUBPKT_FLAG_CRITICAL=128
-} sigsubpkttype_t;
-
 struct notation
 {
   char *name;

Modified: trunk/g10/skclist.c
===================================================================
--- trunk/g10/skclist.c	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/g10/skclist.c	2006-08-21 20:20:23 UTC (rev 4226)
@@ -35,16 +35,26 @@
 #include "i18n.h"
 #include "cipher.h"
 
+#ifndef GCRYCTL_FAKED_RANDOM_P
+#define GCRYCTL_FAKED_RANDOM_P 51
+#endif
 
-/* There is currently no way to get the status of the quick random
-   generator flag from libgcrypt and it is not clear whether this
-   faked RNG is really a good idea.  Thus for now we use this stub
-   function but we should consider to entirely remove this fake RNG
-   stuff. */
-static int
+/* Return true if Libgcrypt's RNG is in faked mode.  */
+int
 random_is_faked (void)
 {
-  return 0;
+  /* We use a runtime check to allow for slow migrattion of libgcrypt.
+     We can't use the constant becuase that one is actually an enum
+     value.  */
+  gpg_error_t err = gcry_control ( 51 /*GCRYCTL_FAKED_RANDOM_P*/, 0);
+
+  if (!err)
+    return 0;
+  if (gpg_err_code (err) != GPG_ERR_INV_OP)
+    return 1;
+  log_info ("WARNING: libgcrypt too old.\n");
+  log_info ("         can't check whether we are in faked RNG mode\n");
+  return 0; /* Need to return false.  */
 }
 
 
@@ -82,7 +92,8 @@
                 continue; /* skip attribute packets */
             if ( strstr( id->name, "(insecure!)" )
                  || strstr( id->name, "not secure" )
-                 || strstr( id->name, "do not use" ) ) {
+                 || strstr( id->name, "do not use" )
+                 || strstr( id->name, "(INSECURE!)" ) ) {
                 insecure = 1;
                 break;
             }

Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
@@ -1,3 +1,8 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (SUBDIRS): New.
+	* openpgp/: New.
+
 2006-06-08  Marcus Brinkmann  <marcus@g10code.de>
 
 	* asschk.c (__func__) [__STDC_VERSION__ < 199901L && __GNUC__ >= 2]:

Modified: trunk/tests/Makefile.am
===================================================================
--- trunk/tests/Makefile.am	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/Makefile.am	2006-08-21 20:20:23 UTC (rev 4226)
@@ -29,6 +29,7 @@
 #
 #SUBDIRS = . ${pkits}
 
+SUBDIRS = openpgp
 
 GPGSM = ../sm/gpgsm
 

Copied: trunk/tests/openpgp/ChangeLog (from rev 4225, branches/STABLE-BRANCH-1-4/checks/ChangeLog)
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/openpgp/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,276 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	Copied tests from 1.4 and adjusted paths.
+
+2006-04-19  David Shaw  <dshaw@jabberwocky.com>
+
+	* sigs.test, mds.test: Add tests for SHA-224, SHA-384, and
+	SHA-512.
+
+2006-04-11  Werner Koch  <wk@g10code.com>
+
+	* armor.test: New.
+
+2006-03-09  Werner Koch  <wk@g10code.com>
+
+	* defs.inc: Removed Basishm by proper redirection.
+
+2006-03-06  Werner Koch  <wk@g10code.com>
+
+	* defs.inc: Print error messages also to stderr.  Allow for
+	verbose environment variable.
+	(linefeed): New.
+	(suspend_error, resume_error): New.
+	* verify.test:  More tests.
+	* multisig.test: Better error printing.
+	(sig_1ls1ls_valid, sig_ls_valid):  Moved to the non-valid group.
+	
+2006-02-14  Werner Koch  <wk@gnupg.org>
+
+	* verify.test: New.
+
+2005-06-21  Werner Koch  <wk@g10code.com>
+
+	* conventional.test (algos): Uhh ohh, cut+paste error and not
+	tested.
+
+2005-06-02  Werner Koch  <wk@g10code.com>
+
+	* conventional.test: have_cipher_algo now requires uppercase
+	algorithm names.  Changed.  Noted by John R. Shannon.
+
+2004-02-09  David Shaw  <dshaw@jabberwocky.com>
+
+	* clearsig.test, sigs.test: Properly detect RSA being missing, and
+	use the proper key for doing an RSA test.
+
+2003-12-31  David Shaw  <dshaw@jabberwocky.com>
+
+	* clearsig.test, conventional-mdc.test, conventional.test,
+	defs.inc, encrypt-dsa.test, encrypt.test, genkey1024.test,
+	plain-1.asc, plain-1-pgp.asc, plain-2.asc, plain-3.asc,
+	pubring.asc, secring.asc, sigs.test: Rework tests to work properly
+	with a gpg binary that doesn't have all ciphers and all pk algos.
+	Basically, we test for the ciphers we have, only test signing with
+	non-160-bit hashes with RSA (we test all hashes as hashes).  Test
+	all key lengths of AES.
+
+2003-12-05  David Shaw  <dshaw@jabberwocky.com>
+
+	* Makefile.am: Reenable tests now that the Elgamal signature keys
+	are gone.
+
+	* defs.inc, pubring.asc, secring.asc, plain-1.asc, plain-2.asc,
+	plain-3.asc: Remove the old v3 Elgamal keys and replace with
+	RSA+Elgamal and RSA s+e.
+
+2003-12-03  David Shaw  <dshaw@jabberwocky.com>
+
+	* options: Remove emulate-md-encode-bug.
+
+2003-11-27  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am (TESTS): Temporary remove tests using ElG signatures.
+
+2003-09-04  David Shaw  <dshaw@jabberwocky.com>
+
+	* mds.test, sigs.test: Remove TIGER/192 and make SHA-256 optional
+	(since it might not be compiled in).
+
+2003-07-10  David Shaw  <dshaw@jabberwocky.com>
+
+	* Makefile.am: Add --no-permission-warning to avoid spurious
+	warning when importing demo keys.
+
+2003-05-27  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am (CLEANFILES): Add gpg.conf
+
+2003-05-26  David Shaw  <dshaw@jabberwocky.com>
+
+	* defs.inc (pgmname): Make sure there is a valid options
+	file. (From wk on stable branch)
+
+	* mds.test: Note that missing algorithms are not errors.
+
+2003-04-23  David Shaw  <dshaw@jabberwocky.com>
+
+	* Makefile.am, options.in: Rename options.in to options since it
+	no longer needs to be a generated file.
+
+	* sigs.test: TODO note to add the new SHAs when we start
+	generating them.
+
+	* mds.test: Test the new SHAs.
+
+2002-05-10  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am: Add gpg_dearmor to all targets where it is used.
+	Noted by Andreas Haumer. 
+
+2002-04-19  Werner Koch  <wk@gnupg.org>
+
+	* signencrypt-dsa.test, sigs-dsa.test: Don't check with MD5 as
+	this is not valid with DSA signatures.
+
+2001-12-22  Werner Koch  <wk@gnupg.org>
+
+	* options.in: Add no-permission-warning.
+
+2001-12-21  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am (distclean-local): prefix mkdemodirs with srcdir
+	(DISTCLEANFILES): Add random_seed.
+
+2001-12-19  Werner Koch  <wk@gnupg.org>
+
+	* options.in: Remove load-extension tiger
+	* Makefile.am (./options): append it if there is such a module.
+
+2001-10-23  Werner Koch  <wk@gnupg.org>
+
+	* defs.inc, Makefile.am: Do not use $srcdir when invoking gpg.
+	Write the logfile to the current directory.
+
+2001-09-28  Werner Koch  <wk@gnupg.org>
+
+	* defs.inc: Write a log file for each test. 
+	* run-gpg, run-gpgm, run-gpg.patterns: Removed.  Replaced in all
+	tests by a simple macro from defs.inc.
+	* Makefile.am (CLEANFILES): Remove log files.
+	(./gpg_dearmor): create it and use it instead of the macro.
+	This is needed in multisig.test due to IFS tricks.
+
+	* armsignencrypt.test, signencrypt-dsa.test, signencrypt.test,
+	armencryptp.test, armencrypt.test, encryptp.test, seat.test,
+	encrypt-dsa.test, encrypt.test: Use --always-trust because the
+	test are not designed to check the validity.
+	
+2001-09-06  Werner Koch  <wk@gnupg.org>
+
+	* genkey1024.test: Simplified by using a parameter file.
+
+2001-05-30  Werner Koch  <wk@gnupg.org>
+
+	* multisig.test (IFS): Reset IFS just before the test.
+
+2001-04-30  Werner Koch  <wk@gnupg.org>
+
+	* multisig.test: Add an set +x to avoid ksh problems
+
+2001-04-28  Werner Koch  <wk@gnupg.org>
+
+	* run-gpg.patterns: a v3 test key expired yesterday, suppress the
+	messages.
+
+2001-03-27  Werner Koch  <wk@gnupg.org>
+
+	* defs.inc: Removed creation of options file.
+	* options.in: New.
+	* Makefile.am: Create options file and fixed import of pubdemo.asc.
+
+	* run-gpg.patterns (gpg): Add some more patterns.
+
+2001-03-20  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am: Import the pubdemo.asc file 
+
+	* sigs.test (hash_algo_list): s/tiger/tiger192/
+
+2001-03-19  Werner Koch  <wk@gnupg.org>
+
+	* mkdemodirs (GPGDEMO): Add --allow-secret-key-import to all gpg
+	invocations.  Use echon -n instead of an argument with \c.
+
+2001-02-12  Werner Koch  <wk@gnupg.org>
+
+	* multisig.test: new
+	* Makefile.am (TESTS): Added.
+
+2000-10-18  Werner Koch  <wk@gnupg.org>
+
+	* conventional-mdc.test: Add Rijndael and fix for empty plain texts.
+
+Thu Feb 10 17:39:44 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* mkdemodirs: Fixed the --clean loop.
+
+Thu Jan 13 19:31:58 CET 2000  Werner Koch  <wk@gnupg.de>
+
+	* defs.inc (chdir): Removed becuase it is unsused an plain old sh
+	does not like this name.  Reported by Alec Habig.
+
+Tue Oct 26 20:02:23 1999  Werner Koch  (wk@gnupg.org)
+
+	* Makefile.am (GPG_DEARMOR): New and use --no-options.
+
+Tue Aug 31 17:20:44 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* defs.inc: set LC_ALL empty
+
+Wed Aug  4 10:34:18 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* defs.inc (echo_n): New and used instead of /bin/echo "\c"
+
+Sun Apr 18 10:11:28 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* mkdemodirs: New
+	* signdemokey: New.
+	* Makefile.am (distclean-local): New.
+
+Wed Mar 17 13:09:03 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* mds.test: replaced the "echo -n"
+
+Mon Mar  8 20:47:17 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* pubdemo.asc, secdemo.asc: New.
+
+Fri Feb 19 15:49:15 CET 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* genkey1024.test: Be really quiet.
+
+1999-01-01  Geoff Keating  <geoffk@ozemail.com.au>
+
+	* Makefile.am (CLEANFILES): Also delete trustdb and any leftover
+	lockfiles.
+
+Fri Nov 27 15:30:24 CET 1998  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* clearsig.test: Some more test cases.
+
+Sun Oct 25 18:19:35 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* mds.test: Check whether TIGER is available.
+	* sigs.tesr: Ditto.
+
+Wed Sep 23 12:25:07 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* run-gpg.patterns: New (because Solaris fgrep does not like -f -).
+
+Mon Aug 10 21:33:38 1998  Werner Koch  (wk@(none))
+
+	* genkey1024.test: Ariel fixed this.
+
+Wed Jul  8 10:43:47 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* seat.test: New.
+
+Mon May 18 15:40:02 1998  Werner Koch  (wk@isil.d.shuttle.de)
+
+	* Makefile.am: Now uses mk-tdata to produce random test data.
+
+	* ChangeLog: New.
+
+
+ Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+ implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+

Copied: trunk/tests/openpgp/Makefile.am (from rev 4225, branches/STABLE-BRANCH-1-4/checks/Makefile.am)
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/Makefile.am	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/openpgp/Makefile.am	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,107 @@
+# Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
+#
+# This file is part of GnuPG.
+#
+# GnuPG is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+# 
+# GnuPG is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+
+# Process this file with automake to create Makefile.in
+
+GPG_IMPORT = ../../g10/gpg2 --homedir . \
+              --quiet --yes --no-permission-warning --import
+
+TESTS = version.test mds.test \
+	decrypt.test decrypt-dsa.test \
+	sigs.test sigs-dsa.test \
+	encrypt.test encrypt-dsa.test  \
+	seat.test clearsig.test encryptp.test detach.test \
+	armsigs.test armencrypt.test armencryptp.test \
+	signencrypt.test signencrypt-dsa.test \
+	armsignencrypt.test armdetach.test \
+	armdetachm.test detachm.test genkey1024.test \
+	conventional.test conventional-mdc.test \
+	multisig.test verify.test armor.test 
+
+
+TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
+	     plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
+	     pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \
+             gpg.conf.tmpl
+
+DATA_FILES = data-500 data-9000 data-32000 data-80000 plain-large
+
+EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \
+	     mkdemodirs signdemokey
+CLEANFILES = prepared.stamp x y yy z out err  $(DATA_FILES) \
+	     plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
+	     *.test.log gpg_dearmor gpg.conf \
+	     pubring.gpg secring.gpg pubring.pkr secring.skr
+DISTCLEANFILES = pubring.gpg~ random_seed
+
+
+all-local: prepared.stamp
+
+distclean-local:
+	$(srcdir)/mkdemodirs --clean
+
+prepared.stamp: ./pubring.gpg ./secring.gpg ./plain-1 ./plain-2 ./plain-3 \
+		./pubring.pkr ./secring.skr ./gpg_dearmor $(DATA_FILES)
+	 $(GPG_IMPORT) $(srcdir)/pubdemo.asc	 
+	 echo timestamp >./prepared.stamp
+
+./gpg_dearmor:
+	echo '#!/bin/sh' >./gpg_dearmor
+	echo "../../g10/gpg2 --no-options --no-greeting \
+             --no-secmem-warning --batch --dearmor" >>./gpg_dearmor
+	chmod 755 ./gpg_dearmor
+
+./pubring.gpg: $(srcdir)/pubring.asc $(srcdir)/pubdemo.asc ./gpg_dearmor
+	./gpg_dearmor > ./pubring.gpg < $(srcdir)/pubring.asc
+
+./secring.gpg: $(srcdir)/secring.asc ./gpg_dearmor
+	./gpg_dearmor > ./secring.gpg < $(srcdir)/secring.asc
+
+./pubring.pkr: $(srcdir)/pubring.pkr.asc ./gpg_dearmor
+	./gpg_dearmor > ./pubring.pkr < $(srcdir)/pubring.pkr.asc
+
+./secring.skr: $(srcdir)/secring.skr.asc ./gpg_dearmor
+	./gpg_dearmor > ./secring.skr < $(srcdir)/secring.skr.asc
+
+./plain-1: $(srcdir)/plain-1o.asc ./gpg_dearmor
+	./gpg_dearmor > ./plain-1 < $(srcdir)/plain-1o.asc
+
+./plain-2: $(srcdir)/plain-2o.asc ./gpg_dearmor
+	./gpg_dearmor > ./plain-2 < $(srcdir)/plain-2o.asc
+
+./plain-3: $(srcdir)/plain-3o.asc ./gpg_dearmor
+	./gpg_dearmor > ./plain-3 < $(srcdir)/plain-3o.asc
+
+
+data-500:
+	../../tools/mk-tdata   500  >data-500
+data-9000:
+	../../tools/mk-tdata  9000  >data-9000
+data-32000:
+	../../tools/mk-tdata 32000  >data-32000
+data-80000:
+	../../tools/mk-tdata 80000  >data-80000
+plain-large:
+	cat $(srcdir)/../../doc/HACKING \
+	    $(srcdir)/../../doc/DETAILS \
+	    $(srcdir)/../../doc/FAQ	 >plain-large
+
+# To speed up key generation we create a dummy random seed file
+random_seed:
+	../../tools/mk-tdata 600
+

Copied: trunk/tests/openpgp/armdetach.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/armdetach.test)

Copied: trunk/tests/openpgp/armdetachm.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/armdetachm.test)

Copied: trunk/tests/openpgp/armencrypt.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/armencrypt.test)

Copied: trunk/tests/openpgp/armencryptp.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/armencryptp.test)

Copied: trunk/tests/openpgp/armor.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/armor.test)

Copied: trunk/tests/openpgp/armsignencrypt.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/armsignencrypt.test)

Copied: trunk/tests/openpgp/armsigs.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/armsigs.test)

Copied: trunk/tests/openpgp/clearsig.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/clearsig.test)

Copied: trunk/tests/openpgp/conventional-mdc.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/conventional-mdc.test)

Copied: trunk/tests/openpgp/conventional.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/conventional.test)

Copied: trunk/tests/openpgp/decrypt-dsa.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/decrypt-dsa.test)

Copied: trunk/tests/openpgp/decrypt.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/decrypt.test)

Copied: trunk/tests/openpgp/defs.inc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/defs.inc)
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/defs.inc	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/openpgp/defs.inc	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,160 @@
+# definitions for the check scripts
+
+#--------------------------------
+#------ constants ---------------
+#--------------------------------
+
+# Note that usrpass1 is also used in Makefile.am
+usrname1="one"
+usrpass1="def"
+usrname2="two"
+usrpass2=""
+usrname3="three"
+usrpass3=""
+
+
+dsa_usrname1="pgp5"
+# we use the sub key because we do not yet have the logic to
+# to derive the first encryption key from a keyblock (I guess)
+dsa_usrname2="0xCB879DE9"
+
+dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr"
+
+
+plain_files="plain-1 plain-2 plain-3"
+data_files="data-500 data-9000 data-32000 data-80000"
+exp_files=""
+
+# The testscripts expect the original language
+LANG=
+LANGUAGE=
+LC_ALL=
+LC_MESSAGES=
+
+# Internal use.
+defs_stop_on_error=no
+defs_error_seen=no
+
+#--------------------------------
+#------ utility functions -------
+#--------------------------------
+
+fatal () {
+    echo "$pgmname: fatal:" $* >&2
+    echo "$pgmname: fatal:" $* >&5
+    exit 1;
+}
+
+error () {
+    echo "$pgmname:" $* >&2
+    defs_error_seen=yes
+    echo "$pgmname:" $* >&5
+    if [ x$defs_stop_on_error != xyes ]; then
+      exit 1 
+    fi
+}
+
+# Call this at the start of a test and resume_error at the end to keep
+# on running all subtests without immediately exiting on error.
+suspend_error () {
+   defs_stop_on_error=yes
+}
+
+resume_error () {
+    if [ x$defs_error_seen = xyes ]; then
+        exit 1
+    fi
+    defs_stop_on_error=no
+    defs_error_seen=no
+}
+
+info () {
+    echo "$pgmname:" $* >&2
+    if [ -n "${verbose+set}" ]; then
+      echo "$pgmname:" $* >&5
+    fi
+}
+
+linefeed () {
+    echo >&2
+}
+
+
+echo_n_init=no
+echo_n () {
+  if test "$echo_n_init" = "no"; then
+    if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
+      if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
+	echo_n_n=
+	echo_n_c='
+'
+      else
+	echo_n_n='-n'
+	echo_n_c=
+      fi
+    else
+      echo_n_n=
+      echo_n_c='\c'
+    fi
+    echo_n_init=yes
+  fi
+  echo $echo_n_n "${1}$echo_n_c"
+}
+
+
+#cleanup () {
+#    rm $cleanup_files 2>/dev/null || true
+#    echo "#empty" >./gpg.conf
+#}
+
+
+#add_cleanup () {
+#    cleanup_files="$cleanup_files $*"
+#}
+
+have_pubkey_algo () {
+  if  ../../g10/gpg2 --homedir .  --version | grep "Pubkey:.*$1" >/dev/null
+  then
+	true
+  else
+	false
+  fi
+}
+
+have_cipher_algo () {
+  if  ../../g10/gpg2 --homedir .  --version | grep "Cipher:.*$1" >/dev/null
+  then
+	true
+  else
+	false
+  fi
+}
+
+have_hash_algo () {
+  if  ../../g10/gpg2 --homedir .  --version | grep "Hash:.*$1" >/dev/null
+  then
+	true
+  else
+	false
+  fi
+}
+
+set -e
+pgmname=`basename $0`
+#trap cleanup SIGHUP SIGINT SIGQUIT
+
+[ -z "$srcdir" ] && fatal "not called from make"
+
+# Make sure we have a valid option files even with VPATH builds.
+if [ -f ./gpg.conf ]; then
+  :
+elif [ -f $srcdir/gpg.conf.tmpl ]; then
+  cat $srcdir/gpg.conf.tmpl >gpg.conf
+fi
+
+GPG="../../g10/gpg2 --no-permission-warning --homedir . "
+
+exec 5>&2 2>${pgmname}.log
+
+:
+# end

Copied: trunk/tests/openpgp/detach.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/detach.test)

Copied: trunk/tests/openpgp/detachm.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/detachm.test)

Copied: trunk/tests/openpgp/encrypt-dsa.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/encrypt-dsa.test)

Copied: trunk/tests/openpgp/encrypt.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/encrypt.test)

Copied: trunk/tests/openpgp/encryptp.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/encryptp.test)

Copied: trunk/tests/openpgp/genkey1024.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/genkey1024.test)
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/genkey1024.test	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/openpgp/genkey1024.test	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+. $srcdir/defs.inc || exit 3
+
+../../g10/gpg2 --quiet --batch --debug-quick-random --homedir . --gen-key <<EOF
+Key-Type: DSA
+Key-Length: 1024
+Subkey-Type: ELG
+Subkey-Length: 1024
+Name-Real: Harry H.
+Name-Comment: test key 
+Name-Email: hh@@ddorf.de
+Expire-Date: 1
+Passphrase: abc
+%commit
+EOF
+
+if have_pubkey_algo "RSA"; then
+../../g10/gpg2 --quiet --batch --debug-quick-random --homedir . --gen-key <<EOF
+Key-Type: RSA
+Key-Length: 1024
+Key-Usage: sign,encrypt
+Name-Real: Harry A.
+Name-Comment: RSA test key 
+Name-Email: hh@@ddorf.de
+Expire-Date: 2
+Passphrase: abc
+%commit
+EOF
+fi
+

Copied: trunk/tests/openpgp/gpg.conf.tmpl (from rev 4225, branches/STABLE-BRANCH-1-4/checks/options)

Copied: trunk/tests/openpgp/mds.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/mds.test)

Copied: trunk/tests/openpgp/mkdemodirs (from rev 4225, branches/STABLE-BRANCH-1-4/checks/mkdemodirs)
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/mkdemodirs	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/openpgp/mkdemodirs	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+GPG="../g10/gpg2 --batch --quiet --no-secmem-warning --allow-secret-key-import"
+NAMES='Alpha Bravo Charlie Delta Echo Foxtrot Golf Hotel India
+       Juliet Kilo Lima Mike November Oscar Papa Quebec Romeo
+       Sierra Tango Uniform Victor Whisky XRay Yankee Zulu'
+
+if [ "$1" = "--clean" ]; then
+    (for i in $NAMES; do
+	[ -d $i ] && rm -r $i
+    done) || true
+    exit 0
+fi
+
+$GPG --dearmor -o secdemo.gpg --yes ../checks/secdemo.asc
+$GPG --dearmor -o pubdemo.gpg --yes ../checks/pubdemo.asc
+[ -f ./tdb.tmp ] && rm ./tdb.tmp
+GPGDEMO="$GPG --homedir . --trustdb-name ./tdb.tmp --no-default-keyring
+	 --keyring pubdemo.gpg --secret-keyring secdemo.gpg"
+echo -n "Creating:"
+for name in $NAMES; do
+    echo -n " $name"
+    [ -d $name ] && rm -r $name
+    mkdir $name
+    $GPGDEMO --export-secret-key -o - $name > $name/Secret.gpg
+    $GPG --homedir $name --import $name/Secret.gpg
+    $GPGDEMO --export -o - $name > $name/Public.gpg
+    $GPG --homedir $name --import $name/Public.gpg
+    [ -f $name/pubring.gpg~ ] && rm $name/pubring.gpg~
+done
+echo "."
+[ -f ./tdb.tmp ] && rm ./tdb.tmp
+rm pubdemo.gpg secdemo.gpg
+
+

Copied: trunk/tests/openpgp/multisig.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/multisig.test)

Copied: trunk/tests/openpgp/pgp263-test.pub.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/pgp263-test.pub.asc)

Copied: trunk/tests/openpgp/pgp263-test.sec.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/pgp263-test.sec.asc)

Copied: trunk/tests/openpgp/plain-1-pgp.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/plain-1-pgp.asc)

Copied: trunk/tests/openpgp/plain-1.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/plain-1.asc)

Copied: trunk/tests/openpgp/plain-1o.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/plain-1o.asc)

Copied: trunk/tests/openpgp/plain-2.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/plain-2.asc)

Copied: trunk/tests/openpgp/plain-2o.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/plain-2o.asc)

Copied: trunk/tests/openpgp/plain-3.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/plain-3.asc)

Copied: trunk/tests/openpgp/plain-3o.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/plain-3o.asc)

Copied: trunk/tests/openpgp/pubdemo.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/pubdemo.asc)

Copied: trunk/tests/openpgp/pubring.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/pubring.asc)

Copied: trunk/tests/openpgp/pubring.pkr.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/pubring.pkr.asc)

Copied: trunk/tests/openpgp/seat.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/seat.test)

Copied: trunk/tests/openpgp/secdemo.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/secdemo.asc)

Copied: trunk/tests/openpgp/secring.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/secring.asc)

Copied: trunk/tests/openpgp/secring.skr.asc (from rev 4225, branches/STABLE-BRANCH-1-4/checks/secring.skr.asc)

Copied: trunk/tests/openpgp/signdemokey (from rev 4225, branches/STABLE-BRANCH-1-4/checks/signdemokey)
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/signdemokey	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/openpgp/signdemokey	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+if [ $# != 3 ]; then
+    echo "Usage: signdemokey name user_id user_id_no"
+    exit 1
+fi
+name="$1"
+user_id="$2"
+user_id_no="$3"
+
+echo "abc" | ../g10/gpg2 --options ./gpg.conf --homedir $name \
+		--sign-key --batch --yes --passphrase-fd 0 $user_id \
+		$user_id_no sign save
+

Copied: trunk/tests/openpgp/signencrypt-dsa.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/signencrypt-dsa.test)

Copied: trunk/tests/openpgp/signencrypt.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/signencrypt.test)

Copied: trunk/tests/openpgp/sigs-dsa.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/sigs-dsa.test)

Copied: trunk/tests/openpgp/sigs.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/sigs.test)

Copied: trunk/tests/openpgp/verify.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/verify.test)
===================================================================
--- branches/STABLE-BRANCH-1-4/checks/verify.test	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tests/openpgp/verify.test	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,252 @@
+#!/bin/sh
+
+. $srcdir/defs.inc || exit 3
+
+suspend_error
+
+#
+# Two simple tests to check that verify fails for bad input data
+#
+info "checking bogus signature 1"
+../../tools/mk-tdata --char 0x2d 64 >x
+$GPG --verify x data-500 && error "no error code from verify"
+info "checking bogus signature 2"
+../../tools/mk-tdata --char 0xca 64 >x
+$GPG --verify x data-500 && error "no error code from verify"
+
+linefeed
+
+# A variable to collect the test names
+tests=""
+
+# A plain signed message created using
+#  echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -z0 -sa msg
+tests="$tests msg_ols_asc"
+msg_ols_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45Q==
+=a29i
+-----END PGP MESSAGE-----'
+
+# A plain signed message created using
+#  echo abc | gpg --homedir . --passphrase-fd 0 -u Alpha -sa msg
+tests="$tests msg_cols_asc"
+msg_cols_asc='-----BEGIN PGP MESSAGE-----
+
+owGbwMvMwCSoW1RzPCOz3IRxLSN7EnNucboLT6Cgp0JJRmZeNpBMLFFIzMlRKMpM
+zyjRBQtm5qUrFKTmF+SkKmTmgdQVKyTnl+aVFFUqJBalKhRnJmcrJOalcJVkFqWm
+KOSnKSSlgrSU5OekQMzLL0rJzEsEKk9JTU7NK4EZBtKcBtRRWgAzlwtmbnlmSQbU
+GJjxCmDj9RQUPNVzFZJTi0oSM/NyKhXy8kuAYk6lJSBxLlTF2NziqZCYq8elq+Cb
+n1dSqRBQWZKRn8fVYc/MygAKBljYCDIFiTDMT+9seu836Q+bevyHTJ0dzPNuvCjn
+ZpgrwX38z58rJsfYDhwOSS4SkN/d6vUAAA==
+=s6sY
+-----END PGP MESSAGE-----'
+
+# A PGP 2 style message.
+tests="$tests msg_sl_asc"
+msg_sl_asc='-----BEGIN PGP MESSAGE-----
+
+iD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCgiI5M
+yzgJpGTZtA/Jbk+/HP9ceOWtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJp
+Z2h0LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5k
+CnRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxl
+IGFyZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQg
+dGlyZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGly
+ZWQgb2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCg==
+=0ukK
+-----END PGP MESSAGE-----'
+
+# An OpenPGP message lacking the onepass packet.  We used to accept
+# such messages but now consider them invalid.
+tests="$tests bad_ls_asc"
+bad_ls_asc='-----BEGIN PGP MESSAGE-----
+
+rQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9w
+bGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0
+b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRo
+aXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRh
+aW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQg
+dGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IA
+oJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
+=Mpiu
+-----END PGP MESSAGE-----'
+
+
+# A signed message prefixed with an unsigned literal packet.
+# (fols = faked-literal-data, one-pass, literal-data, signature)
+# This should throw an error because running gpg to extract the
+# signed data will return both literal data packets
+tests="$tests bad_fols_asc"
+bad_fols_asc='-----BEGIN PGP MESSAGE-----
+
+rF1iDG1zZy51bnNpZ25lZEQMY0x0aW1lc2hhcmluZywgbjoKCUFuIGFjY2VzcyBt
+ZXRob2Qgd2hlcmVieSBvbmUgY29tcHV0ZXIgYWJ1c2VzIG1hbnkgcGVvcGxlLgqQ
+DQMAAhEtcnzHaGl3NAGtAQdiA21zZ0QMUlpJIHRoaW5rIHRoYXQgYWxsIHJpZ2h0
+LXRoaW5raW5nIHBlb3BsZSBpbiB0aGlzIGNvdW50cnkgYXJlIHNpY2sgYW5kCnRp
+cmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBvcmRpbmFyeSBkZWNlbnQgcGVvcGxlIGFy
+ZSBmZWQgdXAgaW4gdGhpcwpjb3VudHJ5IHdpdGggYmVpbmcgc2ljayBhbmQgdGly
+ZWQuICBJJ20gY2VydGFpbmx5IG5vdC4gIEJ1dCBJJ20Kc2ljayBhbmQgdGlyZWQg
+b2YgYmVpbmcgdG9sZCB0aGF0IEkgYW0uCi0gTW9udHkgUHl0aG9uCog/AwUARAxS
+Wi1yfMdoaXc0EQJHggCgmUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQP
+yW5Pvxz/XHjl
+=UNM4
+-----END PGP MESSAGE-----'
+
+# A signed message suffixed with an unsigned literal packet.
+# (fols = faked-literal-data, one-pass, literal-data, signature)
+# This should throw an error because running gpg to extract the
+# signed data will return both literal data packets
+tests="$tests bad_olsf_asc"
+bad_olsf_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45axdYgxtc2cudW5zaWduZWREDGNMdGltZXNoYXJpbmcsIG46CglB
+biBhY2Nlc3MgbWV0aG9kIHdoZXJlYnkgb25lIGNvbXB1dGVyIGFidXNlcyBtYW55
+IHBlb3BsZS4K
+=3gnG
+-----END PGP MESSAGE-----'
+
+
+# Two standard signed messages in a row
+tests="$tests msg_olsols_asc_multisig"
+msg_olsols_asc_multisig='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGluayB0aGF0IGFsbCByaWdo
+dC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5IGFyZSBzaWNrIGFuZAp0
+aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkgZGVjZW50IHBlb3BsZSBh
+cmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJlaW5nIHNpY2sgYW5kIHRp
+cmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdtCnNpY2sgYW5kIHRpcmVk
+IG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5IFB5dGhvbgqIPwMFAEQM
+UlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk01pbAKCIjkzLOAmkZNm0
+D8luT78c/1x45ZANAwACES1yfMdoaXc0Aa0BB2IDbXNnRAxSWkkgdGhpbmsgdGhh
+dCBhbGwgcmlnaHQtdGhpbmtpbmcgcGVvcGxlIGluIHRoaXMgY291bnRyeSBhcmUg
+c2ljayBhbmQKdGlyZWQgb2YgYmVpbmcgdG9sZCB0aGF0IG9yZGluYXJ5IGRlY2Vu
+dCBwZW9wbGUgYXJlIGZlZCB1cCBpbiB0aGlzCmNvdW50cnkgd2l0aCBiZWluZyBz
+aWNrIGFuZCB0aXJlZC4gIEknbSBjZXJ0YWlubHkgbm90LiAgQnV0IEknbQpzaWNr
+IGFuZCB0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgSSBhbS4KLSBNb250eSBQeXRo
+b24KiD8DBQBEDFJaLXJ8x2hpdzQRAkeCAKCZRBk2Pmx4w9h2LgosS0AppNNaWwCg
+iI5MyzgJpGTZtA/Jbk+/HP9ceOU=
+=8nLN
+-----END PGP MESSAGE-----'
+
+# A standard message with two signatures (actually the same signature
+# duplicated).
+tests="$tests msg_oolss_asc"
+msg_oolss_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Yg/AwUARAxSWi1yfMdoaXc0EQJHggCg
+mUQZNj5seMPYdi4KLEtAKaTTWlsAoIiOTMs4CaRk2bQPyW5Pvxz/XHjl
+=KVw5
+-----END PGP MESSAGE-----'
+
+# A standard message with two one-pass packet but only one signature
+# packet
+tests="$tests bad_ools_asc"
+bad_ools_asc='-----BEGIN PGP MESSAGE-----
+
+kA0DAAIRLXJ8x2hpdzQBkA0DAAIRLXJ8x2hpdzQBrQEHYgNtc2dEDFJaSSB0aGlu
+ayB0aGF0IGFsbCByaWdodC10aGlua2luZyBwZW9wbGUgaW4gdGhpcyBjb3VudHJ5
+IGFyZSBzaWNrIGFuZAp0aXJlZCBvZiBiZWluZyB0b2xkIHRoYXQgb3JkaW5hcnkg
+ZGVjZW50IHBlb3BsZSBhcmUgZmVkIHVwIGluIHRoaXMKY291bnRyeSB3aXRoIGJl
+aW5nIHNpY2sgYW5kIHRpcmVkLiAgSSdtIGNlcnRhaW5seSBub3QuICBCdXQgSSdt
+CnNpY2sgYW5kIHRpcmVkIG9mIGJlaW5nIHRvbGQgdGhhdCBJIGFtLgotIE1vbnR5
+IFB5dGhvbgqIPwMFAEQMUlotcnzHaGl3NBECR4IAoJlEGTY+bHjD2HYuCixLQCmk
+01pbAKCIjkzLOAmkZNm0D8luT78c/1x45Q==
+=1/ix
+-----END PGP MESSAGE-----'
+
+# Standard cleartext signature
+tests="$tests msg_cls_asc"
+msg_cls_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+I think that all right-thinking people in this country are sick and
+tired of being told that ordinary decent people are fed up in this
+country with being sick and tired.  I'm certainly not.  But I'm
+sick and tired of being told that I am.
+- - Monty Python
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVp1LXJ8x2hpdzQRAplUAKCMfpG3GPw/TLN52tosgXP5lNECkwCfQhAa
+emmev7IuQjWYrGF9Lxj+zj8=
+=qJsY
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Cleartext signature with two signatures
+tests="$tests msg_clss_asc"
+msg_clss_asc=`cat <<EOF
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+What is the difference between a Turing machine and the modern computer?
+It's the same as that between Hillary's ascent of Everest and the
+establishment of a Hilton on its peak.
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFEDVz6LXJ8x2hpdzQRAtkGAKCeMhNbHnh339fpjNj9owsYcC4zBwCfYO5l
+2u+KEfXX0FKyk8SMzLjZ536IPwMFAUQNXPr+GAsdqeOwshEC2QYAoPOWAiQm0EF/
+FWIAQUplk7JWbyRKAJ92ZJyJpWfzb0yc1s7MY65r2qEHrg==
+=1Xvv
+-----END PGP SIGNATURE-----
+EOF
+`
+
+# Two clear text signatures in a row
+tests="$tests msg_clsclss_asc"
+msg_clsclss_asc="${msg_cls_asc}
+${msg_clss_asc}"
+
+
+# Fixme:  We need more tests with manipulated cleartext signatures.
+
+
+#
+# Now run the tests.
+#
+for i in $tests ; do
+   info "checking: $i"
+   eval "(IFS=; echo \"\$$i\")" >x
+   case "$i" in
+    msg_*_asc)
+       $GPG --verify x || error "verify of $i failed"
+       ;;
+    msg_*_asc_multisig)
+       $GPG --verify --allow-multisig-verification x \
+           || error "verify of $i failed"
+       $GPG --verify x && error "verify of $i succeeded but should not"
+       ;;
+    bad_*_asc)
+       $GPG --verify x && error "verify of $i succeeded but should not"
+       ;;
+    *)
+       error "No handler for test case $i"
+       ;;
+   esac
+   linefeed
+done
+
+
+resume_error

Copied: trunk/tests/openpgp/version.test (from rev 4225, branches/STABLE-BRANCH-1-4/checks/version.test)

Modified: trunk/tools/ChangeLog
===================================================================
--- trunk/tools/ChangeLog	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tools/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
@@ -1,3 +1,9 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* gpgsplit.c: New. Taken from 1.4. Adjusted to GnuPG2.
+
+	* Makefile.am (noinst_PROGRAMS): New.
+
 2006-06-09  Marcus Brinkmann  <marcus@g10code.de>
 
 	* Makefile.am (gpgconf_LDADD): Add $(GPG_ERROR_LIBS).

Modified: trunk/tools/Makefile.am
===================================================================
--- trunk/tools/Makefile.am	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tools/Makefile.am	2006-08-21 20:20:23 UTC (rev 4226)
@@ -18,9 +18,12 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
 # USA.
 
-EXTRA_DIST = Manifest watchgnupg.c \
-	     addgnupghome gpgsm-gencert.sh
+EXTRA_DIST = \
+	Manifest watchgnupg.c \
+	addgnupghome gpgsm-gencert.sh \
+	lspgpot mail-signed-keys convert-from-106
 
+
 AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common
 include $(top_srcdir)/am/cmacros.am
 
@@ -29,6 +32,9 @@
 sbin_SCRIPTS = addgnupghome
 
 bin_SCRIPTS = gpgsm-gencert.sh
+if HAVE_USTAR
+bin_SCRIPTS += gpg-zip
+endif
 
 if BUILD_SYMCRYPTRUN
   symcryptrun = symcryptrun
@@ -36,17 +42,24 @@
   symcryptrun =
 endif
 
-bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} gpgparsemail
+bin_PROGRAMS = gpgconf gpg-connect-agent gpgkey2ssh ${symcryptrun} \
+	       gpgparsemail gpgsplit
 if !HAVE_W32_SYSTEM
 bin_PROGRAMS += watchgnupg
 endif
 
+noinst_PROGRAMS = clean-sat mk-tdata make-dns-cert
+
+common_libs = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a
+
+gpgsplit_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(ZLIBS)
+
 gpgconf_SOURCES = gpgconf.c gpgconf.h gpgconf-comp.c no-libgcrypt.c
 
 # jnlib/common sucks in gpg-error, will they, nil they (some compilers
 # do not eliminate the supposed-to-be-unused-inline-functions).
 gpgconf_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a \
-		../gl/libgnu.a @LIBINTL@ $(GPG_ERROR_LIBS)
+		../gl/libgnu.a $(LIBINTL) $(GPG_ERROR_LIBS)
 
 gpgparsemail_SOURCES = gpgparsemail.c rfc822parse.c rfc822parse.h
 gpgparsemail_LDADD = 
@@ -71,3 +84,5 @@
 # some compilers do not eliminate.
 gpgkey2ssh_LDADD = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a \
                    $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
+
+

Copied: trunk/tools/clean-sat.c (from rev 4225, branches/STABLE-BRANCH-1-4/tools/clean-sat.c)

Copied: trunk/tools/convert-from-106 (from rev 4225, branches/STABLE-BRANCH-1-4/tools/convert-from-106)

Copied: trunk/tools/crlf.c (from rev 4225, branches/STABLE-BRANCH-1-4/tools/crlf.c)

Copied: trunk/tools/gpg-zip.in (from rev 4225, branches/STABLE-BRANCH-1-4/tools/gpg-zip.in)

Copied: trunk/tools/gpgsplit.c (from rev 4225, branches/STABLE-BRANCH-1-4/tools/gpgsplit.c)
===================================================================
--- branches/STABLE-BRANCH-1-4/tools/gpgsplit.c	2006-08-21 08:40:45 UTC (rev 4225)
+++ trunk/tools/gpgsplit.c	2006-08-21 20:20:23 UTC (rev 4226)
@@ -0,0 +1,881 @@
+/* gpgsplit.c - An OpenPGP packet splitting tool
+ * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA.
+ */
+
+/* 
+ * TODO: Add an option to uncompress packets.  This should come quite handy.
+ */
+
+#include <config.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <assert.h>
+#include <sys/types.h>
+#ifdef HAVE_DOSISH_SYSTEM
+# include <fcntl.h> /* for setmode() */
+#endif
+#include <zlib.h>
+#ifdef HAVE_BZIP2
+#include <bzlib.h>
+#endif /* HAVE_BZIP2 */
+#if defined(__riscos__) && defined(USE_ZLIBRISCOS)
+# include "zlib-riscos.h"
+#endif
+
+#define INCLUDED_BY_MAIN_MODULE 1
+#include "util.h"
+#include "openpgpdefs.h"
+
+static int opt_verbose;
+static const char *opt_prefix = "";
+static int opt_uncompress;
+static int opt_secret_to_public;
+static int opt_no_split;
+
+static void g10_exit( int rc );
+static void split_packets (const char *fname);
+
+
+enum cmd_and_opt_values {
+  aNull = 0,
+  oVerbose	  = 'v',
+  oPrefix       = 'p',                          
+  oUncompress   = 500,                      
+  oSecretToPublic,                      
+  oNoSplit,
+
+  aTest
+};
+
+
+static ARGPARSE_OPTS opts[] = {
+
+    { 301, NULL, 0, "@Options:\n " },
+
+    { oVerbose, "verbose",   0, "verbose" },
+    { oPrefix,  "prefix",    2, "|STRING|Prepend filenames with STRING" },
+    { oUncompress, "uncompress", 0, "uncompress a packet"},
+    { oSecretToPublic, "secret-to-public", 0, "convert secret keys to public keys"},
+    { oNoSplit, "no-split", 0, "write to stdout and don't actually split"},
+{0} };
+
+
+static const char *
+my_strusage (int level)
+{
+  const char *p;
+  switch (level)
+    {
+    case 11: p = "gpgsplit (GnuPG)";
+      break;
+    case 13: p = VERSION; break;
+    case 17: p = PRINTABLE_OS_NAME; break;
+    case 19: p =
+               "Please report bugs to <bug-gnupg@gnu.org>.\n";
+    break;
+    case 1:
+    case 40:	p =
+                  "Usage: gpgsplit [options] [files] (-h for help)";
+    break;
+    case 41:	p =
+                  "Syntax: gpgsplit [options] [files]\n"
+                  "Split an OpenPGP message into packets\n";
+    break;
+    
+    default:	p = NULL;
+    }
+  return p;
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+  ARGPARSE_ARGS pargs;
+
+#ifdef HAVE_DOSISH_SYSTEM
+  setmode( fileno(stdin), O_BINARY );
+  setmode( fileno(stdout), O_BINARY );
+#endif
+  log_set_prefix ("gpgsplit", JNLIB_LOG_WITH_PREFIX);
+  set_strusage (my_strusage);
+  
+  pargs.argc = &argc;
+  pargs.argv = &argv;
+  pargs.flags=  1;  /* do not remove the args */
+  while (optfile_parse( NULL, NULL, NULL, &pargs, opts))
+    {
+      switch (pargs.r_opt)
+        {
+        case oVerbose: opt_verbose = 1; break;
+        case oPrefix: opt_prefix = pargs.r.ret_str; break;
+        case oUncompress: opt_uncompress = 1; break;
+        case oSecretToPublic: opt_secret_to_public = 1; break;
+        case oNoSplit: opt_no_split = 1; break;
+        default : pargs.err = 2; break;
+	}
+    }
+  
+  if (log_get_errorcount(0))
+    g10_exit (2);
+
+  if (!argc)
+    split_packets (NULL);
+  else
+    {
+      for ( ;argc; argc--, argv++) 
+        split_packets (*argv);
+    }
+  
+  g10_exit (0);
+  return 0; 
+}
+
+
+static void
+g10_exit (int rc)
+{
+  rc = rc? rc : log_get_errorcount(0)? 2 : 0;
+  exit(rc );
+}
+
+static const char *
+pkttype_to_string (int pkttype)
+{
+  const char *s;
+
+  switch (pkttype)
+    {
+    case PKT_PUBKEY_ENC    : s = "pk_enc"; break;
+    case PKT_SIGNATURE     : s = "sig"; break;
+    case PKT_SYMKEY_ENC    : s = "sym_enc"; break;
+    case PKT_ONEPASS_SIG   : s = "onepass_sig"; break;
+    case PKT_SECRET_KEY    : s = "secret_key"; break;
+    case PKT_PUBLIC_KEY    : s = "public_key"; break;
+    case PKT_SECRET_SUBKEY : s = "secret_subkey"; break;
+    case PKT_COMPRESSED    : 
+      s = opt_uncompress? "uncompressed":"compressed";
+      break;
+    case PKT_ENCRYPTED     : s = "encrypted"; break;
+    case PKT_MARKER	       : s = "marker"; break;
+    case PKT_PLAINTEXT     : s = "plaintext"; break;
+    case PKT_RING_TRUST    : s = "ring_trust"; break;
+    case PKT_USER_ID       : s = "user_id"; break;
+    case PKT_PUBLIC_SUBKEY : s = "public_subkey"; break;
+    case PKT_OLD_COMMENT   : s = "old_comment"; break;
+    case PKT_ATTRIBUTE     : s = "attribute"; break;
+    case PKT_ENCRYPTED_MDC : s = "encrypted_mdc"; break;
+    case PKT_MDC 	       : s = "mdc"; break;
+    case PKT_COMMENT       : s = "comment"; break;
+    case PKT_GPG_CONTROL   : s = "gpg_control"; break;
+    default: s = "unknown"; break;
+    }
+  return s;
+}
+
+
+/*
+ * Create a new filename and a return a pointer to a statically
+ * allocated buffer 
+ */
+static char *
+create_filename (int pkttype)
+{
+  static unsigned int partno = 0;
+  static char *name;
+  
+  if (!name) 
+    name = xmalloc (strlen (opt_prefix) + 100 );
+  
+  assert (pkttype < 1000 && pkttype >= 0 );
+  partno++;
+  sprintf (name, "%s%06u-%03d" EXTSEP_S "%.40s",
+           opt_prefix, partno, pkttype, pkttype_to_string (pkttype));
+  return name;
+}
+
+static int
+read_u16 (FILE *fp, size_t *rn)
+{
+  int c;
+
+  if ( (c = getc (fp)) == EOF )
+    return -1;
+  *rn = c << 8;
+  if ( (c = getc (fp)) == EOF )
+    return -1;
+  *rn |= c;
+  return 0;
+}
+
+static int
+read_u32 (FILE *fp, unsigned long *rn)
+{
+  size_t tmp;
+  
+  if (read_u16 (fp, &tmp))
+    return -1;
+  *rn = tmp << 16;
+  if (read_u16 (fp, &tmp))
+    return -1;
+  *rn |= tmp;
+  return 0;
+}
+
+static int
+write_old_header (FILE *fp, int pkttype, unsigned int len)
+{     
+  int ctb = (0x80 | ((pkttype & 15)<<2));
+  
+  if (len < 256)
+    ;
+  else if (len < 65536)
+    ctb |= 1;
+  else
+    ctb |= 2;
+
+  if ( putc ( ctb, fp) == EOF )
+    return -1;
+
+  if ( (ctb & 2) )
+    {
+      if (putc ((len>>24), fp) == EOF)
+        return -1;
+      if (putc ((len>>16), fp) == EOF)
+        return -1;
+    }
+  if ( (ctb & 3) )
+    {
+      if (putc ((len>>8), fp) == EOF)
+        return -1;
+    }
+  if (putc ((len&0xff), fp) == EOF)
+    return -1;
+  return 0;
+}
+
+static int
+write_new_header (FILE *fp, int pkttype, unsigned int len)
+{     
+  if ( putc ((0xc0 | (pkttype & 0x3f)), fp) == EOF )
+    return -1;
+
+  if (len < 192)
+    {
+      if (putc (len, fp) == EOF)
+        return -1;
+    }
+  else if (len < 8384)
+    {
+      len -= 192;
+      if (putc ((len/256)+192, fp) == EOF)
+        return -1;
+      if (putc ((len%256), fp) == EOF)
+        return -1;
+    }
+  else
+    {
+      if (putc ( 0xff, fp) == EOF)
+        return -1;
+      if (putc ( (len >> 24), fp) == EOF)
+        return -1;
+      if (putc ( (len >> 16), fp) == EOF)
+        return -1;
+      if (putc ( (len >> 8), fp) == EOF)
+        return -1;
+      if (putc ( (len & 0xff), fp) == EOF)
+        return -1;
+    }
+  return 0;
+}
+
+/* Return the length of the public key given BUF of BUFLEN with a
+   secret key. */
+static int
+public_key_length (const unsigned char *buf, size_t buflen)
+{
+  const unsigned char *s;
+  int nmpis;
+
+  /*   byte version number (3 or 4)
+       u32  creation time 
+       [u16  valid days (version 3 only)]
+       byte algorithm 
+       n    MPIs (n and e) */
+  if (!buflen)
+    return 0;
+  if (buf[0] < 2 || buf[0] > 4)
+    return 0; /* wrong version number */
+  if (buflen < (buf[0] == 4? 6:8))
+    return 0;
+  s = buf + (buf[0] == 4? 6:8);
+  buflen -= (buf[0] == 4? 6:8);
+  switch (s[-1])
+    {
+    case 1:
+    case 2:
+    case 3:
+      nmpis = 2;
+      break;
+    case 16:
+    case 20:
+      nmpis = 3;
+      break;
+    case 17:
+      nmpis = 4;
+      break;
+    default:
+      return 0;
+    }
+
+  for (; nmpis; nmpis--)
+    {
+      unsigned int nbits, nbytes;
+
+      if (buflen < 2)
+        return 0;
+      nbits = (s[0] << 8) | s[1];
+      s += 2; buflen -= 2;
+      nbytes = (nbits+7) / 8;
+      if (buflen < nbytes)
+        return 0;
+      s += nbytes; buflen -= nbytes;
+    }
+
+  return s - buf;
+}
+
+static int
+handle_zlib(int algo,FILE *fpin,FILE *fpout)
+{
+  z_stream zs;
+  byte *inbuf, *outbuf;
+  unsigned int inbufsize, outbufsize;
+  int c,zinit_done, zrc, nread, count;
+  size_t n;
+              
+  memset (&zs, 0, sizeof zs);
+  inbufsize = 2048;
+  inbuf = xmalloc (inbufsize);
+  outbufsize = 8192;
+  outbuf = xmalloc (outbufsize);
+  zs.avail_in = 0;
+  zinit_done = 0;
+              
+  do
+    {
+      if (zs.avail_in < inbufsize)
+	{
+	  n = zs.avail_in;
+	  if (!n)
+	    zs.next_in = (Bytef *) inbuf;
+	  count = inbufsize - n;
+	  for (nread=0;
+	       nread < count && (c=getc (fpin)) != EOF;
+	       nread++) 
+	    inbuf[n+nread] = c;
+                      
+	  n += nread;
+	  if (nread < count && algo == 1) 
+	    {
+	      inbuf[n] = 0xFF; /* chew dummy byte */
+	      n++;
+	    }
+	  zs.avail_in = n;
+	}
+      zs.next_out = (Bytef *) outbuf;
+      zs.avail_out = outbufsize;
+                    
+      if (!zinit_done) 
+	{
+	  zrc = (algo == 1? inflateInit2 ( &zs, -13)
+		 : inflateInit ( &zs ));
+	  if (zrc != Z_OK) 
+	    {
+	      log_fatal ("zlib problem: %s\n", zs.msg? zs.msg :
+			 zrc == Z_MEM_ERROR ? "out of core" :
+			 zrc == Z_VERSION_ERROR ?
+			 "invalid lib version" :
+			 "unknown error" );
+	    }
+	  zinit_done = 1;
+	}
+      else
+	{
+#ifdef Z_SYNC_FLUSH
+	  zrc = inflate (&zs, Z_SYNC_FLUSH);
+#else
+	  zrc = inflate (&zs, Z_PARTIAL_FLUSH);
+#endif
+	  if (zrc == Z_STREAM_END)
+	    ; /* eof */
+	  else if (zrc != Z_OK && zrc != Z_BUF_ERROR)
+	    {
+	      if (zs.msg)
+		log_fatal ("zlib inflate problem: %s\n", zs.msg );
+	      else
+		log_fatal ("zlib inflate problem: rc=%d\n", zrc );
+	    }
+	  for (n=0; n < outbufsize - zs.avail_out; n++) 
+	    {
+	      if (putc (outbuf[n], fpout) == EOF )
+		return 1;
+	    }
+	}
+    } 
+  while (zrc != Z_STREAM_END && zrc != Z_BUF_ERROR);
+  inflateEnd (&zs);
+
+  return 0;
+}
+
+#ifdef HAVE_BZIP2
+static int
+handle_bzip2(int algo,FILE *fpin,FILE *fpout)
+{
+  bz_stream bzs;
+  byte *inbuf, *outbuf;
+  unsigned int inbufsize, outbufsize;
+  int c,zinit_done, zrc, nread, count;
+  size_t n;
+              
+  memset (&bzs, 0, sizeof bzs);
+  inbufsize = 2048;
+  inbuf = xmalloc (inbufsize);
+  outbufsize = 8192;
+  outbuf = xmalloc (outbufsize);
+  bzs.avail_in = 0;
+  zinit_done = 0;
+              
+  do
+    {
+      if (bzs.avail_in < inbufsize)
+	{
+	  n = bzs.avail_in;
+	  if (!n)
+	    bzs.next_in = inbuf;
+	  count = inbufsize - n;
+	  for (nread=0;
+	       nread < count && (c=getc (fpin)) != EOF;
+	       nread++) 
+	    inbuf[n+nread] = c;
+                      
+	  n += nread;
+	  if (nread < count && algo == 1) 
+	    {
+	      inbuf[n] = 0xFF; /* chew dummy byte */
+	      n++;
+	    }
+	  bzs.avail_in = n;
+	}
+      bzs.next_out = outbuf;
+      bzs.avail_out = outbufsize;
+                    
+      if (!zinit_done) 
+	{
+	  zrc = BZ2_bzDecompressInit(&bzs,0,0);
+	  if (zrc != BZ_OK) 
+	    log_fatal ("bz2lib problem: %d\n",zrc);
+	  zinit_done = 1;
+	}
+      else
+	{
+	  zrc = BZ2_bzDecompress(&bzs);
+	  if (zrc == BZ_STREAM_END)
+	    ; /* eof */
+	  else if (zrc != BZ_OK && zrc != BZ_PARAM_ERROR)
+	    log_fatal ("bz2lib inflate problem: %d\n", zrc );
+	  for (n=0; n < outbufsize - bzs.avail_out; n++) 
+	    {
+	      if (putc (outbuf[n], fpout) == EOF )
+		return 1;
+	    }
+	}
+    } 
+  while (zrc != BZ_STREAM_END && zrc != BZ_PARAM_ERROR);
+  BZ2_bzDecompressEnd(&bzs);
+
+  return 0;
+}
+#endif /* HAVE_BZIP2 */
+
+/* hdr must point to a buffer large enough to hold all header bytes */
+static int
+write_part ( const char *fname, FILE *fpin, unsigned long pktlen,
+             int pkttype, int partial, unsigned char *hdr, size_t hdrlen)
+{
+  FILE *fpout;
+  int c, first;
+  unsigned char *p;
+  const char *outname = create_filename (pkttype);
+  
+#if defined(__riscos__) && defined(USE_ZLIBRISCOS)
+  static int initialized = 0;
+
+  if (!initialized)
+      initialized = riscos_load_module("ZLib", zlib_path, 1);
+#endif
+  if (opt_no_split)
+    fpout = stdout;
+  else
+    {
+      if (opt_verbose)
+        log_info ("writing `%s'\n", outname);
+      fpout = fopen (outname, "wb");
+      if (!fpout) 
+        {
+          log_error ("error creating `%s': %s\n", outname, strerror(errno));
+          /* stop right now, otherwise we would mess up the sequence
+             of the part numbers */
+          g10_exit (1);
+        }
+    }
+
+  if (opt_secret_to_public
+      && (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY))
+    {
+      unsigned char *blob = xmalloc (pktlen);
+      int i, len;
+
+      pkttype = pkttype == PKT_SECRET_KEY? PKT_PUBLIC_KEY:PKT_PUBLIC_SUBKEY;
+
+      for (i=0; i < pktlen; i++) 
+        {
+          c = getc (fpin);
+          if (c == EOF) 
+            goto read_error;
+          blob[i] = c;
+        }
+      len = public_key_length (blob, pktlen);
+      if (!len)
+        {
+          log_error ("error calcualting public key length\n");
+          g10_exit (1);
+        }
+      if ( (hdr[0] & 0x40) )
+        { 
+          if (write_new_header (fpout, pkttype, len))
+            goto write_error;
+        }
+      else
+        { 
+          if (write_old_header (fpout, pkttype, len))
+            goto write_error;
+        }
+
+      for (i=0; i < len; i++) 
+        {
+          if ( putc (blob[i], fpout) == EOF )
+            goto write_error;
+        }
+
+      goto ready;
+    }
+
+
+  if (!opt_uncompress)
+    {
+      for (p=hdr; hdrlen; p++, hdrlen--)
+        {
+          if ( putc (*p, fpout) == EOF )
+            goto write_error;
+        }
+    }
+  
+  first = 1;
+  while (partial)
+    {
+      size_t partlen;
+      
+      if (partial == 1)
+        { /* openpgp */
+          if (first )
+            {
+              c = pktlen;
+              assert( c >= 224 && c < 255 );
+              first = 0;
+            }
+          else if ((c = getc (fpin)) == EOF ) 
+            goto read_error;
+          else
+            hdr[hdrlen++] = c;
+            
+          if (c < 192)
+            {
+              pktlen = c;
+              partial = 0; /* (last segment may follow) */
+            }
+          else if (c < 224 )
+            {
+              pktlen = (c - 192) * 256;
+              if ((c = getc (fpin)) == EOF) 
+                goto read_error;
+              hdr[hdrlen++] = c;
+              pktlen += c + 192;
+              partial = 0;
+            }
+          else if (c == 255)
+            {
+              if (read_u32 (fpin, &pktlen))
+                goto read_error;
+              hdr[hdrlen++] = pktlen >> 24;
+              hdr[hdrlen++] = pktlen >> 16;
+              hdr[hdrlen++] = pktlen >> 8;
+              hdr[hdrlen++] = pktlen;
+              partial = 0;
+            }
+          else
+            { /* next partial body length */
+              for (p=hdr; hdrlen; p++, hdrlen--)
+                {
+                  if ( putc (*p, fpout) == EOF )
+                    goto write_error;
+                }
+              partlen = 1 << (c & 0x1f);
+              for (; partlen; partlen--) 
+                {
+                  if ((c = getc (fpin)) == EOF) 
+                    goto read_error;
+                  if ( putc (c, fpout) == EOF )
+                    goto write_error;
+                }
+            }
+        }
+      else if (partial == 2)
+        { /* old gnupg */
+          assert (!pktlen);
+          if ( read_u16 (fpin, &partlen) )
+            goto read_error;
+          hdr[hdrlen++] = partlen >> 8;
+          hdr[hdrlen++] = partlen;
+          for (p=hdr; hdrlen; p++, hdrlen--) 
+            {
+              if ( putc (*p, fpout) == EOF )
+                goto write_error;
+            }
+          if (!partlen)
+            partial = 0; /* end of packet */
+          for (; partlen; partlen--) 
+            {
+              c = getc (fpin);
+              if (c == EOF) 
+                goto read_error;
+              if ( putc (c, fpout) == EOF )
+                goto write_error;
+            }
+        }
+      else
+        { /* compressed: read to end */
+          pktlen = 0;
+          partial = 0;
+          hdrlen = 0;
+          if (opt_uncompress) 
+            {
+              if ((c = getc (fpin)) == EOF)
+                goto read_error;
+
+	      if(c==1 || c==2)
+		{
+		  if(handle_zlib(c,fpin,fpout))
+		    goto write_error;
+		}
+#ifdef HAVE_BZIP2
+	      else if(c==3)
+		{
+		  if(handle_bzip2(c,fpin,fpout))
+		    goto write_error;
+		}
+#endif /* HAVE_BZIP2 */
+	      else
+		{
+		  log_error("invalid compression algorithm (%d)\n",c);
+		  goto read_error;
+		}
+            }
+          else
+            {
+              while ( (c=getc (fpin)) != EOF ) 
+                {
+                  if ( putc (c, fpout) == EOF )
+                    goto write_error;
+                }
+            }
+          if (!feof (fpin))
+            goto read_error;
+	}
+    }
+
+  for (p=hdr; hdrlen; p++, hdrlen--) 
+    {
+      if ( putc (*p, fpout) == EOF )
+        goto write_error;
+    }
+  
+  /* standard packet or last segment of partial length encoded packet */
+  for (; pktlen; pktlen--) 
+    {
+      c = getc (fpin);
+      if (c == EOF) 
+        goto read_error;
+      if ( putc (c, fpout) == EOF )
+        goto write_error;
+    }
+  
+ ready:
+  if ( !opt_no_split && fclose (fpout) )
+    log_error ("error closing `%s': %s\n", outname, strerror (errno));
+  return 0;
+  
+ write_error:    
+  log_error ("error writing `%s': %s\n", outname, strerror (errno));
+  if (!opt_no_split)
+    fclose (fpout);
+  return 2;
+  
+ read_error:
+  if (!opt_no_split)
+    {
+      int save = errno;
+      fclose (fpout);
+      errno = save;
+    }
+  return -1;
+}
+
+
+
+static int
+do_split (const char *fname, FILE *fp)
+{
+  int c, ctb, pkttype;
+  unsigned long pktlen = 0;
+  int partial = 0;
+  unsigned char header[20];
+  int header_idx = 0;
+  
+  ctb = getc (fp);
+  if (ctb == EOF)
+    return 3; /* ready */
+  header[header_idx++] = ctb;
+  
+  if (!(ctb & 0x80))
+    {
+      log_error("invalid CTB %02x\n", ctb );
+      return 1;
+    }
+  if ( (ctb & 0x40) )
+    { /* new CTB */
+      pkttype =  (ctb & 0x3f);
+      if( (c = getc (fp)) == EOF )
+        return -1;
+      header[header_idx++] = c;
+
+      if ( c < 192 )
+        pktlen = c;
+      else if ( c < 224 )
+        {
+          pktlen = (c - 192) * 256;
+          if( (c = getc (fp)) == EOF ) 
+            return -1;
+          header[header_idx++] = c;
+          pktlen += c + 192;
+	}
+      else if ( c == 255 ) 
+        {
+          if (read_u32 (fp, &pktlen))
+            return -1;
+          header[header_idx++] = pktlen >> 24;
+          header[header_idx++] = pktlen >> 16;
+          header[header_idx++] = pktlen >> 8;
+          header[header_idx++] = pktlen; 
+	}
+      else
+        { /* partial body length */
+          pktlen = c;
+          partial = 1;
+	}
+    }
+  else
+    {
+      int lenbytes;
+      
+      pkttype = (ctb>>2)&0xf;
+      lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
+      if (!lenbytes )
+        {
+          pktlen = 0; /* don't know the value */
+          if( pkttype == PKT_COMPRESSED )
+            partial = 3;
+          else
+            partial = 2; /* the old GnuPG partial length encoding */
+	}
+      else
+        {
+          for ( ; lenbytes; lenbytes-- ) 
+            {
+              pktlen <<= 8;
+              if( (c = getc (fp)) == EOF ) 
+                return -1;
+              header[header_idx++] = c;
+              
+              pktlen |= c;
+	    }
+	}
+    }
+
+  return write_part (fname, fp, pktlen, pkttype, partial,
+                     header, header_idx);
+}
+
+
+static void
+split_packets (const char *fname)
+{
+  FILE *fp;
+  int rc;
+  
+  if (!fname || !strcmp (fname, "-"))
+    {
+      fp = stdin;
+      fname = "-";
+    }
+  else if ( !(fp = fopen (fname,"rb")) ) 
+    {
+      log_error ("can't open `%s': %s\n", fname, strerror (errno));
+      return;
+    }
+  
+  while ( !(rc = do_split (fname, fp)) )
+    ;
+  if ( rc > 0 )
+    ; /* error already handled */
+  else if ( ferror (fp) )
+    log_error ("error reading `%s': %s\n", fname, strerror (errno));
+  else
+    log_error ("premature EOF while reading `%s'\n", fname );
+  
+  if ( fp != stdin )
+    fclose (fp);
+}

Copied: trunk/tools/lspgpot (from rev 4225, branches/STABLE-BRANCH-1-4/tools/lspgpot)

Copied: trunk/tools/mail-signed-keys (from rev 4225, branches/STABLE-BRANCH-1-4/tools/mail-signed-keys)

Copied: trunk/tools/make-dns-cert.c (from rev 4225, branches/STABLE-BRANCH-1-4/tools/make-dns-cert.c)

Copied: trunk/tools/mk-tdata.c (from rev 4225, branches/STABLE-BRANCH-1-4/tools/mk-tdata.c)

Copied: trunk/tools/pgpgroup-to-gpggroup (from rev 4225, branches/STABLE-BRANCH-1-4/tools/pgpgroup-to-gpggroup)


From cvs at cvs.gnupg.org  Tue Aug 22 16:26:36 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug 22 15:43:59 2006
Subject: [svn] GnuPG -  r4227 - trunk/doc
Message-ID: <E1GFWXr-0001Mz-6a@trithemius.gnupg.org>

Author: wk
Date: 2006-08-22 16:26:35 +0200 (Tue, 22 Aug 2006)
New Revision: 4227

Modified:
   trunk/doc/ChangeLog
   trunk/doc/Makefile.am
   trunk/doc/tools.texi
   trunk/doc/yat2m.c
Log:
added missing gpgv man page


Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2006-08-21 20:20:23 UTC (rev 4226)
+++ trunk/doc/ChangeLog	2006-08-22 14:26:35 UTC (rev 4227)
@@ -1,3 +1,9 @@
+2006-08-22  Werner Koch  <wk@g10code.com>
+
+	* yat2m.c (parse_file): Added code to skip a line after @mansect.
+
+	* gnupg7.texi: New.
+
 2006-08-21  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am: Added other doc files from gpg 1.4.

Modified: trunk/doc/Makefile.am
===================================================================
--- trunk/doc/Makefile.am	2006-08-21 20:20:23 UTC (rev 4226)
+++ trunk/doc/Makefile.am	2006-08-22 14:26:35 UTC (rev 4227)
@@ -24,8 +24,8 @@
              gnupg-badge-openpgp.pdf \
              gnupg-card-architecture.eps gnupg-card-architecture.png \
              gnupg-card-architecture.pdf \
-             faq.raw FAQ faq.html \
-             opt-homedir.texi see-also-note.texi 
+             faq.raw FAQ faq.html gnupg7.texi \
+             opt-homedir.texi see-also-note.texi
 
 BUILT_SOURCES = gnupg-card-architecture.eps gnupg-card-architecture.png \
                 gnupg-card-architecture.pdf FAQ faq.html
@@ -46,8 +46,9 @@
 YAT2M_OPTIONS = -I $(srcdir) \
         --release "GnuPG @PACKAGE_VERSION@" --source "GNU Privacy Guard"
 
-myman_sources = gpg.texi gpgsm.texi gpg-agent.texi scdaemon.texi tools.texi
-myman_pages   = gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 \
+myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \
+                scdaemon.texi tools.texi
+myman_pages   = gnupg.7 gpg2.1 gpgsm.1 gpg-agent.1 scdaemon.1 gpgv2.1 \
                 watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \
 		gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \
 		gpgsm-gencert.sh.1

Modified: trunk/doc/tools.texi
===================================================================
--- trunk/doc/tools.texi	2006-08-21 20:20:23 UTC (rev 4226)
+++ trunk/doc/tools.texi	2006-08-22 14:26:35 UTC (rev 4227)
@@ -9,6 +9,7 @@
 
 @menu
 * watchgnupg::            Read logs from a socket.
+* gpgv::                  Verify OpenPGP signatures.
 * addgnupghome::          Create .gnupg home directories.
 * gpgconf::               Modify .gnupg home directories.
 * gpgsm-gencert.sh::      Generate an X.509 certificate request.
@@ -89,6 +90,135 @@
 
 
 @c
+@c  GPGV
+@c
+@manpage gpgv2.1
+@node gpgv
+@section Verify OpenPGP signatures
+@ifset manverb
+.B gpgv
+\- Verify OpenPGP signatures
+@end ifset
+
+@mansect synopsis
+@ifset manverb
+.B  gpgv2
+.RI [ options ]
+.I signed_files
+@end ifset
+
+@mansect description
+@code{gpgv2} is an OpenPGP signature verification tool.
+
+This program is actually a stripped down version of @code{gpg} which is
+only able to check signatures. It is somewhat smaller than the fully blown
+@code{gpg} and uses a different (and simpler) way to check that
+the public keys used to make the signature are valid. There are
+no configuration files and only a few options are implemented.
+
+@code{gpgv2} assumes that all keys in the keyring are trustworthy.
+By default it uses a keyring named @file{trustedkeys.gpg} which is
+assumed to be in the home directory as defined by GnuPG or set by an
+option or an environment variable. An option may be used to specify
+another keyring or even multiple keyrings.
+
+@noindent
+@mansect options
+@code{gpgv2} recognizes these options:
+
+@table @gnupgtabopt
+
+@item --verbose
+@itemx -v
+@opindex verbose
+Gives more information during processing. If used
+twice, the input data is listed in detail.
+
+@item --quiet
+@itemx -q
+@opindex quiet
+Try to be as quiet as possible.
+
+@item --keyring @var{file}
+@opindex keyring
+Add @var{file} to the list of keyrings.
+If @var{file} begins with a tilde and a slash, these
+are replaced by the HOME directory. If the filename
+does not contain a slash, it is assumed to be in the
+home-directory ("~/.gnupg" if --homedir is not used).
+
+@item --status-fd @var{n}
+@opindex status-fd
+Write special status strings to the file descriptor @var{n}.  See the
+file DETAILS in the documentation for a listing of them.
+
+@item --logger-fd @code{n}
+@opindex logger-fd
+Write log output to file descriptor @code{n} and not to stderr.
+
+@item --ignore-time-conflict
+@opindex ignore-time-conflict
+GnuPG normally checks that the timestamps associated with keys and
+signatures have plausible values. However, sometimes a signature seems to
+be older than the key due to clock problems. This option turns these
+checks into warnings.
+
+@include opt-homedir.texi
+
+@end table
+
+@mansect return value
+
+The program returns 0 if everything was fine, 1 if at least
+one signature was bad, and other error codes for fatal errors.
+
+@mansect examples
+@subsection Examples
+
+@table @asis
+
+@item gpgv2 @code{pgpfile}
+@itemx gpgv2 @code{sigfile} 
+Verify the signature of the file. The second form
+is used for detached signatures, where @code{sigfile} is the detached
+signature (either ASCII armored or binary) and are the signed
+data; if this is not given the name of the file holding the signed data is
+constructed by cutting off the extension (".asc", ".sig" or ".sign") from
+@code{sigfile}.
+
+@end table
+
+@mansect environment
+@subsection Environment
+
+@table @asis
+
+@item HOME
+Used to locate the default home directory.
+
+@item GNUPGHOME
+If set directory used instead of "~/.gnupg".
+
+@end table
+
+@mansect files
+@subsection FILES
+
+@table @asis
+
+@item ~/.gnupg/trustedkeys.gpg
+The default keyring with the allowed keys
+
+@end table
+
+@mansect see also
+@command{gpg2}(1)
+@include see-also-note.texi
+
+
+
+
+@c
 @c    ADDGNUPGHOME
 @c
 @manpage addgnupghome.8

Modified: trunk/doc/yat2m.c
===================================================================
--- trunk/doc/yat2m.c	2006-08-21 20:20:23 UTC (rev 4226)
+++ trunk/doc/yat2m.c	2006-08-22 14:26:35 UTC (rev 4227)
@@ -40,9 +40,13 @@
     go into the man page. These macros need to be used without leading
     left space. Processing starts after a "manpage" macro has been
     seen.  "mansect" identifies the section and yat2m make sure to
-    emit the sections in the proper order.  To insert verbatim troff
-    markup, the follwing texinfo code may be used:
+    emit the sections in the proper order.  Note that @mansect skips
+    the next input line if that line begins with @subsection or
+    @chapheading.
 
+    To insert verbatim troff markup, the follwing texinfo code may be
+    used:
+
       @ifset manverb
       .B whateever you want
       @end ifset
@@ -51,13 +55,26 @@
 
       @c man:.B whatever you want
 
-    This is useful in case you need just one line.  @section is
-    ignored, however @subsection gets rendered as ".SS".  @menu is
-    completely skipped. Several man pages may be extracted from one
-    file, either using the --store or the --select option.
-    Makefile snippet from GnuPG:
+    This is useful in case you need just one line. If you want to
+    include parts only in the man page but keep the texinfo
+    translation you may use:
 
+      @ifset isman
+      stuff to be rendered only on man pages
+      @end ifset
 
+    or to exclude stuff from man pages:
+
+      @ifclear isman
+      stuff not to be rendered on man pages
+      @end ifclear
+
+    the keyword @section is ignored, however @subsection gets rendered
+    as ".SS".  @menu is completely skipped. Several man pages may be
+    extracted from one file, either using the --store or the --select
+    option.
+
+
 */
 
 #include <stdio.h>
@@ -794,6 +811,7 @@
   int in_verbatim = 0;
   int in_pause = 0;
   int skip_to_end = 0;        /* Used to skip over menu entries. */
+  int skip_sect_line = 0;     /* Skip after @mansect.  */
 
   line = xmalloc (LINESIZE);
   while (fgets (line, LINESIZE, fp))
@@ -810,6 +828,15 @@
           break;
         }
       line[--n] = 0;
+
+      if (skip_sect_line)
+        {
+          skip_sect_line = 0;
+          if (!strncmp (line, "@subsection", 11)
+              || !strncmp (line, "@chapheading", 12))
+            continue;
+        }
+
       /* We only parse lines we need and ignore the rest.  There are a
          few macros used to control this as well as one @ifset
          command.  Parts we know about are saved away into containers
@@ -862,6 +889,7 @@
                   free (*section_name);
                   *section_name = ascii_strupr (xstrdup (p));
                   in_pause = 0;
+                  skip_sect_line = 1;
                 }
             }
           else if (n == 9 && !memcmp (line, "@manpause", 9))


From cvs at cvs.gnupg.org  Fri Aug 25 09:31:40 2006
From: cvs at cvs.gnupg.org (svn author twoaday)
Date: Fri Aug 25 08:48:58 2006
Subject: [svn] GPGol - r158 - trunk/src
Message-ID: <E1GGVUh-0001Wc-UN@trithemius.gnupg.org>

Author: twoaday
Date: 2006-08-25 09:31:39 +0200 (Fri, 25 Aug 2006)
New Revision: 158

Modified:
   trunk/src/ChangeLog
   trunk/src/engine-gpgme.c
   trunk/src/olflange-dlgs.cpp
   trunk/src/olflange-rsrcs.rc
   trunk/src/passphrase-dialog.c
   trunk/src/recipient-dialog.c
Log:


Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-08-16 10:43:13 UTC (rev 157)
+++ trunk/src/ChangeLog	2006-08-25 07:31:39 UTC (rev 158)
@@ -1,3 +1,21 @@
+2008-08-21  Timo Schulz  <ts@g10code.de>
+
+	* engine-gpgme.c (op_lookup_keys): Only add useable keys
+	and add all invalid keys to unknown.
+	* recipient-dialog.c (copy_item): Rewritten.
+	(initialize_keybox): Add comment to clarify use of fnd_keys.
+	(recipient_dialog_box): Simplified.
+	(find_item): Support partial search.
+	
+2006-08-19  Timo Schulz  <ts@g10code.de>
+
+	* olflange-rsrcs.rc: Correct some dialog sizes.
+	* passphrase-dialog.c (decrypt_key_dlg_proc): Automatically
+	select the secret key if only one is available.
+	* config-dialog.c (GPGOptionsDlgProc): Passphrase cache
+	time is now requested in minutes but still internally
+	stored as seconds.
+	
 2006-08-15  Timo Schulz  <ts@g10code.de>
 
 	* decrypt.bmp, encrypt.bmp: Restore format.

Modified: trunk/src/engine-gpgme.c
===================================================================
--- trunk/src/engine-gpgme.c	2006-08-16 10:43:13 UTC (rev 157)
+++ trunk/src/engine-gpgme.c	2006-08-25 07:31:39 UTC (rev 158)
@@ -1333,9 +1333,22 @@
         }
       gpgme_op_keylist_end (ctx);
 
-      if (k)
+      
+      /* only useable keys will be added otherwise they will be stored
+         in unknown (marked with their status). */
+      if (k && !k->revoked && !k->disabled && !k->expired)
         (*keys)[kpos++] = k;
-      else
+      else if (k)
+	{
+	  char *p, *fmt = "%s (%s)";
+	  char *warn = k->revoked? "revoked" : k->expired? "expired" : "disabled";
+	  
+	  p = xcalloc (1, strlen (names[i]) + strlen (warn) + strlen (fmt) +1);
+	  sprintf (p, fmt, names[i], warn);
+	  (*unknown)[upos++] = p;
+	  gpgme_key_release (k);
+	}
+      else if (!k)
         (*unknown)[upos++] = xstrdup (names[i]);
     }
 

Modified: trunk/src/olflange-dlgs.cpp
===================================================================
--- trunk/src/olflange-dlgs.cpp	2006-08-16 10:43:13 UTC (rev 157)
+++ trunk/src/olflange-dlgs.cpp	2006-08-25 07:31:39 UTC (rev 158)
@@ -148,8 +148,8 @@
 		SetDlgItemText (hDlg, IDC_ENCRYPT_TO, opt.default_key);
             else
 		SetDlgItemText (hDlg, IDC_ENCRYPT_TO, "");
-	    wsprintf(s, "%d", opt.passwd_ttl);
-	    SendDlgItemMessage(hDlg, IDC_TIME_PHRASES, WM_SETTEXT,
+	    wsprintf (s, "%d", opt.passwd_ttl/60);
+	    SendDlgItemMessage (hDlg, IDC_TIME_PHRASES, WM_SETTEXT,
                                0, (LPARAM) s);
 	    hWndPage = pnmhdr->hwndFrom;   // to be used in WM_COMMAND
 	    SendDlgItemMessage (hDlg, IDC_ENCRYPT_DEFAULT, BM_SETCHECK, 
@@ -191,7 +191,7 @@
  
 	    SendDlgItemMessage (hDlg, IDC_TIME_PHRASES, WM_GETTEXT,
                                 20, (LPARAM)s);		
-	    opt.passwd_ttl = (int)atol (s);
+	    opt.passwd_ttl = (int)atol (s)*60;
 		
 	    opt.encrypt_default = !!SendDlgItemMessage
               (hDlg, IDC_ENCRYPT_DEFAULT, BM_GETCHECK, 0, 0L);

Modified: trunk/src/olflange-rsrcs.rc
===================================================================
--- trunk/src/olflange-rsrcs.rc	2006-08-16 10:43:13 UTC (rev 157)
+++ trunk/src/olflange-rsrcs.rc	2006-08-25 07:31:39 UTC (rev 158)
@@ -51,7 +51,7 @@
 // Dialog
 //
 
-IDD_GPG_OPTIONS_DE DIALOG DISCARDABLE  0, 0, 266, 201
+IDD_GPG_OPTIONS_DE DIALOG DISCARDABLE  0, 0, 266, 274
 STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
 CAPTION "GnuPG"
 FONT 8, "MS Sans Serif"
@@ -77,18 +77,18 @@
                     IDC_PREVIEW_DECRYPT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,
                     24,95,162,10
 
-    CONTROL         "Wenn m�glich, HTML Darstellung anzeigen",
+    CONTROL         "HTML Darstellung anzeigen wenn m�glich",
                     IDC_PREFER_HTML,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,
                     24,107,162,10
 
     GROUPBOX        "Passphrase",IDC_STATIC,9,124,242,31
     LTEXT           "Passphrase speichern f�r",IDC_STATIC,24,136,80,8
     EDITTEXT        IDC_TIME_PHRASES,107,135,39,14,ES_AUTOHSCROLL
-    LTEXT           "Sekunden",IDC_STATIC,151,137,34,8
+    LTEXT           "Minuten",IDC_STATIC,151,137,34,8
 
     PUSHBUTTON      "&Erweitert...",IDC_GPG_OPTIONS,202,166,50,14
     LTEXT           "GPGol by g10 Code GmbH", IDC_STATIC,8,185,100,8
-    LTEXT           "Version x ",IDC_VERSION_INFO,150,185,200,9
+    LTEXT           "Version x ",IDC_VERSION_INFO,150,185,109,9						  
     CONTROL         IDB_BANNER,IDC_BITMAP,"Static",
                     SS_BITMAP | SS_REALSIZEIMAGE,8,200,150,64
 END
@@ -131,7 +131,7 @@
 // Dialog
 //
 
-IDD_GPG_OPTIONS DIALOG DISCARDABLE  0, 0, 266, 201
+IDD_GPG_OPTIONS DIALOG DISCARDABLE  0, 0, 266, 271
 STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
 CAPTION "GnuPG"
 FONT 8, "MS Sans Serif"
@@ -155,7 +155,7 @@
                     IDC_PREVIEW_DECRYPT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,
                     24,95,162,10
 
-    CONTROL         "Show HTML View if possible",
+    CONTROL         "Show HTML view if possible",
                     IDC_PREFER_HTML,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,
                     24,107,162,10
 
@@ -163,12 +163,12 @@
     GROUPBOX        "Passphrase",IDC_STATIC,9,124,242,31
     LTEXT           "Cache &passphrase for",IDC_STATIC,24,136,70,8
     EDITTEXT        IDC_TIME_PHRASES,107,135,39,14,ES_AUTOHSCROLL
-    LTEXT           "seconds",IDC_STATIC,151,137,28,8
+    LTEXT           "minutes",IDC_STATIC,151,137,28,8
 
 
     PUSHBUTTON      "Ad&vanced..",IDC_GPG_OPTIONS,202,166,50,14
     LTEXT           "GPGol by g10 Code GmbH", IDC_STATIC,8,185,100,8
-    LTEXT           "Version x ",IDC_VERSION_INFO,150,185,200,9
+    LTEXT           "Version x ",IDC_VERSION_INFO,150,183,109,9
     CONTROL         IDB_BANNER,IDC_BITMAP,"Static",
                     SS_BITMAP | SS_REALSIZEIMAGE,8,200,150,64
 END

Modified: trunk/src/passphrase-dialog.c
===================================================================
--- trunk/src/passphrase-dialog.c	2006-08-16 10:43:13 UTC (rev 157)
+++ trunk/src/passphrase-dialog.c	2006-08-25 07:31:39 UTC (rev 158)
@@ -202,17 +202,16 @@
 }
 
 
-/* Fill a combo box with all keys and return an error with those
-   keys. */
-static gpgme_key_t *
-load_secbox (HWND dlg, int ctlid)
+/* Fill a combo box with all keys and return an error with those keys. 
+   set *R_NKEYS to the amount of keys if requested. */
+static gpgme_key_t*
+load_secbox (HWND dlg, int ctlid, size_t *r_nkeys)
 {
   gpg_error_t err;
   gpgme_ctx_t ctx;
   gpgme_key_t key;
-  int pos;
   gpgme_key_t *keyarray;
-  size_t keyarray_size;
+  size_t pos, keyarray_size;
 
   err = gpgme_new (&ctx);
   if (err)
@@ -298,6 +297,8 @@
 
   gpgme_op_keylist_end (ctx);
   gpgme_release (ctx);
+  if (r_nkeys)
+    *r_nkeys = pos;
   return keyarray;
 }
 
@@ -328,8 +329,18 @@
                         (dec && dec->last_was_bad)?
                         _("Invalid passphrase; please try again..."):"");
 
-      if (dec && !context->use_as_cb)
-	context->keyarray = load_secbox (dlg, IDC_DEC_KEYLIST);
+      if (dec && !context->use_as_cb) {
+	context->keyarray = load_secbox (dlg, IDC_DEC_KEYLIST, &n);
+	/* if only one secret key is availble, it makes no sense to
+	   ask the user to select one. */
+	if (n == 1) 
+	  {
+	    dec->signer = context->keyarray[0];
+	    gpgme_key_ref (context->keyarray[0]);
+	    EndDialog (dlg, TRUE);
+	    return FALSE;
+	  }
+      }
 
       CheckDlgButton (dlg, IDC_DEC_HIDE, BST_CHECKED);
       center_window (dlg, NULL);

Modified: trunk/src/recipient-dialog.c
===================================================================
--- trunk/src/recipient-dialog.c	2006-08-16 10:43:13 UTC (rev 157)
+++ trunk/src/recipient-dialog.c	2006-08-25 07:31:39 UTC (rev 158)
@@ -48,12 +48,7 @@
   char **unknown_keys;  /* A string array with the names of the
                            unknown recipients. */
 
-  char **fnd_keys;      /* A string array with the user IDs of already
-                           found keys.  I am not sure why they are
-                           needed here at all - they won't get
-                           displayed for unknown reasons. */
-  gpgme_key_t *fnd_keys_key; /* Same as above but the actual gpgme object. */
-  
+  gpgme_key_t *fnd_keys; /* email address to key mapping list. */  
 
   /* A bit vector used to return selected options. */
   unsigned int opts;
@@ -68,17 +63,21 @@
   size_t      selected_keys_count;
 };
 
-struct key_item_s 
+
+/* Symbolic column IDs. */
+enum klist_col_t 
 {
-  char name [150];
-  char e_mail[100];
-  char key_info[64];
-  char keyid[32];
-  char validity[32];
-  char idx[20];
+  KL_COL_NAME = 0,
+  KL_COL_EMAIL = 1,
+  KL_COL_INFO = 2,
+  KL_COL_KEYID = 3,
+  KL_COL_VALID = 4,
+  KL_COL_INDEX = 5,
+  /* number of columns. */
+  KL_COL_N = 6
 };
 
-
+/* Insert the columns, needed to display keys, into the list view HWND. */
 static void
 initialize_rsetbox (HWND hwnd)
 {
@@ -88,39 +87,41 @@
     col.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM;
     col.pszText = "Name";
     col.cx = 100;
-    col.iSubItem = 0;
-    ListView_InsertColumn (hwnd, 0, &col);
+    col.iSubItem = KL_COL_NAME;
+    ListView_InsertColumn (hwnd, KL_COL_NAME, &col);
 
     col.pszText = "E-Mail";
     col.cx = 100;
-    col.iSubItem = 1;
-    ListView_InsertColumn (hwnd, 1, &col);
+    col.iSubItem = KL_COL_EMAIL;
+    ListView_InsertColumn (hwnd, KL_COL_EMAIL, &col);
 
     col.pszText = "Key-Info";
     col.cx = 100;
-    col.iSubItem = 2;
-    ListView_InsertColumn (hwnd, 2, &col);
+    col.iSubItem = KL_COL_INFO;
+    ListView_InsertColumn (hwnd, KL_COL_INFO, &col);
 
     col.pszText = "Key ID";
     col.cx = 80;
-    col.iSubItem = 3;
-    ListView_InsertColumn (hwnd, 3, &col);
+    col.iSubItem = KL_COL_KEYID;
+    ListView_InsertColumn (hwnd, KL_COL_KEYID, &col);
 
     col.pszText = "Validity";
     col.cx = 70;
-    col.iSubItem = 4;
-    ListView_InsertColumn (hwnd, 4, &col);
+    col.iSubItem = KL_COL_VALID;
+    ListView_InsertColumn (hwnd, KL_COL_VALID, &col);
 
     col.pszText = "Index";
     col.cx = 0;  /* Hide it. */
-    col.iSubItem = 5;
-    ListView_InsertColumn (hwnd, 5, &col);
+    col.iSubItem = KL_COL_INDEX;
+    ListView_InsertColumn (hwnd, KL_COL_INDEX, &col);
 
     ListView_SetExtendedListViewStyleEx (hwnd, 0, LVS_EX_FULLROWSELECT);
 }
 
 
-static gpgme_key_t *
+/* Load the key list view control HWND with all useable keys 
+   for encryption. Return the array size in *R_ARRAYSIZE. */
+static gpgme_key_t*
 load_rsetbox (HWND hwnd, size_t *r_arraysize)
 {
   LVITEM lvi;
@@ -275,14 +276,16 @@
 }
 
 
+#define ITEMSIZE 200
 
+/* Copy one list view item from one view to another. */
 static void
 copy_item (HWND dlg, int id_from, int pos)
 {
   HWND src, dst;
   LVITEM lvi;
-  struct key_item_s from;
-  int idx = pos;
+  char item[KL_COL_N][ITEMSIZE];
+  int idx = pos, i;
   
   src = GetDlgItem (dlg, id_from);
   dst = GetDlgItem (dlg, id_from==IDC_ENC_RSET1 ?
@@ -295,27 +298,19 @@
         return;
     }
   
-  memset (&from, 0, sizeof (from));
-  ListView_GetItemText (src, idx, 0, from.name, sizeof (from.name)-1);
-  ListView_GetItemText (src, idx, 1, from.e_mail, sizeof (from.e_mail)-1);
-  ListView_GetItemText (src, idx, 2, from.key_info, sizeof (from.key_info)-1);
-  ListView_GetItemText (src, idx, 3, from.keyid, sizeof (from.keyid)-1);
-  ListView_GetItemText (src, idx, 4, from.validity, sizeof (from.validity)-1);
-  ListView_GetItemText (src, idx, 5, from.idx, sizeof (from.idx)-1);
-
+  for (i=0; i < KL_COL_N; i++)
+    ListView_GetItemText (src, idx, i, item[i], ITEMSIZE-1);
   ListView_DeleteItem (src, idx);
   
   memset (&lvi, 0, sizeof (lvi));
   ListView_InsertItem (dst, &lvi);
-  ListView_SetItemText (dst, 0, 0, from.name);
-  ListView_SetItemText (dst, 0, 1, from.e_mail);
-  ListView_SetItemText (dst, 0, 2, from.key_info);
-  ListView_SetItemText (dst, 0, 3, from.keyid);
-  ListView_SetItemText (dst, 0, 4, from.validity);
-  ListView_SetItemText (dst, 0, 5, from.idx);
+  for (i=0; i < KL_COL_N; i++)
+    ListView_SetItemText (dst, 0, i, item[i]);
 }
 
 
+/* Try to find an item with STR as the text in the first column.
+   Return the index of the item or -1 if no item was found. */
 static int
 find_item (HWND hwnd, const char *str)
 {
@@ -323,7 +318,7 @@
     int pos;
 
     memset (&fnd, 0, sizeof (fnd));
-    fnd.flags = LVFI_STRING;
+    fnd.flags = LVFI_STRING|LVFI_PARTIAL;;
     fnd.psz = str;
     pos = ListView_FindItem (hwnd, -1, &fnd);
     if (pos != -1)
@@ -347,13 +342,19 @@
                      (LPARAM)(const char *)cb->unknown_keys[i]);
     }
 
+  /* copy all requested keys into the second recipient listview
+     to indicate that these key were automatically picked via
+     the 'From' mailing header. */
   if (cb->fnd_keys)
     {
       for (i=0; cb->fnd_keys[i]; i++) 
         {
-          n = find_item (rset, cb->fnd_keys[i]);
+	  char *uid = utf8_to_native (cb->fnd_keys[i]->uids->name);
+
+          n = find_item (rset, uid);
           if (n != -1)
             copy_item (dlg, IDC_ENC_RSET1, n);
+	  xfree (uid);
         }
     }
 }
@@ -376,7 +377,6 @@
       initialize_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET1));
       rset_cb->keyarray = load_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET1),
                                         &rset_cb->keyarray_count);
-
       initialize_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET2));
 
       if (rset_cb->unknown_keys)
@@ -412,7 +412,7 @@
               return FALSE;
 	    }
 
-          for (j=0; rset_cb->fnd_keys_key && rset_cb->fnd_keys_key[j]; j++)
+          for (j=0; rset_cb->fnd_keys && rset_cb->fnd_keys[j]; j++)
             ;
           rset_cb->selected_keys_count = ListView_GetItemCount (hrset);
           rset_cb->selected_keys = xcalloc (rset_cb->selected_keys_count
@@ -455,10 +455,10 @@
                 log_debug ("List item not correctly initialized - ignored\n");
             }
           /* Add the already found keys. */
-          for (i=0; rset_cb->fnd_keys_key && rset_cb->fnd_keys_key[i]; i++)
+          for (i=0; rset_cb->fnd_keys && rset_cb->fnd_keys[i]; i++)
             {
-              gpgme_key_ref (rset_cb->fnd_keys_key[i]);
-              rset_cb->selected_keys[pos++] = rset_cb->fnd_keys_key[i];
+              gpgme_key_ref (rset_cb->fnd_keys[i]);
+              rset_cb->selected_keys[pos++] = rset_cb->fnd_keys[i];
             }
 
           rset_cb->selected_keys_count = pos;
@@ -521,27 +521,12 @@
 		       gpgme_key_t **ret_rset)
 {
   struct recipient_cb_s cb;
-  int i;
-  size_t n;
   int resid;
-
+  
   *ret_rset = NULL;
 
   memset (&cb, 0, sizeof (cb));
-
-  for (n=0; fnd[n]; n++)
-    ;
-  cb.fnd_keys = xcalloc (n+1, sizeof *cb.fnd_keys);
-
-  for (i = 0; i < n; i++) 
-    {
-      if (fnd[i] && fnd[i]->uids && fnd[i]->uids->uid)
-        cb.fnd_keys[i] = xstrdup (fnd[i]->uids->uid);
-      else
-	cb.fnd_keys[i] = xstrdup (_("User-ID not found"));
-    }
-
-  cb.fnd_keys_key = fnd;
+  cb.fnd_keys = fnd;
   cb.unknown_keys = unknown;
 
   if (!strncmp (gettext_localename (), "de", 2))
@@ -557,8 +542,6 @@
     *ret_rset = cb.selected_keys;
 
   release_keyarray (cb.keyarray, cb.keyarray_count);
-  for (i = 0; i < n; i++) 
-    xfree (cb.fnd_keys[i]);
   xfree (cb.fnd_keys);
   return cb.opts;
 }


From cvs at cvs.gnupg.org  Fri Aug 25 09:32:03 2006
From: cvs at cvs.gnupg.org (svn author twoaday)
Date: Fri Aug 25 08:49:15 2006
Subject: [svn] GPGol - r159 - trunk
Message-ID: <E1GGVV3-0001XT-8E@trithemius.gnupg.org>

Author: twoaday
Date: 2006-08-25 09:32:02 +0200 (Fri, 25 Aug 2006)
New Revision: 159

Modified:
   trunk/NEWS
Log:


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-25 07:31:39 UTC (rev 158)
+++ trunk/NEWS	2006-08-25 07:32:02 UTC (rev 159)
@@ -6,7 +6,13 @@
 
 * Cosmetic updates for some dialogs.
 
+* Do not show the 'select signer dialog' when only
+  one secret key is available in the keyring.
 
+* Fixes for the automatic key selection algorithm
+  used in the recipient key dialog.
+  
+
 Noteworthy changes for version 0.9.10 (2006-04-25)
 ==================================================
 


From cvs at cvs.gnupg.org  Sun Aug 27 17:33:56 2006
From: cvs at cvs.gnupg.org (svn author dshaw)
Date: Sun Aug 27 16:50:51 2006
Subject: [svn] GnuPG -  r4228 - trunk/m4
Message-ID: <E1GHLyG-0001gi-W8@trithemius.gnupg.org>

Author: dshaw
Date: 2006-08-27 17:33:56 +0200 (Sun, 27 Aug 2006)
New Revision: 4228

Added:
   trunk/m4/libcurl.m4
   trunk/m4/readline.m4
   trunk/m4/tar-ustar.m4
Log:
Missing m4 macros


Added: trunk/m4/libcurl.m4
===================================================================
--- trunk/m4/libcurl.m4	2006-08-22 14:26:35 UTC (rev 4227)
+++ trunk/m4/libcurl.m4	2006-08-27 15:33:56 UTC (rev 4228)
@@ -0,0 +1,239 @@
+# LIBCURL_CHECK_CONFIG ([DEFAULT-ACTION], [MINIMUM-VERSION],
+#                       [ACTION-IF-YES], [ACTION-IF-NO])
+# ----------------------------------------------------------
+#      David Shaw <dshaw@jabberwocky.com>   May-09-2006
+#
+# Checks for libcurl.  DEFAULT-ACTION is the string yes or no to
+# specify whether to default to --with-libcurl or --without-libcurl.
+# If not supplied, DEFAULT-ACTION is yes.  MINIMUM-VERSION is the
+# minimum version of libcurl to accept.  Pass the version as a regular
+# version number like 7.10.1. If not supplied, any version is
+# accepted.  ACTION-IF-YES is a list of shell commands to run if
+# libcurl was successfully found and passed the various tests.
+# ACTION-IF-NO is a list of shell commands that are run otherwise.
+# Note that using --without-libcurl does run ACTION-IF-NO.
+#
+# This macro #defines HAVE_LIBCURL if a working libcurl setup is
+# found, and sets @LIBCURL@ and @LIBCURL_CPPFLAGS@ to the necessary
+# values.  Other useful defines are LIBCURL_FEATURE_xxx where xxx are
+# the various features supported by libcurl, and LIBCURL_PROTOCOL_yyy
+# where yyy are the various protocols supported by libcurl.  Both xxx
+# and yyy are capitalized.  See the list of AH_TEMPLATEs at the top of
+# the macro for the complete list of possible defines.  Shell
+# variables $libcurl_feature_xxx and $libcurl_protocol_yyy are also
+# defined to 'yes' for those features and protocols that were found.
+# Note that xxx and yyy keep the same capitalization as in the
+# curl-config list (e.g. it's "HTTP" and not "http").
+#
+# Users may override the detected values by doing something like:
+# LIBCURL="-lcurl" LIBCURL_CPPFLAGS="-I/usr/myinclude" ./configure
+#
+# For the sake of sanity, this macro assumes that any libcurl that is
+# found is after version 7.7.2, the first version that included the
+# curl-config script.  Note that it is very important for people
+# packaging binary versions of libcurl to include this script!
+# Without curl-config, we can only guess what protocols are available,
+# or use curl_version_info to figure it out at runtime.
+
+AC_DEFUN([LIBCURL_CHECK_CONFIG],
+[
+  AH_TEMPLATE([LIBCURL_FEATURE_SSL],[Defined if libcurl supports SSL])
+  AH_TEMPLATE([LIBCURL_FEATURE_KRB4],[Defined if libcurl supports KRB4])
+  AH_TEMPLATE([LIBCURL_FEATURE_IPV6],[Defined if libcurl supports IPv6])
+  AH_TEMPLATE([LIBCURL_FEATURE_LIBZ],[Defined if libcurl supports libz])
+  AH_TEMPLATE([LIBCURL_FEATURE_ASYNCHDNS],[Defined if libcurl supports AsynchDNS])
+  AH_TEMPLATE([LIBCURL_FEATURE_IDN],[Defined if libcurl supports IDN])
+  AH_TEMPLATE([LIBCURL_FEATURE_SSPI],[Defined if libcurl supports SSPI])
+  AH_TEMPLATE([LIBCURL_FEATURE_NTLM],[Defined if libcurl supports NTLM])
+
+  AH_TEMPLATE([LIBCURL_PROTOCOL_HTTP],[Defined if libcurl supports HTTP])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_HTTPS],[Defined if libcurl supports HTTPS])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_FTP],[Defined if libcurl supports FTP])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_FTPS],[Defined if libcurl supports FTPS])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_FILE],[Defined if libcurl supports FILE])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_TELNET],[Defined if libcurl supports TELNET])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_LDAP],[Defined if libcurl supports LDAP])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_DICT],[Defined if libcurl supports DICT])
+  AH_TEMPLATE([LIBCURL_PROTOCOL_TFTP],[Defined if libcurl supports TFTP])
+
+  AC_ARG_WITH(libcurl,
+     AC_HELP_STRING([--with-libcurl=DIR],[look for the curl library in DIR]),
+     [_libcurl_with=$withval],[_libcurl_with=ifelse([$1],,[yes],[$1])])
+
+  if test "$_libcurl_with" != "no" ; then
+
+     AC_PROG_AWK
+
+     _libcurl_version_parse="eval $AWK '{split(\$NF,A,\".\"); X=256*256*A[[1]]+256*A[[2]]+A[[3]]; print X;}'"
+
+     _libcurl_try_link=yes
+
+     if test -d "$_libcurl_with" ; then
+        LIBCURL_CPPFLAGS="-I$withval/include"
+        _libcurl_ldflags="-L$withval/lib"
+        AC_PATH_PROG([_libcurl_config],["$withval/bin/curl-config"])
+     else
+	AC_PATH_PROG([_libcurl_config],[curl-config])
+     fi
+
+     if test x$_libcurl_config != "x" ; then
+        AC_CACHE_CHECK([for the version of libcurl],
+	   [libcurl_cv_lib_curl_version],
+           [libcurl_cv_lib_curl_version=`$_libcurl_config --version | $AWK '{print $[]2}'`])
+
+	_libcurl_version=`echo $libcurl_cv_lib_curl_version | $_libcurl_version_parse`
+	_libcurl_wanted=`echo ifelse([$2],,[0],[$2]) | $_libcurl_version_parse`
+
+        if test $_libcurl_wanted -gt 0 ; then
+	   AC_CACHE_CHECK([for libcurl >= version $2],
+	      [libcurl_cv_lib_version_ok],
+              [
+   	      if test $_libcurl_version -ge $_libcurl_wanted ; then
+	         libcurl_cv_lib_version_ok=yes
+      	      else
+	         libcurl_cv_lib_version_ok=no
+  	      fi
+              ])
+        fi
+
+	if test $_libcurl_wanted -eq 0 || test x$libcurl_cv_lib_version_ok = xyes ; then
+           if test x"$LIBCURL_CPPFLAGS" = "x" ; then
+              LIBCURL_CPPFLAGS=`$_libcurl_config --cflags`
+           fi
+           if test x"$LIBCURL" = "x" ; then
+              LIBCURL=`$_libcurl_config --libs`
+
+              # This is so silly, but Apple actually has a bug in their
+	      # curl-config script.  Fixed in Tiger, but there are still
+	      # lots of Panther installs around.
+              case "${host}" in
+                 powerpc-apple-darwin7*)
+                    LIBCURL=`echo $LIBCURL | sed -e 's|-arch i386||g'`
+                 ;;
+              esac
+           fi
+
+	   # All curl-config scripts support --feature
+	   _libcurl_features=`$_libcurl_config --feature`
+
+           # Is it modern enough to have --protocols? (7.12.4)
+	   if test $_libcurl_version -ge 461828 ; then
+              _libcurl_protocols=`$_libcurl_config --protocols`
+           fi
+	else
+           _libcurl_try_link=no
+	fi
+
+	unset _libcurl_wanted
+     fi
+
+     if test $_libcurl_try_link = yes ; then
+
+        # we didn't find curl-config, so let's see if the user-supplied
+        # link line (or failing that, "-lcurl") is enough.
+        LIBCURL=${LIBCURL-"$_libcurl_ldflags -lcurl"}
+
+        AC_CACHE_CHECK([whether libcurl is usable],
+           [libcurl_cv_lib_curl_usable],
+           [
+           _libcurl_save_cppflags=$CPPFLAGS
+           CPPFLAGS="$LIBCURL_CPPFLAGS $CPPFLAGS"
+           _libcurl_save_libs=$LIBS
+           LIBS="$LIBCURL $LIBS"
+
+           AC_LINK_IFELSE(AC_LANG_PROGRAM([#include <curl/curl.h>],[
+/* Try and use a few common options to force a failure if we are
+   missing symbols or can't link. */
+int x;
+curl_easy_setopt(NULL,CURLOPT_URL,NULL);
+x=CURL_ERROR_SIZE;
+x=CURLOPT_WRITEFUNCTION;
+x=CURLOPT_FILE;
+x=CURLOPT_ERRORBUFFER;
+x=CURLOPT_STDERR;
+x=CURLOPT_VERBOSE;
+]),libcurl_cv_lib_curl_usable=yes,libcurl_cv_lib_curl_usable=no)
+
+           CPPFLAGS=$_libcurl_save_cppflags
+           LIBS=$_libcurl_save_libs
+           unset _libcurl_save_cppflags
+           unset _libcurl_save_libs
+           ])
+
+        if test $libcurl_cv_lib_curl_usable = yes ; then
+
+	   # Does curl_free() exist in this version of libcurl?
+	   # If not, fake it with free()
+
+           _libcurl_save_cppflags=$CPPFLAGS
+           CPPFLAGS="$CPPFLAGS $LIBCURL_CPPFLAGS"
+           _libcurl_save_libs=$LIBS
+           LIBS="$LIBS $LIBCURL"
+
+           AC_CHECK_FUNC(curl_free,,
+  	      AC_DEFINE(curl_free,free,
+		[Define curl_free() as free() if our version of curl lacks curl_free.]))
+
+           CPPFLAGS=$_libcurl_save_cppflags
+           LIBS=$_libcurl_save_libs
+           unset _libcurl_save_cppflags
+           unset _libcurl_save_libs
+
+           AC_DEFINE(HAVE_LIBCURL,1,
+             [Define to 1 if you have a functional curl library.])
+           AC_SUBST(LIBCURL_CPPFLAGS)
+           AC_SUBST(LIBCURL)
+
+           for _libcurl_feature in $_libcurl_features ; do
+	      AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_feature_$_libcurl_feature),[1])
+	      eval AS_TR_SH(libcurl_feature_$_libcurl_feature)=yes
+           done
+
+	   if test "x$_libcurl_protocols" = "x" ; then
+
+	      # We don't have --protocols, so just assume that all
+	      # protocols are available
+	      _libcurl_protocols="HTTP FTP FILE TELNET LDAP DICT"
+
+	      if test x$libcurl_feature_SSL = xyes ; then
+	         _libcurl_protocols="$_libcurl_protocols HTTPS"
+
+		 # FTPS wasn't standards-compliant until version
+		 # 7.11.0
+		 if test $_libcurl_version -ge 461568; then
+		    _libcurl_protocols="$_libcurl_protocols FTPS"
+		 fi
+	      fi
+	   fi
+
+	   for _libcurl_protocol in $_libcurl_protocols ; do
+	      AC_DEFINE_UNQUOTED(AS_TR_CPP(libcurl_protocol_$_libcurl_protocol),[1])
+	      eval AS_TR_SH(libcurl_protocol_$_libcurl_protocol)=yes
+           done
+	else
+	   unset LIBCURL
+	   unset LIBCURL_CPPFLAGS
+        fi
+     fi
+
+     unset _libcurl_try_link
+     unset _libcurl_version_parse
+     unset _libcurl_config
+     unset _libcurl_feature
+     unset _libcurl_features
+     unset _libcurl_protocol
+     unset _libcurl_protocols
+     unset _libcurl_version
+     unset _libcurl_ldflags
+  fi
+
+  if test x$_libcurl_with = xno || test x$libcurl_cv_lib_curl_usable != xyes ; then
+     # This is the IF-NO path
+     ifelse([$4],,:,[$4])
+  else
+     # This is the IF-YES path
+     ifelse([$3],,:,[$3])
+  fi
+
+  unset _libcurl_with
+])dnl

Added: trunk/m4/readline.m4
===================================================================
--- trunk/m4/readline.m4	2006-08-22 14:26:35 UTC (rev 4227)
+++ trunk/m4/readline.m4	2006-08-27 15:33:56 UTC (rev 4228)
@@ -0,0 +1,63 @@
+dnl Check for readline and dependencies
+dnl Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+dnl
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License.  As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+dnl
+dnl Defines HAVE_LIBREADLINE to 1 if a working readline setup is
+dnl found, and sets @LIBREADLINE@ to the necessary libraries.
+
+AC_DEFUN([GNUPG_CHECK_READLINE],
+[
+  AC_ARG_WITH(readline,
+     AC_HELP_STRING([--with-readline=DIR],
+	[look for the readline library in DIR]),
+     [_do_readline=$withval],[_do_readline=yes])
+
+  if test "$_do_readline" != "no" ; then
+     if test -d "$withval" ; then
+        CPPFLAGS="${CPPFLAGS} -I$withval/include"
+        LDFLAGS="${LDFLAGS} -L$withval/lib"
+     fi
+
+     for _termcap in "" "-ltermcap" "-lcurses" "-lncurses" ; do
+        _readline_save_libs=$LIBS
+        _combo="-lreadline${_termcap:+ $_termcap}"
+        LIBS="$LIBS $_combo"
+
+        AC_MSG_CHECKING([whether readline via \"$_combo\" is present and sane])
+
+        AC_LINK_IFELSE(AC_LANG_PROGRAM([
+#include <stdio.h>
+#include <readline/readline.h>
+#include <readline/history.h>
+],[
+rl_completion_func_t *completer;
+add_history("foobar");
+rl_catch_signals=0;
+rl_inhibit_completion=0;
+rl_attempted_completion_function=NULL;
+rl_completion_matches(NULL,NULL);
+]),_found_readline=yes,_found_readline=no)
+
+        AC_MSG_RESULT([$_found_readline])
+
+        LIBS=$_readline_save_libs
+
+        if test $_found_readline = yes ; then
+           AC_DEFINE(HAVE_LIBREADLINE,1,
+	      [Define to 1 if you have a fully functional readline library.])
+           AC_SUBST(LIBREADLINE,$_combo)
+           break
+        fi
+     done
+
+     unset _termcap
+     unset _readline_save_libs
+     unset _combo
+     unset _found_readline
+  fi
+])dnl

Added: trunk/m4/tar-ustar.m4
===================================================================
--- trunk/m4/tar-ustar.m4	2006-08-22 14:26:35 UTC (rev 4227)
+++ trunk/m4/tar-ustar.m4	2006-08-27 15:33:56 UTC (rev 4228)
@@ -0,0 +1,43 @@
+dnl Check for a tar program that speaks ustar format
+dnl Copyright (C) 2005, 2006 Free Software Foundation, Inc.
+dnl
+dnl This file is free software, distributed under the terms of the GNU
+dnl General Public License.  As a special exception to the GNU General
+dnl Public License, this file may be distributed as part of a program
+dnl that contains a configuration script generated by Autoconf, under
+dnl the same distribution terms as the rest of that program.
+
+AC_DEFUN([GNUPG_CHECK_USTAR],
+[
+  AC_ARG_WITH(tar,
+     AC_HELP_STRING([--with-tar=PATH],[look for a tar program in PATH]),
+     [_do_tar=$withval])
+
+  if test x$_do_tar != xno ; then
+
+     if test x$_do_tar = x ; then
+        AC_PATH_PROG(TAR,"tar")
+        _mytar=$ac_cv_path_TAR
+     fi
+
+     # Check if our tar is ustar format.  If so, it's good.  TODO: Add some
+     # code to check various options, etc, to try and create ustar
+     # format.
+
+     if test x$_mytar != x ; then
+        AC_MSG_CHECKING([whether $_mytar speaks USTAR])
+        echo hithere > conftest.txt
+        $_mytar -cf - conftest.txt | (dd skip=257 bs=1 count=5 2>/dev/null || cat) | grep ustar > /dev/null
+        _tar_bad=$?
+        rm conftest.txt
+
+	if test x$_tar_bad = x0 ; then
+	   AC_MSG_RESULT([yes])
+	else
+	   AC_MSG_RESULT([no])
+	fi
+     fi
+  fi
+
+  AM_CONDITIONAL(HAVE_USTAR, test x$_tar_bad = x0)
+])dnl


From cvs at cvs.gnupg.org  Mon Aug 28 11:40:40 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 28 10:57:28 2006
Subject: [svn] gcry - r1173 - in trunk: . mpi src
Message-ID: <E1GHcvt-0003ec-2e@trithemius.gnupg.org>

Author: wk
Date: 2006-08-28 11:40:39 +0200 (Mon, 28 Aug 2006)
New Revision: 1173

Modified:
   trunk/NEWS
   trunk/TODO
   trunk/mpi/ChangeLog
   trunk/mpi/mpi-bit.c
   trunk/src/ChangeLog
   trunk/src/gcrypt.h
   trunk/src/global.c
Log:
Fixed a problem with shifting MPIs by 0.
Add a way to check whether the RNG is in fake mode.


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-04 10:18:14 UTC (rev 1172)
+++ trunk/NEWS	2006-08-28 09:40:39 UTC (rev 1173)
@@ -17,6 +17,7 @@
  * Interface changes relative to the 1.2.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  gcry_fast_random_poll	 NEW
+ GCRYCTL_FAKED_RANDOM_P  NEW 
  gcry_pk_algo_name       CHANGED (minor change in respect to return value)
  gcry_cipher_algo_name   CHANGED (minor change in respect to return value)
  GCRY_MD_SHA224          NEW

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-04 10:18:14 UTC (rev 1172)
+++ trunk/TODO	2006-08-28 09:40:39 UTC (rev 1173)
@@ -51,7 +51,7 @@
   to run that bunch of Unix utilities we don't waste their precious
   results.
 
-* Out of memory handler for secure memory shopuld do proper logging
+* Out of memory handler for secure memory should do proper logging
 
   There is no shortage of standard memory, so logging is most likely
   possible.
@@ -59,5 +59,10 @@
 * signed vs. unsigned.
   Sync the code with 1.2 where we have fixed all these issues.
 
+* mpi_print does not use secure memory
+  for internal variables.
 
+* gry_mpi_lshift is missing
 
+
+

Modified: trunk/mpi/ChangeLog
===================================================================
--- trunk/mpi/ChangeLog	2006-08-04 10:18:14 UTC (rev 1172)
+++ trunk/mpi/ChangeLog	2006-08-28 09:40:39 UTC (rev 1173)
@@ -1,3 +1,8 @@
+2006-08-25  Werner Koch  <wk@g10code.com>
+
+	* mpi-bit.c (gcry_mpi_rshift): Don't shift if N == 0 but do a
+	plain copy.
+
 2006-08-04  Werner Koch  <wk@g10code.com>
 
 	* mpi-bit.c (gcry_mpi_rshift): Rewritten to remove the limitation

Modified: trunk/mpi/mpi-bit.c
===================================================================
--- trunk/mpi/mpi-bit.c	2006-08-04 10:18:14 UTC (rev 1172)
+++ trunk/mpi/mpi-bit.c	2006-08-28 09:40:39 UTC (rev 1173)
@@ -256,7 +256,17 @@
       x->nlimbs = xsize;
       
       if ( xsize )
-        _gcry_mpih_rshift (x->d, a->d, x->nlimbs, nbits );
+        {
+          if (nbits )
+            _gcry_mpih_rshift (x->d, a->d, x->nlimbs, nbits );
+          else
+            {
+              /* The rshift helper function is not specified for
+                 NBITS==0, thus we do a plain copy here. */
+              for (i=0; i < x->nlimbs; i++ )
+                x->d[i] = a->d[i];
+            }
+        }
     }
   MPN_NORMALIZE (x->d, x->nlimbs);
 }

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-08-04 10:18:14 UTC (rev 1172)
+++ trunk/src/ChangeLog	2006-08-28 09:40:39 UTC (rev 1173)
@@ -1,3 +1,7 @@
+2006-08-21  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h (GCRYCTL_FAKED_RANDOM_P): New.
+
 2006-07-29  Marcus Brinkmann  <marcus@g10code.de>
 
 	* secmem.c (init_pool): Close FD after establishing the mapping.

Modified: trunk/src/gcrypt.h
===================================================================
--- trunk/src/gcrypt.h	2006-08-04 10:18:14 UTC (rev 1172)
+++ trunk/src/gcrypt.h	2006-08-28 09:40:39 UTC (rev 1173)
@@ -348,7 +348,8 @@
     GCRYCTL_SET_THREAD_CBS = 47,
     GCRYCTL_FAST_POLL = 48,
     GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49,
-    GCRYCTL_USE_RANDOM_DAEMON = 50
+    GCRYCTL_USE_RANDOM_DAEMON = 50,
+    GCRYCTL_FAKED_RANDOM_P = 51
   };
 
 /* Perform various operations defined by CMD. */

Modified: trunk/src/global.c
===================================================================
--- trunk/src/global.c	2006-08-04 10:18:14 UTC (rev 1172)
+++ trunk/src/global.c	2006-08-28 09:40:39 UTC (rev 1173)
@@ -219,6 +219,13 @@
       _gcry_quick_random_gen (1);
       break;
 
+    case GCRYCTL_FAKED_RANDOM_P:
+      /* Return an error if the RNG is faked one (i.e. enabled by
+         ENABLE_QUICK_RANDOM. */
+      if (_gcry_random_is_faked ())
+        err = GPG_ERR_GENERAL;
+      break;
+
     case GCRYCTL_DUMP_RANDOM_STATS:
       _gcry_random_dump_stats ();
       break;
@@ -329,7 +336,7 @@
 
     case GCRYCTL_FAST_POLL:
       /* We need to do make sure that the random pool is really
-         initialized so that the poll fucntion is not a NOP. */
+         initialized so that the poll function is not a NOP. */
       _gcry_random_initialize (1);
       _gcry_fast_random_poll (); 
       break;


From cvs at cvs.gnupg.org  Mon Aug 28 14:40:08 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 28 13:56:54 2006
Subject: [svn] gcry - r1176 - tags
Message-ID: <E1GHfjX-0006uu-8J@trithemius.gnupg.org>

Author: wk
Date: 2006-08-28 14:40:07 +0200 (Mon, 28 Aug 2006)
New Revision: 1176

Added:
   tags/libgcrypt-1.2.3/
Log:
Tagged release


Copied: tags/libgcrypt-1.2.3 (from rev 1175, branches/LIBGCRYPT-1-2-BRANCH)


From cvs at cvs.gnupg.org  Mon Aug 28 14:45:48 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 28 14:02:33 2006
Subject: [svn] gcry - r1177 - in branches/LIBGCRYPT-1-2-BRANCH: . src
Message-ID: <E1GHfp0-000724-ME@trithemius.gnupg.org>

Author: wk
Date: 2006-08-28 14:45:47 +0200 (Mon, 28 Aug 2006)
New Revision: 1177

Modified:
   branches/LIBGCRYPT-1-2-BRANCH/NEWS
   branches/LIBGCRYPT-1-2-BRANCH/configure.ac
   branches/LIBGCRYPT-1-2-BRANCH/src/gcrypt.h
Log:
Post release updates


Modified: branches/LIBGCRYPT-1-2-BRANCH/NEWS
===================================================================
--- branches/LIBGCRYPT-1-2-BRANCH/NEWS	2006-08-28 12:40:07 UTC (rev 1176)
+++ branches/LIBGCRYPT-1-2-BRANCH/NEWS	2006-08-28 12:45:47 UTC (rev 1177)
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.2.4
+------------------------------------------------
+
+
 Noteworthy changes in version 1.2.3 (2006-08-28)
 ------------------------------------------------
 

Modified: branches/LIBGCRYPT-1-2-BRANCH/configure.ac
===================================================================
--- branches/LIBGCRYPT-1-2-BRANCH/configure.ac	2006-08-28 12:40:07 UTC (rev 1176)
+++ branches/LIBGCRYPT-1-2-BRANCH/configure.ac	2006-08-28 12:45:47 UTC (rev 1177)
@@ -27,7 +27,7 @@
 # but remove a "-cvs" prefix right *before* a release and append it
 # soon later.
 
-AC_INIT(libgcrypt, 1.2.3, bug-libgcrypt@gnupg.org)
+AC_INIT(libgcrypt, 1.2.4-cvs, bug-libgcrypt@gnupg.org)
 
 # LT Version numbers, remember to change them just *before* a release.
 #   (Interfaces removed:    CURRENT++, AGE=0, REVISION=0)

Modified: branches/LIBGCRYPT-1-2-BRANCH/src/gcrypt.h
===================================================================
--- branches/LIBGCRYPT-1-2-BRANCH/src/gcrypt.h	2006-08-28 12:40:07 UTC (rev 1176)
+++ branches/LIBGCRYPT-1-2-BRANCH/src/gcrypt.h	2006-08-28 12:45:47 UTC (rev 1177)
@@ -49,7 +49,7 @@
    autoconf (using the AM_PATH_GCRYPT macro) check that this header
    matches the installed library.  Note: Do not edit the next line as
    configure may fix the string here.  */
-#define GCRYPT_VERSION "1.2.3-cvs"
+#define GCRYPT_VERSION "1.2.4-cvs"
 
 /* Internal: We can't use the convenience macros for the multi
    precision integer functions when building this library. */


From cvs at cvs.gnupg.org  Mon Aug 28 16:27:24 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 28 15:44:10 2006
Subject: [svn] GPGol - r160 - in trunk: . po
Message-ID: <E1GHhPL-0005iQ-Ho@trithemius.gnupg.org>

Author: wk
Date: 2006-08-28 16:27:24 +0200 (Mon, 28 Aug 2006)
New Revision: 160

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/TODO
   trunk/configure.ac
   trunk/po/de.po
Log:
About to do a new release


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-08-25 07:32:02 UTC (rev 159)
+++ trunk/ChangeLog	2006-08-28 14:27:24 UTC (rev 160)
@@ -1,3 +1,7 @@
+2006-08-28  Werner Koch  <wk@g10code.com>
+
+	Released 0.9.90.
+
 2006-04-25  Werner Koch  <wk@g10code.com>
 
 	Released 0.9.10.

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-25 07:32:02 UTC (rev 159)
+++ trunk/NEWS	2006-08-28 14:27:24 UTC (rev 160)
@@ -1,4 +1,4 @@
-Noteworthy changes for version 0.9.11 (unreleased)
+Noteworthy changes for version 0.9.90 (2006-08-28)
 ==================================================
 
 * Fix problem that message would be sent in clear

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-25 07:32:02 UTC (rev 159)
+++ trunk/TODO	2006-08-28 14:27:24 UTC (rev 160)
@@ -1,3 +1,6 @@
+* inline PGG versenden wir als UTF-8. Andere aber wohl als Latin-1.
+  Heuristic implementieren. 
+
 * Show more details in case of some errors.
   For example 'No Secret Key' should contain the key-ID
   and if possible the primary user-ID.
@@ -16,3 +19,6 @@
 
 * Allow for symmetric encryption.
 
+* Please consider adding a few more options like key singing rules
+  like Enigmail has.
+

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-25 07:32:02 UTC (rev 159)
+++ trunk/configure.ac	2006-08-28 14:27:24 UTC (rev 160)
@@ -16,8 +16,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [0.9.11])
-m4_define([my_issvn], [yes])
+m4_define([my_version], [0.9.90])
+m4_define([my_issvn], [no])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
             || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q}')]))

Modified: trunk/po/de.po
===================================================================
--- trunk/po/de.po	2006-08-25 07:32:02 UTC (rev 159)
+++ trunk/po/de.po	2006-08-28 14:27:24 UTC (rev 160)
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: GPGol 0.9.4\n"
 "Report-Msgid-Bugs-To: bug-gpgol@g10code.com\n"
-"POT-Creation-Date: 2006-04-24 16:36+0200\n"
+"POT-Creation-Date: 2006-04-25 17:46+0200\n"
 "PO-Revision-Date: 2006-04-24 16:41+0200\n"
 "Last-Translator: Werner Koch <wk@gnupg.org>\n"
 "Language-Team: de\n"
@@ -15,7 +15,7 @@
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: src/common.c:101
+#: src/common.c:103
 msgid "GPG - Save decrypted attachment"
 msgstr "GPG - Sichern der entschl?sselten Anlage"
 
@@ -143,12 +143,12 @@
 msgid "No valid OpenPGP data found."
 msgstr "Keine g?ltigen OpenPGP Daten gefunden"
 
-#: src/gpgmsg.cpp:1195 src/gpgmsg.cpp:1297 src/gpgmsg.cpp:1311
-#: src/gpgmsg.cpp:1327 src/gpgmsg.cpp:1506
+#: src/gpgmsg.cpp:1195 src/gpgmsg.cpp:1306 src/gpgmsg.cpp:1320
+#: src/gpgmsg.cpp:1336 src/gpgmsg.cpp:1515
 msgid "Decryption"
 msgstr "Entschl?sselung"
 
-#: src/gpgmsg.cpp:1212
+#: src/gpgmsg.cpp:1213
 msgid ""
 "[This is a PGP/MIME message]\r\n"
 "\r\n"
@@ -159,7 +159,7 @@
 "[Benutzen Sie den \"Entschl?sselungs\"-Button im gro?en\n"
 "Nachrichtenfenster um den Inhalt anzuzeigen.]"
 
-#: src/gpgmsg.cpp:1266
+#: src/gpgmsg.cpp:1271
 msgid ""
 "Note: This is a PGP/MIME signed message.  The GPGol plugin is not always "
 "able to verify such a message due to missing support in Outlook.\n"
@@ -172,27 +172,27 @@
 "\n"
 "(Dieser Hinweis wird nur einmalig pro Sitzung angezeigt)"
 
-#: src/gpgmsg.cpp:1270
+#: src/gpgmsg.cpp:1275
 msgid "Verification"
 msgstr "?berpr?fung"
 
-#: src/gpgmsg.cpp:1288
+#: src/gpgmsg.cpp:1293
 msgid "[This is a PGP/MIME message]"
 msgstr "[PGP/MIME Nachricht]"
 
-#: src/gpgmsg.cpp:1296 src/gpgmsg.cpp:1310 src/gpgmsg.cpp:1326
+#: src/gpgmsg.cpp:1305 src/gpgmsg.cpp:1319 src/gpgmsg.cpp:1335
 msgid "Problem decrypting PGP/MIME message"
 msgstr "Problem bei Entschl?sseln einer PGP/MIME Nachricht"
 
-#: src/gpgmsg.cpp:1461
+#: src/gpgmsg.cpp:1470
 msgid "Verification Failure"
 msgstr "?berpr?fungsfehler"
 
-#: src/gpgmsg.cpp:1464
+#: src/gpgmsg.cpp:1473
 msgid "Decryption Failure"
 msgstr "Entschl?sselungsfehler"
 
-#: src/gpgmsg.cpp:1500
+#: src/gpgmsg.cpp:1509
 msgid ""
 "The message text cannot be displayed.\n"
 "You have to save the decrypted message to view it.\n"
@@ -208,7 +208,7 @@
 
 #. TRANSLATORS: Keep the @LIST@ verbatim on a separate line; it
 #. will be expanded to a list of atatchment names.
-#: src/gpgmsg.cpp:1527
+#: src/gpgmsg.cpp:1536
 msgid ""
 "Signed attachments found.\n"
 "\n"
@@ -220,13 +220,13 @@
 "@LIST@\n"
 "M?chten Sie diese Unterschriften ?berpr?fen?"
 
-#: src/gpgmsg.cpp:1535
+#: src/gpgmsg.cpp:1544
 msgid "Attachment Verification"
 msgstr "?berpr?fung der Anh?nge"
 
 #. TRANSLATORS: Keep the @LIST@ verbatim on a separate line; it
 #. will be expanded to a list of atatchment names.
-#: src/gpgmsg.cpp:1556
+#: src/gpgmsg.cpp:1565
 msgid ""
 "Encrypted attachments found.\n"
 "\n"
@@ -238,15 +238,15 @@
 "@LIST@\n"
 "M?chten Sie diese entschl?sseln und abspeichern?"
 
-#: src/gpgmsg.cpp:1563
+#: src/gpgmsg.cpp:1572
 msgid "Attachment Decryption"
 msgstr "Entschl?sselung eines Anhangs"
 
-#: src/gpgmsg.cpp:1632
+#: src/gpgmsg.cpp:1641
 msgid "Signing Failure"
 msgstr "Unterschrifterstellungsfehler"
 
-#: src/gpgmsg.cpp:1800
+#: src/gpgmsg.cpp:1809
 msgid ""
 "The configured default encryption key is not available or does not "
 "unambigiously specify a key. Please fix this in the option dialog.\n"
@@ -259,27 +259,27 @@
 "\n"
 "Die Nachricht wird deswegen nicht f?r diesen Schl?ssel verschl?sselt!"
 
-#: src/gpgmsg.cpp:1804
+#: src/gpgmsg.cpp:1813
 msgid "Encryption"
 msgstr "Verschl?sselung"
 
-#: src/gpgmsg.cpp:1847
+#: src/gpgmsg.cpp:1856
 msgid "Encryption Failure"
 msgstr "Verschl?sselungsfehler"
 
-#: src/gpgmsg.cpp:1901 src/gpgmsg.cpp:3267
+#: src/gpgmsg.cpp:1910 src/gpgmsg.cpp:3276
 msgid "Attachment Encryption Failure"
 msgstr "Verschl?sselungsfehler eines Anhangs"
 
-#: src/gpgmsg.cpp:2674
+#: src/gpgmsg.cpp:2683
 msgid "Attachment Verification Failure"
 msgstr "?berpr?fungsfehler eines Anhangs"
 
-#: src/gpgmsg.cpp:2857 src/gpgmsg.cpp:2906
+#: src/gpgmsg.cpp:2866 src/gpgmsg.cpp:2915
 msgid "Attachment Decryption Failure"
 msgstr "Entschl?sselungsfehler eines Anhangs"
 
-#: src/gpgmsg.cpp:3076
+#: src/gpgmsg.cpp:3085
 msgid "Attachment Signing Failure"
 msgstr "Unterschrifterstellungsfehler eines Anhangs"
 
@@ -431,15 +431,15 @@
 msgid "[PGP/MIME message]"
 msgstr "[PGP/MIME Nachricht]"
 
-#: src/pgpmime.c:730
+#: src/pgpmime.c:733
 msgid "[PGP/MIME message without plain text body]"
 msgstr "[PGP/MIME Nachricht ohne reinen Textk?rper]"
 
-#: src/pgpmime.c:802
+#: src/pgpmime.c:808
 msgid "[PGP/MIME signed message without a plain text body]"
 msgstr "[PGP/MIME signierte Nachricht ohne reinen Textk?rper]"
 
-#: src/pgpmime.c:812
+#: src/pgpmime.c:820
 msgid "[PGP/MIME signature]"
 msgstr "[PGP/MIME Signatur]"
 


From cvs at cvs.gnupg.org  Mon Aug 28 16:32:46 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Mon Aug 28 15:49:35 2006
Subject: [svn] GPGol - r161 - tags
Message-ID: <E1GHhUZ-0001iq-5Y@trithemius.gnupg.org>

Author: wk
Date: 2006-08-28 16:32:45 +0200 (Mon, 28 Aug 2006)
New Revision: 161

Added:
   tags/gpgol-0.9.90/
Log:


From cvs at cvs.gnupg.org  Tue Aug 29 12:21:11 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug 29 11:37:53 2006
Subject: [svn] gcry - r1178 - in trunk: . cipher doc src tests
Message-ID: <E1GI02W-0007wX-Um@trithemius.gnupg.org>

Author: wk
Date: 2006-08-29 12:21:09 +0200 (Tue, 29 Aug 2006)
New Revision: 1178

Added:
   trunk/cipher/seed.c
Modified:
   trunk/AUTHORS
   trunk/ChangeLog
   trunk/NEWS
   trunk/cipher/ChangeLog
   trunk/cipher/Makefile.am
   trunk/cipher/cipher.c
   trunk/configure.ac
   trunk/doc/ChangeLog
   trunk/doc/gcrypt.texi
   trunk/src/ChangeLog
   trunk/src/cipher.h
   trunk/src/gcrypt.h
   trunk/tests/basic.c
Log:
Added SEED cipher


Modified: trunk/AUTHORS
===================================================================
--- trunk/AUTHORS	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/AUTHORS	2006-08-29 10:21:09 UTC (rev 1178)
@@ -1,5 +1,5 @@
 Library: Libgcrypt
-Maintainer: Moritz Schulte <moritz@g10code.com>
+Maintainer: Werner Koch <wk@gnupg.org>
 Bug reports: <bug-libgcrypt@gnupg.org>
 Security related bug reports: <security@gnupg.org>
 
@@ -74,8 +74,13 @@
  added SHA-224, changed cipher/sha256.c, added HMAC tests.)
 
 
+Hye-Shik Chang  <perky@FreeBSD.org>
+Wrote SEED cipher and put it into the Public domain.  See mail to
+gcrypt-devel@gnupg.org on 2006-07-12 <20060712143738.GA54909@FreeBSD.org>.
+(SEED cipher)
 
 
+
 More credits
 ============
 The ATH implementation (src/ath*) has been taken from GPGME and

Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/ChangeLog	2006-08-29 10:21:09 UTC (rev 1178)
@@ -1,3 +1,7 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* configure.ac (USE_SEED): New.
+
 2006-07-26  Werner Koch  <wk@g10code.com>
 
 	* configure.ac: New options --enable-noexecstack and

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/NEWS	2006-08-29 10:21:09 UTC (rev 1178)
@@ -12,6 +12,8 @@
 
  * Support for SHA-224 and HMAC using SHA-384 and SHA-512.
 
+ * Support for the SEED cipher.
+
  * gcry_mpi_rshift does not anymore truncate the shift count.
 
  * Interface changes relative to the 1.2.0 release:
@@ -25,6 +27,7 @@
  GCRY_PK_USAGE_AUTH      NEW
  GCRY_PK_USAGE_UNKN      NEW
  gcry_mpi_scan           CHANGED: Argument BUFFER is now void*.
+ GCR_CIPHER_SEED         NEW
 
  FIXME: Please add API changes immediatley so that we don't
         forget about them.

Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/cipher/ChangeLog	2006-08-29 10:21:09 UTC (rev 1178)
@@ -1,3 +1,7 @@
+2006-08-29  Hye-Shik Chang <perky@FreeBSD.org>  (wk)
+
+	* seed.c: New.
+
 2006-08-03  Werner Koch  <wk@g10code.com>
 
 	* random-daemon.c (_gcry_daemon_initialize_basics): Don't

Modified: trunk/cipher/Makefile.am
===================================================================
--- trunk/cipher/Makefile.am	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/cipher/Makefile.am	2006-08-29 10:21:09 UTC (rev 1178)
@@ -57,6 +57,7 @@
 rndunix.c \
 rndw32.c \
 rsa.c \
+seed.c \
 serpent.c \
 sha1.c \
 sha256.c \

Modified: trunk/cipher/cipher.c
===================================================================
--- trunk/cipher/cipher.c	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/cipher/cipher.c	2006-08-29 10:21:09 UTC (rev 1178)
@@ -72,6 +72,9 @@
 #ifdef USE_RFC2268
     { &_gcry_cipher_spec_rfc2268_40, GCRY_CIPHER_RFC2268_40 },
 #endif
+#ifdef USE_SEED
+    { &_gcry_cipher_spec_seed,       GCRY_CIPHER_SEED },
+#endif
     { NULL                    },
   };
 

Added: trunk/cipher/seed.c
===================================================================
--- trunk/cipher/seed.c	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/cipher/seed.c	2006-08-29 10:21:09 UTC (rev 1178)
@@ -0,0 +1,478 @@
+/* SEED for libgcrypt
+ *	Copyright (C) 2006 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ *
+ * --
+ * This implementation was provided for libgcrypt in public domain
+ * by Hye-Shik Chang <perky@FreeBSD.org>, July 2006.
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "types.h"  /* for byte and u32 typedefs */
+#include "g10lib.h"
+#include "cipher.h"
+
+#define NUMKC	16
+
+#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \
+		    ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#define PUTU32(ct, st) { (ct)[0] = (byte)((st) >> 24); \
+			 (ct)[1] = (byte)((st) >> 16); \
+			 (ct)[2] = (byte)((st) >>  8); \
+			 (ct)[3] = (byte)(st); }
+
+union wordbuf
+{
+  u32 w;
+  byte b[4];
+};
+
+#ifdef WORDS_BIGENDIAN
+#define b0  b[3]
+#define b1  b[2]
+#define b2  b[1]
+#define b3  b[0]
+#else
+#define b0  b[0]
+#define b1  b[1]
+#define b2  b[2]
+#define b3  b[3]
+#endif
+
+static const char *selftest(void);
+
+typedef struct 
+{
+  u32 keyschedule[32];
+} SEED_context;
+
+static const u32 SS0[256] = {
+    0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c,
+    0x2c8ca0ac, 0x25052124, 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+    0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, 0x28082028, 0x04444044,
+    0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+    0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310,
+    0x12c2d2d0, 0x2ecee2ec, 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+    0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074, 0x2ccce0ec, 0x15859194,
+    0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+    0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc,
+    0x32c2f2f0, 0x19c9d1d8, 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+    0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8, 0x20406060, 0x10405050,
+    0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+    0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210,
+    0x2f8fa3ac, 0x15c5d1d4, 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+    0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008, 0x1f0f131c, 0x19899198,
+    0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+    0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388,
+    0x0e0e020c, 0x2b8ba3a8, 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+    0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208, 0x3f8fb3bc, 0x2fcfe3ec,
+    0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+    0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120,
+    0x2b4b6368, 0x26466264, 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+    0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0, 0x3a4a7278, 0x07474344,
+    0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+    0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114,
+    0x22022220, 0x38083038, 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+    0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394, 0x35053134, 0x0bcbc3c8,
+    0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+    0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158,
+    0x02828280, 0x04c4c0c4, 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+    0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8, 0x0f0f030c, 0x0e8e828c,
+    0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+    0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c,
+    0x2d0d212c, 0x00404040, 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+    0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154, 0x3b0b3338, 0x1cccd0dc,
+    0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+    0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328,
+    0x25456164, 0x3acaf2f8, 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+    0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0, 0x31013130, 0x2acae2e8,
+    0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+    0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128,
+    0x07070304, 0x33033330, 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+    0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
+};
+
+static const u32 SS1[256] = {
+    0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2,
+    0xb03383b3, 0xb83888b0, 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+    0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53, 0xc003c3c3, 0x60224262,
+    0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+    0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0,
+    0x34360632, 0x480b4b43, 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+    0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0, 0xc002c2c2, 0x44054541,
+    0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+    0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1,
+    0x0c0d0d01, 0xdc1fcfd3, 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+    0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272, 0x40024242, 0xd414c4d0,
+    0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+    0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20,
+    0xa82a8aa2, 0x34340430, 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+    0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0, 0x54174753, 0xac2e8ea2,
+    0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+    0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82,
+    0x682a4a62, 0xb03181b1, 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+    0x20220222, 0x04040400, 0x68284860, 0x70314171, 0x04070703, 0xd81bcbd3,
+    0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+    0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3,
+    0xa82b8ba3, 0xd010c0d0, 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+    0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3, 0x94168692, 0x783b4b73,
+    0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+    0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22,
+    0xb83a8ab2, 0x6c2e4e62, 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+    0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0, 0x14150511, 0xf83bcbf3,
+    0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+    0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0,
+    0xe82acae2, 0x08090901, 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+    0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501, 0xf83acaf2, 0x00010101,
+    0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+    0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1,
+    0x48084840, 0x78394971, 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+    0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53, 0x74374773, 0x54144450,
+    0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+    0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2,
+    0xc809c9c1, 0xfc3dcdf1, 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+    0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70, 0x0c0e0e02, 0x50104050,
+    0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+    0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353,
+    0x080a0a02, 0x84078783, 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+    0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
+};
+
+static const u32 SS2[256] = {
+    0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d,
+    0xa0ac2c8c, 0x21242505, 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+    0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343, 0x20282808, 0x40440444,
+    0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+    0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303,
+    0xd2d012c2, 0xe2ec2ece, 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+    0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444, 0xe0ec2ccc, 0x91941585,
+    0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+    0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc,
+    0xf2f032c2, 0xd1d819c9, 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+    0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9, 0x60602040, 0x50501040,
+    0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+    0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202,
+    0xa3ac2f8f, 0xd1d415c5, 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+    0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808, 0x131c1f0f, 0x91981989,
+    0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+    0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b,
+    0x020c0e0e, 0xa3a82b8b, 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+    0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a, 0xb3bc3f8f, 0xe3ec2fcf,
+    0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+    0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101,
+    0x63682b4b, 0x62642646, 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+    0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0, 0x72783a4a, 0x43440747,
+    0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+    0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505,
+    0x22202202, 0x30383808, 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+    0x81800181, 0xe1e829c9, 0x80840484, 0x93941787, 0x31343505, 0xc3c80bcb,
+    0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+    0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949,
+    0x82800282, 0xc0c404c4, 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+    0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888, 0x030c0f0f, 0x828c0e8e,
+    0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+    0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d,
+    0x212c2d0d, 0x40400040, 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+    0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545, 0x33383b0b, 0xd0dc1ccc,
+    0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+    0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b,
+    0x61642545, 0xf2f83aca, 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+    0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282, 0x31303101, 0xe2e82aca,
+    0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+    0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909,
+    0x03040707, 0x33303303, 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+    0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
+};
+
+static const u32 SS3[256] = {
+    0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e,
+    0x83b3b033, 0x88b0b838, 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+    0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b, 0xc3c3c003, 0x42626022,
+    0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+    0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c,
+    0x06323436, 0x4b43480b, 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+    0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434, 0xc2c2c002, 0x45414405,
+    0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+    0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839,
+    0x0d010c0d, 0xcfd3dc1f, 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+    0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032, 0x42424002, 0xc4d0d414,
+    0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+    0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c,
+    0x8aa2a82a, 0x04303434, 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+    0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838, 0x47535417, 0x8ea2ac2e,
+    0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+    0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a,
+    0x4a62682a, 0x81b1b031, 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+    0x02222022, 0x04000404, 0x48606828, 0x41717031, 0x07030407, 0xcbd3d81b,
+    0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+    0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023,
+    0x8ba3a82b, 0xc0d0d010, 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+    0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f, 0x86929416, 0x4b73783b,
+    0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+    0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e,
+    0x8ab2b83a, 0x4e626c2e, 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+    0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c, 0x05111415, 0xcbf3f83b,
+    0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+    0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434,
+    0xcae2e82a, 0x09010809, 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+    0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405, 0xcaf2f83a, 0x01010001,
+    0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+    0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425,
+    0x48404808, 0x49717839, 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+    0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f, 0x47737437, 0x44505414,
+    0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+    0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a,
+    0xc9c1c809, 0xcdf1fc3d, 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+    0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c, 0x0e020c0e, 0x40505010,
+    0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+    0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013,
+    0x0a02080a, 0x87838407, 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+    0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
+};
+
+static const u32 KC[NUMKC] = {
+    0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
+    0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
+    0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
+    0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
+};
+
+
+
+/* Perform the key setup.
+ */  
+static gcry_err_code_t
+do_setkey (SEED_context *ctx, const byte *key, const unsigned keylen)
+{
+  static int initialized = 0;
+  static const char *selftest_failed=0;
+  u32 x1, x2, x3, x4;
+  union wordbuf t0, t1;
+  u32 *keyout = ctx->keyschedule;
+  int i;
+
+  if (!initialized)
+    {
+      initialized = 1;
+      selftest_failed = selftest ();
+      if( selftest_failed )
+        log_error ("%s\n", selftest_failed );
+    }
+  if (selftest_failed)
+    return GPG_ERR_SELFTEST_FAILED;
+
+  if (keylen != 16)
+    return GPG_ERR_INV_KEYLEN;
+
+  x1 = GETU32 (key);
+  x2 = GETU32 (key+4);
+  x3 = GETU32 (key+8);
+  x4 = GETU32 (key+12);
+
+  for (i = 0; i < NUMKC; i++)
+    {
+      t0.w = x1 + x3 - KC[i];
+      t1.w = x2 + KC[i] - x4;
+      *(keyout++) = SS0[t0.b0] ^ SS1[t0.b1] ^ SS2[t0.b2] ^ SS3[t0.b3];
+      *(keyout++) = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3];
+
+      if (i % 2 == 0)
+	{
+	  t0.w = x1;
+	  x1 = (x1>>8) ^ (x2<<24);
+	  x2 = (x2>>8) ^ (t0.w<<24);
+	}
+      else
+	{
+	  t0.w = x3;
+	  x3 = (x3<<8) ^ (x4>>24);
+	  x4 = (x4<<8) ^ (t0.w>>24);
+	}
+    }
+
+  return 0;
+}
+
+static gcry_err_code_t
+seed_setkey (void *context, const byte *key, const unsigned keylen)
+{
+  SEED_context *ctx = context;
+
+  int rc = do_setkey (ctx, key, keylen);
+  _gcry_burn_stack (4*6 + sizeof(void*)*2 + sizeof(int)*2);
+  return rc;
+}
+
+
+
+#define OP(X1, X2, X3, X4, rbase)				\
+    t0.w = X3 ^ ctx->keyschedule[rbase];			\
+    t1.w = X4 ^ ctx->keyschedule[rbase+1];			\
+    t1.w ^= t0.w;						\
+    t1.w = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3];	\
+    t0.w += t1.w;						\
+    t0.w = SS0[t0.b0] ^ SS1[t0.b1] ^ SS2[t0.b2] ^ SS3[t0.b3];	\
+    t1.w += t0.w;						\
+    t1.w = SS0[t1.b0] ^ SS1[t1.b1] ^ SS2[t1.b2] ^ SS3[t1.b3];	\
+    t0.w += t1.w;						\
+    X1 ^= t0.w;							\
+    X2 ^= t1.w;
+
+/* Encrypt one block.  inbuf and outbuf may be the same. */
+static void
+do_encrypt (const SEED_context *ctx, byte *outbuf, const byte *inbuf)
+{
+  u32 x1, x2, x3, x4;
+  union wordbuf t0, t1;
+
+  x1 = GETU32 (inbuf);
+  x2 = GETU32 (inbuf+4);
+  x3 = GETU32 (inbuf+8);
+  x4 = GETU32 (inbuf+12);
+
+  OP (x1, x2, x3, x4, 0);
+  OP (x3, x4, x1, x2, 2);
+  OP (x1, x2, x3, x4, 4);
+  OP (x3, x4, x1, x2, 6);
+  OP (x1, x2, x3, x4, 8);
+  OP (x3, x4, x1, x2, 10);
+  OP (x1, x2, x3, x4, 12);
+  OP (x3, x4, x1, x2, 14);
+  OP (x1, x2, x3, x4, 16);
+  OP (x3, x4, x1, x2, 18);
+  OP (x1, x2, x3, x4, 20);
+  OP (x3, x4, x1, x2, 22);
+  OP (x1, x2, x3, x4, 24);
+  OP (x3, x4, x1, x2, 26);
+  OP (x1, x2, x3, x4, 28);
+  OP (x3, x4, x1, x2, 30);
+
+  PUTU32 (outbuf, x3);
+  PUTU32 (outbuf+4, x4);
+  PUTU32 (outbuf+8, x1);
+  PUTU32 (outbuf+12, x2);
+}
+
+static void
+seed_encrypt (void *context, byte *outbuf, const byte *inbuf)
+{
+  SEED_context *ctx = context;
+
+  do_encrypt (ctx, outbuf, inbuf);
+  _gcry_burn_stack (4*6);
+}
+
+
+
+/* Decrypt one block.  inbuf and outbuf may be the same. */
+static void
+do_decrypt (SEED_context *ctx, byte *outbuf, const byte *inbuf)
+{
+  u32 x1, x2, x3, x4;
+  union wordbuf t0, t1;
+
+  x1 = GETU32 (inbuf);
+  x2 = GETU32 (inbuf+4);
+  x3 = GETU32 (inbuf+8);
+  x4 = GETU32 (inbuf+12);
+
+  OP (x1, x2, x3, x4, 30);
+  OP (x3, x4, x1, x2, 28);
+  OP (x1, x2, x3, x4, 26);
+  OP (x3, x4, x1, x2, 24);
+  OP (x1, x2, x3, x4, 22);
+  OP (x3, x4, x1, x2, 20);
+  OP (x1, x2, x3, x4, 18);
+  OP (x3, x4, x1, x2, 16);
+  OP (x1, x2, x3, x4, 14);
+  OP (x3, x4, x1, x2, 12);
+  OP (x1, x2, x3, x4, 10);
+  OP (x3, x4, x1, x2, 8);
+  OP (x1, x2, x3, x4, 6);
+  OP (x3, x4, x1, x2, 4);
+  OP (x1, x2, x3, x4, 2);
+  OP (x3, x4, x1, x2, 0);
+
+  PUTU32 (outbuf, x3);
+  PUTU32 (outbuf+4, x4);
+  PUTU32 (outbuf+8, x1);
+  PUTU32 (outbuf+12, x2);
+}
+
+static void
+seed_decrypt (void *context, byte *outbuf, const byte *inbuf)
+{
+  SEED_context *ctx = context;
+
+  do_decrypt (ctx, outbuf, inbuf);
+  _gcry_burn_stack (4*6);
+}
+
+
+/* Test a single encryption and decryption with each key size. */
+static const char*
+selftest (void)
+{
+  SEED_context ctx;
+  byte scratch[16];	   
+
+  /* The test vector is taken from the appendix section B.3 of RFC4269.
+   */
+  static const byte plaintext[16] = {
+    0x83, 0xA2, 0xF8, 0xA2, 0x88, 0x64, 0x1F, 0xB9,
+    0xA4, 0xE9, 0xA5, 0xCC, 0x2F, 0x13, 0x1C, 0x7D
+  };
+  static const byte key[16] = {
+    0x47, 0x06, 0x48, 0x08, 0x51, 0xE6, 0x1B, 0xE8,
+    0x5D, 0x74, 0xBF, 0xB3, 0xFD, 0x95, 0x61, 0x85
+  };
+  static const byte ciphertext[16] = {
+    0xEE, 0x54, 0xD1, 0x3E, 0xBC, 0xAE, 0x70, 0x6D,
+    0x22, 0x6B, 0xC3, 0x14, 0x2C, 0xD4, 0x0D, 0x4A,
+  };
+
+  seed_setkey (&ctx, key, sizeof(key));
+  seed_encrypt (&ctx, scratch, plaintext);
+  if (memcmp (scratch, ciphertext, sizeof (ciphertext)))
+    return "SEED test encryption failed.";
+  seed_decrypt (&ctx, scratch, scratch);
+  if (memcmp (scratch, plaintext, sizeof (plaintext)))
+    return "SEED test decryption failed.";
+
+  return NULL;
+}
+
+
+
+static gcry_cipher_oid_spec_t seed_oids[] =
+  {
+    { "1.2.410.200004.1.3", GCRY_CIPHER_MODE_ECB },
+    { "1.2.410.200004.1.4", GCRY_CIPHER_MODE_CBC },
+    { "1.2.410.200004.1.5", GCRY_CIPHER_MODE_CFB },
+    { "1.2.410.200004.1.6", GCRY_CIPHER_MODE_OFB },
+    { NULL }
+  };
+
+gcry_cipher_spec_t _gcry_cipher_spec_seed =
+  {
+    "SEED", NULL, seed_oids, 16, 128, sizeof (SEED_context),
+    seed_setkey, seed_encrypt, seed_decrypt,
+  };

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/configure.ac	2006-08-29 10:21:09 UTC (rev 1178)
@@ -112,7 +112,7 @@
 LIBGCRYPT_CONFIG_CFLAGS=""
 
 # Definitions for symmetric ciphers.
-available_ciphers="arcfour blowfish cast5 des aes twofish serpent rfc2268"
+available_ciphers="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed"
 enabled_ciphers=""
 
 # Definitions for public-key ciphers.
@@ -757,6 +757,11 @@
 AC_DEFINE_UNQUOTED(USE_RFC2268, $found,
                                  [Defined if this module should be included])
 
+LIST_MEMBER(seed, $enabled_ciphers)
+test "$found" = "1" && GCRYPT_CIPHERS="$GCRYPT_CIPHERS seed.lo"
+AC_DEFINE_UNQUOTED(USE_SEED, $found,
+                             [Defined if this module should be included])
+
 LIST_MEMBER(dsa, $enabled_pubkey_ciphers)
 test "$found" = "1" && GCRYPT_PUBKEY_CIPHERS="$GCRYPT_PUBKEY_CIPHERS dsa.lo"
 AC_DEFINE_UNQUOTED(USE_DSA, $found,

Modified: trunk/doc/ChangeLog
===================================================================
--- trunk/doc/ChangeLog	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/doc/ChangeLog	2006-08-29 10:21:09 UTC (rev 1178)
@@ -1,3 +1,7 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.texi (Available ciphers): Add missing ciphers.
+
 2006-03-10  Brad Hards  <bradh@frogmouth.net> (wk, patch 2005-04-25)
 
 	* gcrypt.texi: Document SHA-224 and typo fixes.

Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/doc/gcrypt.texi	2006-08-29 10:21:09 UTC (rev 1178)
@@ -1183,6 +1183,20 @@
 bits of each byte are ignored.  Note, that this is a weak algorithm
 which can be broken in reasonable time using a brute force approach.
 
+@item  GCRY_CIPHER_SERPENT128
+@itemx GCRY_CIPHER_SERPENT192
+@itemx GCRY_CIPHER_SERPENT256
+The Serpent cipher from the AES contest.
+
+@item  GCRY_CIPHER_RFC2268_40
+@itemx GCRY_CIPHER_RFC2268_128
+Ron's Cipher 2 in the 40 and 128 bit variants.  Note, that we currently
+only support the 40 bit variant.  The identifier for 128 is reserved for
+future use.
+
+@item GCRY_CIPHER_SEED
+A 128 bit cipher as described by RFC4269.
+
 @end table
 
 @node Cipher modules

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/src/ChangeLog	2006-08-29 10:21:09 UTC (rev 1178)
@@ -1,3 +1,7 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* gcrypt.h (GCRY_CIPHER_SEED): New.
+
 2006-08-21  Werner Koch  <wk@g10code.com>
 
 	* gcrypt.h (GCRYCTL_FAKED_RANDOM_P): New.

Modified: trunk/src/cipher.h
===================================================================
--- trunk/src/cipher.h	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/src/cipher.h	2006-08-29 10:21:09 UTC (rev 1178)
@@ -58,6 +58,7 @@
 extern gcry_cipher_spec_t _gcry_cipher_spec_serpent192;
 extern gcry_cipher_spec_t _gcry_cipher_spec_serpent256;
 extern gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40;
+extern gcry_cipher_spec_t _gcry_cipher_spec_seed;
 
 /* Declarations for the digest specifications.  */
 extern gcry_md_spec_t _gcry_digest_spec_crc32;

Modified: trunk/src/gcrypt.h
===================================================================
--- trunk/src/gcrypt.h	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/src/gcrypt.h	2006-08-29 10:21:09 UTC (rev 1178)
@@ -749,7 +749,8 @@
     GCRY_CIPHER_SERPENT192  = 305,
     GCRY_CIPHER_SERPENT256  = 306,
     GCRY_CIPHER_RFC2268_40  = 307,  /* Ron's Cipher 2 (40 bit). */
-    GCRY_CIPHER_RFC2268_128 = 308   /* Ron's Cipher 2 (128 bit). */
+    GCRY_CIPHER_RFC2268_128 = 308,  /* Ron's Cipher 2 (128 bit). */
+    GCRY_CIPHER_SEED        = 309   /* 128 bit cipher described in RFC4269. */
   };
 
 /* The Rijndael algorithm is basically AES, so provide some macros. */

Modified: trunk/tests/basic.c
===================================================================
--- trunk/tests/basic.c	2006-08-28 12:45:47 UTC (rev 1177)
+++ trunk/tests/basic.c	2006-08-29 10:21:09 UTC (rev 1178)
@@ -959,6 +959,7 @@
     GCRY_CIPHER_SERPENT128,
     GCRY_CIPHER_SERPENT192,
     GCRY_CIPHER_SERPENT256,
+    GCRY_CIPHER_SEED,
     0
   };
   static int algos2[] = {


From cvs at cvs.gnupg.org  Tue Aug 29 15:12:02 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug 29 14:28:43 2006
Subject: [svn] GnuPG -  r4229 - trunk/agent
Message-ID: <E1GI2hr-0002ks-6L@trithemius.gnupg.org>

Author: wk
Date: 2006-08-29 15:12:01 +0200 (Tue, 29 Aug 2006)
New Revision: 4229

Modified:
   trunk/agent/ChangeLog
   trunk/agent/command-ssh.c
   trunk/agent/gpg-agent.c
Log:
Allow for 4k ssh keys and better error reporting.


Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog	2006-08-27 15:33:56 UTC (rev 4228)
+++ trunk/agent/ChangeLog	2006-08-29 13:12:01 UTC (rev 4229)
@@ -1,3 +1,11 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* command-ssh.c (stream_read_mpi): Sanity check for early
+	detecting of too large keys.
+	* gpg-agent.c (my_gcry_outofcore_handler): New.
+	(main): Register it.
+	(main): No allocate 32k secure memory (was 16k).
+
 2006-07-31  Werner Koch  <wk@g10code.com>
 
 	* preset-passphrase.c (make_hexstring): For conistency use

Modified: trunk/agent/command-ssh.c
===================================================================
--- trunk/agent/command-ssh.c	2006-08-27 15:33:56 UTC (rev 4228)
+++ trunk/agent/command-ssh.c	2006-08-29 13:12:01 UTC (rev 4229)
@@ -526,6 +526,15 @@
   if (err)
     goto out;
 
+  /* To avoid excessive use of secure memory we check that an MPI is
+     not too large. */
+  if (mpi_data_size > 520)
+    {
+      log_error (_("ssh keys greater than %d bits are not supported\n"), 4096);
+      err = GPG_ERR_TOO_LARGE;
+      goto out;
+    }
+
   err = gcry_mpi_scan (&mpi, GCRYMPI_FMT_STD, mpi_data, mpi_data_size, NULL);
   if (err)
     goto out;

Modified: trunk/agent/gpg-agent.c
===================================================================
--- trunk/agent/gpg-agent.c	2006-08-27 15:33:56 UTC (rev 4228)
+++ trunk/agent/gpg-agent.c	2006-08-29 13:12:01 UTC (rev 4229)
@@ -285,6 +285,28 @@
 }
 
 
+/* This function is called by libgcrypt if it ran out of core and
+   there is no way to return that error to the caller.  We do our own
+   function here to make use of our logging functions. */
+static int
+my_gcry_outofcore_handler ( void *opaque, size_t req_n, unsigned int flags)
+{
+  static int been_here;  /* Used to protect against recursive calls. */
+
+  if (!been_here)
+    {
+      been_here = 1;
+      if ( (flags & 1) )
+        log_fatal (_("out of core in secure memory "
+                     "while allocating %lu bytes"), (unsigned long)req_n);
+      else
+        log_fatal (_("out of core while allocating %lu bytes"),
+                   (unsigned long)req_n);
+    }
+  return 0; /* Let libgcrypt call its own fatal error handler. */
+}
+
+
 /* Setup the debugging.  With the global variable DEBUG_LEVEL set to NULL
    only the active debug flags are propagated to the subsystems.  With
    DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding
@@ -489,6 +511,7 @@
   assuan_set_assuan_log_prefix (log_get_prefix (NULL));
 
   gcry_set_log_handler (my_gcry_logger, NULL);
+  gcry_set_outofcore_handler (my_gcry_outofcore_handler, NULL);
   gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);
 
   may_coredump = disable_core_dumps ();
@@ -546,8 +569,8 @@
           opt.homedir = pargs.r.ret_str;
     }
 
-  /* initialize the secure memory. */
-  gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0);
+  /* Initialize the secure memory. */
+  gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
   maybe_setuid = 0;
 
   /* 


From cvs at cvs.gnupg.org  Tue Aug 29 18:18:32 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Tue Aug 29 17:35:12 2006
Subject: [svn] GnuPG -  r4230 - in trunk: . agent doc g10 jnlib sm
Message-ID: <E1GI5cL-0003AM-Aj@trithemius.gnupg.org>

Author: wk
Date: 2006-08-29 18:18:30 +0200 (Tue, 29 Aug 2006)
New Revision: 4230

Modified:
   trunk/NEWS
   trunk/TODO
   trunk/agent/pkdecrypt.c
   trunk/doc/gpg-agent.texi
   trunk/doc/gpgsm.texi
   trunk/g10/ChangeLog
   trunk/g10/mainproc.c
   trunk/jnlib/ChangeLog
   trunk/jnlib/logging.c
   trunk/sm/ChangeLog
   trunk/sm/call-agent.c
   trunk/sm/gpgsm.c
Log:
See ChangeLogs


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/NEWS	2006-08-29 16:18:30 UTC (rev 4230)
@@ -9,7 +9,10 @@
    gpg part.  For production use of OpenPGP the gpg version 1.4.5 is
    still recommended.
 
+ * API change in gpg-agent's pkdecrypt command.  Thus an older gpgsm
+   may not be used with the current gpg-agent.
 
+
 Noteworthy changes in version 1.9.22 (2006-07-27)
 -------------------------------------------------
 

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/TODO	2006-08-29 16:18:30 UTC (rev 4230)
@@ -6,8 +6,6 @@
 ** Check that we really release the ksba reader/writer objects.
 
 * sm/call-agent.c
-** The protocol uses an incomplete S-expression
-We should always use valid S-Exp and not just parts.
 ** Some code should go into import.c
 ** When we allow concurrent service request in gpgsm, we
 might want to have an agent context for each service request
@@ -23,7 +21,6 @@
 ** replace leading zero in integer hack by a cleaner solution
 
 * sm/gpgsm.c
-** Support --output for all commands
 ** mark all unimplemented commands and options.
 ** Implement --default-key
 ** support the anyPolicy semantic
@@ -109,10 +106,8 @@
 ** issue a NO_SECKEY xxxx if a -u key was not found.
 ** Replace DIGEST_ALGO_SHA224
    We can't do that right now because it is only defined by newer
-   versions of libgcrypt.  Changes this if we require libgcrypt 1.3
+   versions of libgcrypt.  Change this if we require libgcrypt 1.3
    anyway.
-** skclist.c:random_is_faked
-   Remove the whole stuff?
 ** qbits
    We pass a new qbit parameter to genkey - implement this in libgcrypt.
 ** skclist.c

Modified: trunk/agent/pkdecrypt.c
===================================================================
--- trunk/agent/pkdecrypt.c	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/agent/pkdecrypt.c	2006-08-29 16:18:30 UTC (rev 4230)
@@ -90,15 +90,14 @@
           log_error ("smartcard decryption failed: %s\n", gpg_strerror (rc));
           goto leave;
         }
-      /* FIXME: Change the protocol to return a complete S-expression
-         and not just a part. */
+
       {
-        char tmpbuf[50];
+        char tmpbuf[60];
 
-        sprintf (tmpbuf, "%u:", (unsigned int)len);
+        sprintf (tmpbuf, "(5:value%u:", (unsigned int)len);
         put_membuf (outbuf, tmpbuf, strlen (tmpbuf));
         put_membuf (outbuf, buf, len);
-        put_membuf (outbuf, "", 1);
+        put_membuf (outbuf, ")", 2);
       }
     }
   else
@@ -126,7 +125,16 @@
       buf = xmalloc (len);
       len = gcry_sexp_sprint (s_plain, GCRYSEXP_FMT_CANON, buf, len);
       assert (len);
-      put_membuf (outbuf, buf, len);
+      if (*buf == '(')
+        put_membuf (outbuf, buf, len);
+      else
+        {
+          /* Old style libgcrypt: This is only an S-expression
+             part. Turn it into a complete S-expression. */
+          put_membuf (outbuf, "(5:value", 8);
+          put_membuf (outbuf, buf, len);
+          put_membuf (outbuf, ")", 2);
+        }
     }      
 
 

Modified: trunk/doc/gpg-agent.texi
===================================================================
--- trunk/doc/gpg-agent.texi	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/doc/gpg-agent.texi	2006-08-29 16:18:30 UTC (rev 4230)
@@ -701,7 +701,7 @@
    C: D    (b 3F444677CA)))
    C: END
    S: # session key follows
-   S: D 1234567890ABCDEF0
+   S: D (value 1234567890ABCDEF0)
    S: OK descryption successful
 @end example         
 

Modified: trunk/doc/gpgsm.texi
===================================================================
--- trunk/doc/gpgsm.texi	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/doc/gpgsm.texi	2006-08-29 16:18:30 UTC (rev 4230)
@@ -428,6 +428,12 @@
 Set the user(s) to be used for signing.  The default is the first
 secret key found in the database.
 
+@item --output @var{file}
+@itemx -o @var{file}
+@opindex output
+Write output to @var{file}.  The default is to write it to stdout.
+
+
 @item --with-key-data
 @opindex with-key-data
 Displays extra information with the @code{--list-keys} commands.  Especially

Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/g10/ChangeLog	2006-08-29 16:18:30 UTC (rev 4230)
@@ -1,3 +1,7 @@
+2006-08-22  Werner Koch  <wk@g10code.com>
+
+	* mainproc.c (proc_plaintext): Fixed a #warning
+
 2006-08-21  Werner Koch  <wk@g10code.com>
 
 	* skclist.c (random_is_faked): Implemented.

Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/g10/mainproc.c	2006-08-29 16:18:30 UTC (rev 4230)
@@ -681,13 +681,10 @@
     }
 
     rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig );
-    if (rc)
-      log_debug ("handle_plaintext failed: err=%d\n", rc);
-    if( gpg_err_code (rc) == GPG_ERR_ENOENT && !c->sigs_only) 
+    if ( gpg_err_code (rc) == GPG_ERR_EACCES && !c->sigs_only ) 
       {
-#warning We need to change the test for the error code
-        /* Can't write output but we hash it anyway to
-         * Check the signature. */
+        /* Can't write output but we hash it anyway to check the
+           signature. */
         rc = handle_plaintext( pt, &c->mfx, 1, clearsig );
       }
 

Modified: trunk/jnlib/ChangeLog
===================================================================
--- trunk/jnlib/ChangeLog	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/jnlib/ChangeLog	2006-08-29 16:18:30 UTC (rev 4230)
@@ -1,3 +1,7 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* logging.c (do_logv): Emit a missing LF for fatal errors.
+
 2006-06-28  Werner Koch  <wk@g10code.com>
 
 	* dotlock.c (make_dotlock, release_dotlock, read_lockfile)

Modified: trunk/jnlib/logging.c
===================================================================
--- trunk/jnlib/logging.c	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/jnlib/logging.c	2006-08-29 16:18:30 UTC (rev 4230)
@@ -486,9 +486,17 @@
     }
 
   if (level == JNLIB_LOG_FATAL)
-    exit(2);
+    {
+      if (missing_lf)
+        putc('\n', logstream );
+      exit(2);
+    }
   if (level == JNLIB_LOG_BUG)
-    abort();
+    {
+      if (missing_lf)
+        putc('\n', logstream );
+      abort();
+    }
 }
 
 static void

Modified: trunk/sm/ChangeLog
===================================================================
--- trunk/sm/ChangeLog	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/sm/ChangeLog	2006-08-29 16:18:30 UTC (rev 4230)
@@ -1,3 +1,11 @@
+2006-08-29  Werner Koch  <wk@g10code.com>
+
+	* call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
+	complete S-expressions as implemented by the current gpg-agent.
+
+	* gpgsm.c (main): Implement --output for encrypt, decrypt, sign
+	and export.
+
 2006-07-03  Werner Koch  <wk@g10code.com>
 
 	* certreqgen.c (proc_parameters): Print the component label of a

Modified: trunk/sm/call-agent.c
===================================================================
--- trunk/sm/call-agent.c	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/sm/call-agent.c	2006-08-29 16:18:30 UTC (rev 4230)
@@ -300,7 +300,7 @@
   membuf_t data;
   struct cipher_parm_s cipher_parm;
   size_t n, len;
-  char *buf, *endp;
+  char *p, *buf, *endp;
   size_t ciphertextlen;
   
   if (!keygrip || strlen(keygrip) != 40 || !ciphertext || !r_buf || !r_buflen)
@@ -349,21 +349,36 @@
       return map_assuan_err (rc);
     }
 
-  put_membuf (&data, "", 1); /* make sure it is 0 terminated */
+  put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
   buf = get_membuf (&data, &len);
   if (!buf)
     return gpg_error (GPG_ERR_ENOMEM);
-  /* FIXME: We would better a return a full S-exp and not just a part */
-  assert (len);
-  len--; /* remove the terminating 0 */
-  n = strtoul (buf, &endp, 10);
+  assert (len); /* (we forced Nul termination.)  */
+
+  if (*buf == '(')
+    {
+      if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
+        return gpg_error (GPG_ERR_INV_SEXP);
+      len -= 11;   /* Count only the data of the second part. */
+      p = buf + 8; /* Skip leading parenthesis and the value tag. */
+    }
+  else
+    {
+      /* For compatibility with older gpg-agents handle the old style
+         incomplete S-exps. */
+      len--;      /* Do not count the Nul. */
+      p = buf;
+    }
+
+  n = strtoul (p, &endp, 10);
   if (!n || *endp != ':')
     return gpg_error (GPG_ERR_INV_SEXP);
   endp++;
-  if (endp-buf+n > len)
-    return gpg_error (GPG_ERR_INV_SEXP); /* oops len does not
-					    match internal len*/
+  if (endp-p+n > len)
+    return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
+  
   memmove (buf, endp, n);
+
   *r_buflen = n;
   *r_buf = buf;
   return 0;

Modified: trunk/sm/gpgsm.c
===================================================================
--- trunk/sm/gpgsm.c	2006-08-29 13:12:01 UTC (rev 4229)
+++ trunk/sm/gpgsm.c	2006-08-29 16:18:30 UTC (rev 4230)
@@ -1420,31 +1420,42 @@
       run_protect_tool (argc, argv);
       break;
 
-    case aEncr: /* encrypt the given file */
-      set_binary (stdin);
-      set_binary (stdout);
-      if (!argc)
-        gpgsm_encrypt (&ctrl, recplist, 0, stdout); /* from stdin */
-      else if (argc == 1)
-        gpgsm_encrypt (&ctrl, recplist, open_read (*argv), stdout); /* from file */
-      else
-        wrong_args ("--encrypt [datafile]");
+    case aEncr: /* Encrypt the given file. */
+      {
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+        set_binary (stdin);
+
+        if (!argc) /* Source is stdin. */
+          gpgsm_encrypt (&ctrl, recplist, 0, fp); 
+        else if (argc == 1)  /* Source is the given file. */
+          gpgsm_encrypt (&ctrl, recplist, open_read (*argv), fp);
+        else
+          wrong_args ("--encrypt [datafile]");
+
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
 
-    case aSign: /* sign the given file */
-      /* FIXME: We don't handle --output yet. We should also allow
-         to concatenate multiple files for signing because that is
-         what gpg does.*/
-      set_binary (stdin);
-      set_binary (stdout);
-      if (!argc)
-        gpgsm_sign (&ctrl, signerlist,
-                    0, detached_sig, stdout); /* create from stdin */
-      else if (argc == 1)
-        gpgsm_sign (&ctrl, signerlist,
-                    open_read (*argv), detached_sig, stdout); /* from file */
-      else
-        wrong_args ("--sign [datafile]");
+    case aSign: /* Sign the given file. */
+      {
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+        /* Fixme: We should also allow to concatenate multiple files for
+           signing because that is what gpg does.*/
+        set_binary (stdin);
+        if (!argc) /* Create from stdin. */
+          gpgsm_sign (&ctrl, signerlist, 0, detached_sig, fp); 
+        else if (argc == 1) /* From file. */
+          gpgsm_sign (&ctrl, signerlist,
+                      open_read (*argv), detached_sig, fp); 
+        else
+          wrong_args ("--sign [datafile]");
+
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
         
     case aSignEncr: /* sign and encrypt the given file */
@@ -1484,14 +1495,19 @@
       break;
 
     case aDecrypt:
-      set_binary (stdin);
-      set_binary (stdout);
-      if (!argc)
-        gpgsm_decrypt (&ctrl, 0, stdout); /* from stdin */
-      else if (argc == 1)
-        gpgsm_decrypt (&ctrl, open_read (*argv), stdout); /* from file */
-      else
-        wrong_args ("--decrypt [filename]");
+      {
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+        set_binary (stdin);
+        if (!argc)
+          gpgsm_decrypt (&ctrl, 0, fp); /* from stdin */
+        else if (argc == 1)
+          gpgsm_decrypt (&ctrl, open_read (*argv), fp); /* from file */
+        else
+          wrong_args ("--decrypt [filename]");
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
 
     case aDeleteKey:
@@ -1556,19 +1572,29 @@
       break;
 
     case aExport:
-      set_binary (stdout);
-      for (sl=NULL; argc; argc--, argv++)
-        add_to_strlist (&sl, *argv);
-      gpgsm_export (&ctrl, sl, stdout);
-      free_strlist(sl);
+      {
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+        for (sl=NULL; argc; argc--, argv++)
+          add_to_strlist (&sl, *argv);
+        gpgsm_export (&ctrl, sl, fp);
+        free_strlist(sl);
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
 
     case aExportSecretKeyP12:
-      set_binary (stdout);
-      if (argc == 1)
-        gpgsm_p12_export (&ctrl, *argv, stdout);
-      else
-        wrong_args ("--export-secret-key-p12 KEY-ID");
+      {
+        FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
+
+        if (argc == 1)
+          gpgsm_p12_export (&ctrl, *argv, stdout);
+        else
+          wrong_args ("--export-secret-key-p12 KEY-ID");
+        if (fp != stdout)
+          fclose (fp);
+      }
       break;
       
     case aSendKeys:


From cvs at cvs.gnupg.org  Tue Aug 29 20:29:32 2006
From: cvs at cvs.gnupg.org (svn author marcus)
Date: Tue Aug 29 19:46:11 2006
Subject: [svn] GnuPG -  r4231 - trunk/scd
Message-ID: <E1GI7f5-0002hC-Vr@trithemius.gnupg.org>

Author: marcus
Date: 2006-08-29 20:29:30 +0200 (Tue, 29 Aug 2006)
New Revision: 4231

Modified:
   trunk/scd/ChangeLog
   trunk/scd/app-openpgp.c
Log:
2006-08-28  Marcus Brinkmann  <marcus@g10code.de>

        * app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2"
        resp. "OPENPGP.1" for KEYIDSTR.



Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog	2006-08-29 16:18:30 UTC (rev 4230)
+++ trunk/scd/ChangeLog	2006-08-29 18:29:30 UTC (rev 4231)
@@ -1,3 +1,8 @@
+2006-08-28  Marcus Brinkmann  <marcus@g10code.de>
+
+	* app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2"
+	resp. "OPENPGP.1" for KEYIDSTR.
+
 2006-08-21  Werner Koch  <wk@g10code.com>
 
 	* pcsc-wrapper.c (handle_open, handle_close): Reset card and

Modified: trunk/scd/app-openpgp.c
===================================================================
--- trunk/scd/app-openpgp.c	2006-08-29 16:18:30 UTC (rev 4230)
+++ trunk/scd/app-openpgp.c	2006-08-29 18:29:30 UTC (rev 4231)
@@ -2128,27 +2128,31 @@
     }
 
   /* Check whether an OpenPGP card of any version has been requested. */
-  if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
-    return gpg_error (GPG_ERR_INV_ID);
-  
-  for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+  if (!strcmp (keyidstr, "OPENPGP.1"))
     ;
-  if (n != 32)
+  else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
     return gpg_error (GPG_ERR_INV_ID);
-  else if (!*s)
-    ; /* no fingerprint given: we allow this for now. */
-  else if (*s == '/')
-    fpr = s + 1; 
   else
-    return gpg_error (GPG_ERR_INV_ID);
+    {
+      for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+	;
+      if (n != 32)
+	return gpg_error (GPG_ERR_INV_ID);
+      else if (!*s)
+	; /* no fingerprint given: we allow this for now. */
+      else if (*s == '/')
+	fpr = s + 1; 
+      else
+	return gpg_error (GPG_ERR_INV_ID);
 
-  for (s=keyidstr, n=0; n < 16; s += 2, n++)
-    tmp_sn[n] = xtoi_2 (s);
+      for (s=keyidstr, n=0; n < 16; s += 2, n++)
+	tmp_sn[n] = xtoi_2 (s);
 
-  if (app->serialnolen != 16)
-    return gpg_error (GPG_ERR_INV_CARD);
-  if (memcmp (app->serialno, tmp_sn, 16))
-    return gpg_error (GPG_ERR_WRONG_CARD);
+      if (app->serialnolen != 16)
+	return gpg_error (GPG_ERR_INV_CARD);
+      if (memcmp (app->serialno, tmp_sn, 16))
+	return gpg_error (GPG_ERR_WRONG_CARD);
+    }
 
   /* If a fingerprint has been specified check it against the one on
      the card.  This is allows for a meaningful error message in case
@@ -2322,28 +2326,32 @@
     return gpg_error (GPG_ERR_INV_VALUE);
 
   /* Check whether an OpenPGP card of any version has been requested. */
-  if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
-    return gpg_error (GPG_ERR_INV_ID);
-  
-  for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+  if (!strcmp (keyidstr, "OPENPGP.2"))
     ;
-  if (n != 32)
+  else if (strlen (keyidstr) < 32 || strncmp (keyidstr, "D27600012401", 12))
     return gpg_error (GPG_ERR_INV_ID);
-  else if (!*s)
-    ; /* no fingerprint given: we allow this for now. */
-  else if (*s == '/')
-    fpr = s + 1; 
   else
-    return gpg_error (GPG_ERR_INV_ID);
+    {
+      for (s=keyidstr, n=0; hexdigitp (s); s++, n++)
+	;
+      if (n != 32)
+	return gpg_error (GPG_ERR_INV_ID);
+      else if (!*s)
+	; /* no fingerprint given: we allow this for now. */
+      else if (*s == '/')
+	fpr = s + 1; 
+      else
+	return gpg_error (GPG_ERR_INV_ID);
+      
+      for (s=keyidstr, n=0; n < 16; s += 2, n++)
+	tmp_sn[n] = xtoi_2 (s);
+      
+      if (app->serialnolen != 16)
+	return gpg_error (GPG_ERR_INV_CARD);
+      if (memcmp (app->serialno, tmp_sn, 16))
+	return gpg_error (GPG_ERR_WRONG_CARD);
+    }
 
-  for (s=keyidstr, n=0; n < 16; s += 2, n++)
-    tmp_sn[n] = xtoi_2 (s);
-
-  if (app->serialnolen != 16)
-    return gpg_error (GPG_ERR_INV_CARD);
-  if (memcmp (app->serialno, tmp_sn, 16))
-    return gpg_error (GPG_ERR_WRONG_CARD);
-
   /* If a fingerprint has been specified check it against the one on
      the card.  This is allows for a meaningful error message in case
      the key on the card has been replaced but the shadow information


From cvs at cvs.gnupg.org  Wed Aug 30 12:19:16 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed Aug 30 11:35:52 2006
Subject: [svn] ksba - r252 - in trunk: . doc m4 src tests tests/samples
Message-ID: <E1GIMU9-00011m-0I@trithemius.gnupg.org>

Author: wk
Date: 2006-08-30 12:19:14 +0200 (Wed, 30 Aug 2006)
New Revision: 252

Added:
   trunk/m4/autobuild.m4
   trunk/tests/samples/ov2-ocsp-server.crt
   trunk/tests/samples/ov2-root-ca-cert.crt
   trunk/tests/samples/ov2-user.crt
   trunk/tests/samples/ov2-userrev.crt
Modified:
   trunk/Makefile.am
   trunk/NEWS
   trunk/README
   trunk/TODO
   trunk/configure.ac
   trunk/doc/gpl.texi
   trunk/doc/ksba.texi
   trunk/src/ChangeLog
   trunk/src/cert.c
   trunk/src/cms.c
   trunk/src/ocsp.c
   trunk/src/ocsp.h
   trunk/src/util.c
   trunk/tests/ChangeLog
   trunk/tests/Makefile.am
   trunk/tests/samples/README
   trunk/tests/t-ocsp.c
Log:
implememted ocsp once checking


Modified: trunk/Makefile.am
===================================================================
--- trunk/Makefile.am	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/Makefile.am	2006-08-30 10:19:14 UTC (rev 252)
@@ -23,7 +23,7 @@
 ACLOCAL_AMFLAGS = -I m4 -I gl/m4
 AUTOMAKE_OPTIONS = dist-bzip2
 
-EXTRA_DIST = README-alpha autogen.sh
+EXTRA_DIST = autogen.sh
 
 
 if CROSS_COMPILING

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/NEWS	2006-08-30 10:19:14 UTC (rev 252)
@@ -1,7 +1,9 @@
-Noteworthy changes in version 0.9.16
+Noteworthy changes in version 0.9.17
 -------------------------------------------------
 
+ * OCSP nonces are now checked to detact replay attacks.
 
+
 Noteworthy changes in version 0.9.16 (2006-08-01)
 -------------------------------------------------
 
@@ -299,7 +301,7 @@
  * Nearly all stuff needed for the Aegypten project is now in place.
 
 
- Copyright 2002, 2003, 2004, 2005 g10 Code GmbH
+ Copyright 2002, 2003, 2004, 2005, 2006 g10 Code GmbH
 
  This file is free software; as a special exception the author gives
  unlimited permission to copy and/or distribute it, with or without

Modified: trunk/README
===================================================================
--- trunk/README	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/README	2006-08-30 10:19:14 UTC (rev 252)
@@ -41,56 +41,8 @@
 
 A standard info format reference manual is included.  However the OCSP
 feature has not yet been documented.  See the comments in src/ocsp.c
-and the example tests/t-ocsp.c
+and the example tests/t-ocsp.c.  The program dirmngr uses the ocsp
+feature and may be used as another example.
 
 
 
-
-         Old Information which might not be correct anymore:
-         ---------------------------------------------------
-
-KSBA  provides these subsystems:
-
-
-* ASN.1 Parser  (ksba_asn_*)
-
-  KSBA provides a simple ASN.1 parser which can be used to read
-  definitions directly from an ASN.1 module without the need of
-  generating extra tables.  For ease of maintenance it also comes with
-  a tool to create static data structures to avoid that overhead and
-  the need to include ASN.1 modules.
-
-  The primary goal of this parser is to provide the ASN.1 syntax tree
-  to be used by other library modules.
-
-* BER Decoder (ksba_ber_decoder_*)
-
-  This is a decoder for the ASN.1 Basic Encoding Rules with a facility
-  to detect valid DER encoding (DER is a subset of BER).  By using
-  thresholds and pre-registered callout function it is possible to
-  work on indefinite length data stream and limiting the memory usage
-  to a fixed upper bound.
-
-* BER Encoder (ksba_ber_encoder_*)
-
-  This is the counterpart to the DER Decoder with the ability to
-  restrict the encoding to DER.
-
-* Certificate Handling (ksba_cert_*)
-
-  The main bulk of the provided functions are used to give a clean
-  interface to X.509 certificates by translating X.509 data types to
-  more standard data types.
-
-* CMS Handling (ksba_cms_*)
-
-  The Cryptographic Message Syntax is the core data type for S/MIME
-  and therefore KSBA provides an interface to parse and create these
-  objects without the need to cope with ASN.1.
-
-* Reader and Writer (ksba_reader_*, ksba_writer_*)
-
-  Abstraction objects to access memory areas, files or file
-  descriptor.
-
-

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/TODO	2006-08-30 10:19:14 UTC (rev 252)
@@ -51,5 +51,3 @@
 ** The ASN.1 parse tree is not released in all places
 ** Some memory is not released in case of errors.
 
-* src/ocsp.c
-** Implement nonce checking.

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/configure.ac	2006-08-30 10:19:14 UTC (rev 252)
@@ -55,6 +55,7 @@
 AC_CONFIG_SRCDIR([src/ksba.h])
 AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
 AM_CONFIG_HEADER(config.h)
+AB_INIT
 
 AC_GNU_SOURCE
 

Modified: trunk/doc/gpl.texi
===================================================================
--- trunk/doc/gpl.texi	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/doc/gpl.texi	2006-08-30 10:19:14 UTC (rev 252)
@@ -6,7 +6,7 @@
 
 @display
 Copyright @copyright{} 1989, 1991 Free Software Foundation, Inc.
-59 Temple Place -- Suite 330, Boston, MA 02111-1307, USA
+51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
@@ -352,7 +352,7 @@
 
 You should have received a copy of the GNU General Public License along
 with this program; if not, write to the Free Software Foundation, Inc.,
-59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
+51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 @end smallexample
 
 Also add information on how to contact you by electronic and paper mail.

Modified: trunk/doc/ksba.texi
===================================================================
--- trunk/doc/ksba.texi	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/doc/ksba.texi	2006-08-30 10:19:14 UTC (rev 252)
@@ -1097,3 +1097,53 @@
 @unnumbered Function and Data Index
 @printindex fn
 @bye
+
+
+
+         Old Information which might not be correct anymore:
+         ---------------------------------------------------
+
+KSBA  provides these subsystems:
+
+
+* ASN.1 Parser  (ksba_asn_*)
+
+  KSBA provides a simple ASN.1 parser which can be used to read
+  definitions directly from an ASN.1 module without the need of
+  generating extra tables.  For ease of maintenance it also comes with
+  a tool to create static data structures to avoid that overhead and
+  the need to include ASN.1 modules.
+
+  The primary goal of this parser is to provide the ASN.1 syntax tree
+  to be used by other library modules.
+
+* BER Decoder (ksba_ber_decoder_*)
+
+  This is a decoder for the ASN.1 Basic Encoding Rules with a facility
+  to detect valid DER encoding (DER is a subset of BER).  By using
+  thresholds and pre-registered callout function it is possible to
+  work on indefinite length data stream and limiting the memory usage
+  to a fixed upper bound.
+
+* BER Encoder (ksba_ber_encoder_*)
+
+  This is the counterpart to the DER Decoder with the ability to
+  restrict the encoding to DER.
+
+* Certificate Handling (ksba_cert_*)
+
+  The main bulk of the provided functions are used to give a clean
+  interface to X.509 certificates by translating X.509 data types to
+  more standard data types.
+
+* CMS Handling (ksba_cms_*)
+
+  The Cryptographic Message Syntax is the core data type for S/MIME
+  and therefore KSBA provides an interface to parse and create these
+  objects without the need to cope with ASN.1.
+
+* Reader and Writer (ksba_reader_*, ksba_writer_*)
+
+  Abstraction objects to access memory areas, files or file
+  descriptor.
+

Added: trunk/m4/autobuild.m4
===================================================================
--- trunk/m4/autobuild.m4	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/m4/autobuild.m4	2006-08-30 10:19:14 UTC (rev 252)
@@ -0,0 +1,34 @@
+# autobuild.m4 serial 2 (autobuild-3.3)
+# Copyright (C) 2004 Simon Josefsson
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License.  As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# This file can can be used in projects which are not available under
+# the GNU General Public License or the GNU Library General Public
+# License but which still want to provide support for Autobuild.
+
+# Usage: AB_INIT([MODE]).
+AC_DEFUN([AB_INIT],
+[
+	AC_REQUIRE([AC_CANONICAL_BUILD])
+	AC_REQUIRE([AC_CANONICAL_HOST])
+
+	AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}])
+	AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}])
+	hostname=`hostname`
+	if test "$hostname"; then
+	   AC_MSG_NOTICE([autobuild hostname... $hostname])
+	fi
+	ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
+	date=`date +%Y%m%d-%H%M%S`
+	if test "$?" != 0; then
+	   date=`date`
+	fi
+	if test "$date"; then
+	   AC_MSG_NOTICE([autobuild timestamp... $date])
+	fi
+])

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/src/ChangeLog	2006-08-30 10:19:14 UTC (rev 252)
@@ -1,3 +1,10 @@
+2006-08-30  Werner Koch  <wk@g10code.com>
+
+	* ocsp.c (extract_nonce): New.
+	(ksba_ocsp_parse_response): Set status to replay on bad nonce.
+
+	* util.c (ksba_calloc): Protect against integer overflow.
+
 2006-08-01  Werner Koch  <wk@g10code.com>
 
 	* dn.c (ksba_dn_teststr): Bump nparts to actually allow returning

Modified: trunk/src/cert.c
===================================================================
--- trunk/src/cert.c	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/src/cert.c	2006-08-30 10:19:14 UTC (rev 252)
@@ -456,7 +456,7 @@
  * @cert: certificate object 
  * 
  * This function returnes the serial number of the certificate.  The
- * serial number is an integer returned as an cancnical encoded
+ * serial number is an integer returned as an canonical encoded
  * S-expression with just one element.
  * 
  * Return value: An allocated S-Exp or NULL for no value.

Modified: trunk/src/cms.c
===================================================================
--- trunk/src/cms.c	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/src/cms.c	2006-08-30 10:19:14 UTC (rev 252)
@@ -1170,7 +1170,7 @@
  * @idx: index of recipient info
  * 
  * Return the encrypted value (the session key) of recipient @idx in a
- * format suitable to be used as input to Libgcrypt's verification
+ * format suitable to be used as input to Libgcrypt's decryption
  * function.  The caller must free the returned string.
  * 
  * Return value: NULL or a string with a S-Exp.

Modified: trunk/src/ocsp.c
===================================================================
--- trunk/src/ocsp.c	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/src/ocsp.c	2006-08-30 10:19:14 UTC (rev 252)
@@ -1,5 +1,5 @@
 /* ocsp.c - OCSP (rfc2560)
- *      Copyright (C) 2003, 2004, 2005 g10 Code GmbH
+ *      Copyright (C) 2003, 2004, 2005, 2006 g10 Code GmbH
  *
  * This file is part of KSBA.
  *
@@ -50,7 +50,7 @@
   else
     {
       for (; n; n--, p++)
-        fprintf (stderr, "%02X", *p);
+        fprintf (stderr, " %02X", *p);
     }
 }
 #endif
@@ -421,7 +421,7 @@
     err = ksba_writer_write (w1, buf, buflen);
   xfree (buf); buf = NULL;
   /* We known that the nonce is short enough to put the tag into 2 bytes, thus
-     we write the encasulating octet string directly with a fixed length. */
+     we write the encapsulating octet string directly with a fixed length. */
   if (!err)
     err = _ksba_ber_write_tl (w1, TYPE_OCTET_STRING, CLASS_UNIVERSAL, 0,
                               2+ocsp->noncelen);
@@ -775,6 +775,71 @@
 
 
 
+/* Extract the nonce from the extension sequence.  A typical data
+   ASN.1 blob passed to this function is:
+
+    SEQUENCE {
+      SEQUENCE {
+        OBJECT IDENTIFIER ocspNonce (1 3 6 1 5 5 7 48 1 2)
+        OCTET STRING, encapsulates {
+            INTEGER
+              41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50
+            }
+        }
+      }
+*/
+
+static int
+extract_nonce (ksba_ocsp_t ocsp, const unsigned char *data, size_t datalen)
+{
+  gpg_error_t err;
+  struct tag_info ti;
+  size_t length;
+  char *oid = NULL;
+
+  err = parse_sequence (&data, &datalen, &ti);
+  if (err)
+    goto leave;
+  length = ti.length;
+  while (length)
+    {
+      err = parse_sequence (&data, &datalen, &ti);
+      if (err)
+        goto leave;
+      if (length < ti.nhdr + ti.length)
+        {
+          err = gpg_error (GPG_ERR_BAD_BER);
+          goto leave;
+        }
+      length -= ti.nhdr + ti.length;
+
+      xfree (oid);
+      err = parse_object_id_into_str (&data, &datalen, &oid);
+      if (err)
+        goto leave;
+      err = parse_octet_string (&data, &datalen, &ti);
+      if (err)
+        goto leave;
+      if (!strcmp (oid, oidstr_ocsp_nonce))
+        {
+          err = parse_integer (&data, &datalen, &ti);
+          if (err)
+            goto leave;
+          if (ocsp->noncelen != ti.length
+              || memcmp (ocsp->nonce, data, ti.length))
+            ocsp->bad_nonce = 1;
+          else
+            ocsp->good_nonce = 1;
+        }
+      parse_skip (&data, &datalen, &ti); /* Skip the octet string / integer. */
+    }
+
+ leave:
+  xfree (oid);
+  return err;
+}
+
+
 /* Parse the first part of a response:
 
      OCSPResponse ::= SEQUENCE {
@@ -1209,10 +1274,9 @@
   err = parse_context_tag (data, datalen, &ti, 1);
   if (!err)
     {
-      
-
-
-      /* FIXME: parse responseExtensions. */
+      err = extract_nonce (ocsp, *data, ti.length);
+      if (err)
+        return err;
       parse_skip (data, datalen, &ti);
     }
   else if (gpg_err_code (err) == GPG_ERR_INV_OBJ)
@@ -1359,7 +1423,7 @@
 /* Given the OCSP context and a binary reponse message of MSGLEN bytes
    in MSG, this fucntion parses the response and prepares it for
    signature verification.  The status from the server is returned in
-   RESPONSE_STATUS and must be checked even if the fucntion returns
+   RESPONSE_STATUS and must be checked even if the function returns
    without an error. */
 gpg_error_t
 ksba_ocsp_parse_response (ksba_ocsp_t ocsp,
@@ -1379,6 +1443,8 @@
   release_ocsp_certlist (ocsp->received_certs);
   ocsp->received_certs = NULL;
   ocsp->hash_length = 0;
+  ocsp->bad_nonce = 0;
+  ocsp->good_nonce = 0;
 
   /* Reset the fields used to track the response.  This is so that we
      can use the parse function a second time for the same
@@ -1398,14 +1464,10 @@
   /* FIXME: find duplicates in the request list and set them to the
      same status. */
 
-  if (*response_status == KSBA_OCSP_RSPSTATUS_SUCCESS
-      && ocsp->noncelen)
-    {
-      /* FIXME: Check that there is a received nonce and that it matches. */
-      /* If not status to KSBA_OCSP_RSPSTATUS_REPLAYED */
-    }
+  if (*response_status == KSBA_OCSP_RSPSTATUS_SUCCESS)
+    if (ocsp->bad_nonce || (ocsp->noncelen && !ocsp->good_nonce))
+      *response_status = KSBA_OCSP_RSPSTATUS_REPLAYED;
 
-
   return err;
 }
 

Modified: trunk/src/ocsp.h
===================================================================
--- trunk/src/ocsp.h	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/src/ocsp.h	2006-08-30 10:19:14 UTC (rev 252)
@@ -68,6 +68,8 @@
                                increased, check that the created
                                request will still be valid as we use a
                                hacked implementation. */
+  int bad_nonce;            /* The nonce does not match the request. */
+  int good_nonce;           /* The nonce does match the request. */
 
   unsigned char *request_buffer; /* Internal buffer to build the request. */
   size_t request_buflen;

Modified: trunk/src/util.c
===================================================================
--- trunk/src/util.c	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/src/util.c	2006-08-30 10:19:14 UTC (rev 252)
@@ -24,6 +24,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <errno.h>
 
 #include "util.h"
 
@@ -123,9 +124,19 @@
 void *
 ksba_calloc (size_t n, size_t m )
 {
-  void *p = ksba_malloc (n*m);
+  size_t nbytes;
+  void *p;
+
+  nbytes = n * m;
+  if ( m && nbytes / m != n)
+    {
+      errno = ENOMEM;
+      p = NULL;
+    }
+  else
+    p = ksba_malloc (nbytes);
   if (p)
-    memset (p, 0, n*m);
+    memset (p, 0, nbytes);
   return p;
 }
 

Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/tests/ChangeLog	2006-08-30 10:19:14 UTC (rev 252)
@@ -1,3 +1,7 @@
+2006-08-30  Werner Koch  <wk@g10code.com>
+
+	* t-ocsp.c (one_response): Build the test request with the same nonce.
+
 2006-08-01  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (TESTS): Add t-dnparser.

Modified: trunk/tests/Makefile.am
===================================================================
--- trunk/tests/Makefile.am	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/tests/Makefile.am	2006-08-30 10:19:14 UTC (rev 252)
@@ -27,7 +27,9 @@
 	     samples/authority.crt samples/betsy.crt samples/bull.crt \
              samples/ov-ocsp-server.crt samples/ov-userrev.crt \
              samples/ov-root-ca-cert.crt samples/ov-serverrev.crt \
-	     samples/ov-user.crt samples/ov-server.crt 
+	     samples/ov-user.crt samples/ov-server.crt  \
+             samples/ov2-root-ca-cert.crt samples/ov2-ocsp-server.crt \
+             samples/ov2-user.crt samples/ov2-userrev.crt 
 
 test_crls = samples/ov-test-crl.crl 
 

Modified: trunk/tests/samples/README
===================================================================
--- trunk/tests/samples/README	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/tests/samples/README	2006-08-30 10:19:14 UTC (rev 252)
@@ -30,4 +30,13 @@
 
    The responder adress is http://ocsp.openvalidation.org
 
+Certificates downloaded from  http://www.openvalidation.org/en/test/ca2.html
+on 2006-08-30 and prefixed with "ov2-":
 
+ ov2-root-ca-cert.crt   Root certificate
+ ov2-ocsp-server.crt    The certificate of the OCSP responder
+ ov2-user.crt           User certificate
+ ov2-userrev.crt        A user certificate revoked by OCSP
+
+
+

Added: trunk/tests/samples/ov2-ocsp-server.crt
===================================================================
(Binary files differ)


Property changes on: trunk/tests/samples/ov2-ocsp-server.crt
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Added: trunk/tests/samples/ov2-root-ca-cert.crt
===================================================================
(Binary files differ)


Property changes on: trunk/tests/samples/ov2-root-ca-cert.crt
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Added: trunk/tests/samples/ov2-user.crt
===================================================================
(Binary files differ)


Property changes on: trunk/tests/samples/ov2-user.crt
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Added: trunk/tests/samples/ov2-userrev.crt
===================================================================
(Binary files differ)


Property changes on: trunk/tests/samples/ov2-userrev.crt
___________________________________________________________________
Name: svn:mime-type
   + application/octet-stream

Modified: trunk/tests/t-ocsp.c
===================================================================
--- trunk/tests/t-ocsp.c	2006-08-01 11:00:53 UTC (rev 251)
+++ trunk/tests/t-ocsp.c	2006-08-30 10:19:14 UTC (rev 252)
@@ -173,6 +173,9 @@
   fail_if_err (err);
   ksba_cert_release (issuer_cert);
 
+  if (!no_nonce)
+    ksba_ocsp_set_nonce (ocsp, "ABCDEFGHIJKLMNOP", 16);
+
   err = ksba_ocsp_build_request (ocsp, &request, &requestlen);
   fail_if_err (err);
   xfree (request);
@@ -192,7 +195,7 @@
     case KSBA_OCSP_RSPSTATUS_INTERNAL:     t = "internal error"; break;  
     case KSBA_OCSP_RSPSTATUS_TRYLATER:     t = "try later"; break;      
     case KSBA_OCSP_RSPSTATUS_SIGREQUIRED:  t = "must sign request"; break;  
-    case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unautorized"; break;  
+    case KSBA_OCSP_RSPSTATUS_UNAUTHORIZED: t = "unauthorized"; break;  
     case KSBA_OCSP_RSPSTATUS_REPLAYED:     t = "replay detected"; break;  
     case KSBA_OCSP_RSPSTATUS_OTHER:        t = "other (unknown)"; break;  
     case KSBA_OCSP_RSPSTATUS_NONE:         t = "no status"; break;
@@ -275,9 +278,30 @@
 
 
 
-/* ( printf "POST / HTTP/1.0\r\nContent-Type: application/ocsp-request\r\nContent-Length: `wc -c <a.req | tr -d ' '`\r\n\r\n"; cat a.req ) |  nc -v ocsp.openvalidation.org 8088   | sed '1,/^\r$/d' >a.rsp  */
+/* ( printf "POST / HTTP/1.0\r\nContent-Type: application/ocsp-request\r\nContent-Length: `wc -c <a.req | tr -d ' '`\r\n\r\n"; cat a.req ) |  nc -v ocsp.openvalidation.org 8088   | sed '1,/^\r$/d' >a.rsp 
 
+    Openvalidation test reponders:
 
+    Port: 80  	Standard  configuration. OCSP Responder will accept
+                all proper requests and send a signed response.
+    Port: 8080 	Response does not contain any attached certificates.
+                Client must accept this response
+    Port: 8081 	Never replies nonce. Insecure but standard conform mode.
+                Client application should warn in case of replay-attacks.
+    Port: 8082 	The OCSP Responder will sign the response with randomized
+                bytecode. Client should NOT accept this response.
+    Port: 8083 	OCSP response will always be revoked.
+    Port: 8084 	OCSP response will always be unknown.
+    Port: 8085 	OCSP response will always be malformed.
+    Port: 8086 	OCSP response will always be internal error.
+    Port: 8087 	OCSP response will always be try later.
+    Port: 8088 	OCSP response will always be signature required.
+    Port: 8089 	OCSP response will always be unauth.
+    Port: 8090 	Standard configuration with full Debuglogs. Access the
+                logs at http://www.openvalidation.org/en/test/logs.html
+
+*/
+
 int 
 main (int argc, char **argv)
 {


From cvs at cvs.gnupg.org  Wed Aug 30 17:57:17 2006
From: cvs at cvs.gnupg.org (svn author marcus)
Date: Wed Aug 30 17:14:00 2006
Subject: [svn] GnuPG -  r4232 - trunk/scd
Message-ID: <E1GIRlE-00054F-6X@trithemius.gnupg.org>

Author: marcus
Date: 2006-08-30 17:57:17 +0200 (Wed, 30 Aug 2006)
New Revision: 4232

Modified:
   trunk/scd/ChangeLog
   trunk/scd/command.c
Log:
2006-08-30  Marcus Brinkmann  <marcus@g10code.de>

	* command.c (do_reset): Delay resetting CTRL->reader_slot until
	after update_card_removed invocation.


Modified: trunk/scd/ChangeLog
===================================================================
--- trunk/scd/ChangeLog	2006-08-29 18:29:30 UTC (rev 4231)
+++ trunk/scd/ChangeLog	2006-08-30 15:57:17 UTC (rev 4232)
@@ -1,3 +1,8 @@
+2006-08-30  Marcus Brinkmann  <marcus@g10code.de>
+
+	* command.c (do_reset): Delay resetting CTRL->reader_slot until
+	after update_card_removed invocation.
+
 2006-08-28  Marcus Brinkmann  <marcus@g10code.de>
 
 	* app-openpgp.c (do_decipher, do_sign): Allow "OPENPGP.2"

Modified: trunk/scd/command.c
===================================================================
--- trunk/scd/command.c	2006-08-29 18:29:30 UTC (rev 4231)
+++ trunk/scd/command.c	2006-08-30 15:57:17 UTC (rev 4232)
@@ -212,7 +212,6 @@
           slot_table[slot].reset_failed = 1;
         }
     }
-  ctrl->reader_slot = -1;
 
   /* If we hold a lock, unlock now. */
   if (locked_session && ctrl->server_local == locked_session)
@@ -229,12 +228,16 @@
   if (!pth_mutex_acquire (&status_file_update_lock, 0, NULL))
     {
       log_error ("failed to acquire status_fle_update lock\n");
+      ctrl->reader_slot = -1;
       return;
     }
   update_reader_status_file ();
   update_card_removed (slot, 0);
   if (!pth_mutex_release (&status_file_update_lock))
     log_error ("failed to release status_file_update lock\n");
+
+  /* Do this last, so that update_card_removed does its job.  */
+  ctrl->reader_slot = -1;
 }
 
 


From cvs at cvs.gnupg.org  Wed Aug 30 22:39:53 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed Aug 30 21:56:31 2006
Subject: [svn] ksba - r253 - in trunk: . src tests
Message-ID: <E1GIWAi-0000X7-K4@trithemius.gnupg.org>

Author: wk
Date: 2006-08-30 22:39:53 +0200 (Wed, 30 Aug 2006)
New Revision: 253

Modified:
   trunk/NEWS
   trunk/TODO
   trunk/src/ChangeLog
   trunk/src/ksba.h
   trunk/src/libksba.vers
   trunk/src/ocsp.c
   trunk/tests/t-ocsp.c
Log:
More OCSP fixes and one new API


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/NEWS	2006-08-30 20:39:53 UTC (rev 253)
@@ -1,9 +1,15 @@
 Noteworthy changes in version 0.9.17
 -------------------------------------------------
 
- * OCSP nonces are now checked to detact replay attacks.
+ * OCSP nonces are now checked to detect replay attacks.
 
+ * OCSP extensions may no be retrieved.
 
+ * Interface changes relative to the 0.9.16 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ksba_ocsp_get_extension        NEW
+
+
 Noteworthy changes in version 0.9.16 (2006-08-01)
 -------------------------------------------------
 

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/TODO	2006-08-30 20:39:53 UTC (rev 253)
@@ -51,3 +51,4 @@
 ** The ASN.1 parse tree is not released in all places
 ** Some memory is not released in case of errors.
 
+* Implement ksba_ocsp_get_extension!!!!

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/ChangeLog	2006-08-30 20:39:53 UTC (rev 253)
@@ -2,6 +2,8 @@
 
 	* ocsp.c (extract_nonce): New.
 	(ksba_ocsp_parse_response): Set status to replay on bad nonce.
+	(ksba_ocsp_get_extension): New.
+	(parse_response): Fixed storing of received_certs.
 
 	* util.c (ksba_calloc): Protect against integer overflow.
 

Modified: trunk/src/ksba.h
===================================================================
--- trunk/src/ksba.h	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/ksba.h	2006-08-30 20:39:53 UTC (rev 253)
@@ -399,9 +399,12 @@
                                   ksba_isotime_t r_next_update,
                                   ksba_isotime_t r_revocation_time,
                                   ksba_crl_reason_t *r_reason);
+gpg_error_t ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert,
+                                     int idx,
+                                     char const **r_oid, int *r_crit,
+                                     size_t *r_deroff, size_t *r_derlen);
 
 
-
 /*-- certreq.c --*/
 gpg_error_t ksba_certreq_new (ksba_certreq_t *r_cr);
 void        ksba_certreq_release (ksba_certreq_t cr);

Modified: trunk/src/libksba.vers
===================================================================
--- trunk/src/libksba.vers	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/libksba.vers	2006-08-30 20:39:53 UTC (rev 253)
@@ -77,7 +77,7 @@
     ksba_ocsp_get_status; ksba_ocsp_hash_request; ksba_ocsp_hash_response;
     ksba_ocsp_new; ksba_ocsp_parse_response; ksba_ocsp_prepare_request;
     ksba_ocsp_release; ksba_ocsp_set_digest_algo; ksba_ocsp_set_nonce;
-    ksba_ocsp_set_requestor; ksba_ocsp_set_sig_val;
+    ksba_ocsp_set_requestor; ksba_ocsp_set_sig_val; ksba_ocsp_get_extension;
 
     ksba_oid_from_str; ksba_oid_to_str;
 

Modified: trunk/src/ocsp.c
===================================================================
--- trunk/src/ocsp.c	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/src/ocsp.c	2006-08-30 20:39:53 UTC (rev 253)
@@ -1412,7 +1412,7 @@
         cl->cert = cert;
 
         *cl_tail = cl;
-        cl_tail = &ocsp->received_certs;
+        cl_tail = &cl->next;
       }
   }
 
@@ -1607,7 +1607,7 @@
   /* Find the certificate.  We don't care about the issuer certificate
      and stop at the first match.  The implementation may be optimized
      by keeping track of the last certificate found to start with the
-     next one the.  Given that a usual request consiost only of a few
+     next one then.  Given that a usual request consists only of a few
      certificates, this does not make much sense in reality. */
   for (ri=ocsp->requestlist; ri; ri = ri->next)
     if (ri->cert == cert)
@@ -1626,3 +1626,42 @@
     *r_reason = ri->revocation_reason;
   return 0;
 }
+
+
+gpg_error_t
+ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert, int idx,
+                         char const **r_oid, int *r_crit,
+                         size_t *r_deroff, size_t *r_derlen)
+{
+  gpg_error_t err;
+
+  if (!ocsp)
+    return gpg_error (GPG_ERR_INV_VALUE);
+  if (!ocsp->requestlist)
+    return gpg_error (GPG_ERR_MISSING_ACTION);
+
+  if (cert)
+    {
+      /* Return extensions for the certificate (singleExtensions).  */
+/*       for (ri=ocsp->requestlist; ri; ri = ri->next) */
+/*         if (ri->cert == cert) */
+/*           break; */
+/*       if (!ri) */
+/*         return gpg_error (GPG_ERR_NOT_FOUND); */
+
+
+    }
+  else
+    {
+      /* Return extensions for the response (responseExtensions).  */
+
+
+
+    }
+
+  return gpg_error (GPG_ERR_EOF); 
+
+/*   if (idx < 0 || idx >= cert->cache.n_extns) */
+/*     return gpg_error (GPG_ERR_INV_INDEX); */
+}
+

Modified: trunk/tests/t-ocsp.c
===================================================================
--- trunk/tests/t-ocsp.c	2006-08-30 10:19:14 UTC (rev 252)
+++ trunk/tests/t-ocsp.c	2006-08-30 20:39:53 UTC (rev 253)
@@ -203,7 +203,8 @@
     }
   printf ("response status ..: %s\n", t);
 
-  if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS)
+  if (response_status == KSBA_OCSP_RSPSTATUS_SUCCESS
+      || response_status == KSBA_OCSP_RSPSTATUS_REPLAYED)
     {
       ksba_status_t status;
       ksba_crl_reason_t reason;
@@ -216,7 +217,9 @@
       printf ("\nproduced at ......: ");
       print_time (produced_at);
       putchar ('\n');
+      
 
+
       err = ksba_ocsp_get_status (ocsp, cert,
                                   &status, this_update, next_update,
                                   revocation_time, &reason);
@@ -252,6 +255,15 @@
       printf ("\nnext update ......: ");
       print_time (next_update);
       putchar ('\n');
+      {
+        int cert_idx;
+        ksba_cert_t acert;
+
+        for (cert_idx=0; (acert = ksba_ocsp_get_cert (ocsp, cert_idx));
+             cert_idx++)
+          ksba_cert_release (acert);
+        printf ("extra certificates: %d\n", cert_idx );
+      }
     }
   
 


From cvs at cvs.gnupg.org  Wed Aug 30 22:40:17 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Wed Aug 30 21:56:51 2006
Subject: [svn] dirmngr - r230 - in trunk: . doc m4 po src
Message-ID: <E1GIWB3-0000Y0-NA@trithemius.gnupg.org>

Author: wk
Date: 2006-08-30 22:40:15 +0200 (Wed, 30 Aug 2006)
New Revision: 230

Added:
   trunk/m4/autobuild.m4
Modified:
   trunk/NEWS
   trunk/TODO
   trunk/configure.ac
   trunk/doc/dirmngr.texi
   trunk/m4/Makefile.am
   trunk/po/de.po
   trunk/po/dirmngr.pot
   trunk/src/ChangeLog
   trunk/src/certcache.c
   trunk/src/certcache.h
   trunk/src/dirmngr.c
   trunk/src/dirmngr.h
   trunk/src/ocsp.c
   trunk/src/ocsp.h
   trunk/src/server.c
   trunk/src/validate.c
Log:
Fixes for OCSP


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/NEWS	2006-08-30 20:40:15 UTC (rev 230)
@@ -1,3 +1,9 @@
+Noteworthy changes in version 0.9.6
+------------------------------------------------
+
+ * A couple of bug fixes for OCSP.
+
+
 Noteworthy changes in version 0.9.5 (2006-06-27)
 ------------------------------------------------
 

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/TODO	2006-08-30 20:40:15 UTC (rev 230)
@@ -22,5 +22,11 @@
   certificates. Requested by Neil Dunbar.  I have added some code
   fragments to ldap.c but it needs to be finished.
 
+* Various problems with German SigG certs
+  We need to implement the chain-validation-model and come up with a
+  way to verify the intermediate certificates.  Tehre are no CRLs
+  available and using OCSP with the same responder is point less.
+  Needs more investigation.
 
 
+

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/configure.ac	2006-08-30 20:40:15 UTC (rev 230)
@@ -23,16 +23,16 @@
 AC_PREREQ(2.59)
 min_automake_version="1.9.3"
 
-AC_INIT(dirmngr, 0.9.5, gpa-dev@gnupg.org)
+AC_INIT(dirmngr, 0.9.6-cvs, gpa-dev@gnupg.org)
 
-NEED_GPG_ERROR_VERSION=0.7
+NEED_GPG_ERROR_VERSION=1.0
 
 NEED_LIBGCRYPT_API=1
-NEED_LIBGCRYPT_VERSION=1.1.94
+NEED_LIBGCRYPT_VERSION=1.2.0
 
 NEED_LIBASSUAN_VERSION=0.6.8
 
-NEED_KSBA_VERSION=0.9.13
+NEED_KSBA_VERSION=0.9.16
 
 
 PACKAGE=$PACKAGE_NAME
@@ -41,6 +41,7 @@
 AC_CONFIG_SRCDIR(src/dirmngr.c)
 AM_CONFIG_HEADER(config.h)
 AM_INIT_AUTOMAKE($PACKAGE, $VERSION)
+AB_INIT
 
 AC_GNU_SOURCE
 

Modified: trunk/doc/dirmngr.texi
===================================================================
--- trunk/doc/dirmngr.texi	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/doc/dirmngr.texi	2006-08-30 20:40:15 UTC (rev 230)
@@ -157,6 +157,10 @@
 when given a SIGHUP.  Certificates which are not readable or do not make
 up a proper X.509 certificate are ignored; see the log file for details.
 
+Note that for OCSP responses the certificate specified using the option
+@option{--ocsp-signer} is always considered valid to sign OCSP requests.
+
+
 @item /var/lib/dirmngr/extra-certs
 This directory may contain extra certificates which are preloaded into
 the interal cache on startup.  This is convenient in cases you have a
@@ -471,9 +475,22 @@
 @opindex ocsp-signer
 Use the certificate with the fingerprint @var{fpr} to check the
 responses of the default OCSP Responder. Dirmngr will retrieve this
-certificate from the current client.
+certificate from the current client.  
 
+If a response has been signed by this certificate no further check upon
+the validity of this certificate is done!
 
+@item --ocsp-max-clock-skew @var{n}
+@opindex ocsp-max-clock-skew
+The number of seconds a skew between the OCSP respinder and them local
+clock is accepted.  Default is 600 (20 minutes).
+
+@item --ocsp-current-period @var{n}
+@opindex ocsp-current-period
+The number of seconds an OCSP reponse is valid after the time given in
+the NEXT_UPDATE datum.  Default is 10800 (3 hours).
+
+
 @item --max-replies @var{n}
 @opindex max-replies
 Do not return more that @var{n} items in one query.  The default is

Modified: trunk/m4/Makefile.am
===================================================================
--- trunk/m4/Makefile.am	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/m4/Makefile.am	2006-08-30 20:40:15 UTC (rev 230)
@@ -1,2 +1,10 @@
 
-EXTRA_DIST = codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 intmax.m4 inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 longdouble.m4 longlong.m4 nls.m4 po.m4 printf-posix.m4 progtest.m4 signed.m4 size_max.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 wchar_t.m4 wint_t.m4 xsize.m4  gpg-error.m4 ksba.m4 libassuan.m4 libgcrypt.m4
+EXTRA_DIST = codeset.m4 gettext.m4 glibc21.m4 iconv.m4 intdiv0.m4 intmax.m4 \
+             inttypes.m4 inttypes_h.m4 inttypes-pri.m4 isc-posix.m4 \
+             lcmessage.m4 lib-ld.m4 lib-link.m4 lib-prefix.m4 longdouble.m4 \
+	     longlong.m4 nls.m4 po.m4 printf-posix.m4 progtest.m4 signed.m4 \
+	     size_max.m4 stdint_h.m4 uintmax_t.m4 ulonglong.m4 \
+             wchar_t.m4 wint_t.m4 xsize.m4
+
+EXTRA_DIST += autobuild.m4
+EXTRA_DIST += gpg-error.m4 ksba.m4 libassuan.m4 libgcrypt.m4

Added: trunk/m4/autobuild.m4
===================================================================
--- trunk/m4/autobuild.m4	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/m4/autobuild.m4	2006-08-30 20:40:15 UTC (rev 230)
@@ -0,0 +1,34 @@
+# autobuild.m4 serial 2 (autobuild-3.3)
+# Copyright (C) 2004 Simon Josefsson
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License.  As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# This file can can be used in projects which are not available under
+# the GNU General Public License or the GNU Library General Public
+# License but which still want to provide support for Autobuild.
+
+# Usage: AB_INIT([MODE]).
+AC_DEFUN([AB_INIT],
+[
+	AC_REQUIRE([AC_CANONICAL_BUILD])
+	AC_REQUIRE([AC_CANONICAL_HOST])
+
+	AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}])
+	AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}])
+	hostname=`hostname`
+	if test "$hostname"; then
+	   AC_MSG_NOTICE([autobuild hostname... $hostname])
+	fi
+	ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
+	date=`date +%Y%m%d-%H%M%S`
+	if test "$?" != 0; then
+	   date=`date`
+	fi
+	if test "$date"; then
+	   AC_MSG_NOTICE([autobuild timestamp... $date])
+	fi
+])

Modified: trunk/po/de.po
===================================================================
--- trunk/po/de.po	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/po/de.po	2006-08-30 20:40:15 UTC (rev 230)
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: dirmngr 0.9.2\n"
 "Report-Msgid-Bugs-To: gpa-dev@gnupg.org\n"
-"POT-Creation-Date: 2006-05-16 11:53+0200\n"
+"POT-Creation-Date: 2006-06-27 12:32+0200\n"
 "PO-Revision-Date: 2005-11-02 08:26+0100\n"
 "Last-Translator: Werner Koch <wk@g10code.com>\n"
 "Language-Team: de\n"
@@ -49,7 +49,7 @@
 msgid "can't access directory `%s': %s\n"
 msgstr "Fehler beim Zugriff auf das Verzeichnis `%s': %s\n"
 
-#: src/certcache.c:335 src/crlcache.c:2227 src/ldap.c:631
+#: src/certcache.c:335 src/crlcache.c:2150 src/ldap.c:631
 #, c-format
 msgid "can't open `%s': %s\n"
 msgstr "`%s' kann nicht ge?ffnet werden: %s\n"
@@ -64,290 +64,299 @@
 msgid "can't parse certificate `%s': %s\n"
 msgstr "Zertifikat `%s' kann nicht zerlegt werden: %s\n"
 
-#: src/certcache.c:366
+#: src/certcache.c:365
 #, c-format
 msgid "certificate `%s' already cached\n"
 msgstr "Zertifikat `%s' ist bereits im Zwischenspeicher\n"
 
 #: src/certcache.c:369
+#, fuzzy, c-format
+msgid "trusted certificate `%s' loaded\n"
+msgstr "Zertifikat `%s' wurde geladen\n"
+
+#: src/certcache.c:371
 #, c-format
 msgid "certificate `%s' loaded\n"
 msgstr "Zertifikat `%s' wurde geladen\n"
 
-#: src/certcache.c:373
-#, c-format
-msgid "SHA1 fingerprint = %s\n"
+#: src/certcache.c:375
+#, fuzzy, c-format
+msgid "  SHA1 fingerprint = %s\n"
 msgstr "SHA1 Fingerabdruck=%s\n"
 
 #: src/certcache.c:378
+msgid "  name ="
+msgstr ""
+
+#: src/certcache.c:382
 #, c-format
 msgid "error loading certificate `%s': %s\n"
 msgstr "Fehler beim Laden des Zertifikats `%s': %s\n"
 
-#: src/certcache.c:452
+#: src/certcache.c:457
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr "   dauerhaft geladene Zertifikate: %u\n"
 
-#: src/certcache.c:454
+#: src/certcache.c:459
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr "zur Laufzeit zwischengespeicherte Zertifikate: %u\n"
 
-#: src/certcache.c:469 src/dirmngr-client.c:365
+#: src/certcache.c:474 src/dirmngr-client.c:365
 msgid "certificate already cached\n"
 msgstr "Zertifikat ist bereits im Zwischenspeicher\n"
 
-#: src/certcache.c:471
+#: src/certcache.c:476
 msgid "certificate cached\n"
 msgstr "Zertifikat wurde zwischengespeichert\n"
 
-#: src/certcache.c:473 src/dirmngr-client.c:369
+#: src/certcache.c:478 src/dirmngr-client.c:369
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr "Fehler beim Zwischenspeichern des Zertifikats: %s\n"
 
-#: src/certcache.c:538
+#: src/certcache.c:543
 #, c-format
 msgid "invalid SHA1 fingerprint string `%s'\n"
 msgstr "ung?ltiger SHA1 Fingerabdruck `%s'\n"
 
-#: src/certcache.c:681 src/certcache.c:690
+#: src/certcache.c:690 src/certcache.c:699
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr "Fehler beim Holen des Zertifikats mittels Seriennummer: %s\n"
 
-#: src/certcache.c:786 src/certcache.c:795
+#: src/certcache.c:820 src/certcache.c:829
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr "Fehler beim Holen des Zertifikats mittels Subject: %s\n"
 
-#: src/certcache.c:896 src/validate.c:312
+#: src/certcache.c:932 src/validate.c:354
 msgid "no issuer found in certificate\n"
 msgstr "Im Zertifikat ist kein Herausgeber enthalten\n"
 
-#: src/certcache.c:906
+#: src/certcache.c:942
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr "Fehler beim Holen des \"authorityKeyIdentifier\": %s\n"
 
-#: src/crlcache.c:201
+#: src/crlcache.c:200
 #, c-format
 msgid "creating directory `%s'\n"
 msgstr "Das Verzeichnis `%s' wird erzeugt\n"
 
-#: src/crlcache.c:205
+#: src/crlcache.c:204
 #, c-format
 msgid "error creating directory `%s': %s\n"
 msgstr "Fehler beim Erzeugen des Verzeichnis '%s': %s\n"
 
-#: src/crlcache.c:233
+#: src/crlcache.c:232
 #, c-format
 msgid "ignoring database dir `%s'\n"
 msgstr "Das DB-Verzeichnis `%s' wird ignoriert\n"
 
-#: src/crlcache.c:242
+#: src/crlcache.c:241
 #, c-format
 msgid "error reading directory `%s': %s\n"
 msgstr "Fehler beim Lesen des Verzeichnis `%s': %s\n"
 
-#: src/crlcache.c:263
+#: src/crlcache.c:262
 #, c-format
 msgid "removing cache file `%s'\n"
 msgstr "Die Zwischenspeicherdatei `%s' wird entfernt\n"
 
-#: src/crlcache.c:272
+#: src/crlcache.c:271
 #, c-format
 msgid "not removing file `%s'\n"
 msgstr "Die Datei `%s' wird nicht gel?scht\n"
 
-#: src/crlcache.c:341 src/crlcache.c:986
+#: src/crlcache.c:340 src/crlcache.c:997
 #, c-format
 msgid "error closing cache file: %s\n"
 msgstr "Fehler beim Schlie?en der Zwischenspeicherdatei: %s\n"
 
-#: src/crlcache.c:378 src/crlcache.c:702
+#: src/crlcache.c:377 src/crlcache.c:701
 #, c-format
 msgid "failed to open cache dir file `%s': %s\n"
 msgstr ""
 "Die Zwischenspeicherverzeichnisdatei `%s' konnte nicht ge?ffnet werden: %s\n"
 
-#: src/crlcache.c:388
+#: src/crlcache.c:387
 #, c-format
 msgid "error creating new cache dir file `%s': %s\n"
 msgstr ""
 "Fehler beim Erzeugen der neuen Zwischenspeicherverzeichnisdatei `%s': %s\n"
 
-#: src/crlcache.c:395
+#: src/crlcache.c:394
 #, c-format
 msgid "error writing new cache dir file `%s': %s\n"
 msgstr ""
 "Fehler beim Schreiben der neuen Zwischenspeicherverzeichnisdatei `%s': %s\n"
 
-#: src/crlcache.c:402
+#: src/crlcache.c:401
 #, c-format
 msgid "error closing new cache dir file `%s': %s\n"
 msgstr ""
 "Fehler beim Schlie?en der neuen Zwischenspeicherverzeichnisdatei `%s': %s\n"
 
-#: src/crlcache.c:407
+#: src/crlcache.c:406
 #, c-format
 msgid "new cache dir file `%s' created\n"
 msgstr "Neue Zwischenspeicherverzeichnisdatei `%s' wurde erzeugt\n"
 
-#: src/crlcache.c:412
+#: src/crlcache.c:411
 #, c-format
 msgid "failed to re-open cache dir file `%s': %s\n"
 msgstr ""
 "Fehler beim Wieder?ffnen der Zwischenspeicherverzeichnisdatei `%s': %s\n"
 
-#: src/crlcache.c:439
+#: src/crlcache.c:438
 #, c-format
 msgid "first record of `%s' is not the version\n"
 msgstr "Der erste Datensatz von `%s' enth?lt nicht die Version\n"
 
-#: src/crlcache.c:450
+#: src/crlcache.c:449
 msgid "old version of cache directory - cleaning up\n"
 msgstr "Alte Version des Zwischenspeicherverzeichnisses - r?ume auf\n"
 
-#: src/crlcache.c:466
+#: src/crlcache.c:465
 msgid "old version of cache directory - giving up\n"
 msgstr "Alte Version des Zwischenspeicherverzeichnisses - gebe auf\n"
 
-#: src/crlcache.c:554
+#: src/crlcache.c:553
 #, c-format
 msgid "extra field detected in crl record of `%s' line %u\n"
 msgstr "Weiteres Feld im CRL Datensatz von `%s', Zeile %u festgestellt\n"
 
-#: src/crlcache.c:566
+#: src/crlcache.c:565
 #, c-format
 msgid "unsupported record type in `%s' line %u skipped\n"
 msgstr "Nicht unterst?tzter Datensatztyp in `%s', Zeile %u ?bergangen\n"
 
-#: src/crlcache.c:574 src/crlcache.c:803 src/dirmngr.c:1221
+#: src/crlcache.c:573 src/crlcache.c:802 src/dirmngr.c:1221
 #, c-format
 msgid "error reading `%s': %s\n"
 msgstr "Fehler beim Lesen von `%s': %s\n"
 
-#: src/crlcache.c:586
+#: src/crlcache.c:585
 #, c-format
 msgid "invalid issuer hash in `%s' line %u\n"
 msgstr "Ung?ltiger Issuer Hashwert in `%s', Zeile %u\n"
 
-#: src/crlcache.c:592
+#: src/crlcache.c:591
 #, c-format
 msgid "no issuer DN in `%s' line %u\n"
 msgstr "Kein Issuer DN in `%s', Zeile %u\n"
 
-#: src/crlcache.c:599
+#: src/crlcache.c:598
 #, c-format
 msgid "invalid timestamp in `%s' line %u\n"
 msgstr "Ung?ltiger Zeitstempel in `%s', Zeile %u\n"
 
-#: src/crlcache.c:605
+#: src/crlcache.c:604
 #, c-format
 msgid "WARNING: invalid cache file hash in `%s' line %u\n"
 msgstr "WARNUNG: Ung?ltiger Zwischenspeicherdatei Hashwert in `%s', Zeile %u\n"
 
-#: src/crlcache.c:611
+#: src/crlcache.c:610
 msgid "detected errors in cache dir file\n"
 msgstr "Id der Zwischenspeicherverzeichnisdatei wurden Fehler erkannt\n"
 
-#: src/crlcache.c:612
+#: src/crlcache.c:611
 msgid "please check the reason and manually delete that file\n"
 msgstr ""
 "Bitte ermitteln sie die Ursache und l?schen sie die Datei dann manuell\n"
 
-#: src/crlcache.c:735
+#: src/crlcache.c:734
 #, c-format
 msgid "failed to create temporary cache dir file `%s': %s\n"
 msgstr ""
 "Die tempor?re Zwischenspeicherverzeichnisdatei `%s' konnte nicht erzeugt "
 "werden: %s\n"
 
-#: src/crlcache.c:808
+#: src/crlcache.c:807
 #, c-format
 msgid "error writing `%s': %s\n"
 msgstr "Fehler beim Schreiben auf `%s': %s\n"
 
-#: src/crlcache.c:819
+#: src/crlcache.c:818
 #, c-format
 msgid "error closing `%s': %s\n"
 msgstr "Fehler beim Schlie?en von `%s': %s\n"
 
-#: src/crlcache.c:827
+#: src/crlcache.c:826
 #, c-format
 msgid "error renaming `%s' to `%s': %s\n"
 msgstr "Fehler beim Umbenennen von `%s` nach `%s': %s\n"
 
-#: src/crlcache.c:882
+#: src/crlcache.c:881
 #, c-format
 msgid "can't hash `%s': %s\n"
 msgstr "Hashwert von `%s' kann nicht gebildet werden: %s\n"
 
-#: src/crlcache.c:890
+#: src/crlcache.c:889
 #, c-format
 msgid "error setting up MD5 hash context: %s\n"
 msgstr "Fehler beim Vorbereiten des MD5 Hashkontext: %s\n"
 
-#: src/crlcache.c:906
+#: src/crlcache.c:905
 #, c-format
 msgid "error hashing `%s': %s\n"
 msgstr "Fehler beim Hashen von `%s': %s\n"
 
-#: src/crlcache.c:934
+#: src/crlcache.c:933
 #, c-format
 msgid "invalid formatted checksum for `%s'\n"
 msgstr "Ung?ltig formatierte Pr?fsumme f?r `%s'\n"
 
-#: src/crlcache.c:977
+#: src/crlcache.c:986
 msgid "too many open cache files; can't open anymore\n"
 msgstr ""
 "Zu viele ge?ffnete Zwischenspeicherdateien; weitere kann nicht ge?ffnet "
 "werden\n"
 
-#: src/crlcache.c:994
+#: src/crlcache.c:1004
 #, c-format
 msgid "opening cache file `%s'\n"
 msgstr "Die Zwischenspeicherdatei `%s' wird ge?ffnet\n"
 
-#: src/crlcache.c:1013
+#: src/crlcache.c:1023
 #, c-format
 msgid "error opening cache file `%s': %s\n"
 msgstr "Fehler beim ?ffnen der Zwischenspeicherdatei `%s': %s\n"
 
-#: src/crlcache.c:1022
+#: src/crlcache.c:1032
 #, c-format
 msgid "error initializing cache file `%s' for reading: %s\n"
 msgstr ""
 "Fehler beim Initialisieren der Zwischenspeicherdatei `%s' zum Lesen: %s\n"
 
-#: src/crlcache.c:1044
+#: src/crlcache.c:1053
 msgid "calling unlock_db_file on a closed file\n"
 msgstr "unlock_db_file wird f?r eine geschlossene Datei aufgerufen\n"
 
-#: src/crlcache.c:1046
+#: src/crlcache.c:1055
 msgid "calling unlock_db_file on an unlocked file\n"
 msgstr "unlock_db_file wird f?r eine nicht gesperrte Datei aufgerufen\n"
 
-#: src/crlcache.c:1100
+#: src/crlcache.c:1109
 #, c-format
 msgid "failed to create a new cache object: %s\n"
 msgstr "Ein neues Zwischenspeicherobjekt konnte nicht erzeugt werden: %s\n"
 
-#: src/crlcache.c:1153
+#: src/crlcache.c:1162
 #, c-format
 msgid "no CRL available for issuer id %s\n"
 msgstr "Es ist keine CRL f?r den Issuer mit der ID %s vorhanden\n"
 
-#: src/crlcache.c:1160
+#: src/crlcache.c:1169
 #, c-format
 msgid "cached CRL for issuer id %s too old; update required\n"
 msgstr ""
 "Die zwischengespeicherte CRL f?r den Issuer mit der ID %s ist zu alt; ein "
 "Update wird ben?tigt\n"
 
-#: src/crlcache.c:1174
+#: src/crlcache.c:1183
 #, c-format
 msgid ""
 "force-crl-refresh active and %d minutes passed for issuer id %s; update "
@@ -356,205 +365,195 @@
 "\"force-crl-refresh\" ist aktiviert und %d Minuten f?r den Issuer mit Id %s "
 "sind vorbei; Update wird ben?tigt\n"
 
-#: src/crlcache.c:1182
+#: src/crlcache.c:1191
 #, c-format
 msgid "force-crl-refresh active for issuer id %s; update required\n"
 msgstr ""
 "\"force-crl-refresh\" ist f?r den Issuer mit der Id %s aktiviert; Update "
 "wird ben?tigt\n"
 
-#: src/crlcache.c:1191
+#: src/crlcache.c:1200
 #, c-format
 msgid "available CRL for issuer ID %s can't be used\n"
 msgstr ""
 "Die vorhandene CRL f?r den Issuer mit der ID %s kann nicht benutzt werden\n"
 
-#: src/crlcache.c:1202
+#: src/crlcache.c:1211
 #, c-format
 msgid "cached CRL for issuer id %s tampered; we need to update\n"
 msgstr ""
 "Die zwischengespeicherte CRL f?r den Issuer mit der ID %s wurde ver?ndert; "
 "eine Update wird ben?tigt\n"
 
-#: src/crlcache.c:1214
+#: src/crlcache.c:1223
 msgid "WARNING: invalid cache record length for S/N "
 msgstr "WARNUNG: Ung?ltige L?nge des Zwischenspeicherdateisatzes f?r S/N "
 
-#: src/crlcache.c:1223
+#: src/crlcache.c:1232
 #, c-format
 msgid "problem reading cache record for S/N %s: %s\n"
 msgstr "Problem beim Lesen des Zwischenspeicherdatensatzes f?r S/N %s: %s\n"
 
-#: src/crlcache.c:1226
+#: src/crlcache.c:1235
 #, c-format
 msgid "S/N %s is not valid; reason=%02X  date=%.15s\n"
 msgstr "S/N %s ist nicht g?ltig; Grund=%02X  Datum=%.15s\n"
 
-#: src/crlcache.c:1237
+#: src/crlcache.c:1246
 #, c-format
 msgid "S/N %s is valid, it is not listed in the CRL\n"
 msgstr "S/N %s ist g?ltig; sie ist nicht in der CRL enthalten\n"
 
-#: src/crlcache.c:1245
+#: src/crlcache.c:1254
 #, c-format
 msgid "error getting data from cache file: %s\n"
 msgstr "Fehler beim Holen der Daten aus der Zwischenspeicherdatei: %s\n"
 
-#: src/crlcache.c:1397
+#: src/crlcache.c:1390 src/validate.c:749
 #, c-format
-msgid "error fetching certificate for CRL issuer: %s\n"
-msgstr "Fehler beim Holen des Zertifikats f?r den CRL Herausgeber: %s\n"
-
-#: src/crlcache.c:1404
-#, c-format
-msgid "invalid CRL issuer certificate: %s\n"
-msgstr "Ung?ltiges CRL-Herausgeber-Zertifikat: %s\n"
-
-#: src/crlcache.c:1467 src/validate.c:669
-#, c-format
 msgid "unknown hash algorithm `%s'\n"
 msgstr "Ung?ltige Hashmethode `%s'\n"
 
-#: src/crlcache.c:1474
+#: src/crlcache.c:1397
 #, c-format
 msgid "gcry_md_open for algorithm %d failed: %s\n"
 msgstr "gcry_md_open f?r Methode %d fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1510 src/crlcache.c:1529
+#: src/crlcache.c:1433 src/crlcache.c:1452
 msgid "got an invalid S-expression from libksba\n"
 msgstr "Ung?ltige S-Expression von Libksba erhalten\n"
 
-#: src/crlcache.c:1517 src/crlcache.c:1536 src/misc.c:432
+#: src/crlcache.c:1440 src/crlcache.c:1459 src/misc.c:432
 #, c-format
 msgid "converting S-expression failed: %s\n"
 msgstr "Konvertierung der S-Expression fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1551 src/ocsp.c:343
+#: src/crlcache.c:1474 src/ocsp.c:343
 #, c-format
 msgid "creating S-expression failed: %s\n"
 msgstr "Erzeugen der S-Expression fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1606
+#: src/crlcache.c:1529
 #, c-format
 msgid "ksba_crl_parse failed: %s\n"
 msgstr "ksba_crl_parse fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1620
+#: src/crlcache.c:1543
 #, c-format
 msgid "error getting update times of CRL: %s\n"
 msgstr "Die \"Update Times\" konnte nicht aus der CRL bestimmt werden: %s\n"
 
-#: src/crlcache.c:1627
+#: src/crlcache.c:1550
 #, c-format
 msgid "update times of this CRL: this=%s next=%s\n"
 msgstr "Die \"Update Times\" dieser CRL sind: this=%s next=%s\n"
 
-#: src/crlcache.c:1644
+#: src/crlcache.c:1567
 #, c-format
 msgid "error getting CRL item: %s\n"
 msgstr "Fehler beim Holen eines CRL Items: %s\n"
 
-#: src/crlcache.c:1659
+#: src/crlcache.c:1582
 #, c-format
 msgid "error inserting item into temporary cache file: %s\n"
 msgstr ""
 "Fehler beim Einf?gen eines Items in die tempor?re Zwischenspeicherdatei: %s\n"
 
-#: src/crlcache.c:1686
+#: src/crlcache.c:1609
 #, c-format
 msgid "no CRL issuer found in CRL: %s\n"
 msgstr "In der CRL wurde kein CRL Herausgeber gefunden: %s\n"
 
-#: src/crlcache.c:1699
+#: src/crlcache.c:1622
 msgid "locating CRL issuer certificate by authorityKeyIdentifier\n"
 msgstr ""
 "CRL Herausgeberzertifikat wird ?ber \"authorityKeyIdentifier\" geholt\n"
 
-#: src/crlcache.c:1744
+#: src/crlcache.c:1667
 #, c-format
 msgid "CRL signature verification failed: %s\n"
 msgstr "Signaturpr?fung der CRL ist fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1752
+#: src/crlcache.c:1675
 #, c-format
 msgid "error checking validity of CRL issuer certificate: %s\n"
 msgstr "Fehler beim P?fen des CRL Herausgeberzertifikats: %s\n"
 
-#: src/crlcache.c:1878
+#: src/crlcache.c:1801
 #, c-format
 msgid "ksba_crl_new failed: %s\n"
 msgstr "ksba_crl_new fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1885
+#: src/crlcache.c:1808
 #, c-format
 msgid "ksba_crl_set_reader failed: %s\n"
 msgstr "ksba_crl_set_reader fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1908
+#: src/crlcache.c:1831
 #, c-format
 msgid "removed stale temporary cache file `%s'\n"
 msgstr "Die alte tempor?re Zwischenspeicherdatei `%s' wurde entfernt\n"
 
-#: src/crlcache.c:1911
+#: src/crlcache.c:1834
 #, c-format
 msgid "problem removing stale temporary cache file `%s': %s\n"
 msgstr ""
 "Problem beim L?schen der alten tempor?ren Zwischenspeicherdatei `%s': %s\n"
 
-#: src/crlcache.c:1921
+#: src/crlcache.c:1844
 #, c-format
 msgid "error creating temporary cache file `%s': %s\n"
 msgstr "Fehler beim Erzeugen der tempor?ren Zwischenspeicherdatei `%s': %s\n"
 
-#: src/crlcache.c:1931
+#: src/crlcache.c:1854
 #, c-format
 msgid "crl_parse_insert failed: %s\n"
 msgstr "crl_parse_insert fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:1940
+#: src/crlcache.c:1863
 #, c-format
 msgid "error finishing temporary cache file `%s': %s\n"
 msgstr ""
 "Fehler beim Fertigstellen der tempor?ren Zwischenspeicherdatei `%s': %s\n"
 
-#: src/crlcache.c:1947
+#: src/crlcache.c:1870
 #, c-format
 msgid "error closing temporary cache file `%s': %s\n"
 msgstr "Fehler beim Schlie?en der tempor?ren Zwischenspeicherdatei `%s': %s\n"
 
-#: src/crlcache.c:1972
+#: src/crlcache.c:1895
 #, c-format
 msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n"
 msgstr ""
 "WARNUNG: Neue CRL ist immer noch zu alt; sie verfiel am %s - wird trotzdem "
 "geladen\n"
 
-#: src/crlcache.c:1976
+#: src/crlcache.c:1899
 #, c-format
 msgid "new CRL still too old; it expired on %s\n"
 msgstr "Neue CRL ist immer noch zu alt; sie verviel am %s\n"
 
-#: src/crlcache.c:1992
+#: src/crlcache.c:1915
 #, c-format
 msgid "unknown critical CRL extension %s\n"
 msgstr "Unbekannte kritische CRL Erweiterung %s\n"
 
-#: src/crlcache.c:2002
+#: src/crlcache.c:1925
 #, c-format
 msgid "error reading CRL extensions: %s\n"
 msgstr "Fehler beim Lesen einer CRL Erweiterung: %s\n"
 
-#: src/crlcache.c:2036
+#: src/crlcache.c:1959
 #, c-format
 msgid "creating cache file `%s'\n"
 msgstr "Zwischenspeicherdatei `%s' wird erzeugt\n"
 
-#: src/crlcache.c:2040
+#: src/crlcache.c:1963
 #, c-format
 msgid "problem renaming `%s' to `%s': %s\n"
 msgstr "Problem beim Umbenennen von `%s' nach `%s': %s\n"
 
-#: src/crlcache.c:2054
+#: src/crlcache.c:1977
 msgid ""
 "updating the DIR file failed - cache entry will get lost with the next "
 "program start\n"
@@ -562,12 +561,12 @@
 "Update der Zwischenspeicherverzeichnisdatei fehlgeschlagen - "
 "Zwischenspeichereintrag wird mit dem n?chste Programmstart verloren gehen\n"
 
-#: src/crlcache.c:2090
+#: src/crlcache.c:2013
 #, c-format
 msgid "Begin CRL dump (retrieved via %s)\n"
 msgstr "Anfang CRL Ausgabe (geholt via %s)\n"
 
-#: src/crlcache.c:2110
+#: src/crlcache.c:2033
 #, c-format
 msgid ""
 " ERROR: The CRL will not be used because it was still too old after an "
@@ -575,7 +574,7 @@
 msgstr ""
 " FEHLER: Die CRL wird nicht benutzt, da sie trotz eines Updates zu alt war!\n"
 
-#: src/crlcache.c:2112
+#: src/crlcache.c:2035
 #, c-format
 msgid ""
 " ERROR: The CRL will not be used due to an unknown critical extension!\n"
@@ -583,63 +582,63 @@
 " FEHLER: Die CRL wird nicht benutzt, da sie eine unbekannte kritische CRL "
 "Erweiterung tr?gt!\n"
 
-#: src/crlcache.c:2114
+#: src/crlcache.c:2037
 #, c-format
 msgid " ERROR: The CRL will not be used\n"
 msgstr " FEHLER: Die CRL wird nicht benutzt\n"
 
-#: src/crlcache.c:2121
+#: src/crlcache.c:2044
 #, c-format
 msgid " ERROR: This cached CRL may has been tampered with!\n"
 msgstr ""
 " FEHLER: Diese zwischengespeicherte CRL ist m?glicherweise abge?ndert "
 "worden!\n"
 
-#: src/crlcache.c:2138
+#: src/crlcache.c:2061
 msgid " WARNING: invalid cache record length\n"
 msgstr " WARNUNG: Ung?ltige L?nge eines Zwischenspeicherdatensatzes\n"
 
-#: src/crlcache.c:2145
+#: src/crlcache.c:2068
 #, c-format
 msgid "problem reading cache record: %s\n"
 msgstr "Problem beim Lesen eines Zwischenspeicherdatensatzes: %s\n"
 
-#: src/crlcache.c:2156
+#: src/crlcache.c:2079
 #, c-format
 msgid "problem reading cache key: %s\n"
 msgstr "Problem beim Lesen eines Zwischenspeicherschl?ssels: %s\n"
 
-#: src/crlcache.c:2187
+#: src/crlcache.c:2110
 #, c-format
 msgid "error reading cache entry from db: %s\n"
 msgstr "Fehler beim Lesen eine Zwischenspeichereintrags aus der DB: %s\n"
 
-#: src/crlcache.c:2190
+#: src/crlcache.c:2113
 #, c-format
 msgid "End CRL dump\n"
 msgstr "Ende CRL Ausgabe\n"
 
-#: src/crlcache.c:2236 src/crlfetch.c:98 src/ldap.c:699
+#: src/crlcache.c:2159 src/crlfetch.c:98 src/ldap.c:699
 #, c-format
 msgid "error initializing reader object: %s\n"
 msgstr "Fehler beim Initialisieren des \"reader\" Objekts: %s\n"
 
-#: src/crlcache.c:2317
+#: src/crlcache.c:2240
 #, c-format
 msgid "crl_fetch via DP failed: %s\n"
 msgstr "crl_fetch ?ber den DP fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:2328
+#: src/crlcache.c:2251
 #, c-format
 msgid "crl_cache_insert via DP failed: %s\n"
 msgstr "crl_cache_insert ?ber den DP fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:2378
+#: src/crlcache.c:2301
 #, c-format
 msgid "crl_fetch via issuer failed: %s\n"
 msgstr "crl_fetch ?ber den Issuer fehlgeschlagen: %s\n"
 
-#: src/crlcache.c:2388
+#: src/crlcache.c:2311
 #, c-format
 msgid "crl_cache_insert via issuer failed: %s\n"
 msgstr "crl_cache_insert ?ber den Issuer fehlgeschlagen: %s\n"
@@ -1052,7 +1051,7 @@
 msgid "adding `%s:%d' to the ldap server list\n"
 msgstr "`%s:%d' wird der LDAP Serverliste hinzugef?gt\n"
 
-#: src/ldap.c:144 src/misc.c:687
+#: src/ldap.c:144 src/misc.c:716
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr "malloc() fehlgeschlagen: %s\n"
@@ -1159,7 +1158,7 @@
 msgid "[none]"
 msgstr "[nichts]"
 
-#: src/misc.c:703
+#: src/misc.c:732
 msgid "bad URL encoding detected\n"
 msgstr "Fehlerhafte URL Kodierung erkannt\n"
 
@@ -1226,7 +1225,7 @@
 msgstr ""
 "Kein benutzbares Zertifikat zur ?berpr?fung der OCSP Antwort gefunden\n"
 
-#: src/ocsp.c:424 src/validate.c:459
+#: src/ocsp.c:424 src/validate.c:505
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr "Herausgeberzertifikat nicht gefunden: %s\n"
@@ -1277,37 +1276,37 @@
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr "Fehler beim Holen des OCSP Status f?r das Zielzertifikat: %s\n"
 
-#: src/ocsp.c:554
+#: src/ocsp.c:572
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr "Zertifikatstatus ist: %s  (this=%s  next=%s)\n"
 
-#: src/ocsp.c:555
+#: src/ocsp.c:573
 msgid "good"
 msgstr "Gut"
 
-#: src/ocsp.c:556
+#: src/ocsp.c:574
 msgid "revoked"
 msgstr "Widerrufen"
 
-#: src/ocsp.c:557
+#: src/ocsp.c:575
 msgid "unknown"
 msgstr "Unbekannt"
 
-#: src/ocsp.c:558
+#: src/ocsp.c:576
 msgid "none"
 msgstr "Kein"
 
-#: src/ocsp.c:561
+#: src/ocsp.c:579
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr "Zertifikat wurde widerrufen am: %s wegen: %s\n"
 
-#: src/ocsp.c:594
+#: src/ocsp.c:612
 msgid "OCSP responder returned an too old status\n"
 msgstr "OCSP Responder gab einen zu alten Status zur?ck\n"
 
-#: src/ocsp.c:606
+#: src/ocsp.c:624
 msgid "OCSP responder returned a non-current status\n"
 msgstr "OCSP Responder gab einen nicht aktuellen Status zur?ck\n"
 
@@ -1321,7 +1320,7 @@
 msgstr "Seriennummer fehlt in der Cert-ID"
 
 #: src/server.c:428 src/server.c:544 src/server.c:623 src/server.c:781
-#: src/server.c:809 src/server.c:833 src/server.c:886 src/server.c:939
+#: src/server.c:809 src/server.c:833 src/server.c:886 src/server.c:955
 #, c-format
 msgid "command %s failed: %s\n"
 msgstr "Kommando %s fehlgeschlagen: %s\n"
@@ -1355,27 +1354,27 @@
 msgid "no data stream"
 msgstr "Kein Datenstrom"
 
-#: src/server.c:992
+#: src/server.c:1008
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr "Fehler beim Erzeugen der Kontrollstruktur: %s\n"
 
-#: src/server.c:1015
+#: src/server.c:1031
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr "Fehler beim Initialisieren des Servers: %s\n"
 
-#: src/server.c:1023
+#: src/server.c:1039
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr "Fehler beim Registrieren der Kommandos gegen Assuan: %s\n"
 
-#: src/server.c:1043
+#: src/server.c:1059
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr "Assuan accept Problem: %s\n"
 
-#: src/server.c:1050
+#: src/server.c:1066
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr "Assuan Verarbeitung fehlgeschlagen: %s\n"
@@ -1397,102 +1396,130 @@
 msgid "issuer certificate is not marked as a CA"
 msgstr "Das Herausgeberzertifikat ist nicht f?r eine CA gekennzeichnet"
 
-#: src/validate.c:208
+#: src/validate.c:199
 msgid "CRL checking too deeply nested\n"
 msgstr "CRL ?berpr?fung ist zu tief geschachtelt\n"
 
-#: src/validate.c:326
+#: src/validate.c:217
+msgid "not checking CRL for"
+msgstr ""
+
+#: src/validate.c:222
+#, fuzzy
+msgid "checking CRL for"
+msgstr "Die CRL konnte nicht gepr?ft werden: %s"
+
+#: src/validate.c:283
+msgid "running in compatibility mode - certificate chain not checked!\n"
+msgstr ""
+
+#: src/validate.c:368
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr "Zertifikat mit unzul?ssiger G?ltigkeit: %s"
 
-#: src/validate.c:344
+#: src/validate.c:386
 msgid "certificate not yet valid"
 msgstr "Das Zertifikat ist noch nicht g?ltig"
 
-#: src/validate.c:355
+#: src/validate.c:397
 msgid "certificate has expired"
 msgstr "Das Zertifikat ist abgelaufen"
 
-#: src/validate.c:384
+#: src/validate.c:426
 msgid "selfsigned certificate has a BAD signature"
 msgstr "Das eigenbeglaubigte Zertifikat hat eine FALSCHE Signatur"
 
-#: src/validate.c:402
+#: src/validate.c:444
 msgid "root certificate is not marked trusted"
 msgstr "Das Wurzelzertifikat ist nicht als vertrauensw?rdig markiert"
 
-#: src/validate.c:404
+#: src/validate.c:446
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr "Fingerprint=%s\n"
 
-#: src/validate.c:410
+#: src/validate.c:452
 #, c-format
 msgid "checking trustworthiness of root certificate failed: %s\n"
 msgstr ""
 "Pr?fung der Vertrauensw?rdigkeit des Wurzelzertifikats fehlgeschlagen: %s\n"
 
-#: src/validate.c:441
+#: src/validate.c:487
 msgid "certificate chain too long\n"
 msgstr "Der Zertifikatkette ist zu lang\n"
 
-#: src/validate.c:453
+#: src/validate.c:499
 msgid "issuer certificate not found"
 msgstr "Herausgeberzertifikat nicht gefunden"
 
-#: src/validate.c:479
+#: src/validate.c:525
 msgid "certificate has a BAD signature"
 msgstr "Das Zertifikat hat eine FALSCHE Signatur"
 
-#: src/validate.c:503
+#: src/validate.c:549
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 "Eine anderes m?glicherweise passendes CA-Zertifikat gefunden - versuche "
 "nochmal"
 
-#: src/validate.c:528
+#: src/validate.c:574
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr "Die Zertifikatkette ist l?nger als von der CA erlaubt (%d)"
 
-#: src/validate.c:758
+#: src/validate.c:604
+#, fuzzy
+msgid "certificate is good\n"
+msgstr "Zertifikat ist g?ltig\n"
+
+#: src/validate.c:624
+#, fuzzy
+msgid "certificate chain is good\n"
+msgstr "Der Zertifikatkette ist zu lang\n"
+
+#: src/validate.c:838
 msgid "DSA requires the use of a 160 bit hash algorithm\n"
 msgstr "DSA ben?tigt eine 160 Bit Hashmethode\n"
 
-#: src/validate.c:865
+#: src/validate.c:945
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 "Schl?sselverwendungszweck nicht vorhanden - f?r alle Zwecke akzeptiert\n"
 
-#: src/validate.c:875
+#: src/validate.c:955
 #, c-format
 msgid "error getting key usage information: %s\n"
 msgstr "Fehler beim holen der Schl?sselbenutzungsinformationen: %s\n"
 
-#: src/validate.c:885
+#: src/validate.c:965
 msgid "certificate should have not been used for certification\n"
 msgstr "Das Zertifikat h?tte nicht zum Zertifizieren benutzt werden sollen\n"
 
-#: src/validate.c:897
+#: src/validate.c:977
 msgid "certificate should have not been used for OCSP response signing\n"
 msgstr ""
 "Das Zertifikat h??tte nicht zum Signieren von OCSP Antworten benutzt werden "
 "sollen\n"
 
-#: src/validate.c:908
+#: src/validate.c:986
+#, fuzzy
+msgid "certificate should have not been used for CRL signing\n"
+msgstr "Das Zertifikat h??tte nicht zum Signieren benutzt werden sollen\n"
+
+#: src/validate.c:997
 msgid "certificate should have not been used for encryption\n"
 msgstr "Das Zertifikat h??tte nicht zum Verschl?sseln benutzt werden sollen\n"
 
-#: src/validate.c:910
+#: src/validate.c:999
 msgid "certificate should have not been used for signing\n"
 msgstr "Das Zertifikat h??tte nicht zum Signieren benutzt werden sollen\n"
 
-#: src/validate.c:911
+#: src/validate.c:1000
 msgid "certificate is not usable for encryption\n"
 msgstr "Das Zertifikat kann nicht zum Verschl?sseln benutzt werden\n"
 
-#: src/validate.c:912
+#: src/validate.c:1001
 msgid "certificate is not usable for signing\n"
 msgstr "Das Zertifikat kann nicht zum Signieren benutzt werden\n"
 
@@ -1546,7 +1573,7 @@
 "The Prozess gibt 0 zur?ck wenn das Zertifikat g?ltig ist, 1 wenn es nicht\n"
 "g?ltig ist und weitere Werte bei anderen Fehlern.\n"
 
-#: src/dirmngr-client.c:265 src/dirmngr-client.c:959
+#: src/dirmngr-client.c:265 src/dirmngr-client.c:970
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr "Fehler beim Lesen des Zertifikats von der Standardeingabe: %s\n"
@@ -1579,15 +1606,15 @@
 msgid "validation of certificate failed: %s\n"
 msgstr "Pr?fung des Zertifikats fehlgeschlagen: %s\n"
 
-#: src/dirmngr-client.c:384 src/dirmngr-client.c:970
+#: src/dirmngr-client.c:384 src/dirmngr-client.c:981
 msgid "certificate is valid\n"
 msgstr "Zertifikat ist g?ltig\n"
 
-#: src/dirmngr-client.c:390 src/dirmngr-client.c:978
+#: src/dirmngr-client.c:390 src/dirmngr-client.c:989
 msgid "certificate has been revoked\n"
 msgstr "Zertifikat wurde widerrufen\n"
 
-#: src/dirmngr-client.c:395 src/dirmngr-client.c:980
+#: src/dirmngr-client.c:395 src/dirmngr-client.c:991
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr "Zertifikatpr?fung fehlgeschlagen: %s\n"
@@ -1628,16 +1655,16 @@
 msgid "can't connect to the dirmngr: %s\n"
 msgstr "Verbindung zum Dirmngr nicht m?glich: %s\n"
 
-#: src/dirmngr-client.c:772
+#: src/dirmngr-client.c:779
 #, c-format
 msgid "unsupported inquiry `%s'\n"
 msgstr "Nicht unterst?tzte INQUIRY `%s'\n"
 
-#: src/dirmngr-client.c:864
+#: src/dirmngr-client.c:875
 msgid "absolute file name expected\n"
 msgstr "Absoluter Dateiname erwartet\n"
 
-#: src/dirmngr-client.c:907
+#: src/dirmngr-client.c:918
 #, c-format
 msgid "looking up `%s'\n"
 msgstr "Auffinden von `%s'\n"
@@ -1811,6 +1838,12 @@
 msgid "`%s' is an invalid LDAP URL\n"
 msgstr "`%s' ist ein ung?ltiger LDAP URL\n"
 
+#~ msgid "error fetching certificate for CRL issuer: %s\n"
+#~ msgstr "Fehler beim Holen des Zertifikats f?r den CRL Herausgeber: %s\n"
+
+#~ msgid "invalid CRL issuer certificate: %s\n"
+#~ msgstr "Ung?ltiges CRL-Herausgeber-Zertifikat: %s\n"
+
 #~ msgid "can't open `/dev/null': %s\n"
 #~ msgstr "`/dev/null' kann nicht ge?ffnet werden: %s\n"
 
@@ -1845,9 +1878,6 @@
 #~ msgstr ""
 #~ "Bitte vergewissern Sie sich das der \"dirmngr\" richtig installiert ist\n"
 
-#~ msgid "checking the CRL failed: %s"
-#~ msgstr "Die CRL konnte nicht gepr?ft werden: %s"
-
 #~ msgid "root certificate has now been marked as trusted\n"
 #~ msgstr "Das Wurzelzertifikat wurde nun als vertrauensw?rdig markiert\n"
 

Modified: trunk/po/dirmngr.pot
===================================================================
--- trunk/po/dirmngr.pot	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/po/dirmngr.pot	2006-08-30 20:40:15 UTC (rev 230)
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: gpa-dev@gnupg.org\n"
-"POT-Creation-Date: 2006-05-16 11:53+0200\n"
+"POT-Creation-Date: 2006-06-27 12:32+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -46,7 +46,7 @@
 msgid "can't access directory `%s': %s\n"
 msgstr ""
 
-#: src/certcache.c:335 src/crlcache.c:2227 src/ldap.c:631
+#: src/certcache.c:335 src/crlcache.c:2150 src/ldap.c:631
 #, c-format
 msgid "can't open `%s': %s\n"
 msgstr ""
@@ -61,549 +61,548 @@
 msgid "can't parse certificate `%s': %s\n"
 msgstr ""
 
-#: src/certcache.c:366
+#: src/certcache.c:365
 #, c-format
 msgid "certificate `%s' already cached\n"
 msgstr ""
 
 #: src/certcache.c:369
 #, c-format
+msgid "trusted certificate `%s' loaded\n"
+msgstr ""
+
+#: src/certcache.c:371
+#, c-format
 msgid "certificate `%s' loaded\n"
 msgstr ""
 
-#: src/certcache.c:373
+#: src/certcache.c:375
 #, c-format
-msgid "SHA1 fingerprint = %s\n"
+msgid "  SHA1 fingerprint = %s\n"
 msgstr ""
 
 #: src/certcache.c:378
+msgid "  name ="
+msgstr ""
+
+#: src/certcache.c:382
 #, c-format
 msgid "error loading certificate `%s': %s\n"
 msgstr ""
 
-#: src/certcache.c:452
+#: src/certcache.c:457
 #, c-format
 msgid "permanently loaded certificates: %u\n"
 msgstr ""
 
-#: src/certcache.c:454
+#: src/certcache.c:459
 #, c-format
 msgid "    runtime cached certificates: %u\n"
 msgstr ""
 
-#: src/certcache.c:469 src/dirmngr-client.c:365
+#: src/certcache.c:474 src/dirmngr-client.c:365
 msgid "certificate already cached\n"
 msgstr ""
 
-#: src/certcache.c:471
+#: src/certcache.c:476
 msgid "certificate cached\n"
 msgstr ""
 
-#: src/certcache.c:473 src/dirmngr-client.c:369
+#: src/certcache.c:478 src/dirmngr-client.c:369
 #, c-format
 msgid "error caching certificate: %s\n"
 msgstr ""
 
-#: src/certcache.c:538
+#: src/certcache.c:543
 #, c-format
 msgid "invalid SHA1 fingerprint string `%s'\n"
 msgstr ""
 
-#: src/certcache.c:681 src/certcache.c:690
+#: src/certcache.c:690 src/certcache.c:699
 #, c-format
 msgid "error fetching certificate by S/N: %s\n"
 msgstr ""
 
-#: src/certcache.c:786 src/certcache.c:795
+#: src/certcache.c:820 src/certcache.c:829
 #, c-format
 msgid "error fetching certificate by subject: %s\n"
 msgstr ""
 
-#: src/certcache.c:896 src/validate.c:312
+#: src/certcache.c:932 src/validate.c:354
 msgid "no issuer found in certificate\n"
 msgstr ""
 
-#: src/certcache.c:906
+#: src/certcache.c:942
 #, c-format
 msgid "error getting authorityKeyIdentifier: %s\n"
 msgstr ""
 
-#: src/crlcache.c:201
+#: src/crlcache.c:200
 #, c-format
 msgid "creating directory `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:205
+#: src/crlcache.c:204
 #, c-format
 msgid "error creating directory `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:233
+#: src/crlcache.c:232
 #, c-format
 msgid "ignoring database dir `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:242
+#: src/crlcache.c:241
 #, c-format
 msgid "error reading directory `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:263
+#: src/crlcache.c:262
 #, c-format
 msgid "removing cache file `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:272
+#: src/crlcache.c:271
 #, c-format
 msgid "not removing file `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:341 src/crlcache.c:986
+#: src/crlcache.c:340 src/crlcache.c:997
 #, c-format
 msgid "error closing cache file: %s\n"
 msgstr ""
 
-#: src/crlcache.c:378 src/crlcache.c:702
+#: src/crlcache.c:377 src/crlcache.c:701
 #, c-format
 msgid "failed to open cache dir file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:388
+#: src/crlcache.c:387
 #, c-format
 msgid "error creating new cache dir file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:395
+#: src/crlcache.c:394
 #, c-format
 msgid "error writing new cache dir file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:402
+#: src/crlcache.c:401
 #, c-format
 msgid "error closing new cache dir file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:407
+#: src/crlcache.c:406
 #, c-format
 msgid "new cache dir file `%s' created\n"
 msgstr ""
 
-#: src/crlcache.c:412
+#: src/crlcache.c:411
 #, c-format
 msgid "failed to re-open cache dir file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:439
+#: src/crlcache.c:438
 #, c-format
 msgid "first record of `%s' is not the version\n"
 msgstr ""
 
-#: src/crlcache.c:450
+#: src/crlcache.c:449
 msgid "old version of cache directory - cleaning up\n"
 msgstr ""
 
-#: src/crlcache.c:466
+#: src/crlcache.c:465
 msgid "old version of cache directory - giving up\n"
 msgstr ""
 
-#: src/crlcache.c:554
+#: src/crlcache.c:553
 #, c-format
 msgid "extra field detected in crl record of `%s' line %u\n"
 msgstr ""
 
-#: src/crlcache.c:566
+#: src/crlcache.c:565
 #, c-format
 msgid "unsupported record type in `%s' line %u skipped\n"
 msgstr ""
 
-#: src/crlcache.c:574 src/crlcache.c:803 src/dirmngr.c:1221
+#: src/crlcache.c:573 src/crlcache.c:802 src/dirmngr.c:1221
 #, c-format
 msgid "error reading `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:586
+#: src/crlcache.c:585
 #, c-format
 msgid "invalid issuer hash in `%s' line %u\n"
 msgstr ""
 
-#: src/crlcache.c:592
+#: src/crlcache.c:591
 #, c-format
 msgid "no issuer DN in `%s' line %u\n"
 msgstr ""
 
-#: src/crlcache.c:599
+#: src/crlcache.c:598
 #, c-format
 msgid "invalid timestamp in `%s' line %u\n"
 msgstr ""
 
-#: src/crlcache.c:605
+#: src/crlcache.c:604
 #, c-format
 msgid "WARNING: invalid cache file hash in `%s' line %u\n"
 msgstr ""
 
-#: src/crlcache.c:611
+#: src/crlcache.c:610
 msgid "detected errors in cache dir file\n"
 msgstr ""
 
-#: src/crlcache.c:612
+#: src/crlcache.c:611
 msgid "please check the reason and manually delete that file\n"
 msgstr ""
 
-#: src/crlcache.c:735
+#: src/crlcache.c:734
 #, c-format
 msgid "failed to create temporary cache dir file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:808
+#: src/crlcache.c:807
 #, c-format
 msgid "error writing `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:819
+#: src/crlcache.c:818
 #, c-format
 msgid "error closing `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:827
+#: src/crlcache.c:826
 #, c-format
 msgid "error renaming `%s' to `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:882
+#: src/crlcache.c:881
 #, c-format
 msgid "can't hash `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:890
+#: src/crlcache.c:889
 #, c-format
 msgid "error setting up MD5 hash context: %s\n"
 msgstr ""
 
-#: src/crlcache.c:906
+#: src/crlcache.c:905
 #, c-format
 msgid "error hashing `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:934
+#: src/crlcache.c:933
 #, c-format
 msgid "invalid formatted checksum for `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:977
+#: src/crlcache.c:986
 msgid "too many open cache files; can't open anymore\n"
 msgstr ""
 
-#: src/crlcache.c:994
+#: src/crlcache.c:1004
 #, c-format
 msgid "opening cache file `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:1013
+#: src/crlcache.c:1023
 #, c-format
 msgid "error opening cache file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:1022
+#: src/crlcache.c:1032
 #, c-format
 msgid "error initializing cache file `%s' for reading: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1044
+#: src/crlcache.c:1053
 msgid "calling unlock_db_file on a closed file\n"
 msgstr ""
 
-#: src/crlcache.c:1046
+#: src/crlcache.c:1055
 msgid "calling unlock_db_file on an unlocked file\n"
 msgstr ""
 
-#: src/crlcache.c:1100
+#: src/crlcache.c:1109
 #, c-format
 msgid "failed to create a new cache object: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1153
+#: src/crlcache.c:1162
 #, c-format
 msgid "no CRL available for issuer id %s\n"
 msgstr ""
 
-#: src/crlcache.c:1160
+#: src/crlcache.c:1169
 #, c-format
 msgid "cached CRL for issuer id %s too old; update required\n"
 msgstr ""
 
-#: src/crlcache.c:1174
+#: src/crlcache.c:1183
 #, c-format
 msgid ""
 "force-crl-refresh active and %d minutes passed for issuer id %s; update "
 "required\n"
 msgstr ""
 
-#: src/crlcache.c:1182
+#: src/crlcache.c:1191
 #, c-format
 msgid "force-crl-refresh active for issuer id %s; update required\n"
 msgstr ""
 
-#: src/crlcache.c:1191
+#: src/crlcache.c:1200
 #, c-format
 msgid "available CRL for issuer ID %s can't be used\n"
 msgstr ""
 
-#: src/crlcache.c:1202
+#: src/crlcache.c:1211
 #, c-format
 msgid "cached CRL for issuer id %s tampered; we need to update\n"
 msgstr ""
 
-#: src/crlcache.c:1214
+#: src/crlcache.c:1223
 msgid "WARNING: invalid cache record length for S/N "
 msgstr ""
 
-#: src/crlcache.c:1223
+#: src/crlcache.c:1232
 #, c-format
 msgid "problem reading cache record for S/N %s: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1226
+#: src/crlcache.c:1235
 #, c-format
 msgid "S/N %s is not valid; reason=%02X  date=%.15s\n"
 msgstr ""
 
-#: src/crlcache.c:1237
+#: src/crlcache.c:1246
 #, c-format
 msgid "S/N %s is valid, it is not listed in the CRL\n"
 msgstr ""
 
-#: src/crlcache.c:1245
+#: src/crlcache.c:1254
 #, c-format
 msgid "error getting data from cache file: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1397
+#: src/crlcache.c:1390 src/validate.c:749
 #, c-format
-msgid "error fetching certificate for CRL issuer: %s\n"
-msgstr ""
-
-#: src/crlcache.c:1404
-#, c-format
-msgid "invalid CRL issuer certificate: %s\n"
-msgstr ""
-
-#: src/crlcache.c:1467 src/validate.c:669
-#, c-format
 msgid "unknown hash algorithm `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:1474
+#: src/crlcache.c:1397
 #, c-format
 msgid "gcry_md_open for algorithm %d failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1510 src/crlcache.c:1529
+#: src/crlcache.c:1433 src/crlcache.c:1452
 msgid "got an invalid S-expression from libksba\n"
 msgstr ""
 
-#: src/crlcache.c:1517 src/crlcache.c:1536 src/misc.c:432
+#: src/crlcache.c:1440 src/crlcache.c:1459 src/misc.c:432
 #, c-format
 msgid "converting S-expression failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1551 src/ocsp.c:343
+#: src/crlcache.c:1474 src/ocsp.c:343
 #, c-format
 msgid "creating S-expression failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1606
+#: src/crlcache.c:1529
 #, c-format
 msgid "ksba_crl_parse failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1620
+#: src/crlcache.c:1543
 #, c-format
 msgid "error getting update times of CRL: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1627
+#: src/crlcache.c:1550
 #, c-format
 msgid "update times of this CRL: this=%s next=%s\n"
 msgstr ""
 
-#: src/crlcache.c:1644
+#: src/crlcache.c:1567
 #, c-format
 msgid "error getting CRL item: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1659
+#: src/crlcache.c:1582
 #, c-format
 msgid "error inserting item into temporary cache file: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1686
+#: src/crlcache.c:1609
 #, c-format
 msgid "no CRL issuer found in CRL: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1699
+#: src/crlcache.c:1622
 msgid "locating CRL issuer certificate by authorityKeyIdentifier\n"
 msgstr ""
 
-#: src/crlcache.c:1744
+#: src/crlcache.c:1667
 #, c-format
 msgid "CRL signature verification failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1752
+#: src/crlcache.c:1675
 #, c-format
 msgid "error checking validity of CRL issuer certificate: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1878
+#: src/crlcache.c:1801
 #, c-format
 msgid "ksba_crl_new failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1885
+#: src/crlcache.c:1808
 #, c-format
 msgid "ksba_crl_set_reader failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1908
+#: src/crlcache.c:1831
 #, c-format
 msgid "removed stale temporary cache file `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:1911
+#: src/crlcache.c:1834
 #, c-format
 msgid "problem removing stale temporary cache file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:1921
+#: src/crlcache.c:1844
 #, c-format
 msgid "error creating temporary cache file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:1931
+#: src/crlcache.c:1854
 #, c-format
 msgid "crl_parse_insert failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:1940
+#: src/crlcache.c:1863
 #, c-format
 msgid "error finishing temporary cache file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:1947
+#: src/crlcache.c:1870
 #, c-format
 msgid "error closing temporary cache file `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:1972
+#: src/crlcache.c:1895
 #, c-format
 msgid "WARNING: new CRL still too old; it expired on %s - loading anyway\n"
 msgstr ""
 
-#: src/crlcache.c:1976
+#: src/crlcache.c:1899
 #, c-format
 msgid "new CRL still too old; it expired on %s\n"
 msgstr ""
 
-#: src/crlcache.c:1992
+#: src/crlcache.c:1915
 #, c-format
 msgid "unknown critical CRL extension %s\n"
 msgstr ""
 
-#: src/crlcache.c:2002
+#: src/crlcache.c:1925
 #, c-format
 msgid "error reading CRL extensions: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2036
+#: src/crlcache.c:1959
 #, c-format
 msgid "creating cache file `%s'\n"
 msgstr ""
 
-#: src/crlcache.c:2040
+#: src/crlcache.c:1963
 #, c-format
 msgid "problem renaming `%s' to `%s': %s\n"
 msgstr ""
 
-#: src/crlcache.c:2054
+#: src/crlcache.c:1977
 msgid ""
 "updating the DIR file failed - cache entry will get lost with the next "
 "program start\n"
 msgstr ""
 
-#: src/crlcache.c:2090
+#: src/crlcache.c:2013
 #, c-format
 msgid "Begin CRL dump (retrieved via %s)\n"
 msgstr ""
 
-#: src/crlcache.c:2110
+#: src/crlcache.c:2033
 #, c-format
 msgid ""
 " ERROR: The CRL will not be used because it was still too old after an "
 "update!\n"
 msgstr ""
 
-#: src/crlcache.c:2112
+#: src/crlcache.c:2035
 #, c-format
 msgid ""
 " ERROR: The CRL will not be used due to an unknown critical extension!\n"
 msgstr ""
 
-#: src/crlcache.c:2114
+#: src/crlcache.c:2037
 #, c-format
 msgid " ERROR: The CRL will not be used\n"
 msgstr ""
 
-#: src/crlcache.c:2121
+#: src/crlcache.c:2044
 #, c-format
 msgid " ERROR: This cached CRL may has been tampered with!\n"
 msgstr ""
 
-#: src/crlcache.c:2138
+#: src/crlcache.c:2061
 msgid " WARNING: invalid cache record length\n"
 msgstr ""
 
-#: src/crlcache.c:2145
+#: src/crlcache.c:2068
 #, c-format
 msgid "problem reading cache record: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2156
+#: src/crlcache.c:2079
 #, c-format
 msgid "problem reading cache key: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2187
+#: src/crlcache.c:2110
 #, c-format
 msgid "error reading cache entry from db: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2190
+#: src/crlcache.c:2113
 #, c-format
 msgid "End CRL dump\n"
 msgstr ""
 
-#: src/crlcache.c:2236 src/crlfetch.c:98 src/ldap.c:699
+#: src/crlcache.c:2159 src/crlfetch.c:98 src/ldap.c:699
 #, c-format
 msgid "error initializing reader object: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2317
+#: src/crlcache.c:2240
 #, c-format
 msgid "crl_fetch via DP failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2328
+#: src/crlcache.c:2251
 #, c-format
 msgid "crl_cache_insert via DP failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2378
+#: src/crlcache.c:2301
 #, c-format
 msgid "crl_fetch via issuer failed: %s\n"
 msgstr ""
 
-#: src/crlcache.c:2388
+#: src/crlcache.c:2311
 #, c-format
 msgid "crl_cache_insert via issuer failed: %s\n"
 msgstr ""
@@ -1004,7 +1003,7 @@
 msgid "adding `%s:%d' to the ldap server list\n"
 msgstr ""
 
-#: src/ldap.c:144 src/misc.c:687
+#: src/ldap.c:144 src/misc.c:716
 #, c-format
 msgid "malloc failed: %s\n"
 msgstr ""
@@ -1111,7 +1110,7 @@
 msgid "[none]"
 msgstr ""
 
-#: src/misc.c:703
+#: src/misc.c:732
 msgid "bad URL encoding detected\n"
 msgstr ""
 
@@ -1177,7 +1176,7 @@
 msgid "no suitable certificate found to verify the OCSP response\n"
 msgstr ""
 
-#: src/ocsp.c:424 src/validate.c:459
+#: src/ocsp.c:424 src/validate.c:505
 #, c-format
 msgid "issuer certificate not found: %s\n"
 msgstr ""
@@ -1228,37 +1227,37 @@
 msgid "error getting OCSP status for target certificate: %s\n"
 msgstr ""
 
-#: src/ocsp.c:554
+#: src/ocsp.c:572
 #, c-format
 msgid "certificate status is: %s  (this=%s  next=%s)\n"
 msgstr ""
 
-#: src/ocsp.c:555
+#: src/ocsp.c:573
 msgid "good"
 msgstr ""
 
-#: src/ocsp.c:556
+#: src/ocsp.c:574
 msgid "revoked"
 msgstr ""
 
-#: src/ocsp.c:557
+#: src/ocsp.c:575
 msgid "unknown"
 msgstr ""
 
-#: src/ocsp.c:558
+#: src/ocsp.c:576
 msgid "none"
 msgstr ""
 
-#: src/ocsp.c:561
+#: src/ocsp.c:579
 #, c-format
 msgid "certificate has been revoked at: %s due to: %s\n"
 msgstr ""
 
-#: src/ocsp.c:594
+#: src/ocsp.c:612
 msgid "OCSP responder returned an too old status\n"
 msgstr ""
 
-#: src/ocsp.c:606
+#: src/ocsp.c:624
 msgid "OCSP responder returned a non-current status\n"
 msgstr ""
 
@@ -1272,7 +1271,7 @@
 msgstr ""
 
 #: src/server.c:428 src/server.c:544 src/server.c:623 src/server.c:781
-#: src/server.c:809 src/server.c:833 src/server.c:886 src/server.c:939
+#: src/server.c:809 src/server.c:833 src/server.c:886 src/server.c:955
 #, c-format
 msgid "command %s failed: %s\n"
 msgstr ""
@@ -1306,27 +1305,27 @@
 msgid "no data stream"
 msgstr ""
 
-#: src/server.c:992
+#: src/server.c:1008
 #, c-format
 msgid "can't allocate control structure: %s\n"
 msgstr ""
 
-#: src/server.c:1015
+#: src/server.c:1031
 #, c-format
 msgid "failed to initialize the server: %s\n"
 msgstr ""
 
-#: src/server.c:1023
+#: src/server.c:1039
 #, c-format
 msgid "failed to the register commands with Assuan: %s\n"
 msgstr ""
 
-#: src/server.c:1043
+#: src/server.c:1059
 #, c-format
 msgid "Assuan accept problem: %s\n"
 msgstr ""
 
-#: src/server.c:1050
+#: src/server.c:1066
 #, c-format
 msgid "Assuan processing failed: %s\n"
 msgstr ""
@@ -1348,96 +1347,120 @@
 msgid "issuer certificate is not marked as a CA"
 msgstr ""
 
-#: src/validate.c:208
+#: src/validate.c:199
 msgid "CRL checking too deeply nested\n"
 msgstr ""
 
-#: src/validate.c:326
+#: src/validate.c:217
+msgid "not checking CRL for"
+msgstr ""
+
+#: src/validate.c:222
+msgid "checking CRL for"
+msgstr ""
+
+#: src/validate.c:283
+msgid "running in compatibility mode - certificate chain not checked!\n"
+msgstr ""
+
+#: src/validate.c:368
 #, c-format
 msgid "certificate with invalid validity: %s"
 msgstr ""
 
-#: src/validate.c:344
+#: src/validate.c:386
 msgid "certificate not yet valid"
 msgstr ""
 
-#: src/validate.c:355
+#: src/validate.c:397
 msgid "certificate has expired"
 msgstr ""
 
-#: src/validate.c:384
+#: src/validate.c:426
 msgid "selfsigned certificate has a BAD signature"
 msgstr ""
 
-#: src/validate.c:402
+#: src/validate.c:444
 msgid "root certificate is not marked trusted"
 msgstr ""
 
-#: src/validate.c:404
+#: src/validate.c:446
 #, c-format
 msgid "fingerprint=%s\n"
 msgstr ""
 
-#: src/validate.c:410
+#: src/validate.c:452
 #, c-format
 msgid "checking trustworthiness of root certificate failed: %s\n"
 msgstr ""
 
-#: src/validate.c:441
+#: src/validate.c:487
 msgid "certificate chain too long\n"
 msgstr ""
 
-#: src/validate.c:453
+#: src/validate.c:499
 msgid "issuer certificate not found"
 msgstr ""
 
-#: src/validate.c:479
+#: src/validate.c:525
 msgid "certificate has a BAD signature"
 msgstr ""
 
-#: src/validate.c:503
+#: src/validate.c:549
 msgid "found another possible matching CA certificate - trying again"
 msgstr ""
 
-#: src/validate.c:528
+#: src/validate.c:574
 #, c-format
 msgid "certificate chain longer than allowed by CA (%d)"
 msgstr ""
 
-#: src/validate.c:758
+#: src/validate.c:604
+msgid "certificate is good\n"
+msgstr ""
+
+#: src/validate.c:624
+msgid "certificate chain is good\n"
+msgstr ""
+
+#: src/validate.c:838
 msgid "DSA requires the use of a 160 bit hash algorithm\n"
 msgstr ""
 
-#: src/validate.c:865
+#: src/validate.c:945
 msgid "no key usage specified - assuming all usages\n"
 msgstr ""
 
-#: src/validate.c:875
+#: src/validate.c:955
 #, c-format
 msgid "error getting key usage information: %s\n"
 msgstr ""
 
-#: src/validate.c:885
+#: src/validate.c:965
 msgid "certificate should have not been used for certification\n"
 msgstr ""
 
-#: src/validate.c:897
+#: src/validate.c:977
 msgid "certificate should have not been used for OCSP response signing\n"
 msgstr ""
 
-#: src/validate.c:908
+#: src/validate.c:986
+msgid "certificate should have not been used for CRL signing\n"
+msgstr ""
+
+#: src/validate.c:997
 msgid "certificate should have not been used for encryption\n"
 msgstr ""
 
-#: src/validate.c:910
+#: src/validate.c:999
 msgid "certificate should have not been used for signing\n"
 msgstr ""
 
-#: src/validate.c:911
+#: src/validate.c:1000
 msgid "certificate is not usable for encryption\n"
 msgstr ""
 
-#: src/validate.c:912
+#: src/validate.c:1001
 msgid "certificate is not usable for signing\n"
 msgstr ""
 
@@ -1485,7 +1508,7 @@
 "not valid and other error codes for general failures\n"
 msgstr ""
 
-#: src/dirmngr-client.c:265 src/dirmngr-client.c:959
+#: src/dirmngr-client.c:265 src/dirmngr-client.c:970
 #, c-format
 msgid "error reading certificate from stdin: %s\n"
 msgstr ""
@@ -1518,15 +1541,15 @@
 msgid "validation of certificate failed: %s\n"
 msgstr ""
 
-#: src/dirmngr-client.c:384 src/dirmngr-client.c:970
+#: src/dirmngr-client.c:384 src/dirmngr-client.c:981
 msgid "certificate is valid\n"
 msgstr ""
 
-#: src/dirmngr-client.c:390 src/dirmngr-client.c:978
+#: src/dirmngr-client.c:390 src/dirmngr-client.c:989
 msgid "certificate has been revoked\n"
 msgstr ""
 
-#: src/dirmngr-client.c:395 src/dirmngr-client.c:980
+#: src/dirmngr-client.c:395 src/dirmngr-client.c:991
 #, c-format
 msgid "certificate check failed: %s\n"
 msgstr ""
@@ -1567,16 +1590,16 @@
 msgid "can't connect to the dirmngr: %s\n"
 msgstr ""
 
-#: src/dirmngr-client.c:772
+#: src/dirmngr-client.c:779
 #, c-format
 msgid "unsupported inquiry `%s'\n"
 msgstr ""
 
-#: src/dirmngr-client.c:864
+#: src/dirmngr-client.c:875
 msgid "absolute file name expected\n"
 msgstr ""
 
-#: src/dirmngr-client.c:907
+#: src/dirmngr-client.c:918
 #, c-format
 msgid "looking up `%s'\n"
 msgstr ""

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/ChangeLog	2006-08-30 20:40:15 UTC (rev 230)
@@ -1,3 +1,27 @@
+2006-08-30  Werner Koch  <wk@g10code.com>
+
+	* validate.c (check_cert_sig): Workaround for rimemd160.
+	(allowed_ca): Always allow trusted CAs.
+
+	* dirmngr.h (cert_ref_t): New. 
+	(struct server_control_s): Add field OCSP_CERTS.
+	* server.c (start_command_handler): Release new field
+	* ocsp.c (release_ctrl_ocsp_certs): New.
+	(check_signature): Store certificates in OCSP_CERTS.
+
+	* certcache.c (find_issuing_cert): Reset error if cert was found
+	by subject.
+	(put_cert): Add new arg FPR_BUFFER.  Changed callers.
+	(cache_cert_silent): New.
+
+	* dirmngr.c (parse_rereadable_options): New options
+	--ocsp-max-clock-skew and --ocsp-current-period.
+	* ocsp.c (ocsp_isvalid): Use them here.
+
+	* ocsp.c (validate_responder_cert): New optional arg signer_cert.
+	(check_signature_core): Ditto.
+	(check_signature): Apss the default signer certificate here.
+
 2006-06-27  Werner Koch  <wk@g10code.com>
 
 	* dirmngr-client.c (inq_cert): Take care of SENDCERT_SKI.

Modified: trunk/src/certcache.c
===================================================================
--- trunk/src/certcache.c	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/certcache.c	2006-08-30 20:40:15 UTC (rev 230)
@@ -199,13 +199,19 @@
 
 
 /* Put the certificate CERT into the cache.  It is assumed that the
-   cache is locked while this function is called. */
+   cache is locked while this function is called. If FPR_BUFFER is not
+   NULL the fingerprint of the certificate will be stored there.
+   FPR_BUFFER neds to point to a buffer of at least 20 bytes. The
+   fingerprint will be stored on success or when the function returns
+   gpg_err_code(GPG_ERR_DUP_VALUE). */
 static gpg_error_t
-put_cert (ksba_cert_t cert, int is_loaded, int is_trusted)
+put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer)
 {
-  unsigned char fpr[20];
+  unsigned char help_fpr_buffer[20], *fpr;
   cert_item_t ci;
 
+  fpr = fpr_buffer? fpr_buffer : &help_fpr_buffer;
+
   /* If we already reached the caching limit, drop a couple of certs
      from the cache.  Our dropping strategy is simple: We keep a
      static index counter and use this to start looking for
@@ -360,7 +366,7 @@
           continue;
         }
 
-      err = put_cert (cert, 1, are_trusted);
+      err = put_cert (cert, 1, are_trusted, NULL);
       if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
         log_info (_("certificate `%s' already cached\n"), fname);
       else if (!err)
@@ -468,20 +474,38 @@
   gpg_error_t err;
 
   acquire_cache_write_lock ();
-  err = put_cert (cert, 0, 0);
+  err = put_cert (cert, 0, 0, NULL);
   release_cache_lock ();
   if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
     log_info (_("certificate already cached\n"));
   else if (!err)
     log_info (_("certificate cached\n"));
   else
-    log_error (_("error caching certificate: %s\n"),
-               gpg_strerror (err));
+    log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
   return err;
 }
 
 
+/* Put CERT into the certificate cache and store the fingerprint of
+   the certificate into FPR_BUFFER.  If the certificate is already in
+   the cache do not print a warning; just store the
+   fingerprint. FPR_BUFFER needs to be at least 20 bytes. */
+gpg_error_t
+cache_cert_silent (ksba_cert_t cert, void *fpr_buffer)
+{
+  gpg_error_t err;
 
+  acquire_cache_write_lock ();
+  err = put_cert (cert, 0, 0, fpr_buffer);
+  release_cache_lock ();
+  if (gpg_err_code (err) == GPG_ERR_DUP_VALUE)
+    err = 0;
+  if (err)
+    log_error (_("error caching certificate: %s\n"), gpg_strerror (err));
+  return err;
+}
+
+
 
 /* Return a certificate object for the given fingerprint.  FPR is
    expected to be a 20 byte binary SHA-1 fingerprint.  If no matching
@@ -757,6 +781,37 @@
   cert_fetch_context_t context = NULL;
   ksba_sexp_t subj;
 
+  /* If we have certificates from an OCSP request we first try to use
+     them.  This is because these certificates will really be the
+     required ones and thus even in the case that they can't be
+     uniquely located by the following code we can use them.  This is
+     for example required by Telesec certificates where a keyId is
+     used but the issuer certificate comes without a subject keyId! */
+  if (ctrl->ocsp_certs)
+    {
+      cert_item_t ci;
+      cert_ref_t cr;
+      int i;
+
+      /* For efficiency reasons we won't use get_cert_bysubject here. */
+      acquire_cache_read_lock ();
+      for (i=0; i < 256; i++)
+        for (ci=cert_cache[i]; ci; ci = ci->next)
+          if (ci->cert && ci->subject_dn
+              && !strcmp (ci->subject_dn, subject_dn))
+            for (cr=ctrl->ocsp_certs; cr; cr = cr->next)
+              if (!memcmp (ci->fpr, cr->fpr, 20))
+                {
+                  ksba_cert_ref (ci->cert);
+                  release_cache_lock ();
+                  return ci->cert; /* We use this certificate. */
+                }
+      release_cache_lock ();
+      if (DBG_LOOKUP)
+        log_debug ("find_cert_bysubject: certificate not in ocsp_certs\n");
+    }
+
+
   /* First we check whether the certificate is cached.  */
   for (seq=0; (cert = get_cert_bysubject (subject_dn, seq)); seq++)
     {
@@ -774,6 +829,8 @@
   if (cert)
     return cert; /* Done.  */
 
+  if (DBG_LOOKUP)
+    log_debug ("find_cert_bysubject: certificate not in cache\n");
 
   /* Ask back to the service requester to return the certificate.
      This is because we can assume that he already used the
@@ -989,6 +1046,8 @@
   if (err || !issuer_cert)
     {
       issuer_cert = get_cert_bysubject (issuer_dn, 0);
+      if (issuer_cert)
+        err = 0;
     }
 
  leave:  

Modified: trunk/src/certcache.h
===================================================================
--- trunk/src/certcache.h	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/certcache.h	2006-08-30 20:40:15 UTC (rev 230)
@@ -40,6 +40,9 @@
 /* Put CERT into the certificate cache.  */
 gpg_error_t cache_cert (ksba_cert_t cert);
 
+/* Put CERT into the certificate cache and return the fingerprint. */
+gpg_error_t cache_cert_silent (ksba_cert_t cert, void *fpr_buffer);
+
 /* Return 0 if the certificate is a trusted certificate. Returns
    GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
    case of systems errors. */

Modified: trunk/src/dirmngr.c
===================================================================
--- trunk/src/dirmngr.c	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/dirmngr.c	2006-08-30 20:40:15 UTC (rev 230)
@@ -1,6 +1,6 @@
 /* dirmngr.c - LDAP access
  *	Copyright (C) 2002 Klar?lvdalens Datakonsult AB
- *      Copyright (C) 2003, 2004 g10 Code GmbH
+ *      Copyright (C) 2003, 2004, 2006 g10 Code GmbH
  *
  * This file is part of DirMngr.
  *
@@ -90,6 +90,8 @@
   oLDAPAddServers,
   oOCSPResponder,
   oOCSPSigner,
+  oOCSPMaxClockSkew,
+  oOCSPCurrentPeriod,
   oMaxReplies,
   oFakedSystemTime,
   oForce,
@@ -156,6 +158,8 @@
 
   { oOCSPResponder, "ocsp-responder", 2, N_("|URL|use OCSP responder at URL")},
   { oOCSPSigner, "ocsp-signer", 2, N_("|FPR|OCSP response signed by FPR")}, 
+  { oOCSPMaxClockSkew, "ocsp-max-clock-skew", 1, "@" },
+  { oOCSPCurrentPeriod, "ocsp-current-period", 1, "@" },
 
   { oMaxReplies, "max-replies", 1,
     N_("|N|do not return more than N items in one query")},
@@ -217,7 +221,7 @@
       case 11: p = "dirmngr";
 	break;
       case 13: p = VERSION; break;
-      case 14: p = "Copyright (C) 2004 g10 Code GmbH"; break;
+      case 14: p = "Copyright (C) 2006 g10 Code GmbH"; break;
       case 17: p = PRINTABLE_OS_NAME; break;
       case 19: p =
 	    _("Please report bugs to <gpa-dev@gnupg.org>.\n");
@@ -401,6 +405,8 @@
       opt.allow_ocsp = 0;
       opt.ocsp_responder = NULL;
       opt.ocsp_signer = NULL; 
+      opt.ocsp_max_clock_skew = 10 * 60;      /* 10 minutes.  */
+      opt.ocsp_current_period = 3 * 60 * 60;  /* 3 hours. */
       opt.max_replies = DEFAULT_MAX_REPLIES;
       return 1;
     }
@@ -445,6 +451,8 @@
     case oAllowOCSP: opt.allow_ocsp = 1; break;
     case oOCSPResponder: opt.ocsp_responder = pargs->r.ret_str; break;
     case oOCSPSigner:    opt.ocsp_signer = pargs->r.ret_str; break;
+    case oOCSPMaxClockSkew: opt.ocsp_max_clock_skew = pargs->r.ret_int; break;
+    case oOCSPCurrentPeriod: opt.ocsp_current_period = pargs->r.ret_int; break;
 
     case oMaxReplies: opt.max_replies = pargs->r.ret_int; break;
 
@@ -541,7 +549,7 @@
   /* Reset rereadable options to default values. */
   parse_rereadable_options (NULL, 0); 
 
-  /* LDAP defaults */
+  /* LDAP defaults.  */
   opt.add_new_ldapservers = 0;
   opt.ldaptimeout = DEFAULT_LDAP_TIMEOUT;
 

Modified: trunk/src/dirmngr.h
===================================================================
--- trunk/src/dirmngr.h	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/dirmngr.h	2006-08-30 20:40:15 UTC (rev 230)
@@ -61,7 +61,8 @@
 
 
 /* A large struct name "opt" to keep global flags. */
-struct {
+struct 
+{
   unsigned int debug; /* debug flags (DBG_foo_VALUE) */
   int verbose;        /* verbosity level */
   int quiet;          /* be as quiet as possible */
@@ -103,7 +104,9 @@
   const char *ocsp_responder; /* Standard OCSP responder's URL. */
   const char *ocsp_signer;    /* The fingerprint of the standard OCSP
                                  responder signer's certificate. */
-
+  unsigned int ocsp_max_clock_skew;  /* Allowed seconds of clocks skew. */
+  unsigned int ocsp_current_period;  /* Seconds a response is
+                                        considered current. */
 } opt;
 
 
@@ -124,11 +127,20 @@
 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE)
 #define DBG_ASSUAN   (opt.debug & DBG_ASSUAN_VALUE)
 
+/* A simple list of certificate references. */
+struct cert_ref_s
+{
+  struct cert_ref_s *next;
+  unsigned char fpr[20];
+};
+typedef struct cert_ref_s *cert_ref_t;
 
 
+/* Control structure per connection. */
 struct server_local_s;
 
-struct server_control_s {
+struct server_control_s
+{
   int refcount;      /* Count additional references to this object.  */
   int no_server;     /* We are not running under server control. */
   int status_fd;     /* Only for non-server mode. */
@@ -136,6 +148,8 @@
   int force_crl_refresh; /* Always load a fresh CRL. */
   
   int check_revocations_nest_level; /* Internal to check_revovations.  */
+  cert_ref_t ocsp_certs; /* Certificates from the current OCSP
+                            response. */
 };
 
 typedef struct server_control_s *ctrl_t;

Modified: trunk/src/ocsp.c
===================================================================
--- trunk/src/ocsp.c	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/ocsp.c	2006-08-30 20:40:15 UTC (rev 230)
@@ -36,6 +36,20 @@
 #define MAX_RESPONSE_SIZE 65536
 
 
+static const char oidstr_ocsp[] = "1.3.6.1.5.5.7.48.1";
+
+
+/* Telesec attribute used to implement a positive confirmation. 
+
+   CertHash ::= SEQUENCE {
+      HashAlgorithm    AlgorithmIdentifier,
+      certificateHash OCTET STRING }
+ */
+static const char oidstr_certHash[] = "1.3.36.8.3.13";
+
+
+
+
 /* Read from FP and return a newly allocated buffer in R_BUFFER with the
    entire data read from FP. */
 static gpg_error_t
@@ -241,15 +255,30 @@
 }
 
 
-/* Validate that CERT is indeed valid to sign an OCSP response. */
+/* Validate that CERT is indeed valid to sign an OCSP response. If
+   signer_fpr is not NULL we simply check that CERT matches this
+   fingerprint. */
 static gpg_error_t
-validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert)
+validate_responder_cert (ctrl_t ctrl, ksba_cert_t cert, const char *signer_fpr)
 {
   gpg_error_t err;
   char *fpr;
 
-  if (opt.system_daemon)
+  if (signer_fpr)
     {
+      fpr = (strchr (signer_fpr, ':')
+             ? get_fingerprint_hexstring_colon (cert)
+             : get_fingerprint_hexstring (cert));
+      if (ascii_strcasecmp (signer_fpr, fpr))
+        {
+          log_error (_("not signed by default OCSP signer certificate"));
+          err = gpg_error (GPG_ERR_BAD_CA_CERT);
+        }
+      else
+        err = 0;
+    }
+  else if (opt.system_daemon)
+    {
       err = validate_cert_chain (ctrl, cert, NULL, VALIDATE_MODE_OCSP);
     }
   else
@@ -283,7 +312,7 @@
 /* Helper for check_signature. */
 static int
 check_signature_core (ctrl_t ctrl, ksba_cert_t cert, gcry_sexp_t s_sig,
-                      gcry_sexp_t s_hash)
+                      gcry_sexp_t s_hash, const char *signer_fpr)
 {
   gpg_error_t err;
   ksba_sexp_t pubkey;
@@ -298,7 +327,7 @@
   if (!err)
     err = gcry_pk_verify (s_sig, s_hash, s_pkey);
   if (!err)
-    err = validate_responder_cert (ctrl, cert);
+    err = validate_responder_cert (ctrl, cert, signer_fpr);
   if (!err)
     {
       gcry_sexp_release (s_pkey);
@@ -344,16 +373,19 @@
       return err;
     }
 
+  /* Get rid of old OCSP specific certificate references. */
+  release_ctrl_ocsp_certs (ctrl);
+
   if (signer_fpr)
     {
-      /* We should use the default OCSP reponder's certificate.  Get
-         it from the fingerprint. */
+      /* We use the default OCSP responder's certificate.  Get it from
+         the fingerprint. */
       cert = get_cert_byhexfpr (signer_fpr);
       if (!cert)
         cert = get_cert_local (ctrl, signer_fpr);
       if (cert)
         {
-          err = check_signature_core (ctrl, cert, s_sig, s_hash);
+          err = check_signature_core (ctrl, cert, s_sig, s_hash, signer_fpr);
           ksba_cert_release (cert);
           cert = NULL;
           if (!err)
@@ -365,6 +397,29 @@
     }
   else
     {
+      /* Put all certificates included in the response into the cache
+         and setup a list of those certificate which will later
+         preferred used when locating the issuer certificates.  */
+      /* It turned out that thsi is not yet required, so we disable
+         the code here. */
+/*       for (cert_idx=0; (cert = ksba_ocsp_get_cert (ocsp, cert_idx)); */
+/*            cert_idx++) */
+/*         { */
+/*           cert_ref_t cref; */
+
+/*           cref = xtrymalloc (sizeof *cref); */
+/*           if (!cref) */
+/*             log_error (_("allocating list item failed: %s\n"), */
+/*                        gcry_strerror (err)); */
+/*           else if (!cache_cert_silent (cert, &cref->fpr)) */
+/*             { */
+/*               cref->next = ctrl->ocsp_certs; */
+/*               ctrl->ocsp_certs = cref; */
+/*             } */
+/*           else */
+/*             xfree (cref); */
+/*         } */
+
       /* As of now we rely on having a valid certificate in the response.
          Obviously this may not be true in all cases and thus we should
          get the responder ID and try to locate the certificate by other
@@ -372,7 +427,7 @@
       for (cert_idx=0; (cert = ksba_ocsp_get_cert (ocsp, cert_idx));
            cert_idx++)
         {
-          err = check_signature_core (ctrl, cert, s_sig, s_hash);
+          err = check_signature_core (ctrl, cert, s_sig, s_hash, NULL);
           ksba_cert_release (cert);
           cert = NULL;
           if (!err)
@@ -465,7 +520,7 @@
          && !(err=ksba_cert_get_authority_info_access (cert, idx,
                                                        &oid, &name)); idx++)
     {
-      if ( !strcmp (oid, "1.3.6.1.5.5.7.48.1") )
+      if ( !strcmp (oid, oidstr_ocsp) )
         {
           for (i=0; !url && ksba_name_enum (name, i); i++)
             {
@@ -604,9 +659,9 @@
     err = gpg_error (GPG_ERR_GENERAL);
 
   get_isotime (current_time);
-  /* Allow for 10 minutes of clock skew. Note, that NEXT_UPDATE is
+  /* Allow for some clock skew. Note, that NEXT_UPDATE is
      optional. */
-  add_isotime (current_time, 10 * 60);
+  add_isotime (current_time, opt.ocsp_max_clock_skew);
   if (*next_update && strcmp (next_update, current_time) < 0 )
     {
       log_error (_("OCSP responder returned an too old status\n"));
@@ -614,11 +669,9 @@
       if (!err)
         err = gpg_error (GPG_ERR_TIME_CONFLICT);
     }
-  /* Check that THIS_UPDATE is not too far back in the past.  We
-     currently use 3 hours (the extra 10 minutes are for the time
-     adjust above). */
+  /* Check that THIS_UPDATE is not too far back in the past. */
   copy_time (tmp_time, this_update);
-  add_isotime (this_update, 3 * 60 * 60 + 10 * 60);
+  add_isotime (this_update, opt.ocsp_current_period + opt.ocsp_max_clock_skew);
   if (!*this_update || strcmp (this_update, current_time) < 0 )
     {
       log_error (_("OCSP responder returned a non-current status\n"));
@@ -639,3 +692,14 @@
 }
 
 
+/* Release the list of OCSP certificates hold in the CTRL object. */
+void
+release_ctrl_ocsp_certs (ctrl_t ctrl)
+{
+  while (ctrl->ocsp_certs)
+    {
+      cert_ref_t tmp = ctrl->ocsp_certs->next;
+      xfree (ctrl->ocsp_certs);
+      ctrl->ocsp_certs = tmp;
+    }
+}

Modified: trunk/src/ocsp.h
===================================================================
--- trunk/src/ocsp.h	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/ocsp.h	2006-08-30 20:40:15 UTC (rev 230)
@@ -23,4 +23,7 @@
 
 gpg_error_t ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr);
 
+/* Release the list of OCSP certificates hold in the CTRL object. */
+void release_ctrl_ocsp_certs (ctrl_t ctrl);
+
 #endif /*OCSP_H*/

Modified: trunk/src/server.c
===================================================================
--- trunk/src/server.c	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/server.c	2006-08-30 20:40:15 UTC (rev 230)
@@ -1078,6 +1078,7 @@
                ctrl->refcount);
   else
     {
+      release_ctrl_ocsp_certs (ctrl);
       xfree (ctrl->server_local);
       xfree (ctrl);
     }

Modified: trunk/src/validate.c
===================================================================
--- trunk/src/validate.c	2006-06-27 11:12:17 UTC (rev 229)
+++ trunk/src/validate.c	2006-08-30 20:40:15 UTC (rev 230)
@@ -175,8 +175,22 @@
     return err;
   if (!flag)
     {
-      log_error (_("issuer certificate is not marked as a CA"));
-      return gpg_error (GPG_ERR_BAD_CA_CERT);
+      if (!is_trusted_cert (cert))
+        {
+          /* The German SigG Root CA's certificate does not flag
+             itself as a CA; thus we relax this requirement if we
+             trust a root CA.  I think this is reasonable.  Note, that
+             gpgsm implements a far stricter scheme here. */
+          if (chainlen)
+            *chainlen = 3; /* That is what the SigG implements. */
+          if (opt.verbose)
+            log_info (_("accepting root CA not marked as a CA"));
+        }
+      else
+        {
+          log_error (_("issuer certificate is not marked as a CA"));
+          return gpg_error (GPG_ERR_BAD_CA_CERT);
+        }
     }
   return 0;
 }
@@ -749,7 +763,11 @@
       log_error (_("unknown hash algorithm `%s'\n"), algoid? algoid:"?");
       return gpg_error (GPG_ERR_GENERAL);
     }
-  s = gcry_md_algo_name (algo);
+  /* At some point in time a bug slipped into Libgcrypt returning
+     "ripemd160" as canonical name but only accepting "rmd160" in
+     pk_verify.  This will be fixed in libgcrypt 1.2.4 but we use a
+     workaround here. */
+  s = (algo == GCRY_MD_RMD160)? "rmd160": gcry_md_algo_name (algo);
   for (i=0; *s && i < sizeof algo_name - 1; s++, i++)
     algo_name[i] = tolower (*s);
   algo_name[i] = 0;   


From cvs at cvs.gnupg.org  Thu Aug 31 17:47:50 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu Aug 31 17:04:23 2006
Subject: [svn] ksba - r254 - in trunk: . src tests
Message-ID: <E1GIo5W-0005o6-KV@trithemius.gnupg.org>

Author: wk
Date: 2006-08-31 17:47:49 +0200 (Thu, 31 Aug 2006)
New Revision: 254

Modified:
   trunk/ChangeLog
   trunk/NEWS
   trunk/README
   trunk/TODO
   trunk/configure.ac
   trunk/src/ChangeLog
   trunk/src/crl.c
   trunk/src/ksba-config.in
   trunk/src/ksba.h
   trunk/src/ksba.m4
   trunk/src/ocsp.c
   trunk/src/ocsp.h
   trunk/tests/ChangeLog
   trunk/tests/t-common.h
   trunk/tests/t-ocsp.c
Log:
Preparing the 1.0 release


Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/ChangeLog	2006-08-31 15:47:49 UTC (rev 254)
@@ -1,3 +1,12 @@
+2006-08-31  Werner Koch  <wk@g10code.com>
+
+	Released 1.0.0.
+	
+	* configure.ac: Bumped LT version to C17/A9/R0.
+	
+	* configure.ac: Require libgpg-error 1.2. Removed test on
+	GPG_ERR_UNKNOWN_CRIT_EXTN.
+
 2006-08-01  Werner Koch  <wk@g10code.com>
 
 	Released 0.9.16.

Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/NEWS	2006-08-31 15:47:49 UTC (rev 254)
@@ -1,13 +1,19 @@
-Noteworthy changes in version 0.9.17
+Noteworthy changes in version 1.0.0 (2006-08-31)
 -------------------------------------------------
 
  * OCSP nonces are now checked to detect replay attacks.
 
  * OCSP extensions may no be retrieved.
 
+ * Implemented ksba_ocsp_get_responder_id which used to always return
+   an error code not_implemented.  Thus we can assume that the
+   function has never been used and we don't need to see this as an
+   API break.
+
  * Interface changes relative to the 0.9.16 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ksba_ocsp_get_extension        NEW
+ ksba_ocsp_get_responder_id     CHANGED: No ABI break.
 
 
 Noteworthy changes in version 0.9.16 (2006-08-01)

Modified: trunk/README
===================================================================
--- trunk/README	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/README	2006-08-31 15:47:49 UTC (rev 254)
@@ -1,7 +1,7 @@
                                LIBKSBA
                               ---------
 
-                     Copyright 2001 g10 Code GmbH
+                  Copyright 2001, 2006 g10 Code GmbH
 
 This file is free software; as a special exception the author gives
 unlimited permission to copy and/or distribute it, with or without
@@ -41,8 +41,9 @@
 
 A standard info format reference manual is included.  However the OCSP
 feature has not yet been documented.  See the comments in src/ocsp.c
-and the example tests/t-ocsp.c.  The program dirmngr uses the ocsp
-feature and may be used as another example.
+and the example tests/t-ocsp.c.  The package dirmngr make extensive
+use of the ocsp feature and may be used as another example.
 
 
 
+

Modified: trunk/TODO
===================================================================
--- trunk/TODO	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/TODO	2006-08-31 15:47:49 UTC (rev 254)
@@ -51,4 +51,3 @@
 ** The ASN.1 parse tree is not released in all places
 ** Some memory is not released in case of errors.
 
-* Implement ksba_ocsp_get_extension!!!!

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/configure.ac	2006-08-31 15:47:49 UTC (rev 254)
@@ -26,8 +26,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [0.9.17])
-m4_define([my_issvn], [yes])
+m4_define([my_version], [1.0.0])
+m4_define([my_issvn], [no])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
           || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
@@ -39,16 +39,17 @@
 #   (Interfaces added:      CURRENT++, AGE++, REVISION=0)
 #   (No interfaces changed:                   REVISION++)
 # Please remember to document interface changes in the NEWS file.
-LIBKSBA_LT_CURRENT=16
-LIBKSBA_LT_AGE=8
+LIBKSBA_LT_CURRENT=17
+LIBKSBA_LT_AGE=9
 LIBKSBA_LT_REVISION=0
 #-------------------
+# If the API is changed in an incompatible way: increment the next counter.
+KSBA_CONFIG_API_VERSION=1
 
-# fixme: When bouncing this to a newer version, you check whether the
-# declaration tests for some symbols can be removed.
-NEED_GPG_ERROR_VERSION=0.7
 
+NEED_GPG_ERROR_VERSION=1.2
 
+
 PACKAGE=$PACKAGE_NAME
 VERSION=$PACKAGE_VERSION
 
@@ -136,10 +137,6 @@
   AC_MSG_ERROR([libgpg-error is needed.
                 See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .])
 fi
-_tmp_gpg_error_save_cflags="$CFLAGS"
-CFLAGS="$CFLAGS $GPG_ERROR_CFLAGS"
-AC_CHECK_DECLS(GPG_ERR_UNKNOWN_CRIT_EXTN,,,[#include <gpg-error.h>])
-CFLAGS="${_tmp_gpg_error_save_cflags}"
 
 AC_DEFINE(GPG_ERR_SOURCE_DEFAULT, GPG_ERR_SOURCE_KSBA,
           [The default error source for libksba.])
@@ -173,6 +170,7 @@
 KSBA_CONFIG_CFLAGS=""
 AC_SUBST(KSBA_CONFIG_LIBS)
 AC_SUBST(KSBA_CONFIG_CFLAGS)
+AC_SUBST(KSBA_CONFIG_API_VERSION)
 
 # The Makefiles need to know about cross compiling
 AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)

Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/src/ChangeLog	2006-08-31 15:47:49 UTC (rev 254)
@@ -1,3 +1,28 @@
+2006-08-31  Werner Koch  <wk@g10code.com>
+
+	* ocsp.h (struct ocsp_extension_s): New.
+	* ocsp.c (extract_nonce): Renamed to ..
+	(parse_response_extensions): .. this. Extended to save all
+	extensions.
+	(release_ocsp_extensions): New.
+	(ksba_ocsp_release): Release new extension data.
+	(ksba_ocsp_parse_response): Reset extesnion data.
+	(parse_optional_boolean): New.
+	(parse_single_extensions): New.
+
+	* ksba.m4: Implement --api-version check.
+	* ksba-config.in (echo_api_version): New option --api-version.
+
+	* crl.c (GPG_ERR_UNKNOWN_CRIT_EXTN): Removed definition as we now
+	require a decent libgpg-error.
+
+	* ocsp.c (ksba_ocsp_get_responder_id): Implemented.  Changed NAME
+	from ksba_name_t* to char** and SHA1KEYHASH from unsigned char* to
+	ksba_sexp_t*.  Given that the function has always returned an
+	not_implemented error code and thus was not useful at all, we
+	don't consider this as an ABI change (still pointers) and the API
+	change is not real as this function was never useful.
+
 2006-08-30  Werner Koch  <wk@g10code.com>
 
 	* ocsp.c (extract_nonce): New.

Modified: trunk/src/crl.c
===================================================================
--- trunk/src/crl.c	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/src/crl.c	2006-08-31 15:47:49 UTC (rev 254)
@@ -35,9 +35,6 @@
 #include "ber-decoder.h"
 #include "crl.h"
 
-#if !HAVE_DECL_GPG_ERR_UNKNOWN_CRIT_EXTN
-#define GPG_ERR_UNKNOWN_CRIT_EXTN  172
-#endif
 
 static const char oidstr_crlNumber[] = "2.5.29.20";
 static const char oidstr_crlReason[] = "2.5.29.21";

Modified: trunk/src/ksba-config.in
===================================================================
--- trunk/src/ksba-config.in	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/src/ksba-config.in	2006-08-31 15:47:49 UTC (rev 254)
@@ -14,6 +14,8 @@
 cflags="@KSBA_CONFIG_CFLAGS@ @GPG_ERROR_CFLAGS@"
 prefix=@prefix@
 exec_prefix=@exec_prefix@
+api_version="@KSBA_CONFIG_API_VERSION@"
+
 includes=""
 libdirs=""
 exec_prefix_set=no
@@ -21,6 +23,7 @@
 echo_cflags=no
 echo_prefix=no
 echo_exec_prefix=no
+echo_api_version=no
 
 
 usage()
@@ -31,6 +34,7 @@
 	[--prefix[=DIR]]
 	[--exec-prefix[=DIR]]
 	[--version]
+        [--api-version]
 	[--libs]
 	[--cflags]
 EOF
@@ -68,6 +72,9 @@
       echo "@VERSION@"
       exit 0
       ;;
+    --api-version)
+      echo_api_version=yes
+      ;;
     --cflags)
       echo_cflags=yes
       ;;
@@ -89,6 +96,10 @@
     echo $exec_prefix
 fi
 
+if test "$echo_api_version" = "yes"; then
+    echo "$api_version"
+fi
+
 if test "$echo_cflags" = "yes"; then
     includes=""
     if test "@includedir@" != "/usr/include" ; then

Modified: trunk/src/ksba.h
===================================================================
--- trunk/src/ksba.h	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/src/ksba.h	2006-08-31 15:47:49 UTC (rev 254)
@@ -1,5 +1,5 @@
 /* ksba.h - X509 library for the Aegypten project
- *      Copyright (C) 2001, 2002, 2003, 2004, 2005 g10 Code GmbH
+ *      Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 g10 Code GmbH
  *
  * This file is part of KSBA.
  *
@@ -390,8 +390,8 @@
 ksba_sexp_t ksba_ocsp_get_sig_val (ksba_ocsp_t ocsp,
                                    ksba_isotime_t produced_at);
 gpg_error_t ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
-                                        ksba_name_t *name,
-                                        unsigned char *sha1keyhash);
+                                        char **r_name,
+                                        ksba_sexp_t *r_keyid);
 ksba_cert_t ksba_ocsp_get_cert (ksba_ocsp_t ocsp, int idx);
 gpg_error_t ksba_ocsp_get_status (ksba_ocsp_t ocsp, ksba_cert_t cert,
                                   ksba_status_t *r_status,
@@ -402,7 +402,8 @@
 gpg_error_t ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert,
                                      int idx,
                                      char const **r_oid, int *r_crit,
-                                     size_t *r_deroff, size_t *r_derlen);
+                                     unsigned char const **r_der, 
+                                     size_t *r_derlen);
 
 
 /*-- certreq.c --*/

Modified: trunk/src/ksba.m4
===================================================================
--- trunk/src/ksba.m4	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/src/ksba.m4	2006-08-31 15:47:49 UTC (rev 254)
@@ -13,6 +13,12 @@
 dnl AM_PATH_KSBA([MINIMUM-VERSION,
 dnl              [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
 dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.0.7 won't pass the test unless the installed 
+dnl version of libksba is at least 1.0.7 *and* the API number is 1.  Using
+dnl this features allows to prevent build against newer versions of libksba
+dnl with a changed API.
 dnl
 AC_DEFUN([AM_PATH_KSBA],
 [ AC_ARG_WITH(ksba-prefix,
@@ -27,7 +33,15 @@
   fi
 
   AC_PATH_PROG(KSBA_CONFIG, ksba-config, no)
-  min_ksba_version=ifelse([$1], ,0.4.4,$1)
+  tmp=ifelse([$1], ,1:1.0.0,$1)
+  if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+     req_ksba_api=`echo "$tmp"     | sed 's/\(.*\):\(.*\)/\1/'`
+     min_ksba_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+  else
+     req_ksba_api=0
+     min_ksba_version="$tmp"
+  fi
+
   AC_MSG_CHECKING(for KSBA - version >= $min_ksba_version)
   ok=no
   if test "$KSBA_CONFIG" != "no" ; then
@@ -61,14 +75,33 @@
     fi
   fi
   if test $ok = yes; then
+    AC_MSG_RESULT(yes)
+  else
+    AC_MSG_RESULT(no)
+  fi
+  if test $ok = yes; then
+     # Even if we have a recent libksba, we should check that the
+     # API is compatible.
+     if test "$req_ksba_api" -gt 0 ; then
+        tmp=`$KSBA_CONFIG --api-version 2>/dev/null || echo 0`
+        if test "$tmp" -gt 0 ; then
+           AC_MSG_CHECKING([KSBA API version])
+           if test "$req_ksba_api" -eq "$tmp" ; then
+             AC_MSG_RESULT(okay)
+           else
+             ok=no
+             AC_MSG_RESULT([does not match.  want=$req_ksba_api got=$tmp.])
+           fi
+        fi
+     fi
+  fi
+  if test $ok = yes; then
     KSBA_CFLAGS=`$KSBA_CONFIG $ksba_config_args --cflags`
     KSBA_LIBS=`$KSBA_CONFIG $ksba_config_args --libs`
-    AC_MSG_RESULT(yes)
     ifelse([$2], , :, [$2])
   else
     KSBA_CFLAGS=""
     KSBA_LIBS=""
-    AC_MSG_RESULT(no)
     ifelse([$3], , :, [$3])
   fi
   AC_SUBST(KSBA_CFLAGS)

Modified: trunk/src/ocsp.c
===================================================================
--- trunk/src/ocsp.c	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/src/ocsp.c	2006-08-31 15:47:49 UTC (rev 254)
@@ -143,7 +143,44 @@
   return err;
 }
 
+
+/* Note that R_BOOL will only be set if a value has been given. Thus
+   the caller should set it to the default value prior to calling this
+   function.  Obviously no call to parse_skip is required after
+   calling this function. */
 static gpg_error_t
+parse_optional_boolean (unsigned char const **buf, size_t *len, int *r_bool)
+{
+  gpg_error_t err;
+  struct tag_info ti;
+
+  err = _ksba_ber_parse_tl (buf, len, &ti);
+  if (err)
+    ;
+  else if (!ti.length)
+    err = gpg_error (GPG_ERR_TOO_SHORT);
+  else if (ti.length > *len)
+    err = gpg_error (GPG_ERR_BAD_BER);
+  else if (ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_BOOLEAN
+           && !ti.is_constructed)
+    { 
+      if (ti.length != 1)
+        err = gpg_error (GPG_ERR_BAD_BER);
+      *r_bool = !!**buf;
+      parse_skip (buf, len, &ti);
+    }
+  else
+    { /* Undo the read. */
+      *buf -= ti.nhdr;
+      *len += ti.nhdr;
+    }
+
+  return err;
+}
+
+
+
+static gpg_error_t
 parse_object_id_into_str (unsigned char const **buf, size_t *len, char **oid)
 {
   struct tag_info ti;
@@ -238,6 +275,18 @@
 }
 
 
+static void
+release_ocsp_extensions (struct ocsp_extension_s *ex)
+{
+  while (ex)
+    {
+      struct ocsp_extension_s *tmp = ex->next;
+      xfree (ex);
+      ex = tmp;
+    }
+}
+
+
 /* Release the OCSP object and all its resources. Passing NULL for
    OCSP is a valid nop. */
 void
@@ -254,10 +303,14 @@
       ocsp->requestlist = ri->next;
       ksba_cert_release (ri->cert);
       ksba_cert_release (ri->issuer_cert);
+      release_ocsp_extensions (ri->single_extensions);
       xfree (ri->serialno);
     }
   xfree (ocsp->sigval);
+  xfree (ocsp->responder_id.name);
+  xfree (ocsp->responder_id.keyid);
   release_ocsp_certlist (ocsp->received_certs);
+  release_ocsp_extensions (ocsp->response_extensions);
   xfree (ocsp);
 }
 
@@ -775,8 +828,10 @@
 
 
 
-/* Extract the nonce from the extension sequence.  A typical data
-   ASN.1 blob passed to this function is:
+/* 
+   Parse the response extensions and store them aways.  While doing
+   this we also check the nonce extension.  A typical data ASN.1 blob
+   with only the nonce extension as passed to this function is:
 
     SEQUENCE {
       SEQUENCE {
@@ -790,19 +845,24 @@
 */
 
 static int
-extract_nonce (ksba_ocsp_t ocsp, const unsigned char *data, size_t datalen)
+parse_response_extensions (ksba_ocsp_t ocsp,
+                          const unsigned char *data, size_t datalen)
 {
   gpg_error_t err;
   struct tag_info ti;
   size_t length;
   char *oid = NULL;
 
+  assert (!ocsp->response_extensions);
   err = parse_sequence (&data, &datalen, &ti);
   if (err)
     goto leave;
   length = ti.length;
   while (length)
     {
+      struct ocsp_extension_s *ex;
+      int is_crit;
+
       err = parse_sequence (&data, &datalen, &ti);
       if (err)
         goto leave;
@@ -817,6 +877,10 @@
       err = parse_object_id_into_str (&data, &datalen, &oid);
       if (err)
         goto leave;
+      is_crit = 0;
+      err = parse_optional_boolean (&data, &datalen, &is_crit);
+      if (err)
+        goto leave;
       err = parse_octet_string (&data, &datalen, &ti);
       if (err)
         goto leave;
@@ -831,6 +895,21 @@
           else
             ocsp->good_nonce = 1;
         }
+      ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
+      if (!ex)
+        {
+          err = gpg_error_from_errno (errno);
+          goto leave;
+        }
+      ex->crit = is_crit;
+      strcpy (ex->data, oid);
+      ex->data[strlen (oid)] = 0;
+      ex->off = strlen (oid) + 1;
+      ex->len = ti.length;
+      memcpy (ex->data + ex->off, data, ti.length);
+      ex->next = ocsp->response_extensions;
+      ocsp->response_extensions = ex;
+
       parse_skip (&data, &datalen, &ti); /* Skip the octet string / integer. */
     }
 
@@ -840,6 +919,73 @@
 }
 
 
+/* 
+   Parse single extensions and store them away.
+*/
+static int
+parse_single_extensions (struct ocsp_reqitem_s *ri,
+                         const unsigned char *data, size_t datalen)
+{
+  gpg_error_t err;
+  struct tag_info ti;
+  size_t length;
+  char *oid = NULL;
+
+  assert (ri && !ri->single_extensions);
+  err = parse_sequence (&data, &datalen, &ti);
+  if (err)
+    goto leave;
+  length = ti.length;
+  while (length)
+    {
+      struct ocsp_extension_s *ex;
+      int is_crit;
+
+      err = parse_sequence (&data, &datalen, &ti);
+      if (err)
+        goto leave;
+      if (length < ti.nhdr + ti.length)
+        {
+          err = gpg_error (GPG_ERR_BAD_BER);
+          goto leave;
+        }
+      length -= ti.nhdr + ti.length;
+
+      xfree (oid);
+      err = parse_object_id_into_str (&data, &datalen, &oid);
+      if (err)
+        goto leave;
+      is_crit = 0;
+      err = parse_optional_boolean (&data, &datalen, &is_crit);
+      if (err)
+        goto leave;
+      err = parse_octet_string (&data, &datalen, &ti);
+      if (err)
+        goto leave;
+      ex = xtrymalloc (sizeof *ex + strlen (oid) + ti.length);
+      if (!ex)
+        {
+          err = gpg_error_from_errno (errno);
+          goto leave;
+        }
+      ex->crit = is_crit;
+      strcpy (ex->data, oid);
+      ex->data[strlen (oid)] = 0;
+      ex->off = strlen (oid) + 1;
+      ex->len = ti.length;
+      memcpy (ex->data + ex->off, data, ti.length);
+      ex->next = ri->single_extensions;
+      ri->single_extensions = ex;
+
+      parse_skip (&data, &datalen, &ti); /* Skip the octet string / integer. */
+    }
+
+ leave:
+  xfree (oid);
+  return err;
+}
+
+
 /* Parse the first part of a response:
 
      OCSPResponse ::= SEQUENCE {
@@ -1178,7 +1324,13 @@
     return gpg_error (GPG_ERR_BAD_BER);
   if (ti.class == CLASS_CONTEXT && ti.tag == 1  && ti.is_constructed)
     {
-      parse_skip (data, datalen, &ti); /* FIXME */
+      if (request_item)
+        {
+          err = parse_single_extensions (request_item, *data, ti.length);
+          if (err)
+            return err;
+        }
+      parse_skip (data, datalen, &ti);
     }
   else
     err = gpg_error (GPG_ERR_INV_OBJ);
@@ -1232,6 +1384,8 @@
     }
 
   /* The responderID field. */
+  assert (!ocsp->responder_id.name);
+  assert (!ocsp->responder_id.keyid);
   err = _ksba_ber_parse_tl (data, datalen, &ti);
   if (err)
     return err;
@@ -1239,11 +1393,24 @@
     return gpg_error (GPG_ERR_BAD_BER);
   else if (ti.class == CLASS_CONTEXT && ti.tag == 1  && ti.is_constructed)
     { /* byName. */
-      parse_skip (data, datalen, &ti);  /* FIXME */
+      err = _ksba_derdn_to_str (*data, ti.length, &ocsp->responder_id.name);
+      if (err)
+        return err; 
+      parse_skip (data, datalen, &ti);
     }
   else if (ti.class == CLASS_CONTEXT && ti.tag == 2  && ti.is_constructed)
     { /* byKey. */
-      parse_skip (data, datalen, &ti);  /* FIXME */
+      err = parse_octet_string (data, datalen, &ti);
+      if (err)
+        return err;
+      if (!ti.length)
+        return gpg_error (GPG_ERR_INV_OBJ); /* Zero length key id.  */
+      ocsp->responder_id.keyid = xtrymalloc (ti.length);
+      if (!ocsp->responder_id.keyid)
+        return gpg_error_from_errno (errno);
+      memcpy (ocsp->responder_id.keyid, *data, ti.length);
+      ocsp->responder_id.keyidlen = ti.length;
+      parse_skip (data, datalen, &ti); 
     }
   else
     err = gpg_error (GPG_ERR_INV_OBJ);
@@ -1274,7 +1441,7 @@
   err = parse_context_tag (data, datalen, &ti, 1);
   if (!err)
     {
-      err = extract_nonce (ocsp, *data, ti.length);
+      err = parse_response_extensions (ocsp, *data, ti.length);
       if (err)
         return err;
       parse_skip (data, datalen, &ti);
@@ -1439,16 +1606,20 @@
   if (!ocsp->requestlist)
     return gpg_error (GPG_ERR_MISSING_ACTION);
 
+  /* Reset the fields used to track the response.  This is so that we
+     can use the parse function a second time for the same
+     request. This is useful in case of a TryLater response status. */
   ocsp->response_status = KSBA_OCSP_RSPSTATUS_NONE;
   release_ocsp_certlist (ocsp->received_certs);
+  release_ocsp_extensions (ocsp->response_extensions);
   ocsp->received_certs = NULL;
   ocsp->hash_length = 0;
   ocsp->bad_nonce = 0;
   ocsp->good_nonce = 0;
-
-  /* Reset the fields used to track the response.  This is so that we
-     can use the parse function a second time for the same
-     request. This is useful in case of a TryLater response status. */
+  xfree (ocsp->responder_id.name);
+  ocsp->responder_id.name = NULL;
+  xfree (ocsp->responder_id.keyid);
+  ocsp->responder_id.keyid = NULL;
   for (ri=ocsp->requestlist; ri; ri = ri->next)
     {
       ri->status = KSBA_STATUS_NONE;
@@ -1456,8 +1627,10 @@
       *ri->next_update = 0;
       *ri->revocation_time = 0;
       ri->revocation_reason = 0;
+      release_ocsp_extensions (ri->single_extensions);
     }
 
+  /* Run the actual parser.  */
   err = parse_response (ocsp, msg, msglen);
   *response_status = ocsp->response_status;
 
@@ -1534,21 +1707,50 @@
 }
 
 
-/* Return the responder ID for the current response into NAME or into
-   the provided 20 byte buffer SHA1KEYHASH.  On sucess NAME either
-   contains the responder ID as a standard name or if NAME is NULL,
-   SHA1KEYHASH contains the hash of the public key.  SHA1KEYHASH may
-   be given as NULL if support for a KEYHASH is not intended.  Caller
-   must release NAME. */
+/* Return the responder ID for the current response into R_NAME or
+   into R_KEYID.  On sucess either R_NAME or R_KEYID will receive an
+   allocated object.  If R_NAME or R_KEYID has been passed as NULL but
+   a value is available the errorcode GPG_ERR_NO_DATA is returned.
+   Caller must release the values stored at R_NAME or R_KEYID; the
+   function stores NULL tehre in case of an error.  */
 gpg_error_t
 ksba_ocsp_get_responder_id (ksba_ocsp_t ocsp,
-                            ksba_name_t *name, unsigned char *sha1keyhash)
+                            char **r_name, ksba_sexp_t *r_keyid)
 {
+  if (r_name)
+    *r_name = NULL;
+  if (r_keyid)
+    *r_keyid = NULL;
+
   if (!ocsp)
     return gpg_error (GPG_ERR_INV_VALUE);
 
+  if (ocsp->responder_id.name && r_name)
+    {
+      *r_name = xtrystrdup (ocsp->responder_id.name);
+      if (!*r_name)
+        return gpg_error_from_errno (errno);
+    }
+  else if (ocsp->responder_id.keyid && r_keyid)
+    {
+      char numbuf[50];
+      size_t numbuflen;
 
-  return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+      sprintf (numbuf,"(%lu:", (unsigned long)ocsp->responder_id.keyidlen);
+      numbuflen = strlen (numbuf);
+      *r_keyid = xtrymalloc (numbuflen + ocsp->responder_id.keyidlen + 2);
+      if (!*r_keyid)
+        return gpg_error_from_errno (errno);
+      strcpy (*r_keyid, numbuf);
+      memcpy (*r_keyid+numbuflen,
+              ocsp->responder_id.keyid, ocsp->responder_id.keyidlen);
+      (*r_keyid)[numbuflen + ocsp->responder_id.keyidlen] = ')';
+      (*r_keyid)[numbuflen + ocsp->responder_id.keyidlen + 1] = 0;
+    }
+  else
+    gpg_error (GPG_ERR_NO_DATA);
+  
+  return 0;
 }
 
 
@@ -1628,40 +1830,56 @@
 }
 
 
+/* WARNING: The returned values ares only valid as long as no other
+   ocsp function is called on the same context.  */
 gpg_error_t
 ksba_ocsp_get_extension (ksba_ocsp_t ocsp, ksba_cert_t cert, int idx,
                          char const **r_oid, int *r_crit,
-                         size_t *r_deroff, size_t *r_derlen)
+                         unsigned char const **r_der, size_t *r_derlen)
 {
-  gpg_error_t err;
+  struct ocsp_extension_s *ex;
 
   if (!ocsp)
     return gpg_error (GPG_ERR_INV_VALUE);
   if (!ocsp->requestlist)
     return gpg_error (GPG_ERR_MISSING_ACTION);
+  if (idx < 0)
+    return gpg_error (GPG_ERR_INV_INDEX);
 
   if (cert)
     {
       /* Return extensions for the certificate (singleExtensions).  */
-/*       for (ri=ocsp->requestlist; ri; ri = ri->next) */
-/*         if (ri->cert == cert) */
-/*           break; */
-/*       if (!ri) */
-/*         return gpg_error (GPG_ERR_NOT_FOUND); */
+      struct ocsp_reqitem_s *ri;
 
-
+      for (ri=ocsp->requestlist; ri; ri = ri->next)
+        if (ri->cert == cert)
+          break;
+      if (!ri)
+        return gpg_error (GPG_ERR_NOT_FOUND);
+      
+      for (ex=ri->single_extensions; ex && idx; ex = ex->next, idx--)
+        ;
+      if (!ex)
+        return gpg_error (GPG_ERR_EOF); /* No more extensions. */
     }
   else
     {
       /* Return extensions for the response (responseExtensions).  */
-
-
-
+      for (ex=ocsp->response_extensions; ex && idx; ex = ex->next, idx--)
+        ;
+      if (!ex)
+        return gpg_error (GPG_ERR_EOF); /* No more extensions. */
     }
 
-  return gpg_error (GPG_ERR_EOF); 
+  if (r_oid)
+    *r_oid = ex->data;
+  if (r_crit)
+    *r_crit = ex->crit;
+  if (r_der)
+    *r_der = ex->data + ex->off;
+  if (r_derlen)
+    *r_derlen = ex->len;
 
-/*   if (idx < 0 || idx >= cert->cache.n_extns) */
-/*     return gpg_error (GPG_ERR_INV_INDEX); */
+  return 0;
 }
 

Modified: trunk/src/ocsp.h
===================================================================
--- trunk/src/ocsp.h	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/src/ocsp.h	2006-08-31 15:47:49 UTC (rev 254)
@@ -25,6 +25,25 @@
 #include "ksba.h"
 
 
+
+/* A structure to store certificates read from a response. */
+struct ocsp_certlist_s {
+  struct ocsp_certlist_s *next;
+  ksba_cert_t cert;
+};
+
+/* A structre to save a way extensions. */
+struct ocsp_extension_s 
+{
+  struct ocsp_extension_s *next;
+  size_t off;    /* Offset into DATA to the content of the octet string.  */
+  size_t len;    /* Length of the octet string. */
+  int crit;      /* IsCritical flag. */
+  char data[1];  /* This is made up of the OID string followed by the
+                    actual DER data of the extension. */
+};
+
+
 /* A structure to keep a information about a single status request. */
 struct ocsp_reqitem_s {
   struct ocsp_reqitem_s *next;
@@ -44,17 +63,9 @@
   ksba_status_t  status;               /* Set to the status of the target. */
   ksba_isotime_t revocation_time;      /* The indicated revocation time. */
   ksba_crl_reason_t revocation_reason; /* The reason given for revocation. */
+  struct ocsp_extension_s *single_extensions; /* List of extensions. */
 };
 
-
-/* A structure to store certificates read from a response. */
-struct ocsp_certlist_s {
-  struct ocsp_certlist_s *next;
-  ksba_cert_t cert;
-};
-
-
-
 /* A structure used as context for the ocsp subsystem. */
 struct ksba_ocsp_s {
   char *digest_oid;        /* The OID of the digest algorithm to be
@@ -68,8 +79,6 @@
                                increased, check that the created
                                request will still be valid as we use a
                                hacked implementation. */
-  int bad_nonce;            /* The nonce does not match the request. */
-  int good_nonce;           /* The nonce does match the request. */
 
   unsigned char *request_buffer; /* Internal buffer to build the request. */
   size_t request_buflen;
@@ -82,6 +91,14 @@
   ksba_isotime_t produced_at;  /* The time the response was signed. */
   struct ocsp_certlist_s *received_certs; /* Certificates received in
                                              the response. */
+  struct ocsp_extension_s *response_extensions; /* List of extensions. */
+  int bad_nonce;            /* The nonce does not match the request. */
+  int good_nonce;           /* The nonce does match the request. */
+  struct {
+    char *name;             /* Allocated DN. */
+    char *keyid;            /* Allocated key ID. */
+    size_t keyidlen;        /* length of the KeyID. */
+  } responder_id;           /* The reponder ID from the response. */
 };
 
 

Modified: trunk/tests/ChangeLog
===================================================================
--- trunk/tests/ChangeLog	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/tests/ChangeLog	2006-08-31 15:47:49 UTC (rev 254)
@@ -1,3 +1,9 @@
+2006-08-31  Werner Koch  <wk@g10code.com>
+
+	* t-ocsp.c (one_response): Print the responder id.
+	(one_response): Print extension info.
+	(get_oid_desc): New.
+
 2006-08-30  Werner Koch  <wk@g10code.com>
 
 	* t-ocsp.c (one_response): Build the test request with the same nonce.

Modified: trunk/tests/t-common.h
===================================================================
--- trunk/tests/t-common.h	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/tests/t-common.h	2006-08-31 15:47:49 UTC (rev 254)
@@ -80,7 +80,7 @@
 
 
 void
-print_hex (unsigned char *p, size_t n)
+print_hex (const unsigned char *p, size_t n)
 {
   if (!p)
     fputs ("none", stdout);

Modified: trunk/tests/t-ocsp.c
===================================================================
--- trunk/tests/t-ocsp.c	2006-08-30 20:39:53 UTC (rev 253)
+++ trunk/tests/t-ocsp.c	2006-08-31 15:47:49 UTC (rev 254)
@@ -32,11 +32,28 @@
 
 
 #include "t-common.h"
+#include "oidtranstbl.h"
 
+
 int verbose;
 int debug;
 int no_nonce;
 
+/* Return the description for OID; if no description is available 
+   NULL is returned. */
+static const char *
+get_oid_desc (const char *oid)
+{
+  int i;
+
+  if (oid)
+    for (i=0; oidtranstbl[i].oid; i++)
+      if (!strcmp (oidtranstbl[i].oid, oid))
+        return oidtranstbl[i].desc;
+  return NULL;
+}
+
+
 static unsigned char *
 read_file (const char *fname, size_t *r_length)
 {
@@ -210,16 +227,26 @@
       ksba_crl_reason_t reason;
       ksba_isotime_t this_update, next_update, revocation_time, produced_at;
       ksba_sexp_t sigval;
+      char *name;
+      ksba_sexp_t keyid;
 
+      err = ksba_ocsp_get_responder_id (ocsp, &name, &keyid);
+      fail_if_err (err);
+      printf ("responder id .....: ");
+      if (name)
+        printf ("`%s'", name);
+      else
+        print_sexp (keyid);
+      putchar ('\n');
+      ksba_free (name);
+      ksba_free (keyid);
+
       sigval = ksba_ocsp_get_sig_val (ocsp, produced_at);
       printf ("signature value ..: ");
       print_sexp (sigval);
       printf ("\nproduced at ......: ");
       print_time (produced_at);
       putchar ('\n');
-      
-
-
       err = ksba_ocsp_get_status (ocsp, cert,
                                   &status, this_update, next_update,
                                   revocation_time, &reason);
@@ -264,6 +291,45 @@
           ksba_cert_release (acert);
         printf ("extra certificates: %d\n", cert_idx );
       }
+
+      {
+        int idx, crit;
+        const char *oid;
+        const unsigned char *der;
+        size_t derlen;
+        
+        for (idx=0; !(err=ksba_ocsp_get_extension (ocsp, NULL, idx,
+                                                   &oid, &crit,
+                                                   &der, &derlen)); idx++)
+          {
+            const char *s = get_oid_desc (oid);
+            printf ("%sresp-extn ..%s: %s%s%s%s  (",
+                    crit? "crit. ":"", 
+                    crit?"":"......", 
+                    s?"(":"", s?s:"", s?") ":"", oid);
+            print_hex (der, derlen);
+            putchar (')');
+            putchar ('\n');
+          }
+        if (err && gpg_err_code (err) != GPG_ERR_EOF)
+          fail_if_err (err);
+
+        for (idx=0; !(err=ksba_ocsp_get_extension (ocsp, cert, idx,
+                                                   &oid, &crit,
+                                                   &der, &derlen)); idx++)
+          {
+            const char *s = get_oid_desc (oid);
+            printf ("%ssngl-extn ..%s: %s%s%s%s  (",
+                    crit? "crit. ":"", 
+                    crit?"":"......", 
+                    s?"(":"", s?s:"", s?") ":"", oid);
+            print_hex (der, derlen);
+            putchar (')');
+            putchar ('\n');
+          }
+        if (err && gpg_err_code (err) != GPG_ERR_EOF)
+          fail_if_err (err);
+      }
     }
   
 


From cvs at cvs.gnupg.org  Thu Aug 31 17:59:46 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu Aug 31 17:16:13 2006
Subject: [svn] ksba - r255 - tags
Message-ID: <E1GIoH4-00081w-EZ@trithemius.gnupg.org>

Author: wk
Date: 2006-08-31 17:59:46 +0200 (Thu, 31 Aug 2006)
New Revision: 255

Added:
   tags/libksba-1.0.0/
Log:
Yeay!  The first stable release.  I just took 5 years to get here.


Copied: tags/libksba-1.0.0 (from rev 251, trunk)


From cvs at cvs.gnupg.org  Thu Aug 31 18:00:07 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu Aug 31 17:16:40 2006
Subject: [svn] ksba - r256 - tags/libksba-1.0.0
Message-ID: <E1GIoHO-00083v-Tc@trithemius.gnupg.org>

Author: wk
Date: 2006-08-31 18:00:06 +0200 (Thu, 31 Aug 2006)
New Revision: 256

Added:
   tags/libksba-1.0.0/trunk/
Log:


From cvs at cvs.gnupg.org  Thu Aug 31 18:03:57 2006
From: cvs at cvs.gnupg.org (svn author wk)
Date: Thu Aug 31 17:20:23 2006
Subject: [svn] ksba - r257 - trunk
Message-ID: <E1GIoL6-0002OQ-NY@trithemius.gnupg.org>

Author: wk
Date: 2006-08-31 18:03:56 +0200 (Thu, 31 Aug 2006)
New Revision: 257

Modified:
   trunk/NEWS
   trunk/configure.ac
Log:
Post release updates


Modified: trunk/NEWS
===================================================================
--- trunk/NEWS	2006-08-31 16:00:06 UTC (rev 256)
+++ trunk/NEWS	2006-08-31 16:03:56 UTC (rev 257)
@@ -1,3 +1,7 @@
+Noteworthy changes in version 1.0.1
+-------------------------------------------------
+
+
 Noteworthy changes in version 1.0.0 (2006-08-31)
 -------------------------------------------------
 

Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac	2006-08-31 16:00:06 UTC (rev 256)
+++ trunk/configure.ac	2006-08-31 16:03:56 UTC (rev 257)
@@ -26,8 +26,8 @@
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [1.0.0])
-m4_define([my_issvn], [no])
+m4_define([my_version], [1.0.1])
+m4_define([my_issvn], [yes])
 
 m4_define([svn_revision], m4_esyscmd([echo -n $((svn info 2>/dev/null \
           || echo 'Revision: 0')|sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))