[svn] dirmngr - r233 - in trunk: . po src
svn author wk
cvs at cvs.gnupg.org
Mon Sep 4 16:57:43 CEST 2006
Author: wk
Date: 2006-09-04 16:57:42 +0200 (Mon, 04 Sep 2006)
New Revision: 233
Modified:
trunk/ChangeLog
trunk/NEWS
trunk/TODO
trunk/po/de.po
trunk/po/dirmngr.pot
trunk/src/ChangeLog
trunk/src/crlfetch.c
trunk/src/http.c
trunk/src/http.h
trunk/src/ocsp.c
Log:
Well, here are the man pages
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/ChangeLog 2006-09-04 14:57:42 UTC (rev 233)
@@ -1,3 +1,7 @@
+2006-09-04 Werner Koch <wk at g10code.com>
+
+ * doc/Makefile.am (dirmngr_TEXINFOS): Do not distribute the fdl.texi.
+
2006-08-31 Werner Koch <wk at g10code.com>
* configure.ac: Require ksba 1.0.0 and added API check for it.
Modified: trunk/NEWS
===================================================================
--- trunk/NEWS 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/NEWS 2006-09-04 14:57:42 UTC (rev 233)
@@ -8,7 +8,11 @@
* No more lost file descriptors when loading CRLs via HTTP.
+ * HTTP redirection for CRL and OCSP has been implemented.
+ * Man pages are now build and installed from the texinfo sources.
+
+
Noteworthy changes in version 0.9.5 (2006-06-27)
------------------------------------------------
Modified: trunk/TODO
===================================================================
--- trunk/TODO 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/TODO 2006-09-04 14:57:42 UTC (rev 233)
@@ -28,3 +28,7 @@
available and using OCSP with the same responder is point less.
Needs more investigation.
+* Test OCSP responder redirection.
+ We need to figure out an OCSP responder actually using rediection.
+
+
Modified: trunk/po/de.po
===================================================================
--- trunk/po/de.po 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/po/de.po 2006-09-04 14:57:42 UTC (rev 233)
@@ -7,8 +7,8 @@
msgstr ""
"Project-Id-Version: dirmngr 0.9.2\n"
"Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n"
-"POT-Creation-Date: 2006-09-01 18:25+0200\n"
-"PO-Revision-Date: 2005-11-02 08:26+0100\n"
+"POT-Creation-Date: 2006-09-04 14:49+0200\n"
+"PO-Revision-Date: 2006-09-04 14:59+0200\n"
"Last-Translator: Werner Koch <wk at g10code.com>\n"
"Language-Team: de\n"
"MIME-Version: 1.0\n"
@@ -70,9 +70,9 @@
msgstr "Zertifikat `%s' ist bereits im Zwischenspeicher\n"
#: src/certcache.c:375
-#, fuzzy, c-format
+#, c-format
msgid "trusted certificate `%s' loaded\n"
-msgstr "Zertifikat `%s' wurde geladen\n"
+msgstr "Vertrauenswürdiges Zertifikat `%s' wurde geladen\n"
#: src/certcache.c:377
#, c-format
@@ -80,13 +80,13 @@
msgstr "Zertifikat `%s' wurde geladen\n"
#: src/certcache.c:381
-#, fuzzy, c-format
+#, c-format
msgid " SHA1 fingerprint = %s\n"
-msgstr "SHA1 Fingerabdruck=%s\n"
+msgstr " SHA1 Fingerabdruck=%s\n"
#: src/certcache.c:384
msgid " name ="
-msgstr ""
+msgstr " name ="
#: src/certcache.c:388
#, c-format
@@ -428,7 +428,7 @@
msgid "converting S-expression failed: %s\n"
msgstr "Konvertierung der S-Expression fehlgeschlagen: %s\n"
-#: src/crlcache.c:1474 src/ocsp.c:372
+#: src/crlcache.c:1474 src/ocsp.c:414
#, c-format
msgid "creating S-expression failed: %s\n"
msgstr "Erzeugen der S-Expression fehlgeschlagen: %s\n"
@@ -618,7 +618,7 @@
msgid "End CRL dump\n"
msgstr "Ende CRL Ausgabe\n"
-#: src/crlcache.c:2159 src/crlfetch.c:154 src/ldap.c:699
+#: src/crlcache.c:2159 src/crlfetch.c:150 src/ldap.c:699
#, c-format
msgid "error initializing reader object: %s\n"
msgstr "Fehler beim Initialisieren des \"reader\" Objekts: %s\n"
@@ -645,28 +645,37 @@
#: src/crlfetch.c:60
msgid "reader to file mapping table full - waiting\n"
-msgstr ""
+msgstr "\"reader to file\" Zuordnungstabelle ist voll - warte\n"
-#: src/crlfetch.c:115
+#: src/crlfetch.c:117
msgid "using \"http\" instead of \"https\"\n"
msgstr "Es wird \"HTTP\" anstatt \"HTTPS\" verwendet\n"
-#: src/crlfetch.c:126 src/crlfetch.c:171 src/crlfetch.c:191 src/crlfetch.c:209
+#: src/crlfetch.c:128 src/crlfetch.c:209 src/crlfetch.c:229 src/crlfetch.c:247
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr "CRL Zugriff nicht möglich da %s abgeschaltet ist\n"
-#: src/crlfetch.c:137
+#: src/crlfetch.c:169 src/ocsp.c:210
#, c-format
+msgid "URL `%s' redirected to `%s' (%u)\n"
+msgstr "URL `%s' nach `%s' umgeleitet (%u)\n"
+
+#: src/crlfetch.c:188 src/ocsp.c:227
+msgid "too many redirections\n"
+msgstr "zu viele verschachtelte Umleitungen\n"
+
+#: src/crlfetch.c:194
+#, c-format
msgid "error retrieving `%s': %s\n"
msgstr "Fehler beim Holen von `%s': %s\n"
-#: src/crlfetch.c:140
+#: src/crlfetch.c:199
#, c-format
msgid "error retrieving `%s': http status %u\n"
msgstr "Fehler beim Holen von `%s': HTTP Status %u\n"
-#: src/crlfetch.c:223
+#: src/crlfetch.c:261
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr "Zertifikatsuche ist nicht möglich da %s abgeschaltet ist\n"
@@ -1025,14 +1034,14 @@
msgid "error spawning connection handler: %s\n"
msgstr "Fehler beim Starten des Verbindungshandler: %s\n"
-#: src/http.c:1447
+#: src/http.c:1610
#, c-format
msgid "error creating socket: %s\n"
msgstr "Fehler beim Erzeugen des Sockets: %s\n"
-#: src/http.c:1491
+#: src/http.c:1654
msgid "host not found"
-msgstr ""
+msgstr "Server nicht gefunden"
#: src/ldap.c:137
#, c-format
@@ -1165,156 +1174,155 @@
msgid "response from server too large; limit is %d bytes\n"
msgstr "Antwort vom Server zu lang; die Grenze sind %d Bytes\n"
-#: src/ocsp.c:134
+#: src/ocsp.c:136
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr "OCSP Anfrage nicht möglich da HTTP abgeschaltet ist\n"
-#: src/ocsp.c:141
+#: src/ocsp.c:143
#, c-format
msgid "error setting OCSP target: %s\n"
msgstr "Fehler beim Setzen des OCSP Ziels: %s\n"
-#: src/ocsp.c:159
+#: src/ocsp.c:161
#, c-format
msgid "error building OCSP request: %s\n"
msgstr "Fehler beim Aufbauen der OCSP Anfrage: %s\n"
-#: src/ocsp.c:168
+#: src/ocsp.c:173
#, c-format
msgid "error connecting to `%s': %s\n"
msgstr "Fehler beim Verbinden mit '%s': %s\n"
-#: src/ocsp.c:192 src/ocsp.c:208
+#: src/ocsp.c:199 src/ocsp.c:247
#, c-format
msgid "error reading HTTP response for `%s': %s\n"
msgstr "Fehler beim Lesen der HTTP Antwort von `%s': %s\n"
-#: src/ocsp.c:196
+#: src/ocsp.c:232
#, c-format
msgid "error accessing `%s': http status %u\n"
msgstr "Fehler beim Zugreifen auf `%s': HTTP Status %u\n"
-#: src/ocsp.c:217
+#: src/ocsp.c:257
#, c-format
msgid "error parsing OCSP response for `%s': %s\n"
msgstr "Fehler beim Zerlegen der OCSP Antwort für `%s': %s\n"
-#: src/ocsp.c:239 src/ocsp.c:249
+#: src/ocsp.c:280 src/ocsp.c:290
#, c-format
msgid "OCSP responder at `%s' status: %s\n"
msgstr "OCSP Responder `%s' Status: %s\n"
-#: src/ocsp.c:244
+#: src/ocsp.c:285
#, c-format
msgid "hashing the OCSP response for `%s' failed: %s\n"
msgstr "Hashen der OCSP Antwort für `%s' fehlgeschlagen: %s\n"
-#: src/ocsp.c:274
-#, fuzzy
+#: src/ocsp.c:316
msgid "not signed by default OCSP signer certificate"
-msgstr "Kein voreingestellter OCSP \"Signer\" definiert\n"
+msgstr "Nicht durch voreingestellten OCSP \"Signer\" signiert"
-#: src/ocsp.c:364
+#: src/ocsp.c:406
msgid "only SHA-1 is supported for OCSP responses\n"
msgstr "Lediglich SHA-1 wird bei OCSP Antworten unterstützt\n"
-#: src/ocsp.c:413
-#, fuzzy, c-format
+#: src/ocsp.c:455
+#, c-format
msgid "allocating list item failed: %s\n"
msgstr "malloc() fehlgeschlagen: %s\n"
-#: src/ocsp.c:428
-#, fuzzy, c-format
+#: src/ocsp.c:470
+#, c-format
msgid "error getting responder ID: %s\n"
-msgstr "Fehler beim Lesen vom Responder: %s\n"
+msgstr "Fehler beim Holen der Responder-ID: %s\n"
-#: src/ocsp.c:462
+#: src/ocsp.c:504
msgid "no suitable certificate found to verify the OCSP response\n"
msgstr ""
"Kein benutzbares Zertifikat zur Überprüfung der OCSP Antwort gefunden\n"
-#: src/ocsp.c:499 src/validate.c:519
+#: src/ocsp.c:541 src/validate.c:519
#, c-format
msgid "issuer certificate not found: %s\n"
msgstr "Herausgeberzertifikat nicht gefunden: %s\n"
-#: src/ocsp.c:509
+#: src/ocsp.c:551
msgid "caller did not return the target certificate\n"
msgstr "Aufrufer gab das Ziel Zertifikat nicht zurück\n"
-#: src/ocsp.c:516
+#: src/ocsp.c:558
msgid "caller did not return the issuing certificate\n"
msgstr "Aufrufer gab das Issuer Zertifikat nicht zurück\n"
-#: src/ocsp.c:526
+#: src/ocsp.c:568
#, c-format
msgid "failed to allocate OCSP context: %s\n"
msgstr "Fehler beim Bereitstellen eines OCSP Kontext: %s\n"
-#: src/ocsp.c:560
+#: src/ocsp.c:602
#, c-format
msgid "can't get authorityInfoAccess: %s\n"
msgstr "authorityInfoAccess kann nicht geholt werden: %s\n"
-#: src/ocsp.c:567
+#: src/ocsp.c:609
msgid "no default OCSP responder defined\n"
msgstr "Kein voreingestellter OCSP Responder definiert\n"
-#: src/ocsp.c:573
+#: src/ocsp.c:615
msgid "no default OCSP signer defined\n"
msgstr "Kein voreingestellter OCSP \"Signer\" definiert\n"
-#: src/ocsp.c:580
+#: src/ocsp.c:622
#, c-format
msgid "using default OCSP responder `%s'\n"
msgstr "Der voreingestellte OCSP Responder `%s' wird benutzt\n"
-#: src/ocsp.c:585
+#: src/ocsp.c:627
#, c-format
msgid "using OCSP responder `%s'\n"
msgstr "Der OCSP Responder `%s' wird benutzt\n"
-#: src/ocsp.c:592
+#: src/ocsp.c:634
#, c-format
msgid "failed to establish a hashing context for OCSP: %s\n"
msgstr "Kontext zum Hashen von OCSP kann nicht erzeugt werden: %s\n"
-#: src/ocsp.c:622
+#: src/ocsp.c:664
#, c-format
msgid "error getting OCSP status for target certificate: %s\n"
msgstr "Fehler beim Holen des OCSP Status für das Zielzertifikat: %s\n"
-#: src/ocsp.c:647
+#: src/ocsp.c:689
#, c-format
msgid "certificate status is: %s (this=%s next=%s)\n"
msgstr "Zertifikatstatus ist: %s (this=%s next=%s)\n"
-#: src/ocsp.c:648
+#: src/ocsp.c:690
msgid "good"
msgstr "Gut"
-#: src/ocsp.c:649
+#: src/ocsp.c:691
msgid "revoked"
msgstr "Widerrufen"
-#: src/ocsp.c:650
+#: src/ocsp.c:692
msgid "unknown"
msgstr "Unbekannt"
-#: src/ocsp.c:651
+#: src/ocsp.c:693
msgid "none"
msgstr "Kein"
-#: src/ocsp.c:654
+#: src/ocsp.c:696
#, c-format
msgid "certificate has been revoked at: %s due to: %s\n"
msgstr "Zertifikat wurde widerrufen am: %s wegen: %s\n"
-#: src/ocsp.c:687
+#: src/ocsp.c:729
msgid "OCSP responder returned an too old status\n"
msgstr "OCSP Responder gab einen zu alten Status zurück\n"
-#: src/ocsp.c:697
+#: src/ocsp.c:739
msgid "OCSP responder returned a non-current status\n"
msgstr "OCSP Responder gab einen nicht aktuellen Status zurück\n"
@@ -1401,9 +1409,9 @@
msgstr "Die Zertifikatrichtlinie ist nicht erlaubt"
#: src/validate.c:187
-#, fuzzy
msgid "accepting root CA not marked as a CA"
-msgstr "Das Herausgeberzertifikat ist nicht für eine CA gekennzeichnet"
+msgstr ""
+"Herausgeberzertifikat akzeptiert obgleich nicht für eine CA gekennzeichnet"
#: src/validate.c:191
msgid "issuer certificate is not marked as a CA"
@@ -1415,16 +1423,15 @@
#: src/validate.c:231
msgid "not checking CRL for"
-msgstr ""
+msgstr "keine Prüfung der CRL für"
#: src/validate.c:236
-#, fuzzy
msgid "checking CRL for"
-msgstr "Die CRL konnte nicht geprüft werden: %s"
+msgstr "Prüfen der CRL für"
#: src/validate.c:297
msgid "running in compatibility mode - certificate chain not checked!\n"
-msgstr ""
+msgstr "Kompatibilitätsmodus - Zertifikatkette nicht geprüft!\n"
#: src/validate.c:382
#, c-format
@@ -1482,14 +1489,12 @@
msgstr "Die Zertifikatkette ist länger als von der CA erlaubt (%d)"
#: src/validate.c:618
-#, fuzzy
msgid "certificate is good\n"
msgstr "Zertifikat ist gültig\n"
#: src/validate.c:638
-#, fuzzy
msgid "certificate chain is good\n"
-msgstr "Der Zertifikatkette ist zu lang\n"
+msgstr "Der Zertifikatkette ist gültig\n"
#: src/validate.c:856
msgid "DSA requires the use of a 160 bit hash algorithm\n"
@@ -1516,9 +1521,9 @@
"sollen\n"
#: src/validate.c:1004
-#, fuzzy
msgid "certificate should have not been used for CRL signing\n"
-msgstr "Das Zertifikat hätte nicht zum Signieren benutzt werden sollen\n"
+msgstr ""
+"Das Zertifikat hätte nicht zum Signieren einer CRL benutzt werden sollen\n"
#: src/validate.c:1015
msgid "certificate should have not been used for encryption\n"
Modified: trunk/po/dirmngr.pot
===================================================================
--- trunk/po/dirmngr.pot 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/po/dirmngr.pot 2006-09-04 14:57:42 UTC (rev 233)
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: gpa-dev at gnupg.org\n"
-"POT-Creation-Date: 2006-09-01 18:25+0200\n"
+"POT-Creation-Date: 2006-09-04 14:49+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
"Language-Team: LANGUAGE <LL at li.org>\n"
@@ -405,7 +405,7 @@
msgid "converting S-expression failed: %s\n"
msgstr ""
-#: src/crlcache.c:1474 src/ocsp.c:372
+#: src/crlcache.c:1474 src/ocsp.c:414
#, c-format
msgid "creating S-expression failed: %s\n"
msgstr ""
@@ -582,7 +582,7 @@
msgid "End CRL dump\n"
msgstr ""
-#: src/crlcache.c:2159 src/crlfetch.c:154 src/ldap.c:699
+#: src/crlcache.c:2159 src/crlfetch.c:150 src/ldap.c:699
#, c-format
msgid "error initializing reader object: %s\n"
msgstr ""
@@ -611,26 +611,35 @@
msgid "reader to file mapping table full - waiting\n"
msgstr ""
-#: src/crlfetch.c:115
+#: src/crlfetch.c:117
msgid "using \"http\" instead of \"https\"\n"
msgstr ""
-#: src/crlfetch.c:126 src/crlfetch.c:171 src/crlfetch.c:191 src/crlfetch.c:209
+#: src/crlfetch.c:128 src/crlfetch.c:209 src/crlfetch.c:229 src/crlfetch.c:247
#, c-format
msgid "CRL access not possible due to disabled %s\n"
msgstr ""
-#: src/crlfetch.c:137
+#: src/crlfetch.c:169 src/ocsp.c:210
#, c-format
+msgid "URL `%s' redirected to `%s' (%u)\n"
+msgstr ""
+
+#: src/crlfetch.c:188 src/ocsp.c:227
+msgid "too many redirections\n"
+msgstr ""
+
+#: src/crlfetch.c:194
+#, c-format
msgid "error retrieving `%s': %s\n"
msgstr ""
-#: src/crlfetch.c:140
+#: src/crlfetch.c:199
#, c-format
msgid "error retrieving `%s': http status %u\n"
msgstr ""
-#: src/crlfetch.c:223
+#: src/crlfetch.c:261
#, c-format
msgid "certificate search not possible due to disabled %s\n"
msgstr ""
@@ -977,12 +986,12 @@
msgid "error spawning connection handler: %s\n"
msgstr ""
-#: src/http.c:1447
+#: src/http.c:1610
#, c-format
msgid "error creating socket: %s\n"
msgstr ""
-#: src/http.c:1491
+#: src/http.c:1654
msgid "host not found"
msgstr ""
@@ -1117,154 +1126,154 @@
msgid "response from server too large; limit is %d bytes\n"
msgstr ""
-#: src/ocsp.c:134
+#: src/ocsp.c:136
msgid "OCSP request not possible due to disabled HTTP\n"
msgstr ""
-#: src/ocsp.c:141
+#: src/ocsp.c:143
#, c-format
msgid "error setting OCSP target: %s\n"
msgstr ""
-#: src/ocsp.c:159
+#: src/ocsp.c:161
#, c-format
msgid "error building OCSP request: %s\n"
msgstr ""
-#: src/ocsp.c:168
+#: src/ocsp.c:173
#, c-format
msgid "error connecting to `%s': %s\n"
msgstr ""
-#: src/ocsp.c:192 src/ocsp.c:208
+#: src/ocsp.c:199 src/ocsp.c:247
#, c-format
msgid "error reading HTTP response for `%s': %s\n"
msgstr ""
-#: src/ocsp.c:196
+#: src/ocsp.c:232
#, c-format
msgid "error accessing `%s': http status %u\n"
msgstr ""
-#: src/ocsp.c:217
+#: src/ocsp.c:257
#, c-format
msgid "error parsing OCSP response for `%s': %s\n"
msgstr ""
-#: src/ocsp.c:239 src/ocsp.c:249
+#: src/ocsp.c:280 src/ocsp.c:290
#, c-format
msgid "OCSP responder at `%s' status: %s\n"
msgstr ""
-#: src/ocsp.c:244
+#: src/ocsp.c:285
#, c-format
msgid "hashing the OCSP response for `%s' failed: %s\n"
msgstr ""
-#: src/ocsp.c:274
+#: src/ocsp.c:316
msgid "not signed by default OCSP signer certificate"
msgstr ""
-#: src/ocsp.c:364
+#: src/ocsp.c:406
msgid "only SHA-1 is supported for OCSP responses\n"
msgstr ""
-#: src/ocsp.c:413
+#: src/ocsp.c:455
#, c-format
msgid "allocating list item failed: %s\n"
msgstr ""
-#: src/ocsp.c:428
+#: src/ocsp.c:470
#, c-format
msgid "error getting responder ID: %s\n"
msgstr ""
-#: src/ocsp.c:462
+#: src/ocsp.c:504
msgid "no suitable certificate found to verify the OCSP response\n"
msgstr ""
-#: src/ocsp.c:499 src/validate.c:519
+#: src/ocsp.c:541 src/validate.c:519
#, c-format
msgid "issuer certificate not found: %s\n"
msgstr ""
-#: src/ocsp.c:509
+#: src/ocsp.c:551
msgid "caller did not return the target certificate\n"
msgstr ""
-#: src/ocsp.c:516
+#: src/ocsp.c:558
msgid "caller did not return the issuing certificate\n"
msgstr ""
-#: src/ocsp.c:526
+#: src/ocsp.c:568
#, c-format
msgid "failed to allocate OCSP context: %s\n"
msgstr ""
-#: src/ocsp.c:560
+#: src/ocsp.c:602
#, c-format
msgid "can't get authorityInfoAccess: %s\n"
msgstr ""
-#: src/ocsp.c:567
+#: src/ocsp.c:609
msgid "no default OCSP responder defined\n"
msgstr ""
-#: src/ocsp.c:573
+#: src/ocsp.c:615
msgid "no default OCSP signer defined\n"
msgstr ""
-#: src/ocsp.c:580
+#: src/ocsp.c:622
#, c-format
msgid "using default OCSP responder `%s'\n"
msgstr ""
-#: src/ocsp.c:585
+#: src/ocsp.c:627
#, c-format
msgid "using OCSP responder `%s'\n"
msgstr ""
-#: src/ocsp.c:592
+#: src/ocsp.c:634
#, c-format
msgid "failed to establish a hashing context for OCSP: %s\n"
msgstr ""
-#: src/ocsp.c:622
+#: src/ocsp.c:664
#, c-format
msgid "error getting OCSP status for target certificate: %s\n"
msgstr ""
-#: src/ocsp.c:647
+#: src/ocsp.c:689
#, c-format
msgid "certificate status is: %s (this=%s next=%s)\n"
msgstr ""
-#: src/ocsp.c:648
+#: src/ocsp.c:690
msgid "good"
msgstr ""
-#: src/ocsp.c:649
+#: src/ocsp.c:691
msgid "revoked"
msgstr ""
-#: src/ocsp.c:650
+#: src/ocsp.c:692
msgid "unknown"
msgstr ""
-#: src/ocsp.c:651
+#: src/ocsp.c:693
msgid "none"
msgstr ""
-#: src/ocsp.c:654
+#: src/ocsp.c:696
#, c-format
msgid "certificate has been revoked at: %s due to: %s\n"
msgstr ""
-#: src/ocsp.c:687
+#: src/ocsp.c:729
msgid "OCSP responder returned an too old status\n"
msgstr ""
-#: src/ocsp.c:697
+#: src/ocsp.c:739
msgid "OCSP responder returned a non-current status\n"
msgstr ""
Modified: trunk/src/ChangeLog
===================================================================
--- trunk/src/ChangeLog 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/src/ChangeLog 2006-09-04 14:57:42 UTC (rev 233)
@@ -1,3 +1,15 @@
+2006-09-04 Werner Koch <wk at g10code.com>
+
+ * crlfetch.c (crl_fetch): Implement HTTP redirection.
+ * ocsp.c (do_ocsp_request): Ditto.
+
+ New HTTP code version taken from gnupg svn release 4236.
+ * http.c (http_get_header): New.
+ (capitalize_header_name, store_header): New.
+ (parse_response): Store headers away.
+ (send_request): Return GPG_ERR_NOT_FOUND if connect_server failed.
+ * http.h: New flag HTTP_FLAG_NEED_HEADER.
+
2006-09-01 Werner Koch <wk at g10code.com>
* crlfetch.c (register_file_reader, get_file_reader): New.
Modified: trunk/src/crlfetch.c
===================================================================
--- trunk/src/crlfetch.c 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/src/crlfetch.c 2006-09-04 14:57:42 UTC (rev 233)
@@ -93,9 +93,11 @@
gpg_error_t err;
parsed_uri_t uri;
char *free_this = NULL;
+ int redirects_left = 2; /* We allow for 2 redirect levels. */
*reader = NULL;
+ once_more:
err = http_parse_uri (&uri, url);
http_release_parsed_uri (uri);
if (err && url && !strncmp (url, "https:", 6))
@@ -130,39 +132,75 @@
else
err = http_open_document (&hd, url, NULL,
(opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
- |HTTP_FLAG_NO_SHUTDOWN,
+ |HTTP_FLAG_NO_SHUTDOWN
+ |HTTP_FLAG_NEED_HEADER,
opt.http_proxy, NULL);
- if (err)
- log_error (_("error retrieving `%s': %s\n"), url, gpg_strerror (err));
- else if (http_get_status_code (hd) != 200)
+ switch ( err? 99999 : http_get_status_code (hd) )
{
+ case 200:
+ {
+ FILE *fp = http_get_read_ptr (hd);
+
+ err = ksba_reader_new (reader);
+ if (!err)
+ err = ksba_reader_set_file (*reader, fp);
+ if (err)
+ {
+ log_error (_("error initializing reader object: %s\n"),
+ gpg_strerror (err));
+ ksba_reader_release (*reader);
+ *reader = NULL;
+ http_close (hd, 0);
+ }
+ else
+ {
+ register_file_reader (*reader, fp);
+ http_close (hd, 1);
+ }
+ }
+ break;
+
+ case 301: /* Redirection (perm.). */
+ case 302: /* Redirection (temp.). */
+ {
+ const char *s = http_get_header (hd, "Location");
+
+ log_info (_("URL `%s' redirected to `%s' (%u)\n"),
+ url, s?s:"[none]", http_get_status_code (hd));
+ if (s && *s && redirects_left-- )
+ {
+ xfree (free_this); url = NULL;
+ free_this = xtrystrdup (s);
+ if (!free_this)
+ err = gpg_error_from_errno (errno);
+ else
+ {
+ url = free_this;
+ http_close (hd, 0);
+ /* Note, that our implementation of redirection
+ actually handles a redirect to LDAP. */
+ goto once_more;
+ }
+ }
+ else
+ err = gpg_error (GPG_ERR_NO_DATA);
+ log_error (_("too many redirections\n")); /* Or no "Location". */
+ http_close (hd, 0);
+ }
+ break;
+
+ case 99999: /* Made up status code foer error reporting. */
+ log_error (_("error retrieving `%s': %s\n"),
+ url, gpg_strerror (err));
+ break;
+
+ default:
log_error (_("error retrieving `%s': http status %u\n"),
url, http_get_status_code (hd));
err = gpg_error (GPG_ERR_NO_DATA);
http_close (hd, 0);
}
- else
- {
- FILE *fp = http_get_read_ptr (hd);
-
- err = ksba_reader_new (reader);
- if (!err)
- err = ksba_reader_set_file (*reader, fp);
- if (err)
- {
- log_error (_("error initializing reader object: %s\n"),
- gpg_strerror (err));
- ksba_reader_release (*reader);
- *reader = NULL;
- http_close (hd, 0);
- }
- else
- {
- register_file_reader (*reader, fp);
- http_close (hd, 1);
- }
- }
}
else /* Let the LDAP code try other schemes. */
{
@@ -175,8 +213,8 @@
else
err = url_fetch_ldap (ctrl, url, NULL, 0, reader);
}
- if (free_this)
- xfree (free_this);
+
+ xfree (free_this);
return err;
}
Modified: trunk/src/http.c
===================================================================
--- trunk/src/http.c 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/src/http.c 2006-09-04 14:57:42 UTC (rev 233)
@@ -65,6 +65,10 @@
typedef gnutls_transport_ptr gnutls_transport_ptr_t;
#endif /*HTTP_USE_GNUTLS*/
+#ifdef TEST
+#undef USE_DNS_SRV
+#endif
+
#include "util.h"
#include "http.h"
#ifdef USE_DNS_SRV
@@ -157,6 +161,17 @@
static gpg_error_t (*tls_callback) (http_t, gnutls_session_t, int);
#endif /*HTTP_USE_GNUTLS*/
+
+/* An object to save header lines. */
+struct header_s
+{
+ struct header_s *next;
+ char *value; /* The value of the header (malloced). */
+ char name[1]; /* The name of the header (canonicalized). */
+};
+typedef struct header_s *header_t;
+
+
/* Our handle context. */
struct http_context_s
{
@@ -178,6 +193,7 @@
char *buffer; /* Line buffer. */
size_t buffer_size;
unsigned int flags;
+ header_t headers; /* Received headers. */
};
@@ -444,6 +460,13 @@
if (hd->fp_write)
P_ES(fclose) (hd->fp_write);
http_release_parsed_uri (hd->uri);
+ while (hd->headers)
+ {
+ header_t tmp = hd->headers->next;
+ xfree (hd->headers->value);
+ xfree (hd->headers);
+ hd->headers = tmp;
+ }
xfree (hd->buffer);
xfree (hd);
}
@@ -849,7 +872,9 @@
if (hd->sock == -1)
{
xfree (proxy_authstr);
- return gpg_error_from_errno (save_errno);
+ return (save_errno
+ ? gpg_error_from_errno (save_errno)
+ : gpg_error (GPG_ERR_NOT_FOUND));
}
#ifdef HTTP_USE_GNUTLS
@@ -1160,6 +1185,129 @@
}
+/* Transform a header name into a standard capitalized format; e.g.
+ "Content-Type". Conversion stops at the colon. As usual we don't
+ use the localized versions of ctype.h. */
+static void
+capitalize_header_name (char *name)
+{
+ int first = 1;
+
+ for (; *name && *name != ':'; name++)
+ {
+ if (*name == '-')
+ first = 1;
+ else if (first)
+ {
+ if (*name >= 'a' && *name <= 'z')
+ *name = *name - 'a' + 'A';
+ first = 0;
+ }
+ else if (*name >= 'A' && *name <= 'Z')
+ *name = *name - 'A' + 'a';
+ }
+}
+
+
+/* Store an HTTP header line in LINE away. Line continuation is
+ supported as well as merging of headers with the same name. This
+ function may modify LINE. */
+static gpg_error_t
+store_header (http_t hd, char *line)
+{
+ size_t n;
+ char *p, *value;
+ header_t h;
+
+ n = strlen (line);
+ if (n && line[n-1] == '\n')
+ {
+ line[--n] = 0;
+ if (n && line[n-1] == '\r')
+ line[--n] = 0;
+ }
+ if (!n) /* we are never called to hit this. */
+ return gpg_error (GPG_ERR_BUG);
+ if (*line == ' ' || *line == '\t')
+ {
+ /* Continuation. This won't happen too often as it is not
+ recommended. We use a straightforward implementaion. */
+ if (!hd->headers)
+ return gpg_error (GPG_ERR_PROTOCOL_VIOLATION);
+ n += strlen (hd->headers->value);
+ p = xtrymalloc (n+1);
+ if (!p)
+ return gpg_error_from_errno (errno);
+ strcpy (stpcpy (p, hd->headers->value), line);
+ xfree (hd->headers->value);
+ hd->headers->value = p;
+ return 0;
+ }
+
+ capitalize_header_name (line);
+ p = strchr (line, ':');
+ if (!p)
+ return gpg_error (GPG_ERR_PROTOCOL_VIOLATION);
+ *p++ = 0;
+ while (*p == ' ' || *p == '\t')
+ p++;
+ value = p;
+
+ for (h=hd->headers; h; h = h->next)
+ if ( !strcmp (h->name, line) )
+ break;
+ if (h)
+ {
+ /* We have already seen a line with that name. Thus we assume
+ it is a comma separated list and merge them. */
+ p = xtrymalloc (strlen (h->value) + 1 + strlen (value)+ 1);
+ if (!p)
+ return gpg_error_from_errno (errno);
+ strcpy (stpcpy (stpcpy (p, h->value), ","), value);
+ xfree (h->value);
+ h->value = p;
+ return 0;
+ }
+
+ /* Append a new header. */
+ h = xtrymalloc (sizeof *h + strlen (line));
+ if (!h)
+ return gpg_error_from_errno (errno);
+ strcpy (h->name, line);
+ h->value = xtrymalloc (strlen (value)+1);
+ if (!h->value)
+ {
+ xfree (h);
+ return gpg_error_from_errno (errno);
+ }
+ strcpy (h->value, value);
+ h->next = hd->headers;
+ hd->headers = h;
+
+ return 0;
+}
+
+
+/* Return the header NAME from the last response. The returned value
+ is valid as along as HD has not been closed and no othe request has
+ been send. If the header was not found, NULL is returned. Name
+ must be canonicalized, that is the first letter of each dash
+ delimited part must be uppercase and all other letters lowercase.
+ Note that the context must have been opened with the
+ HTTP_FLAG_NEED_HEADER. */
+const char *
+http_get_header (http_t hd, const char *name)
+{
+ header_t h;
+
+ for (h=hd->headers; h; h = h->next)
+ if ( !strcmp (h->name, name) )
+ return h->value;
+ return NULL;
+}
+
+
+
/*
* Parse the response from a server.
* Returns: Errorcode and sets some files in the handle
@@ -1170,6 +1318,15 @@
char *line, *p, *p2;
size_t maxlen, len;
+ /* Delete old header lines. */
+ while (hd->headers)
+ {
+ header_t tmp = hd->headers->next;
+ xfree (hd->headers->value);
+ xfree (hd->headers);
+ hd->headers = tmp;
+ }
+
/* Wait for the status line. */
do
{
@@ -1231,6 +1388,12 @@
if ( (hd->flags & HTTP_FLAG_LOG_RESP) )
log_info ("RESP: `%.*s'\n",
(int)strlen(line)-(*line&&line[1]?2:0),line);
+ if ( (hd->flags & HTTP_FLAG_NEED_HEADER) && *line )
+ {
+ gpg_error_t err = store_header (hd, line);
+ if (err)
+ return err;
+ }
}
while (len && *line);
@@ -1703,6 +1866,7 @@
gnutls_certificate_credentials certcred;
const int certprio[] = { GNUTLS_CRT_X509, 0 };
#endif /*HTTP_USE_GNUTLS*/
+ header_t hdr;
#ifdef HTTP_USE_ESTREAM
es_init ();
@@ -1792,7 +1956,8 @@
http_release_parsed_uri (uri);
uri = NULL;
- rc = http_open_document (&hd, *argv, NULL, HTTP_FLAG_NO_SHUTDOWN,
+ rc = http_open_document (&hd, *argv, NULL,
+ HTTP_FLAG_NO_SHUTDOWN | HTTP_FLAG_NEED_HEADER,
NULL, tls_session);
if (rc)
{
@@ -1801,8 +1966,19 @@
}
log_info ("open_http_document succeeded; status=%u\n",
http_get_status_code (hd));
- while ((c = P_ES(getc) (http_get_read_ptr (hd))) != EOF)
- putchar (c);
+ for (hdr = hd->headers; hdr; hdr = hdr->next)
+ printf ("HDR: %s: %s\n", hdr->name, hdr->value);
+ switch (http_get_status_code (hd))
+ {
+ case 200:
+ while ((c = P_ES(getc) (http_get_read_ptr (hd))) != EOF)
+ putchar (c);
+ break;
+ case 301:
+ case 302:
+ printf ("Redirected to `%s'\n", http_get_header (hd, "Location"));
+ break;
+ }
http_close (hd, 0);
#ifdef HTTP_USE_GNUTLS
Modified: trunk/src/http.h
===================================================================
--- trunk/src/http.h 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/src/http.h 2006-09-04 14:57:42 UTC (rev 233)
@@ -66,7 +66,8 @@
HTTP_FLAG_TRY_PROXY = 1,
HTTP_FLAG_NO_SHUTDOWN = 2,
HTTP_FLAG_TRY_SRV = 4,
- HTTP_FLAG_LOG_RESP = 8
+ HTTP_FLAG_LOG_RESP = 8,
+ HTTP_FLAG_NEED_HEADER = 16
};
struct http_context_s;
@@ -106,6 +107,7 @@
FILE *http_get_write_ptr (http_t hd);
#endif /*!HTTP_USE_ESTREAM*/
unsigned int http_get_status_code (http_t hd);
+const char *http_get_header (http_t hd, const char *name);
char *http_escape_string (const char *string, const char *specials);
Modified: trunk/src/ocsp.c
===================================================================
--- trunk/src/ocsp.c 2006-09-04 14:53:44 UTC (rev 232)
+++ trunk/src/ocsp.c 2006-09-04 14:57:42 UTC (rev 233)
@@ -128,6 +128,8 @@
http_t http;
ksba_ocsp_response_status_t response_status;
const char *t;
+ int redirects_left = 2;
+ char *free_this = NULL;
if (opt.disable_http)
{
@@ -160,12 +162,16 @@
return err;
}
+ once_more:
err = http_open (&http, HTTP_REQ_POST, url, NULL,
- opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0, opt.http_proxy,
+ (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
+ |HTTP_FLAG_NEED_HEADER,
+ opt.http_proxy,
NULL);
if (err)
{
log_error (_("error connecting to `%s': %s\n"), url, gpg_strerror (err));
+ xfree (free_this);
return err;
}
@@ -180,6 +186,7 @@
log_error ("error sending request to `%s': %s\n", url, strerror (errno));
http_close (http, 0);
xfree (request);
+ xfree (free_this);
return err;
}
xfree (request);
@@ -193,11 +200,43 @@
url, gpg_strerror (err));
else
{
- log_error (_("error accessing `%s': http status %u\n"),
- url, http_get_status_code (http));
- err = gpg_error (GPG_ERR_NO_DATA);
+ switch (http_get_status_code (http))
+ {
+ case 301:
+ case 302:
+ {
+ const char *s = http_get_header (http, "Location");
+
+ log_info (_("URL `%s' redirected to `%s' (%u)\n"),
+ url, s?s:"[none]", http_get_status_code (http));
+ if (s && *s && redirects_left-- )
+ {
+ xfree (free_this); url = NULL;
+ free_this = xtrystrdup (s);
+ if (!free_this)
+ err = gpg_error_from_errno (errno);
+ else
+ {
+ url = free_this;
+ http_close (http, 0);
+ goto once_more;
+ }
+ }
+ else
+ err = gpg_error (GPG_ERR_NO_DATA);
+ log_error (_("too many redirections\n"));
+ }
+ break;
+
+ default:
+ log_error (_("error accessing `%s': http status %u\n"),
+ url, http_get_status_code (http));
+ err = gpg_error (GPG_ERR_NO_DATA);
+ break;
+ }
}
http_close (http, 0);
+ xfree (free_this);
return err;
}
@@ -207,6 +246,7 @@
{
log_error (_("error reading HTTP response for `%s': %s\n"),
url, gpg_strerror (err));
+ xfree (free_this);
return err;
}
@@ -217,6 +257,7 @@
log_error (_("error parsing OCSP response for `%s': %s\n"),
url, gpg_strerror (err));
xfree (response);
+ xfree (free_this);
return err;
}
@@ -251,6 +292,7 @@
}
xfree (response);
+ xfree (free_this);
return err;
}
More information about the Gnupg-commits
mailing list