[git] GnuPG - branch, master, updated. gnupg-2.1.18-84-g1af733f
by Werner Koch
cvs at cvs.gnupg.org
Thu Feb 16 11:03:49 CET 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 1af733f37bf6fd55ccac787a7e34c3b3ca002126 (commit)
via aef60abe6a1772e18634984a94bd70f57d57ccdd (commit)
from 7a666ccb44f43c4efbaa51c1ca16fc0b37c3399d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1af733f37bf6fd55ccac787a7e34c3b3ca002126
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 16 10:35:18 2017 +0100
indent: Reformat and extend some comments in dirmngr.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index 10757c8..d13d80b 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -154,8 +154,8 @@ compare_serialno (ksba_sexp_t serial1, ksba_sexp_t serial2 )
/* Return a malloced canonical S-Expression with the serial number
- converted from the hex string HEXSN. Return NULL on memory
- error. */
+ * converted from the hex string HEXSN. Return NULL on memory
+ * error. */
ksba_sexp_t
hexsn_to_sexp (const char *hexsn)
{
@@ -981,7 +981,7 @@ get_certs_bypattern (const char *pattern,
/* Return the certificate matching ISSUER_DN and SERIALNO; if it is
- not already in the cache, try to find it from other resources. */
+ * not already in the cache, try to find it from other resources. */
ksba_cert_t
find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
{
@@ -996,8 +996,8 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
return cert;
/* Ask back to the service requester to return the certificate.
- This is because we can assume that he already used the
- certificate while checking for the CRL. */
+ * This is because we can assume that he already used the
+ * certificate while checking for the CRL. */
hexsn = serial_hex (serialno);
if (!hexsn)
{
@@ -1093,10 +1093,10 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
/* Return the certificate matching SUBJECT_DN and (if not NULL)
- KEYID. If it is not already in the cache, try to find it from other
- resources. Note, that the external search does not work for user
- certificates because the LDAP lookup is on the caCertificate
- attribute. For our purposes this is just fine. */
+ * KEYID. If it is not already in the cache, try to find it from other
+ * resources. Note, that the external search does not work for user
+ * certificates because the LDAP lookup is on the caCertificate
+ * attribute. For our purposes this is just fine. */
ksba_cert_t
find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
{
@@ -1107,11 +1107,11 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
ksba_sexp_t subj;
/* If we have certificates from an OCSP request we first try to use
- them. This is because these certificates will really be the
- required ones and thus even in the case that they can't be
- uniquely located by the following code we can use them. This is
- for example required by Telesec certificates where a keyId is
- used but the issuer certificate comes without a subject keyId! */
+ * them. This is because these certificates will really be the
+ * required ones and thus even in the case that they can't be
+ * uniquely located by the following code we can use them. This is
+ * for example required by Telesec certificates where a keyId is
+ * used but the issuer certificate comes without a subject keyId! */
if (ctrl->ocsp_certs && subject_dn)
{
cert_item_t ci;
@@ -1136,8 +1136,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
log_debug ("find_cert_bysubject: certificate not in ocsp_certs\n");
}
-
- /* First we check whether the certificate is cached. */
+ /* No check whether the certificate is cached. */
for (seq=0; (cert = get_cert_bysubject (subject_dn, seq)); seq++)
{
if (!keyid)
@@ -1158,15 +1157,15 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
log_debug ("find_cert_bysubject: certificate not in cache\n");
/* Ask back to the service requester to return the certificate.
- This is because we can assume that he already used the
- certificate while checking for the CRL. */
+ * This is because we can assume that he already used the
+ * certificate while checking for the CRL. */
if (keyid)
cert = get_cert_local_ski (ctrl, subject_dn, keyid);
else
{
/* In contrast to get_cert_local_ski, get_cert_local uses any
- passed pattern, so we need to make sure that an exact subject
- search is done. */
+ * passed pattern, so we need to make sure that an exact subject
+ * search is done. */
char *buf;
buf = strconcat ("/", subject_dn, NULL);
@@ -1263,7 +1262,6 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
}
-
/* Return 0 if the certificate is a trusted certificate. Returns
GPG_ERR_NOT_TRUSTED if it is not trusted or other error codes in
case of systems errors. */
@@ -1294,8 +1292,8 @@ is_trusted_cert (ksba_cert_t cert)
/* Given the certificate CERT locate the issuer for this certificate
- and return it at R_CERT. Returns 0 on success or
- GPG_ERR_NOT_FOUND. */
+ * and return it at R_CERT. Returns 0 on success or
+ * GPG_ERR_NOT_FOUND. */
gpg_error_t
find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
{
@@ -1331,16 +1329,18 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
{
issuer_cert = find_cert_bysn (ctrl, s, authidno);
}
+
if (!issuer_cert && keyid)
{
/* Not found by issuer+s/n. Now that we have an AKI
- keyIdentifier look for a certificate with a matching
- SKI. */
+ * keyIdentifier look for a certificate with a matching
+ * SKI. */
issuer_cert = find_cert_bysubject (ctrl, issuer_dn, keyid);
}
+
/* Print a note so that the user does not feel too helpless when
- an issuer certificate was found and gpgsm prints BAD
- signature because it is not the correct one. */
+ * an issuer certificate was found and gpgsm prints BAD
+ * signature because it is not the correct one. */
if (!issuer_cert)
{
log_info ("issuer certificate ");
@@ -1366,8 +1366,8 @@ find_issuing_cert (ctrl_t ctrl, ksba_cert_t cert, ksba_cert_t *r_cert)
}
/* If this did not work, try just with the issuer's name and assume
- that there is only one such certificate. We only look into our
- cache then. */
+ * that there is only one such certificate. We only look into our
+ * cache then. */
if (err || !issuer_cert)
{
issuer_cert = get_cert_bysubject (issuer_dn, 0);
diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 337fe6e..f7a23ff 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -167,10 +167,11 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
http_release_parsed_uri (uri);
if (err && !strncmp (url, "https:", 6))
{
- /* Our HTTP code does not support TLS, thus we can't use this
- scheme and it is frankly not useful for CRL retrieval anyway.
- We resort to using http, assuming that the server also
- provides plain http access. */
+ /* FIXME: We now support https.
+ * Our HTTP code does not support TLS, thus we can't use this
+ * scheme and it is frankly not useful for CRL retrieval anyway.
+ * We resort to using http, assuming that the server also
+ * provides plain http access. */
free_this = xtrymalloc (strlen (url) + 1);
if (free_this)
{
@@ -343,10 +344,10 @@ crl_fetch_default (ctrl_t ctrl, const char *issuer, ksba_reader_t *reader)
}
-/* Fetch a CA certificate for DN using the default server. This
- function only initiates the fetch; fetch_next_cert must be used to
- actually read the certificate; end_cert_fetch to end the
- operation. */
+/* Fetch a CA certificate for DN using the default server. This
+ * function only initiates the fetch; fetch_next_cert must be used to
+ * actually read the certificate; end_cert_fetch to end the
+ * operation. */
gpg_error_t
ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
{
@@ -417,7 +418,7 @@ fetch_next_cert (cert_fetch_context_t context,
/* Fetch the next data from CONTEXT, assuming it is a certificate and return
- it as a cert object in R_CERT. */
+ * it as a cert object in R_CERT. */
gpg_error_t
fetch_next_ksba_cert (cert_fetch_context_t context, ksba_cert_t *r_cert)
{
diff --git a/dirmngr/misc.c b/dirmngr/misc.c
index 2ee6d82..6d7c963 100644
--- a/dirmngr/misc.c
+++ b/dirmngr/misc.c
@@ -62,6 +62,8 @@ hashify_data( const char* data, size_t len )
return hexify_data (buf, 20, 0);
}
+
+/* FIXME: Replace this by hextobin. */
char*
hexify_data (const unsigned char* data, size_t len, int with_prefix)
{
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 32ce5bb..bc373f5 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -403,12 +403,11 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
-/* Ask back to return a certificate for name, given as a regular
- gpgsm certificate indentificates (e.g. fingerprint or one of the
- other methods). Alternatively, NULL may be used for NAME to
- return the current target certificate. Either return the certificate
- in a KSBA object or NULL if it is not available.
-*/
+/* Ask back to return a certificate for NAME, given as a regular gpgsm
+ * certificate identifier (e.g. fingerprint or one of the other
+ * methods). Alternatively, NULL may be used for NAME to return the
+ * current target certificate. Either return the certificate in a
+ * KSBA object or NULL if it is not available. */
ksba_cert_t
get_cert_local (ctrl_t ctrl, const char *name)
{
@@ -422,13 +421,12 @@ get_cert_local (ctrl_t ctrl, const char *name)
}
-/* Ask back to return the issuing certificate for name, given as a
- regular gpgsm certificate indentificates (e.g. fingerprint or one
- of the other methods). Alternatively, NULL may be used for NAME to
- return thecurrent target certificate. Either return the certificate
- in a KSBA object or NULL if it is not available.
-*/
+/* Ask back to return the issuing certificate for NAME, given as a
+ * regular gpgsm certificate identifier (e.g. fingerprint or one
+ * of the other methods). Alternatively, NULL may be used for NAME to
+ * return the current target certificate. Either return the certificate
+ * in a KSBA object or NULL if it is not available. */
ksba_cert_t
get_issuing_cert_local (ctrl_t ctrl, const char *name)
{
@@ -441,8 +439,9 @@ get_issuing_cert_local (ctrl_t ctrl, const char *name)
return do_get_cert_local (ctrl, name, "SENDISSUERCERT");
}
+
/* Ask back to return a certificate with subject NAME and a
- subjectKeyIdentifier of KEYID. */
+ * subjectKeyIdentifier of KEYID. */
ksba_cert_t
get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
{
@@ -1773,8 +1772,8 @@ cmd_validate (assuan_context_t ctx, char *line)
goto leave;
/* If we have this certificate already in our cache, use the cached
- version for validation because this will take care of any cached
- results. */
+ * version for validation because this will take care of any cached
+ * results. */
{
unsigned char fpr[20];
ksba_cert_t tmpcert;
diff --git a/dirmngr/validate.c b/dirmngr/validate.c
index b3dc9d8..68e1bb3 100644
--- a/dirmngr/validate.c
+++ b/dirmngr/validate.c
@@ -371,7 +371,8 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
int depth, maxdepth;
char *issuer = NULL;
char *subject = NULL;
- ksba_cert_t subject_cert = NULL, issuer_cert = NULL;
+ ksba_cert_t subject_cert = NULL;
+ ksba_cert_t issuer_cert = NULL;
ksba_isotime_t current_time;
ksba_isotime_t exptime;
int any_expired = 0;
@@ -438,7 +439,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
/* We walk up the chain until we find a trust anchor. */
subject_cert = cert;
- maxdepth = 10;
+ maxdepth = 10; /* Sensible limit on the length of the chain. */
chain = NULL;
depth = 0;
for (;;)
@@ -520,7 +521,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
goto leave;
/* Is this a self-signed certificate? */
- if (is_root_cert ( subject_cert, issuer, subject))
+ if (is_root_cert (subject_cert, issuer, subject))
{
/* Yes, this is our trust anchor. */
if (check_cert_sig (subject_cert, subject_cert) )
@@ -630,9 +631,9 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
dump_cert ("issuer", issuer_cert);
}
- /* Now check the signature of the certificate. Well, we
- should delay this until later so that faked certificates
- can't be turned into a DoS easily. */
+ /* Now check the signature of the certificate. FIXME: we should
+ * delay this until later so that faked certificates can't be
+ * turned into a DoS easily. */
err = check_cert_sig (issuer_cert, subject_cert);
if (err)
{
@@ -669,14 +670,14 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
}
}
#endif
- /* We give a more descriptive error code than the one
- returned from the signature checking. */
+ /* Return a more descriptive error code than the one
+ * returned from the signature checking. */
err = gpg_error (GPG_ERR_BAD_CERT_CHAIN);
goto leave;
}
/* Check that the length of the chain is not longer than allowed
- by the CA. */
+ * by the CA. */
{
int chainlen;
@@ -722,9 +723,11 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
issuer_cert = NULL;
}
+ /* Even if we have no error here we need to check whether we
+ * encountered an error somewhere during the checks. Set the error
+ * code to the most critical one. */
if (!err)
- { /* If we encountered an error somewhere during the checks, set
- the error code to the most critical one */
+ {
if (any_expired)
err = gpg_error (GPG_ERR_CERT_EXPIRED);
else if (any_no_policy_match)
@@ -742,19 +745,19 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
if (!err && mode != VALIDATE_MODE_CRL)
{ /* Now that everything is fine, walk the chain and check each
- certificate for revocations.
-
- 1. item in the chain - The root certificate.
- 2. item - the CA below the root
- last item - the target certificate.
-
- Now for each certificate in the chain check whether it has
- been included in a CRL and thus be revoked. We don't do OCSP
- here because this does not seem to make much sense. This
- might become a recursive process and we should better cache
- our validity results to avoid double work. Far worse a
- catch-22 may happen for an improper setup hierarchy and we
- need a way to break up such a deadlock. */
+ * certificate for revocations.
+ *
+ * 1. item in the chain - The root certificate.
+ * 2. item - the CA below the root
+ * last item - the target certificate.
+ *
+ * Now for each certificate in the chain check whether it has
+ * been included in a CRL and thus be revoked. We don't do OCSP
+ * here because this does not seem to make much sense. This
+ * might become a recursive process and we should better cache
+ * our validity results to avoid double work. Far worse a
+ * catch-22 may happen for an improper setup hierarchy and we
+ * need a way to break up such a deadlock. */
err = check_revocations (ctrl, chain);
}
@@ -773,11 +776,11 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
if (!err && !(r_trust_anchor && *r_trust_anchor))
{
/* With no error we can update the validation cache. We do this
- for all certificates in the chain. Note that we can't use
- the cache if the caller requested to check the trustiness of
- the root certificate himself. Adding such a feature would
- require us to also store the fingerprint of root
- certificate. */
+ * for all certificates in the chain. Note that we can't use
+ * the cache if the caller requested to check the trustiness of
+ * the root certificate himself. Adding such a feature would
+ * require us to also store the fingerprint of root
+ * certificate. */
chain_item_t citem;
time_t validated_at = gnupg_get_time ();
@@ -853,8 +856,8 @@ pk_algo_from_sexp (gcry_sexp_t pkey)
/* Check the signature on CERT using the ISSUER_CERT. This function
- does only test the cryptographic signature and nothing else. It is
- assumed that the ISSUER_CERT is valid. */
+ * does only test the cryptographic signature and nothing else. It is
+ * assumed that the ISSUER_CERT is valid. */
static gpg_error_t
check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
{
@@ -952,20 +955,23 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
/* Prepare the values for signature verification. At this point we
- have these values:
-
- S_PKEY - S-expression with the issuer's public key.
- S_SIG - Signature value as given in the certrificate.
- MD - Finalized hash context with hash of the certificate.
- ALGO_NAME - Lowercase hash algorithm name
+ * have these values:
+ *
+ * S_PKEY - S-expression with the issuer's public key.
+ * S_SIG - Signature value as given in the certificate.
+ * MD - Finalized hash context with hash of the certificate.
+ * ALGO_NAME - Lowercase hash algorithm name
*/
digestlen = gcry_md_get_algo_dlen (algo);
digest = gcry_md_read (md, algo);
if (pk_algo_from_sexp (s_pkey) == GCRY_PK_DSA)
{
+ /* NB.: We support only SHA-1 here because we had problems back
+ * then to get test data for DSA-2. Meanwhile DSA has been
+ * replaced by ECDSA which we do not yet support. */
if (digestlen != 20)
{
- log_error (_("DSA requires the use of a 160 bit hash algorithm\n"));
+ log_error ("DSA requires the use of a 160 bit hash algorithm\n");
gcry_md_close (md);
gcry_sexp_release (s_sig);
gcry_sexp_release (s_pkey);
@@ -975,7 +981,7 @@ check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert)
(int)digestlen, digest) )
BUG ();
}
- else /* Not DSA. */
+ else /* Not DSA - we assume RSA */
{
if ( gcry_sexp_build (&s_hash, NULL, "(data(flags pkcs1)(hash %s %b))",
algo_name, (int)digestlen, digest) )
commit aef60abe6a1772e18634984a94bd70f57d57ccdd
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 16 10:19:59 2017 +0100
dirmngr: Replace stpcpy chains by strconcat.
* dirmngr/certcache.c (find_cert_bysn): Use strconcat.
(find_cert_bysubject): Ditto.
* dirmngr/http.c (store_header): Ditto.
* dirmngr/ldap.c (make_url): Ditto.
* dirmngr/server.c (get_cert_local_ski): Ditto.
(do_get_cert_local): Use xstrconcat.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c
index ad85d99..10757c8 100644
--- a/dirmngr/certcache.c
+++ b/dirmngr/certcache.c
@@ -1004,15 +1004,15 @@ find_cert_bysn (ctrl_t ctrl, const char *issuer_dn, ksba_sexp_t serialno)
log_error ("serial_hex() failed\n");
return NULL;
}
- buf = xtrymalloc (1 + strlen (hexsn) + 1 + strlen (issuer_dn) + 1);
+ buf = strconcat ("#", hexsn, "/", issuer_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexsn);
return NULL;
}
- strcpy (stpcpy (stpcpy (stpcpy (buf, "#"), hexsn),"/"), issuer_dn);
xfree (hexsn);
+
cert = get_cert_local (ctrl, buf);
xfree (buf);
if (cert)
@@ -1169,13 +1169,12 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid)
search is done. */
char *buf;
- buf = xtrymalloc (1 + strlen (subject_dn) + 1);
+ buf = strconcat ("/", subject_dn, NULL);
if (!buf)
{
log_error ("can't allocate enough memory: %s\n", strerror (errno));
return NULL;
}
- strcpy (stpcpy (buf, "/"), subject_dn);
cert = get_cert_local (ctrl, buf);
xfree (buf);
}
diff --git a/dirmngr/http.c b/dirmngr/http.c
index fe9c3c7..0889cb1 100644
--- a/dirmngr/http.c
+++ b/dirmngr/http.c
@@ -2150,11 +2150,10 @@ store_header (http_t hd, char *line)
if (h)
{
/* We have already seen a line with that name. Thus we assume
- it is a comma separated list and merge them. */
- p = xtrymalloc (strlen (h->value) + 1 + strlen (value)+ 1);
+ * it is a comma separated list and merge them. */
+ p = strconcat (h->value, ",", value, NULL);
if (!p)
return gpg_err_code_from_syserror ();
- strcpy (stpcpy (stpcpy (p, h->value), ","), value);
xfree (h->value);
h->value = p;
return 0;
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index 20cbbd8..a037f5d 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -445,26 +445,16 @@ make_url (char **url, const char *dn, const char *filter)
xfree (u_dn);
return err;
}
- *url = malloc ( 8 + strlen (u_dn)
- + 1 + strlen (attrs)
- + 5 + strlen (u_filter) + 1 );
+
+ *url = strconcat ("ldap:///", u_dn, "?", attrs, "?sub?", u_filter, NULL);
if (!*url)
- {
- err = gpg_error_from_errno (errno);
- xfree (u_dn);
- xfree (u_filter);
- return err;
- }
+ err = gpg_error_from_syserror ();
+ else
+ err = 0;
- stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (stpcpy (*url, "ldap:///"),
- u_dn),
- "?"),
- attrs),
- "?sub?"),
- u_filter);
xfree (u_dn);
xfree (u_filter);
- return 0;
+ return err;
}
diff --git a/dirmngr/server.c b/dirmngr/server.c
index bca3a61..32ce5bb 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -367,10 +367,7 @@ do_get_cert_local (ctrl_t ctrl, const char *name, const char *command)
ksba_cert_t cert;
if (name)
- {
- buf = xmalloc ( strlen (command) + 1 + strlen(name) + 1);
- strcpy (stpcpy (stpcpy (buf, command), " "), name);
- }
+ buf = xstrconcat (command, " ", name, NULL);
else
buf = xstrdup (command);
@@ -475,15 +472,13 @@ get_cert_local_ski (ctrl_t ctrl, const char *name, ksba_sexp_t keyid)
return NULL;
}
- buf = xtrymalloc (15 + strlen (hexkeyid) + 2 + strlen(name) + 1);
+ buf = strconcat ("SENDCERT_SKI ", hexkeyid, " /", name, NULL);
if (!buf)
{
-
log_error ("can't allocate enough memory: %s\n", strerror (errno));
xfree (hexkeyid);
return NULL;
}
- strcpy (stpcpy (stpcpy (stpcpy (buf, "SENDCERT_SKI "), hexkeyid)," /"),name);
xfree (hexkeyid);
rc = assuan_inquire (ctrl->server_local->assuan_ctx, buf,
-----------------------------------------------------------------------
Summary of changes:
dirmngr/certcache.c | 65 ++++++++++++++++++++---------------------
dirmngr/crlfetch.c | 19 ++++++------
dirmngr/http.c | 5 ++--
dirmngr/ldap.c | 22 ++++----------
dirmngr/misc.c | 2 ++
dirmngr/server.c | 38 ++++++++++--------------
dirmngr/validate.c | 84 ++++++++++++++++++++++++++++-------------------------
7 files changed, 113 insertions(+), 122 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list