agent/

[gnupg.git] / sm / ChangeLog

2007-05-18  Marcus Brinkmann  <marcus@g10code.de>

        * qualified.c (gpgsm_qualified_consent,
        gpgsm_not_qualified_warning): Free ORIG_CODESET on error.
        * certdump.c (gpgsm_format_keydesc): Likewise.

2007-05-07  Werner Koch  <wk@g10code.com>

        * certcheck.c (MY_GCRY_PK_ECDSA): New.

2007-04-20  Werner Koch  <wk@g10code.com>

        * gpgsm.c (main): Parameterize failed versions check messages.

2007-04-19  Werner Koch  <wk@g10code.com>

        * certcheck.c (do_encode_md): Add arg PKEY.  Add support for DSA2
        and all ECDSA sizes.
        (get_dsa_qbits): New.
        (pk_algo_from_sexp): A key will never contain ecdsa as algorithm,
        so remove that.

2007-04-18  Werner Koch  <wk@g10code.com>

        * certcheck.c (do_encode_md): Support 160 bit ECDSA.

2007-04-13  Werner Koch  <wk@g10code.com>

        * call-agent.c (start_agent): Don't use log_error when using the
        fallback hack to start the agent.  This is bug 782.

2007-03-20  Werner Koch  <wk@g10code.com>

        * fingerprint.c (gpgsm_get_fingerprint): Add caching.
        (gpgsm_get_fingerprint_string): Use bin2hexcolon().
        (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only
        as much memory as required.
        (gpgsm_get_keygrip_hexstring): Use bin2hex.

        * certchain.c (gpgsm_validate_chain): Keep track of the
        certificate chain and reset the ephemeral flags.
        * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK.
        Changed caller to use a mask of ~0.  Return a proper error code if
        the certificate is not available.

        * gpgsm.c: Add option --p12-charset.
        * gpgsm.h (struct opt): Add p12_charset. 
        * export.c (popen_protect_tool): Use new option.

2007-03-19  Werner Koch  <wk@g10code.com>

        Changes to let export and key listing use estream to help systems
        without funopen.
        
        * keylist.c: Use estream in place of stdio functions.
        * gpgsm.c (open_es_fwrite): New.
        (main): Use it for the list commands.
        * server.c (data_line_cookie_functions): New.
        (data_line_cookie_write, data_line_cookie_close): New.
        (do_listkeys): Use estream.

        * certdump.c (gpgsm_print_serial): Changed to use estream.
        (gpgsm_print_time): Ditto.
        (pretty_es_print_sexp): New.
        (gpgsm_es_print_name): New.
        (print_dn_part): New arg STREAM.  Changed all callers.
        (print_dn_parts): Ditto.
        * certchain.c (gpgsm_validate_chain): Changed FP to type
        estream_t.
        (do_list, unknown_criticals, allowed_ca, check_cert_policy) 
        (is_cert_still_valid): Ditto.

        * export.c (gpgsm_export): New arg STREAM.
        (do_putc, do_fputs): New.
        (print_short_info): Allow printing to optional STREAM.
        * server.c (cmd_export): Use stream.
        * base64.c (do_putc, do_fputs): New.
        (base64_writer_cb, base64_finish_write): Let them cope with an
        alternate output function.
        (plain_writer_cb): New.
        (gpgsm_create_writer): New arg STREAM and call plain_writer_cb for
        binary output to an estream.  Changed call callers.

2007-01-31  Werner Koch  <wk@g10code.com>

        * gpgsm.c (main): Let --gen-key print a more informative error
        message.

2007-01-25  Werner Koch  <wk@g10code.com>

        * Makefile.am (gpgsm_LDADD): Add LIBICONV.  Noted by Billy Halsey.

2007-01-05  Werner Koch  <wk@g10code.com>

        * certchain.c (unknown_criticals): Add subjectAltName.

2006-12-21  Werner Koch  <wk@g10code.com>

        * gpgsm.c: Comment mtrace feature.

2006-12-21  Marcus Brinkmann  <marcus@g10code.de>

        * certchain.c (gpgsm_basic_cert_check): Release SUBJECT.

        * encrypt.c (encrypt_dek): Release S_CIPH.

2006-12-20  Marcus Brinkmann  <marcus@g10code.de>

        * server.c (gpgsm_server): Release CTRL->server_local.

        * base64.c: Add new members READER and WRITER in union U2.
        (gpgsm_create_reader): Initialise CTX->u2.reader.
        (gpgsm_destroy_reader): Invoke ksba_reader_release.  Return early
        if CTX is NULL.
        (gpgsm_create_writer): Initialise CTX->u2.writer.
        (gpgsm_destroy_writer): Invoke ksba_writer_release.  Return early
        if CTX is NULL.

2006-12-18  Marcus Brinkmann  <marcus@g10code.de>

        * fingerprint.c (gpgsm_get_fingerprint): Close MD.

2006-11-24  Werner Koch  <wk@g10code.com>

        * certdump.c (parse_dn_part): Take '#' as a special character only
        at the beginning of a string.

2006-11-21  Werner Koch  <wk@g10code.com>

        * certdump.c (my_funopen_hook_ret_t): New.
        (format_name_writer): Use it for the return value.

2006-11-14  Werner Koch  <wk@g10code.com>

        * server.c (skip_options): Skip leading spaces.
        (has_option): Honor "--".
        (cmd_export): Add option --data to do an inline export.  Skip all
        options.

        * certdump.c (gpgsm_fpr_and_name_for_status): New.
        * verify.c (gpgsm_verify): Use it to print correct status messages.

2006-11-11  Werner Koch  <wk@g10code.com>

        * server.c (skip_options): New.

2006-10-24  Marcus Brinkmann  <marcus@g10code.de>

        * Makefile.am (AM_CFLAGS): Add $(LIBASSUAN_CFLAGS).

2006-10-23  Werner Koch  <wk@g10code.com>

        * gpgsm.c (main): Remap common cipher algo names to their OIDs.
        (main): New command --gpgconf-test.

2006-10-20  Werner Koch  <wk@g10code.com>

        * keydb.c (classify_user_id): Parse keygrip for the '&' identifier.

2006-10-18  Werner Koch  <wk@g10code.com>

        * keylist.c (list_cert_raw): Also test for GPG_ERR_NO_VALUE when
        testing for GPG_ERR_NO_DATA.
        * certlist.c (cert_usage_p, gpgsm_find_cert): Ditto.
        * certchain.c (check_cert_policy): Ditto.

        * keylist.c (list_cert_std, list_cert_raw): Print "none" for no
        chain length available.

2006-10-17  Werner Koch  <wk@g10code.com>

        * gpgsm.c: No need for pth.h.  
        (main): or to init it. It used to be hack for W32.

        * sign.c (gpgsm_get_default_cert): Changed to return only
        certificates usable for signing.

2006-10-16  Werner Koch  <wk@g10code.com>

        * certchain.c (already_asked_marktrusted) 
        (set_already_asked_marktrusted): New.
        (gpgsm_validate_chain) <not trusted>: Keep track of certificates
        we already asked for.

2006-10-11  Werner Koch  <wk@g10code.com>

        * certreqgen.c (proc_parameters, create_request): Allow for
        creation directly from a card.
        * call-agent.c (gpgsm_agent_readkey): New arg FROMCARD.
        (gpgsm_scd_pksign): New.

2006-10-06  Werner Koch  <wk@g10code.com>

        * Makefile.am (AM_CFLAGS): Use PTH version of libassuan.
        (gpgsm_LDADD): Ditto.

2006-10-05  Werner Koch  <wk@g10code.com>

        * certcheck.c (do_encode_md): Check that the has algo is valid.

2006-10-02  Marcus Brinkmann  <marcus@g10code.de>

        * server.c (register_commands): New commands DUMPKEYS and
        DUMPSECRETKEYS.
        (cmd_dumpkeys, cmd_dumpsecretkeys): New functions.
        (option_handler): Support with-key-data option.

2006-09-26  Werner Koch  <wk@g10code.com>

        * certchain.c (gpgsm_validate_chain): More changes for the relax
        feature.  Use certificate reference counting instead of the old
        explicit tests. Added a missing free. 

2006-09-25  Werner Koch  <wk@g10code.com>

        * gpgsm.h (struct rootca_flags_s): New.
        * call-agent.c (istrusted_status_cb): New.
        (gpgsm_agent_istrusted): New arg ROOTCA_FLAGS.
        * keylist.c (list_cert_colon): Use dummy for new arg.
        * certchain.c (gpgsm_validate_chain): Make use of the relax flag
        for root certificates.
        (unknown_criticals): Ignore a GPG_ERR_NO_VALUE.

2006-09-20  Werner Koch  <wk@g10code.com>

        * gpgsm.c: Add alias command --dump-cert.

        * Makefile.am:  Changes to allow parallel make runs.

2006-09-18  Werner Koch  <wk@g10code.com>

        * gpgsm.c (main): Use this to import standard certificates.
        * keydb.c (keydb_add_resource): New arg AUTO_CREATED.

2006-09-14  Werner Koch  <wk@g10code.com>

        Replaced all call gpg_error_from_errno(errno) by
        gpg_error_from_syserror().

2006-09-13  Werner Koch  <wk@g10code.com>

        * keylist.c (list_internal_keys): Print marker line to FP and not
        to stdout.

        * gpgsm.c (main): All list key list commands now make ose of
        --output. Cleaned up calls to list modes.  New command
        --dump-chain.  Renamed --list-sigs to --list-chain and added an
        alias for the old one.

        * server.c (cmd_message): Changed to use assuan_command_parse_fd.
        (option_handler): New option list-to-output.
        (do_listkeys): Use it.

2006-09-06  Werner Koch  <wk@g10code.com>

        * gpgsm.h (OUT_OF_CORE): Removed and changed all callers to
        out_of_core.
        (CTRL): Removed and changed everywhere to ctrl_t.
        (CERTLIST): Ditto.

        Replaced all Assuan error codes by libgpg-error codes.  Removed
        all map_to_assuan_status and map_assuan_err.
        
        * gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan
        switch to gpg-error codes.  
        * server.c (set_error): Adjusted.

2006-08-29  Werner Koch  <wk@g10code.com>

        * call-agent.c (gpgsm_agent_pkdecrypt): Allow decryption using
        complete S-expressions as implemented by the current gpg-agent.

        * gpgsm.c (main): Implement --output for encrypt, decrypt, sign
        and export.

2006-07-03  Werner Koch  <wk@g10code.com>

        * certreqgen.c (proc_parameters): Print the component label of a
        faulty DN.

2006-06-26  Werner Koch  <wk@g10code.com>

        * certdump.c (gpgsm_cert_log_name): New.
        * certchain.c (is_cert_still_valid): Log the name of the certificate.

2006-06-20  Werner Koch  <wk@g10code.com>

        * gpgsm.c (gpgsm_init_default_ctrl): Take care of the command line
        option --include-certs.

        * keylist.c (list_cert_raw): Print the certid.

2006-05-23  Werner Koch  <wk@g10code.com>

        * keydb.c (hextobyte): Deleted as it is now defined in jnlib.

        * Makefile.am (gpgsm_LDADD): Include ZLIBS.

2006-05-19  Marcus Brinkmann  <marcus@g10code.de>

        * keydb.c (keydb_insert_cert): Do not lock here, but only check if
        it is locked.
        (keydb_store_cert): Lock here.

        * keydb.h (keydb_delete): Accept new argument UNLOCK.
        * keydb.c (keydb_delete): Likewise.  Only unlock if this is set.
        * delete.c (delete_one): Add new argument to invocation of
        keydb_delete.
        
2006-05-15  Werner Koch  <wk@g10code.com>

        * keylist.c (print_names_raw): Sanitize URI.

2006-03-21  Werner Koch  <wk@g10code.com>

        * certchain.c (get_regtp_ca_info): New.
        (allowed_ca): Use it.

2006-03-20  Werner Koch  <wk@g10code.com>

        * qualified.c (gpgsm_is_in_qualified_list): New optional arg COUNTRY.

2006-02-17  Werner Koch  <wk@g10code.com>

        * call-dirmngr.c (start_dirmngr): Print name of dirmngr to be started.

2005-11-23  Werner Koch  <wk@g10code.com>

        * gpgsm.h: New member QUALSIG_APPROVAL.
        * sign.c (gpgsm_sign): Print a warning if a certificate is not
        qualified.
        * qualified.c (gpgsm_qualified_consent): Include a note that this
        is not approved software.
        (gpgsm_not_qualified_warning): New.
        * gpgsm.c (main): Prepared to print a note whether the software
        has been approved.

2005-11-13  Werner Koch  <wk@g10code.com>

        * call-agent.c (gpgsm_agent_get_confirmation): New.

        * keylist.c (list_cert_std): Print qualified status.
        * qualified.c: New.
        * certchain.c (gpgsm_validate_chain): Check for qualified
        certificates.

        * certchain.c (gpgsm_basic_cert_check): Release keydb handle when
        no-chain-validation is used.

2005-11-11  Werner Koch  <wk@g10code.com>

        * keylist.c (print_capabilities): Print is_qualified status.

2005-10-28  Werner Koch  <wk@g10code.com>

        * certdump.c (pretty_print_sexp): New.
        (gpgsm_print_name2): Use it here.  This allows proper printing of
        DNS names as used with server certificates.

2005-10-10  Werner Koch  <wk@g10code.com>

        * keylist.c: Add pkaAdress OID as reference.

2005-10-08  Marcus Brinkmann  <marcus@g10code.de>

        * Makefile.am (gpgsm_LDADD): Add ../gl/libgnu.a after
        ../common/libcommon.a.

2005-09-13  Werner Koch  <wk@g10code.com>

        * verify.c (gpgsm_verify): Print a note if the unknown algorithm
        is MD2.
        * sign.c (gpgsm_sign): Ditto.
        * certcheck.c (gpgsm_check_cert_sig): Ditto.

2005-09-08  Werner Koch  <wk@g10code.com>

        * export.c (popen_protect_tool): Add option --have-cert.  We
        probably lost this option with 1.9.14 due to restructuring of
        export.c.

2005-07-21  Werner Koch  <wk@g10code.com>

        * gpgsm.c (main): New options --no-log-file and --debug-none.

        * certreqgen.c (get_parameter, get_parameter_value): Add SEQ arg
        to allow enumeration.  Changed all callers.
        (create_request): Process DNS and URI parameters.

2005-07-20  Werner Koch  <wk@g10code.com>

        * keylist.c (email_kludge): Reworked.

        * certdump.c (gpgsm_print_serial, gpgsm_dump_serial): Cast printf
        arg to unsigned.
        * call-dirmngr.c (gpgsm_dirmngr_run_command): Ditto

2005-07-19  Werner Koch  <wk@g10code.com>

        * fingerprint.c (gpgsm_get_certid): Cast printf arg to unsigned.
        Bug accidently introduced while solving the #$%^& gcc
        signed/unsigned char* warnings.

2005-06-15  Werner Koch  <wk@g10code.com>

        * delete.c (delete_one): Changed FPR to unsigned.
        * encrypt.c (encrypt_dek): Made ENCVAL unsigned.
        (gpgsm_encrypt): Ditto.
        * sign.c (gpgsm_sign): Made SIGVAL unsigned.
        * base64.c (base64_reader_cb): Need to use some casting to get
        around signed/unsigned char* warnings.
        * certcheck.c (gpgsm_check_cms_signature): Ditto.
        (gpgsm_create_cms_signature): Changed arg R_SIGVAL to unsigned char*.
        (do_encode_md): Made NFRAME a size_t.
        * certdump.c (gpgsm_print_serial): Fixed signed/unsigned warning.
        (gpgsm_dump_serial): Ditto.
        (gpgsm_format_serial): Ditto.
        (gpgsm_dump_string): Ditto.
        (gpgsm_dump_cert): Ditto.
        (parse_dn_part): Ditto.
        (gpgsm_print_name2): Ditto.
        * keylist.c (email_kludge): Ditto.
        * certreqgen.c (proc_parameters, create_request): Ditto.
        (create_request): Ditto.
        * call-agent.c (gpgsm_agent_pksign): Made arg R_BUF unsigned.
        (struct cipher_parm_s): Made CIPHERTEXT unsigned.
        (struct genkey_parm_s): Ditto.
        * server.c (strcpy_escaped_plus): Made arg S signed char*.
        * fingerprint.c (gpgsm_get_fingerprint): Made ARRAY unsigned.
        (gpgsm_get_keygrip): Ditto.
        * keydb.c (keydb_insert_cert): Made DIGEST unsigned.
        (keydb_update_cert): Ditto.
        (classify_user_id): Apply cast to signed/unsigned assignment.
        (hextobyte): Ditto.

2005-06-01  Werner Koch  <wk@g10code.com>

        * misc.c: Include setenv.h.

2005-04-21  Werner Koch  <wk@g10code.com>

        * gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
        * certchain.c (gpgsm_validate_chain): Make use of it.

        * certchain.c (gpgsm_validate_chain): Check revocations even for
        expired certificates.  This is required because on signature
        verification an expired key is fine whereas a revoked one is not.

2005-04-20  Werner Koch  <wk@g10code.com>

        * Makefile.am (AM_CFLAGS): Add PTH_CFLAGS as noted by several folks.

2005-04-19  Werner Koch  <wk@g10code.com>

        * certchain.c (check_cert_policy): Print the diagnostic for a open
        failure of policies.txt only in verbose mode or when it is not
        ENOENT.

2005-04-17  Werner Koch  <wk@g10code.com>

        * call-dirmngr.c (inq_certificate): Add new inquire SENDCERT_SKI.
        * certlist.c (gpgsm_find_cert): Add new arg KEYID and implement
        this filter.  Changed all callers.

        * certchain.c (find_up_search_by_keyid): New helper.
        (find_up): Also try using the AKI.keyIdentifier.
        (find_up_external): Ditto.

2005-04-15  Werner Koch  <wk@g10code.com>

        * keylist.c (list_cert_raw): Print the subjectKeyIdentifier as
        well as the keyIdentifier part of the authorityKeyIdentifier.

2005-03-31  Werner Koch  <wk@g10code.com>

        * call-dirmngr.c (start_dirmngr): Use PATHSEP_C instead of ':'.
        * call-agent.c (start_agent): Ditto.

2005-03-17  Werner Koch  <wk@g10code.com>

        * certcheck.c: Fixed use of DBG_CRYPTO and DBG_X509.

        * certchain.c (gpgsm_basic_cert_check): Dump certificates after a
        failed gcry_pk_verify.
        (find_up): Do an external lookup also for an authorityKeyIdentifier
        lookup. Factored external lookup code out to ..
        (find_up_external): .. new.

2005-03-03  Werner Koch  <wk@g10code.com>

        * Makefile.am (gpgsm_LDADD): Added PTH_LIBS.  Noted by Kazu Yamamoto.

2005-01-13  Werner Koch  <wk@g10code.com>

        * certreqgen.c (proc_parameters): Cast printf arg.

2004-12-22  Werner Koch  <wk@g10code.com>

        * gpgsm.c (set_binary): New.
        (main, open_read, open_fwrite): Use it.

2004-12-21  Werner Koch  <wk@g10code.com>

        * gpgsm.c (main): Use default_homedir().
        (main) [W32]: Default to disabled CRL checks.

2004-12-20  Werner Koch  <wk@g10code.com>

        * call-agent.c (start_agent): Before starting a pipe server start
        to connect to a server on the standard socket.  Use PATHSEP
        * call-dirmngr.c (start_dirmngr): Use PATHSEP.

        * import.c: Include unistd.h for dup and close.

2004-12-18  Werner Koch  <wk@g10code.com>

        * gpgsm.h (map_assuan_err): Define in terms of
        map_assuan_err_with_source.
        * call-agent.c (start_agent): Pass error source to
        send_pinentry_environment.

2004-12-17  Werner Koch  <wk@g10code.com>

        * call-dirmngr.c (isvalid_status_cb, lookup_status_cb)
        (run_command_status_cb): Return cancel status if gpgsm_status
        returned an error.

        * server.c (gpgsm_status, gpgsm_status2) 
        (gpgsm_status_with_err_code): Return an error code.
        (gpgsm_status2): Always call va_end().

2004-12-15  Werner Koch  <wk@g10code.com>

        * call-dirmngr.c (lookup_status_cb): Send progress messages
        upstream.
        (isvalid_status_cb): Ditto.
        (gpgsm_dirmngr_isvalid): Put CTRL into status CB parameters.
        (gpgsm_dirmngr_run_command, run_command_status_cb): Pass CTRL to
        status callback and handle PROGRESS.

        * misc.c (setup_pinentry_env) [W32]: Don't use it.

        * gpgsm.c (main) [W32]: Init Pth because we need it for the socket
        operations and to resolve libassuan symbols.
        (run_protect_tool) [W32]: Disable it.

        * Makefile.am (gpgsm_LDADD): Move LIBASSUAN_LIBS more to the end.

2004-12-07  Werner Koch  <wk@g10code.com>

        * Makefile.am (gpgsm_LDADD): Put libassuan before jnlib because
        under W32 we need the w32 pth code from jnlib.

        * misc.c (setup_pinentry_env) [W32]: Disabled.

2004-12-06  Werner Koch  <wk@g10code.com>

        * gpgsm.c (run_protect_tool) [_WIN32]: Disabled.

        * import.c (popen_protect_tool): Simplified by making use of
        gnupg_spawn_process.
        (parse_p12): Likewise, using gnupg_wait_process.
        * export.c (popen_protect_tool): Ditto.
        (export_p12): Ditto.

        * keydb.c: Don't define DIRSEP_S here.

2004-12-02  Werner Koch  <wk@g10code.com>

        * certchain.c (gpgsm_basic_cert_check): Dump certs with bad
        signature for debugging.
        (gpgsm_validate_chain): Ditto.

2004-11-29  Werner Koch  <wk@g10code.com>

        * gpgsm.c (set_debug): Changed to use a globals DEBUG_LEVEL and
        DEBUG_VALUE.
        (main): Made DEBUG_LEVEL global and introduced DEBUG_VALUE.  This
        now allows to add debug flags on top of a debug-level setting.

2004-11-23  Werner Koch  <wk@g10code.com>

        * gpgsm.c: New option --prefer-system-dirmngr.
        * call-dirmngr.c (start_dirmngr): Implement this option.

2004-10-22  Werner Koch  <wk@g10code.com>

        * certreqgen.c (gpgsm_genkey): Remove the NEW from the certificate
        request PEM header.  This is according to the Sphinx standard.

2004-10-08  Moritz Schulte  <moritz@g10code.com>

        * certchain.c (gpgsm_validate_chain): Do not use keydb_new() in
        case the no_chain_validation-return-short-cut is used (fixes
        memory leak).

2004-10-04  Werner Koch  <wk@g10code.com>

        * misc.c (setup_pinentry_env): Try hard to set a default for GPG_TTY.

2004-09-30  Werner Koch  <wk@g10code.com>

        * gpgsm.c (i18n_init): Always use LC_ALL.

        * certdump.c (gpgsm_format_name): Factored code out to ..
        (gpgsm_format_name2): .. new.
        (gpgsm_print_name): Factored code out to ..
        (gpgsm_print_name2): .. new.
        (print_dn_part): New arg TRANSLATE.  Changed all callers.
        (print_dn_parts): Ditto.
        (gpgsm_format_keydesc): Do not translate the SUBJECT; we require
        it to stay UTF-8 but we still want to filter out bad control
        characters.

        * Makefile.am: Adjusted for gettext 0.14.

        * keylist.c (list_cert_colon): Make sure that the expired flag has
        a higher precedence than the invalid flag. 

2004-09-29  Werner Koch  <wk@g10code.com>

        * import.c (parse_p12): Write an error status line for bad
        passphrases. Add new arg CTRL and changed caller.
        * export.c (export_p12): Likewise.

2004-09-14  Werner Koch  <wk@g10code.com>

        * certchain.c (gpgsm_validate_chain): Give expired certificates a
        higher error precedence and don't bother to check any CRL in that
        case.

2004-08-24  Werner Koch  <wk@g10code.de>

        * certlist.c: Fixed typo in ocsp OID.

2004-08-18  Werner Koch  <wk@g10code.de>

        * certlist.c (gpgsm_cert_use_ocsp_p): New.
        (cert_usage_p): Support it here.
        * call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it here.

2004-08-17  Marcus Brinkmann  <marcus@g10code.de>

        * import.c: Fix typo in last change.

2004-08-17  Werner Koch  <wk@g10code.de>

        * import.c (check_and_store): Do a full validation if
        --with-validation is set.

        * certchain.c (gpgsm_basic_cert_check): Print more detailed error
        messages.
        
        * certcheck.c (do_encode_md): Partly support DSA.  Add new arg
        PKALGO. Changed all callers to pass it.
        (pk_algo_from_sexp): New.

2004-08-16  Werner Koch  <wk@g10code.de>

        * gpgsm.c: New option --fixed-passphrase.
        * import.c (popen_protect_tool): Pass it to the protect-tool.

        * server.c (cmd_encrypt): Use DEFAULT_RECPLIST and not recplist
        for encrypt-to keys.

2004-08-06  Werner Koch  <wk@g10code.com>

        * gpgsm.c: New option --with-ephemeral-keys.
        * keylist.c (list_internal_keys): Set it here.
        (list_cert_raw): And indicate those keys.  Changed all our callers
        to pass the new arg HD through.

2004-07-23  Werner Koch  <wk@g10code.de>

        * certreqgen.c (proc_parameters): Do not allow key length below
        1024.

2004-07-22  Werner Koch  <wk@g10code.de>

        * keylist.c (list_cert_raw): Print the keygrip.

2004-07-20  Werner Koch  <wk@gnupg.org>

        * certchain.c (gpgsm_validate_chain): The trust check didn't
        worked anymore, probably due to the changes at 2003-03-04.  Fixed.

2004-06-06  Werner Koch  <wk@gnupg.org>

        * certreqgen.c (get_parameter_uint, create_request): Create
        an extension for key usage when requested. 

2004-05-12  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Install emergency_cleanup also as an atexit
        handler.

        * verify.c (gpgsm_verify): Removed the separate error code
        handling for KSBA.  We use shared error codes anyway.

        * export.c (export_p12): Removed debugging code.

        * encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.

2004-05-11  Werner Koch  <wk@gnupg.org>

        * sign.c (gpgsm_sign): Include the error source in the final error
        message.
        * decrypt.c (gpgsm_decrypt): Ditto.

        * fingerprint.c (gpgsm_get_key_algo_info): New.
        * sign.c (gpgsm_sign): Don't assume RSA in the status line.
        * keylist.c (list_cert_colon): Really print the algorithm and key
        length.
        (list_cert_raw, list_cert_std): Ditto.
        (list_cert_colon): Reorganized to be able to tell whether a root
        certificate is trusted.

        * gpgsm.c: New option --debug-allow-core-dump.

        * gpgsm.h (opt): Add member CONFIG_FILENAME.
        * gpgsm.c (main): Use it here instead of the local var.

        * server.c (gpgsm_server): Print some additional information with
        the hello in verbose mode.

2004-04-30  Werner Koch  <wk@gnupg.org>

        * import.c (check_and_store): Do not update the stats for hidden
        imports of issuer certs.
        (popen_protect_tool): Request statusmessages from the protect-tool.
        (parse_p12): Detect status messages. Add new arg STATS and update them.
        (print_imported_summary): Include secret key stats.

2004-04-28  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: New command --keydb-clear-some-cert-flags.
        * keydb.c (keydb_clear_some_cert_flags): New.
        (keydb_update_keyblock, keydb_set_flags): Change error code
        CONFLICT to NOT_LOCKED.

2004-04-26  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main) <gpgconf>: Do not use /dev/null as default config
        filename.

        * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt) 
        (gpgsm_agent_genkey, gpgsm_agent_istrusted) 
        (gpgsm_agent_marktrusted, gpgsm_agent_havekey) 
        (gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
        (start_agent): New arg CTRL.  Send progress item when starting a
        new agent.
        * sign.c (gpgsm_get_default_cert, get_default_signer): New arg
        CTRL to be passed down to the agent function.
        * decrypt.c (prepare_decryption): Ditto.
        * certreqgen.c (proc_parameters, read_parameters): Ditto.
        * certcheck.c (gpgsm_create_cms_signature): Ditto.

2004-04-23  Werner Koch  <wk@gnupg.org>

        * keydb.c (keydb_add_resource): Try to compress the file on init.

        * keylist.c (oidtranstbl): New.  OIDs collected from several sources.
        (print_name_raw, print_names_raw, list_cert_raw): New.
        (gpgsm_list_keys): Check the dump mode and pass it down as
        necessary.

2004-04-22  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): New commands --dump-keys, --dump-external-keys,
        --dump-secret-keys.

2004-04-13  Werner Koch  <wk@gnupg.org>

        * misc.c (setup_pinentry_env): New.
        * import.c (popen_protect_tool): Call it.
        * export.c (popen_protect_tool): Call it.

2004-04-08  Werner Koch  <wk@gnupg.org>

        * decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a 
        encrypted message.

2004-04-07  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: New option --force-crl-refresh.
        * call-dirmngr.c (gpgsm_dirmngr_isvalid): Pass option to dirmngr.

2004-04-05  Werner Koch  <wk@gnupg.org>

        * server.c (get_status_string): Add STATUS_NEWSIG.
        * verify.c (gpgsm_verify): Print STATUS_NEWSIG for each signature.

        * certchain.c (gpgsm_validate_chain) <gpgsm_cert_use_cer_p>: Do
        not just warn if a cert is not suitable; bail out immediately.

2004-04-01  Werner Koch  <wk@gnupg.org>

        * call-dirmngr.c (isvalid_status_cb): New.
        (unhexify_fpr): New. Taken from ../g10/call-agent.c
        (gpgsm_dirmngr_isvalid): Add new arg CTRL, changed caller to pass
        it thru.  Detect need to check the respondert cert and do that.
        * certchain.c (gpgsm_validate_chain): Add new arg FLAGS.  Changed
        all callers.

2004-03-24  Werner Koch  <wk@gnupg.org>

        * sign.c (gpgsm_sign): Include a short list of capabilities.

2004-03-17  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main) <gpgconf>: Fixed default value quoting.

2004-03-16  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Implemented --gpgconf-list.

2004-03-15  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_cert_colon): Hack to set the expired flag.

2004-03-09  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Correctly intitialze USE_OCSP flag.

        * keydb.c (keydb_delete): s/GPG_ERR_CONFLICT/GPG_ERR_NOT_LOCKED/

2004-03-04  Werner Koch  <wk@gnupg.org>

        * call-dirmngr.c (gpgsm_dirmngr_isvalid): New arg ISSUER_CERT.

        * certchain.c (is_cert_still_valid): New.  Code moved from ...
        (gpgsm_validate_chain): ... here because we now need to check at
        two places and at a later stage, so that we can pass the issuer
        cert down to the dirmngr.

2004-03-03  Werner Koch  <wk@gnupg.org>

        * call-agent.c (start_agent): Replaced pinentry setup code by a
        call to a new common function.

        * certdump.c (gpgsm_format_keydesc): Make sure the string is
        returned as utf-8.

        * export.c (gpgsm_export): Make sure that we don't export more
        than one certificate.

2004-03-02  Werner Koch  <wk@gnupg.org>

        * export.c (create_duptable, destroy_duptable)
        (insert_duptable): New.
        (gpgsm_export): Avoid duplicates.

2004-02-26  Werner Koch  <wk@gnupg.org>

        * certchain.c (compare_certs): New.
        (gpgsm_validate_chain): Fixed infinite certificate checks after
        bad signatures.

2004-02-24  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_cert_colon): Print the fingerprint as the
        cert-id for root certificates.

2004-02-21  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_internal_keys): Return error codes.
        (list_external_keys, gpgsm_list_keys): Ditto.
        * server.c (do_listkeys): Ditto.

        * gpgsm.c (main): Display a key description for --passwd.
        * call-agent.c (gpgsm_agent_passwd): New arg DESC.

2004-02-20  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): New option --debug-ignore-expiration.
        * certchain.c (gpgsm_validate_chain): Use it here.

        * certlist.c (cert_usage_p): Apply extKeyUsage.

2004-02-19  Werner Koch  <wk@gnupg.org>

        * export.c (export_p12, popen_protect_tool)
        (gpgsm_p12_export): New.
        * gpgsm.c (main): New command --export-secret-key-p12. 

2004-02-18  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (set_debug): Set the new --debug-level flags.
        (main): New option --gpgconf-list.  
        (main): Do not setup -u and -r keys when not required.
        (main): Setup the used character set.

        * keydb.c (keydb_add_resource): Print a hint to start the
        gpg-agent.

2004-02-17  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: Fixed value parsing for --with-validation.
        * call-agent.c (start_agent): Ignore an empty GPG_AGENT_INFO.
        * call-dirmngr.c (start_dirmngr): Likewise for DIRMNGR_INFO.

        * gpgsm.c: New option --with-md5-fingerprint.
        * keylist.c (list_cert_std): Print MD5 fpr.

        * gpgsm.c: New options --with-validation.
        * server.c (option_handler): New option "with-validation".
        * keylist.c (list_cert_std, list_internal_keys): New args CTRL and
        WITH_VALIDATION. Changed callers to set it.
        (list_external_cb, list_external_keys): Pass CTRL to the callback.
        (list_cert_colon): Add arg CTRL.  Check validation if requested.
        * certchain.c (unknown_criticals, allowed_ca, check_cert_policy) 
        (gpgsm_validate_chain): New args LISTMODE and FP.
        (do_list): New helper for info output.
        (find_up): New arg FIND_NEXT.
        (gpgsm_validate_chain): After a bad signature try again with other
        CA certificates.

        * import.c (print_imported_status): New arg NEW_CERT. Print
        additional STATUS_IMPORT_OK becuase that is what gpgme expects.
        (check_and_store): Always call above function after import.
        * server.c (get_status_string): Added STATUS_IMPORT_OK.

2004-02-13  Werner Koch  <wk@gnupg.org>

        * certcheck.c (gpgsm_create_cms_signature): Format a description
        for use by the pinentry.
        * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP.
        * certdump.c (format_name_cookie, format_name_writer) 
        (gpgsm_format_name): New.
        (gpgsm_format_serial): New.
        (gpgsm_format_keydesc): New.
        * call-agent.c (gpgsm_agent_pksign): New arg DESC.
        (gpgsm_agent_pkdecrypt): Ditto.

        * encrypt.c (init_dek): Check for too weak algorithms.

        * import.c (parse_p12, popen_protect_tool): New.

        * base64.c (gpgsm_create_reader): New arg ALLOW_MULTI_PEM.
        Changed all callers.
        (base64_reader_cb): Handle it here.
        (gpgsm_reader_eof_seen): New.
        (base64_reader_cb): Set a flag for EOF.
        (simple_reader_cb): Ditto.

2004-02-12  Werner Koch  <wk@gnupg.org>

        * gpgsm.h, gpgsm.c: New option --protect-tool-program.
        * gpgsm.c (run_protect_tool): Use it.

2004-02-11  Werner Koch  <wk@gnupg.org>

        * Makefile.am (AM_CPPFLAGS): Pass directory constants via -D; this
        will allow to override directory names at make time.

2004-02-02  Werner Koch  <wk@gnupg.org>

        * import.c (check_and_store): Import certificates even with
        missing issuer's cert.  Fixed an "depending on the verbose
        setting" bug.

        * certchain.c (gpgsm_validate_chain): Mark revoked certs in the
        keybox.

        * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a
        revoked flag.
        (list_internal_keys): Retrieve validity flag.
        (list_external_cb): Pass 0 as validity flag.
        * keydb.c (keydb_get_flags, keydb_set_flags): New.
        (keydb_set_cert_flags): New.
        (lock_all): Return a proper error code.
        (keydb_lock): New.
        (keydb_delete): Don't lock but check that it has been locked.
        (keydb_update_keyblock): Ditto.
        * delete.c (delete_one): Take a lock.

2004-01-30  Werner Koch  <wk@gnupg.org>

        * certchain.c (check_cert_policy): Fixed read error checking.
        (check_cert_policy): With no critical policies issue only a
        warning if the policy file does not exists.

        * sign.c (add_certificate_list): Decrement N for the first cert.

2004-01-29  Werner Koch  <wk@gnupg.org>

        * certdump.c (parse_dn_part): Map common OIDs to human readable
        labels.  Make sure that a value won't get truncated if it includes
        a Nul.

2004-01-28  Werner Koch  <wk@gnupg.org>

        * certchain.c (gpgsm_validate_chain): Changed the message printed
        for an untrusted root certificate.

2004-01-27  Werner Koch  <wk@gnupg.org>

        * certdump.c (parse_dn_part): Pretty print the nameDistinguisher OID.
        (print_dn_part): Do not delimit multiple RDN by " + ".  Handle
        multi-valued RDNs in a special way, i.e. in the order specified by
        the certificate.
        (print_dn_parts): Simplified. 

2004-01-16  Werner Koch  <wk@gnupg.org>

        * sign.c (gpgsm_sign): Print an error message on all failures.
        * decrypt.c (gpgsm_decrypt): Ditto.

2003-12-17  Werner Koch  <wk@gnupg.org>

        * server.c (gpgsm_server): Add arg DEFAULT_RECPLIST.
        (cmd_encrypt): Add all enrypt-to marked certs to the list.
        * encrypt.c (gpgsm_encrypt): Check that real recipients are
        available.
        * gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
        options work.  Pass the list of recients to gpgsm_server.
        * gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
        (opt): Add NO_ENCRYPT_TO.
        * certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
        Changed all callers and ignore duplicate entries.
        (is_cert_in_certlist): New.
        (gpgsm_add_cert_to_certlist): New.

        * certdump.c (gpgsm_print_serial): Cleaned up cast use in strtoul.
        (gpgsm_dump_serial): Ditto.

        * decrypt.c (gpgsm_decrypt): Replaced ERR by RC.

2003-12-16  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Set the prefixes for assuan logging.

        * sign.c (gpgsm_sign): Add validation checks for the default
        certificate.

        * gpgsm.c: Add -k as alias for --list-keys and -K for
        --list-secret-keys.

2003-12-15  Werner Koch  <wk@gnupg.org>

        * encrypt.c (init_dek): Use gry_create_nonce for the IV; there is
        not need for real strong random here and it even better protect
        the random bits used for the key.

2003-12-01  Werner Koch  <wk@gnupg.org>

        * gpgsm.c, gpgsm.h: New options --{enable,disable}-ocsp.
        (gpgsm_init_default_ctrl): Set USE_OCSP to the default value.
        * certchain.c (gpgsm_validate_chain): Handle USE_OCSP.
        * call-dirmngr.c (gpgsm_dirmngr_isvalid): Add arg USE_OCSP and
        proceed accordingly.

2003-11-19  Werner Koch  <wk@gnupg.org>

        * verify.c (gpgsm_verify): Use "0" instead of an empty string for
        the VALIDSIG status.

2003-11-18  Werner Koch  <wk@gnupg.org>

        * verify.c (gpgsm_verify): Fixed for changes API of gcry_md_info.

        * certchain.c (unknown_criticals): Fixed an error code test.

2003-11-12  Werner Koch  <wk@gnupg.org>

        Adjusted for API changes in Libksba.

2003-10-31  Werner Koch  <wk@gnupg.org>

        * certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
        * verify.c (strtimestamp_r, gpgsm_verify): Ditto.
        * sign.c (gpgsm_sign): Ditto.
        * keylist.c (print_time, list_cert_std, list_cert_colon): Ditto.
        * certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):
        Ditto.

2003-10-25  Werner Koch  <wk@gnupg.org>

        * certreqgen.c (read_parameters): Fixed faulty of !spacep().

2003-08-20  Marcus Brinkmann  <marcus@g10code.de>

        * encrypt.c (encode_session_key): Allocate enough space.  Cast key
        byte to unsigned char to prevent sign extension.
        (encrypt_dek): Check return value before error.

2003-08-14  Timo Schulz  <twoaday@freakmail.de>

        * encrypt.c (encode_session_key): Use new Libgcrypt interface.
        
2003-07-31  Werner Koch  <wk@gnupg.org>

        * Makefile.am (gpgsm_LDADD): Added INTLLIBS.

2003-07-29  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Add secmem features and set the random seed file.
        (gpgsm_exit): Update the random seed file and enable debug output.

2003-07-27  Werner Koch  <wk@gnupg.org>

        Adjusted for gcry_mpi_print and gcry_mpi_scan API change.

2003-06-24  Werner Koch  <wk@gnupg.org>

        * server.c (gpgsm_status_with_err_code): New.
        * verify.c (gpgsm_verify): Use it here instead of the old
        tokenizing version.

        * verify.c (strtimestamp): Renamed to strtimestamp_r

        Adjusted for changes in the libgcrypt API. Some more fixes for the
        libgpg-error stuff.  

2003-06-04  Werner Koch  <wk@gnupg.org>

        * call-agent.c (init_membuf,put_membuf,get_membuf): Removed.
        Include new membuf header and changed used type.

        Renamed error codes from INVALID to INV and removed _ERROR suffixes.

2003-06-03  Werner Koch  <wk@gnupg.org>

        Changed all error codes in all files to the new libgpg-error scheme.

        * gpgsm.h: Include gpg-error.h .
        * Makefile.am: Link with libgpg-error.

2003-04-29  Werner Koch  <wk@gnupg.org>

        * Makefile.am: Use libassuan.  Don't override LDFLAGS anymore.
        * server.c (register_commands): Adjust for new Assuan semantics.

2002-12-03  Werner Koch  <wk@gnupg.org>

        * call-agent.c (gpgsm_agent_passwd): New.
        * gpgsm.c (main): New command --passwd and --call-protect-tool
        (run_protect_tool): New.

2002-11-25  Werner Koch  <wk@gnupg.org>

        * verify.c (gpgsm_verify): Handle content-type attribute. 

2002-11-13  Werner Koch  <wk@gnupg.org>

        * call-agent.c (start_agent): Try to use $GPG_TTY instead of
        ttyname.  Changed ttyname to test stdin becuase it can be assumed
        that output redirection is more common that input redirection.

2002-11-12  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: New command --call-dirmngr. 
        * call-dirmngr.c (gpgsm_dirmngr_run_command)
        (run_command_inq_cb,run_command_cb)
        (run_command_status_cb): New.

2002-11-11  Werner Koch  <wk@gnupg.org>

        * certcheck.c (gpgsm_check_cms_signature): Don't double free
        s_sig but free s_pkey at leave.

2002-11-10  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: Removed duplicate --list-secret-key entry.

2002-09-19  Werner Koch  <wk@gnupg.org>

        * certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging.

        * certchain.c (find_up): Print info when the cert was not found 
        by the autorithyKeyIdentifier.

2002-09-03  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Disable the internal libgcrypt locking.

2002-08-21  Werner Koch  <wk@gnupg.org>

        * import.c (print_imported_summary): Cleaned up.  Print new
        not_imported value.
        (check_and_store): Update non_imported counter.
        (print_import_problem): New.
        (check_and_store): Print error status message.
        * server.c (get_status_string): Added STATUS_IMPORT_PROBLEM.

2002-08-20  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Use the log file only in server mode.

        * import.c (print_imported_summary): New.
        (check_and_store): Update the counters, take new argument.
        (import_one): Factored out core of gpgsm_import.
        (gpgsm_import): Print counters.
        (gpgsm_import_files): New.
        * gpgsm.c (main): Use the new function for import.

2002-08-19  Werner Koch  <wk@gnupg.org>

        * decrypt.c (gpgsm_decrypt): Return a better error status token.
        * verify.c (gpgsm_verify): Don't error on messages with no signing
        time or no message digest.  This is only the case for messages
        without any signed attributes.

2002-08-16  Werner Koch  <wk@gnupg.org>

        * certpath.c: Renamed to ..
        * certchain.c: this. Renamed all all other usages of "path" in the
        context of certificates to "chain".

        * call-agent.c (learn_cb): Special treatment when the issuer
        certificate is missing.

2002-08-10  Werner Koch  <wk@gnupg.org>

        * Makefile.am (INCLUDES): Add definition for localedir.

        * keylist.c (list_cert_colon): Print the short fingerprint in the
        key ID field.
        * fingerprint.c (gpgsm_get_short_fingerprint): New.
        * verify.c (gpgsm_verify): Print more verbose info for a good
        signature.

2002-08-09  Werner Koch  <wk@gnupg.org>

        * decrypt.c (prepare_decryption): Hack to detected already
        unpkcsedone keys.

        * gpgsm.c (emergency_cleanup): New.
        (main): Initialize the signal handler.

        * sign.c (gpgsm_sign): Reset the hash context for subsequent
        signers and release it at the end.

2002-08-05  Werner Koch  <wk@gnupg.org>

        * server.c (cmd_signer): New command "SIGNER"
        (register_commands): Register it.
        (cmd_sign): Pass the signer list to gpgsm_sign.
        * certlist.c (gpgsm_add_to_certlist): Add SECRET argument, check
        for secret key if set and changed all callers.
        * sign.c (gpgsm_sign): New argument SIGNERLIST and implemt
        multiple signers.
        * gpgsm.c (main): Support more than one -u.
        
        * server.c (cmd_recipient): Return reason code 1 for No_Public_Key
        which is actually what gets returned from add_to_certlist.
        
2002-07-26  Werner Koch  <wk@gnupg.org>

        * certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup.
        (gpgsm_check_cms_signature): Ditto.

2002-07-22  Werner Koch  <wk@gnupg.org>

        * keydb.c (keydb_add_resource): Register a lock file.
        (lock_all, unlock_all): Implemented.

        * delete.c: New.
        * gpgsm.c: Made --delete-key work.
        * server.c (cmd_delkeys): New.
        (register_commands): New command DELKEYS.

        * decrypt.c (gpgsm_decrypt): Print a convenience note when RC2 is
        used and a STATUS_ERROR with the algorithm oid.

2002-07-03  Werner Koch  <wk@gnupg.org>

        * server.c (gpgsm_status2): Insert a blank between all optional
        arguments when using assuan.
        * server.c (cmd_recipient): No more need for extra blank in constants.
        * import.c (print_imported_status): Ditto.
        * gpgsm.c (main): Ditto.

2002-07-02  Werner Koch  <wk@gnupg.org>

        * verify.c (gpgsm_verify): Extend the STATUS_BADSIG line with
        the fingerprint.

        * certpath.c (check_cert_policy): Don't use log_error to print a
        warning.

        * keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
        all callers.
        * call-agent.c (learn_cb): Print info message only for real imports.

        * import.c (gpgsm_import): Moved duplicated code to ...
        (check_and_store): new function.  Added magic to import the entire
        chain. Print status only for real imports and moved printing code
        to ..
        (print_imported_status): New.

        * call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr
        call in very verbose mode.

        * gpgsm.c (main): Use the same error codes for STATUS_INV_RECP as
        with the server mode.

2002-06-29  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: New option --auto-issuer-key-retrieve.
        * certpath.c (find_up): Try to retrieve an issuer key from an
        external source and from the ephemeral key DB.
        (find_up_store_certs_cb): New.

        * keydb.c (keydb_set_ephemeral): Does now return the old
        state.  Call the backend only when required.

        * call-dirmngr.c (start_dirmngr): Use GNUPG_DEFAULT_DIRMNGR.
        (lookup_status_cb): Issue status only when CTRL is not NULL.
        (gpgsm_dirmngr_lookup): Document that CTRL is optional.

        * call-agent.c (start_agent): Use GNUPG_DEFAULT_AGENT.

2002-06-28  Werner Koch  <wk@gnupg.org>

        * server.c (cmd_recipient): Add more reason codes.

2002-06-27  Werner Koch  <wk@gnupg.org>

        * certpath.c (gpgsm_basic_cert_check): Use
        --debug-no-path-validation to also bypass this basic check.

        * gpgsm.c (main): Use GNUPG_DEFAULT_HOMEDIR constant.

        * call-agent.c (start_agent): Create and pass the list of FD to
        keep in the child to assuan.
        * call-dirmngr.c (start_dirmngr): Ditto.

2002-06-26  Werner Koch  <wk@gnupg.org>

        * import.c (gpgsm_import): Print an STATUS_IMPORTED.

        * gpgsm.c: --debug-no-path-validation does not take an argument.

2002-06-25  Werner Koch  <wk@gnupg.org>

        * certdump.c (print_dn_part): Always print a leading slash,
        removed NEED_DELIM arg and changed caller.

        * export.c (gpgsm_export): Print LFs to FP and not stdout.
        (print_short_info): Ditto.  Make use of gpgsm_print_name.

        * server.c (cmd_export): Use output-fd instead of data lines; this
        was actually the specified way.

2002-06-24  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: Removed duped help entry for --list-keys.
        
        * gpgsm.c, gpgsm.h: New option --debug-no-path-validation.

        * certpath.c (gpgsm_validate_path): Use it here instead of the
        debug flag hack.

        * certpath.c (check_cert_policy): Return No_Policy_Match if the
        policy file could not be opened.

2002-06-20  Werner Koch  <wk@gnupg.org>

        * certlist.c (gpgsm_add_to_certlist): Fixed locating of a
        certificate with the required key usage.

        * gpgsm.c (main): Fixed a segv when using --outfile without an
        argument.

        * keylist.c (print_capabilities): Also check for non-repudiation
        and data encipherment.
        * certlist.c (cert_usage_p): Test for signing and encryption was
        swapped.  Add a case for certification usage, handle
        non-repudiation and data encipherment.
        (gpgsm_cert_use_cert_p): New.
        (gpgsm_add_to_certlist): Added a CTRL argument and changed all
        callers to pass it.
        * certpath.c (gpgsm_validate_path): Use it here to print a status
        message. Added a CTRL argument and changed all callers to pass it.
        * decrypt.c (gpgsm_decrypt): Print a status message for wrong key
        usage.
        * verify.c (gpgsm_verify): Ditto.
        * keydb.c (classify_user_id): Allow a colon delimited fingerprint.

2002-06-19  Werner Koch  <wk@gnupg.org>

        * call-agent.c (learn_cb): Use log_info instead of log_error on
        successful import.

        * keydb.c (keydb_set_ephemeral): New.
        (keydb_store_cert): New are ephemeral, changed all callers.
        * keylist.c (list_external_cb): Store cert as ephemeral.
        * export.c (gpgsm_export): Kludge to export epehmeral certificates.

        * gpgsm.c (main): New command --list-external-keys.
        
2002-06-17  Werner Koch  <wk@gnupg.org>

        * certreqgen.c (read_parameters): Improved error handling.
        (gpgsm_genkey): Print error message.

2002-06-13  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): New option --log-file.

2002-06-12  Werner Koch  <wk@gnupg.org>

        * call-dirmngr.c (lookup_status_cb): New.
        (gpgsm_dirmngr_lookup): Use the status CB.  Add new arg CTRL and
        changed caller to pass it.

        * gpgsm.c (open_fwrite): New.
        (main): Allow --output for --verify.

        * sign.c (hash_and_copy_data): New.
        (gpgsm_sign): Implemented normal (non-detached) signatures.
        * gpgsm.c (main): Ditto.
        
        * certpath.c (gpgsm_validate_path): Special error handling for
        no policy match.

2002-06-10  Werner Koch  <wk@gnupg.org>

        * server.c (get_status_string): Add STATUS_ERROR.

        * certpath.c (gpgsm_validate_path): Tweaked the error checking to 
        return error codes in a more sensitive way.
        * verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad
        CA certificate and when the certificate has been revoked.  Issue
        TRUST_FULLY even when the cert has expired.  Append an error token
        to these status lines.  Issue the new generic error status when a
        cert was not found and when leaving the function.

2002-06-04  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): New command --list-sigs
        * keylist.c (list_cert_std): New.  Use it whenever colon mode is
        not used.
        (list_cert_chain): New.

2002-05-31  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Don't print the "go ahead" message for an
        invalid command.

2002-05-23  Werner Koch  <wk@gnupg.org>

        * import.c (gpgsm_import): Add error messages.

2002-05-21  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_internal_keys): Renamed from gpgsm_list_keys.
        (list_external_keys): New.
        (gpgsm_list_keys): Dispatcher for above.
        * call-dirmngr.c (lookup_cb,pattern_from_strlist)
        (gpgsm_dirmngr_lookup): New.
        * server.c (option_handler): Handle new option --list-mode.
        (do_listkeys): Handle options and actually use the mode argument.
        (get_status_string): New code TRUNCATED.

        * import.c (gpgsm_import): Try to identify the type of input and
        handle certs-only messages.

2002-05-14  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: New option --faked-system-time
        * sign.c (gpgsm_sign): And use it here.
        * certpath.c (gpgsm_validate_path): Ditto.

2002-05-03  Werner Koch  <wk@gnupg.org>

        * certpath.c (gpgsm_validate_path): Added EXPTIME arg and changed
        all callers.
        * verify.c (gpgsm_verify): Tweaked usage of log_debug and
        log_error.  Return EXPSIG status and add expiretime to VALIDSIG.

2002-04-26  Werner Koch  <wk@gnupg.org>

        * gpgsm.h (DBG_AGENT,DBG_AGENT_VALUE): Replaced by DBG_ASSUAN_*.
        Changed all users.

        * call-agent.c (start_agent): Be more silent without -v.
        * call-dirmngr.c (start_dirmngr): Ditto.

2002-04-25  Werner Koch  <wk@gnupg.org>

        * call-agent.c (start_agent): Make copies of old locales and check
        for setlocale.

2002-04-25  Marcus Brinkmann  <marcus@g10code.de>

        * call-agent.c (start_agent): Fix error handling logic so the
        locale is always correctly reset.

2002-04-25  Marcus Brinkmann  <marcus@g10code.de>

        * server.c (option_handler): Accept display, ttyname, ttytype,
        lc_ctype and lc_messages options.
        * gpgsm.c (main): Allocate memory for these options.
        * gpgsm.h (struct opt): Make corresponding members non-const.

2002-04-24  Marcus Brinkmann  <marcus@g10code.de>

        * gpgsm.h (struct opt): New members display, ttyname, ttytype,
        lc_ctype, lc_messages.
        * gpgsm.c (enum cmd_and_opt_values): New members oDisplay,
        oTTYname, oTTYtype, oLCctype, oLCmessages.
        (opts): New entries for these options.
        (main): Handle these new options.
        * call-agent.c (start_agent): Set the various display and tty
        parameter after resetting.

2002-04-18  Werner Koch  <wk@gnupg.org>

        * certreqgen.c (gpgsm_genkey): Write status output on success.

2002-04-15  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Check ksba version.

        * certpath.c (find_up): New to use the authorithKeyIdentifier.
        Use it in all other functions to locate the signing cert..

2002-04-11  Werner Koch  <wk@gnupg.org>

        * certlist.c (cert_usable_p): New.
        (gpgsm_cert_use_sign_p,gpgsm_cert_use_encrypt_p): New.
        (gpgsm_cert_use_verify_p,gpgsm_cert_use_decrypt_p): New.
        (gpgsm_add_to_certlist): Check the key usage.
        * sign.c (gpgsm_sign): Ditto.
        * verify.c (gpgsm_verify): Print a message wehn an unsuitable
        certificate was used.
        * decrypt.c (gpgsm_decrypt): Ditto
        * keylist.c (print_capabilities): Determine values from the cert.

2002-03-28  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_cert_colon): Fixed listing of crt record; the
        issuer is not at the right place.  Print a chainingID.
        * certpath.c (gpgsm_walk_cert_chain): Be a bit more silent on
        common errors.

2002-03-21  Werner Koch  <wk@gnupg.org>

        * export.c: New.
        * gpgsm.c: Add command --export.
        * server.c (cmd_export): New.
        
2002-03-13  Werner Koch  <wk@gnupg.org>

        * decrypt.c (gpgsm_decrypt): Allow multiple recipients.

2002-03-12  Werner Koch  <wk@gnupg.org>

        * certpath.c (check_cert_policy): Print the policy list.

        * verify.c (gpgsm_verify): Detect certs-only message.

2002-03-11  Werner Koch  <wk@gnupg.org>

        * import.c (gpgsm_import): Print a notice about imported certificates
        when in verbose mode.

        * gpgsm.c (main): Print INV_RECP status.
        * server.c (cmd_recipient): Ditto.

        * server.c (gpgsm_status2): New.  Allows for a list of strings.
        (gpgsm_status): Divert to gpgsm_status2.

        * encrypt.c (gpgsm_encrypt): Don't use a default key when no
        recipients are given.  Print a NO_RECP status.

2002-03-06  Werner Koch  <wk@gnupg.org>

        * server.c (cmd_listkeys, cmd_listsecretkeys): Divert to
        (do_listkeys): new.  Add pattern parsing.

        * keylist.c (gpgsm_list_keys): Handle selection pattern.

        * gpgsm.c: New command --learn-card
        * call-agent.c (learn_cb,gpgsm_agent_learn): New.

        * gpgsm.c (main): Print error messages for non-implemented commands.

        * base64.c (base64_reader_cb): Use case insensitive compare of the
        Content-Type string to detect plain base-64.

2002-03-05  Werner Koch  <wk@gnupg.org>

        * gpgsm.c, gpgsm.h: Add local_user.
        * sign.c (gpgsm_get_default_cert): New.
        (get_default_signer): Use the new function if local_user is not
        set otherwise used that value.
        * encrypt.c (get_default_recipient): Removed.
        (gpgsm_encrypt): Use gpgsm_get_default_cert.

        * verify.c (gpgsm_verify): Better error text for a bad signature
        found by comparing the hashs.

2002-02-27  Werner Koch  <wk@gnupg.org>

        * call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses
        of assuan_transact.

2002-02-25  Werner Koch  <wk@gnupg.org>

        * server.c (option_handler): Allow to use -2 for "send all certs
        except the root cert".
        * sign.c (add_certificate_list): Implement it here.
        * certpath.c (gpgsm_is_root_cert): New.

2002-02-19  Werner Koch  <wk@gnupg.org>

        * certpath.c (check_cert_policy): New.
        (gpgsm_validate_path): And call it from here.
        * gpgsm.c (main): New options --policy-file,
        --disable-policy-checks and --enable-policy-checks.
        * gpgsm.h (opt): Added policy_file, no_policy_checks.

2002-02-18  Werner Koch  <wk@gnupg.org>

        * certpath.c (gpgsm_validate_path): Ask the agent to add the
        certificate into the trusted list.
        * call-agent.c (gpgsm_agent_marktrusted): New.

2002-02-07  Werner Koch  <wk@gnupg.org>

        * certlist.c (gpgsm_add_to_certlist): Check that the specified
        name identifies a certificate unambiguously.
        (gpgsm_find_cert): Ditto.

        * server.c (cmd_listkeys): Check that the data stream is available.
        (cmd_listsecretkeys): Ditto.
        (has_option): New.
        (cmd_sign): Fix ambiguousity in option recognition.

        * gpgsm.c (main): Enable --logger-fd.

        * encrypt.c (gpgsm_encrypt): Increased buffer size for better
        performance.

        * call-agent.c (gpgsm_agent_pksign): Check the S-Exp received from
        the agent.

        * keylist.c (list_cert_colon): Filter out control characters.

2002-02-06  Werner Koch  <wk@gnupg.org>

        * decrypt.c (gpgsm_decrypt): Bail out after an decryption error.

        * server.c (reset_notify): Close input and output FDs.
        (cmd_encrypt,cmd_decrypt,cmd_verify,cmd_sign.cmd_import)
        (cmd_genkey): Close the FDs and release the recipient list even in
        the error case.

2002-02-01  Marcus Brinkmann  <marcus@g10code.de>

        * sign.c (gpgsm_sign): Do not release certificate twice.

2002-01-29  Werner Koch  <wk@gnupg.org>

        * call-agent.c (gpgsm_agent_havekey): New.
        * keylist.c (list_cert_colon): New arg HAVE_SECRET, print "crs"
        when we know that the secret key is available.
        (gpgsm_list_keys): New arg MODE, check whether a secret key is
        available.  Changed all callers.
        * gpgsm.c (main): New command --list-secret-keys.
        * server.c (cmd_listsecretkeys): New.
        (cmd_listkeys): Return secret keys with "crs" record.

2002-01-28  Werner Koch  <wk@gnupg.org>

        * certreqgen.c (create_request): Store the email address in the req.

2002-01-25  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): Disable core dumps.

        * sign.c (add_certificate_list): New.
        (gpgsm_sign): Add the certificates to the CMS object.
        * certpath.c (gpgsm_walk_cert_chain): New.
        * gpgsm.h (server_control_s): Add included_certs.
        * gpgsm.c: Add option --include-certs.
        (gpgsm_init_default_ctrl): New.
        (main): Call it.
        * server.c (gpgsm_server): Ditto.
        (option_handler): Support --include-certs.

2002-01-23  Werner Koch  <wk@gnupg.org>

        * certpath.c (gpgsm_validate_path): Print the DN of a missing issuer.
        * certdump.c (gpgsm_dump_string): New.
        (print_dn): Replaced by above.

2002-01-22  Werner Koch  <wk@gnupg.org>

        * certpath.c (unknown_criticals): New.
        (allowed_ca): New.
        (gpgsm_validate_path): Check validity, CA attribute, path length
        and unknown critical extensions.

2002-01-21  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: Add option --enable-crl-checks.

        * call-agent.c (start_agent): Implemented socket based access.
        * call-dirmngr.c (start_dirmngr): Ditto.

2002-01-20  Werner Koch  <wk@gnupg.org>

        * server.c (option_handler): New.
        (gpgsm_server): Register it with assuan.

2002-01-19  Werner Koch  <wk@gnupg.org>

        * server.c (gpgsm_server): Use assuan_deinit_server and setup
        assuan logging if enabled.
        * call-agent.c (inq_ciphertext_cb): Don't show the session key in
        an Assuan log file.

        * gpgsm.c (my_strusage): Take bugreport address from configure.ac

2002-01-15  Werner Koch  <wk@gnupg.org>

        * import.c (gpgsm_import): Just do a basic cert check before
        storing it.
        * certpath.c (gpgsm_basic_cert_check): New.

        * keydb.c (keydb_store_cert): New.
        * import.c (store_cert): Removed and change all caller to use
        the new function.
        * verify.c (store_cert): Ditto.

        * certlist.c (gpgsm_add_to_certlist): Validate the path

        * certpath.c (gpgsm_validate_path): Check the trust list.
        * call-agent.c (gpgsm_agent_istrusted): New.

2002-01-14  Werner Koch  <wk@gnupg.org>

        * call-dirmngr.c (inq_certificate): Changed for new interface semantic.
        * certlist.c (gpgsm_find_cert): New.

2002-01-13  Werner Koch  <wk@gnupg.org>

        * fingerprint.c (gpgsm_get_certid): Print the serial and not the
        hash after the dot.

2002-01-11  Werner Koch  <wk@gnupg.org>

        * call-dirmngr.c: New.
        * certpath.c (gpgsm_validate_path): Check the CRL here.
        * fingerprint.c (gpgsm_get_certid): New.
        * gpgsm.c: New options --dirmngr-program and --disable-crl-checks.

2002-01-10  Werner Koch  <wk@gnupg.org>

        * base64.c (gpgsm_create_writer): Allow to set the object name

2002-01-08  Werner Koch  <wk@gnupg.org>

        * keydb.c (spacep): Removed because it is now in util.c

        * server.c (cmd_genkey): New.
        * certreqgen.c: New.  The parameter handling code has been taken
        from gnupg/g10/keygen.c version 1.0.6.
        * call-agent.c (gpgsm_agent_genkey): New.

2002-01-02  Werner Koch  <wk@gnupg.org>

        * server.c (rc_to_assuan_status): Removed and changed all callers
        to use map_to_assuan_status.

2001-12-20  Werner Koch  <wk@gnupg.org>

        * verify.c (gpgsm_verify): Implemented non-detached signature
        verification.  Add OUT_FP arg, initialize a writer and changed all
        callers.
        * server.c (cmd_verify): Pass an out_fp if one has been set.

        * base64.c (base64_reader_cb): Try to detect an S/MIME body part.

        * certdump.c (print_sexp): Renamed to gpgsm_dump_serial, made
        global.
        (print_time): Renamed to gpgsm_dump_time, made global.
        (gpgsm_dump_serial): Take a real S-Expression as argument and
        print the first item.
        * keylist.c (list_cert_colon): Ditto.
        * keydb.c (keydb_search_issuer_sn): Ditto.
        * decrypt.c (print_integer_sexp): Removed and made callers 
        use gpgsm_dump_serial.
        * verify.c (print_time): Removed, made callers use gpgsm_dump_time.
        
2001-12-19  Marcus Brinkmann  <marcus@g10code.de>

        * call-agent.c (start_agent): Add new argument to assuan_pipe_connect.

2001-12-18  Werner Koch  <wk@gnupg.org>

        * verify.c (print_integer_sexp): Renamed from print_integer and
        print the serial number according to the S-Exp rules.
        * decrypt.c (print_integer_sexp): Ditto.

2001-12-17  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_cert_colon): Changed for new return value of
        get_serial.
        * keydb.c (keydb_search_issuer_sn): Ditto.
        * certcheck.c (gpgsm_check_cert_sig): Likewise for other S-Exp
        returingin functions.
        * fingerprint.c (gpgsm_get_keygrip): Ditto.
        * encrypt.c (encrypt_dek): Ditto
        * certcheck.c (gpgsm_check_cms_signature): Ditto
        * decrypt.c (prepare_decryption): Ditto.
        * call-agent.c (gpgsm_agent_pkdecrypt): Removed arg ciphertextlen,
        use KsbaSexp type and calculate the length.

        * certdump.c (print_sexp): Remaned from print_integer, changed caller.

        * Makefile.am: Use the LIBGCRYPT and LIBKSBA variables.

        * fingerprint.c (gpgsm_get_keygrip): Use the new
        gcry_pk_get_keygrip to calculate the grip - note the algorithm and
        therefore the grip values changed.

2001-12-15  Werner Koch  <wk@gnupg.org>

        * certcheck.c (gpgsm_check_cms_signature): Removed the faked-key
        kludge.
        (gpgsm_create_cms_signature): Removed the commented fake key
        code.  This makes the function pretty simple.

        * gpgsm.c (main): Renamed the default key database to "keyring.kbx".

        * decrypt.c (gpgsm_decrypt): Write STATUS_DECRYPTION_*.
        * sign.c (gpgsm_sign): Write a STATUS_SIG_CREATED.

2001-12-14  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_cert_colon): Kludge to show an email address
        encoded in the subject's DN.

        * verify.c (gpgsm_verify): Add hash debug helpers
        * sign.c (gpgsm_sign): Ditto.

        * base64.c (base64_reader_cb): Reset the linelen when we need to
        skip the line and adjusted test; I somehow forgot about DeMorgan.

        * server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify) 
        (cmd_import): Close the FDs on success.
        (close_message_fd): New.
        (input_notify): Setting autodetect_encoding to 0 after initializing
        it to 0 is pretty pointless.  Easy to fix.

        * gpgsm.c (main): New option --debug-wait n, so that it is
        possible to attach gdb when used in server mode.

        * sign.c (get_default_signer): Use keydb_classify_name here.

2001-12-14  Marcus Brinkmann  <marcus@g10code.de>

        * call-agent.c (LINELENGTH): Removed.
        (gpgsm_agent_pksign): Use ASSUAN_LINELENGTH, not LINELENGTH.
        (gpgsm_agent_pkdecrypt): Likewise.

2001-12-13  Werner Koch  <wk@gnupg.org>

        * keylist.c (list_cert_colon): Print alternative names of subject
        and a few other values.

2001-12-12  Werner Koch  <wk@gnupg.org>

        * gpgsm.c (main): New options --assume-{armor,base64,binary}. 
        * base64.c (base64_reader_cb): Fixed non-autodetection mode.

2001-12-04  Werner Koch  <wk@gnupg.org>

        * call-agent.c (read_from_agent): Check for inquire responses.
        (request_reply): Handle them using a new callback arg, changed all
        callers.
        (gpgsm_agent_pkdecrypt): New.

2001-11-27  Werner Koch  <wk@gnupg.org>

        * base64.c: New.  Changed all other functions to use this instead
        of direct creation of ksba_reader/writer.
        * gpgsm.c (main): Set ctrl.auto_encoding unless --no-armor is used.

2001-11-26  Werner Koch  <wk@gnupg.org>

        * gpgsm.c: New option --agent-program
        * call-agent.c (start_agent): Allow to override the default path
        to the agent.

        * keydb.c (keydb_add_resource): Create keybox

        * keylist.c (gpgsm_list_keys): Fixed non-server keylisting.

        * server.c (rc_to_assuan_status): New.  Use it for all commands.

        
 Copyright 2001, 2002, 2003, 2004, 2005,
           2006 Free Software Foundation, Inc.

 This file is free software; as a special exception the author gives
 unlimited permission to copy and/or distribute it, with or without
 modifications, as long as this notice is preserved.

 This file is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.