~ubuntu-branches/ubuntu/karmic/gnupg2/karmic-updates

Viewing changes to sm/keylist.c

Committer: Bazaar Package Importer
Author(s): Thomas Viehmann
Date: 2008-10-04 10:25:53 UTC
mfrom: (5.1.15 intrepid)
Revision ID: james.westby@ubuntu.com-20081004102553-fv62pp8dsitxli47

Tags: 2.0.9-3.1

http://bugs.debian.org/499569

* Non-maintainer upload.
* agent/gpg-agent.c: Deinit the threading library before exec'ing
the command to run in --daemon mode. And because that still doesn't
restore the sigprocmask, do that manually. Closes: #499569

files added:
COPYING.LIB

README.SVN

VERSION

agent/call-pinentry.c

common/audit-events.h

common/audit.c

common/audit.h

common/common-defs.h

common/convert.c

common/dns-cert.c

common/dns-cert.h

common/estream-printf.c

common/estream-printf.h

common/exaudit.awk

common/exstatus.awk

common/gc-opt-flags.h

common/gpgrlhelp.c

common/helpfile.c

common/http.c

common/http.h

common/i18n.c

common/init.c

common/init.h

common/keyserver.h

common/localename.c

common/mkstrtable.awk

common/openpgpdefs.h

common/pka.c

common/pka.h

common/srv.c

common/srv.h

common/status-codes.h

common/status.c

common/status.h

common/t-convert.c

common/t-gettime.c

common/t-helpfile.c

common/t-sexputil.c

common/t-sysutils.c

common/tlv.c

common/tlv.h

debian/gnupg-agent.install

debian/gnupg2.docs

debian/gnupg2.examples

debian/gnupg2.info

debian/gnupg2.install

debian/gpgsm.docs

debian/gpgsm.install

debian/watch

doc/KEYSERVER

doc/TRANSLATE

doc/com-certs.pem

doc/examples

doc/examples/README

doc/examples/gpgconf.conf

doc/examples/pwpattern.list

doc/examples/scd-event

doc/examples/trustlist.txt

doc/faq.html

doc/gnupg-card-architecture.eps

doc/gnupg-card-architecture.pdf

doc/gnupg-card-architecture.png

doc/gnupg-logo.eps

doc/gnupg-logo.pdf

doc/gnupg-logo.png

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.info-2

doc/gnupg7.texi

doc/help.be.txt

doc/help.ca.txt

doc/help.cs.txt

doc/help.da.txt

doc/help.de.txt

doc/help.el.txt

doc/help.eo.txt

doc/help.es.txt

doc/help.et.txt

doc/help.fi.txt

doc/help.fr.txt

doc/help.gl.txt

doc/help.hu.txt

doc/help.id.txt

doc/help.it.txt

doc/help.ja.txt

doc/help.nb.txt

doc/help.pl.txt

doc/help.pt.txt

doc/help.pt_BR.txt

doc/help.ro.txt

doc/help.ru.txt

doc/help.sk.txt

doc/help.sv.txt

doc/help.tr.txt

doc/help.txt

doc/help.zh_CN.txt

doc/help.zh_TW.txt

doc/howto-create-a-server-cert.texi

doc/howtos.texi

doc/instguide.texi

doc/opt-homedir.texi

doc/see-also-note.texi

doc/specify-user-id.texi

doc/stamp-vti

doc/texi.css

doc/version.texi

doc/yat2m.c

g10/compress-bz2.c

g10/cpr.c

g10/server.c

gl/m4/absolute-header.m4

gl/m4/stdint.m4

gl/m4/unistd_h.m4

gl/stdint_.h

include/Makefile.am

include/Makefile.in

jnlib/dynload.h

jnlib/mischelp.c

jnlib/t-stringhelp.c

jnlib/t-support.c

jnlib/t-support.h

jnlib/w32-gettext.c

jnlib/w32-reg.c

jnlib/w32help.h

keyserver/Makefile.in

keyserver/curl-shim.c

keyserver/curl-shim.h

keyserver/gpg2keys_mailto.in

keyserver/gpg2keys_test.in

keyserver/no-libgcrypt.c

m4/autobuild.m4

m4/estream.m4

m4/glibc2.m4

m4/gnupg-pth.m4

m4/intl.m4

m4/intldir.m4

m4/ldap.m4

m4/libcurl.m4

m4/libusb.m4

m4/lock.m4

m4/readline.m4

m4/tar-ustar.m4

m4/visibility.m4

po/be.gmo

po/be.po

po/ca.gmo

po/cs.gmo

po/da.gmo

po/de.gmo

po/el.gmo

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/es.gmo

po/et.gmo

po/fi.gmo

po/fi.po

po/fr.gmo

po/gl.gmo

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/it.gmo

po/ja.gmo

po/nb.gmo

po/nb.po

po/pl.gmo

po/pt.gmo

po/pt_BR.gmo

po/ro.gmo

po/ro.po

po/ru.gmo

po/sk.gmo

po/sk.po

po/stamp-po

po/sv.gmo

po/tr.gmo

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

sm/certreqgen-ui.c

tests/openpgp

tests/openpgp/ChangeLog

tests/openpgp/Makefile.am

tests/openpgp/Makefile.in

tests/openpgp/armdetach.test

tests/openpgp/armdetachm.test

tests/openpgp/armencrypt.test

tests/openpgp/armencryptp.test

tests/openpgp/armor.test

tests/openpgp/armsignencrypt.test

tests/openpgp/armsigs.test

tests/openpgp/bug537-test.data.asc

tests/openpgp/bug894-test.asc

tests/openpgp/clearsig.test

tests/openpgp/conventional-mdc.test

tests/openpgp/conventional.test

tests/openpgp/decrypt-dsa.test

tests/openpgp/decrypt.test

tests/openpgp/defs.inc

tests/openpgp/detach.test

tests/openpgp/detachm.test

tests/openpgp/encrypt-dsa.test

tests/openpgp/encrypt.test

tests/openpgp/encryptp.test

tests/openpgp/genkey1024.test

tests/openpgp/gpg.conf.tmpl

tests/openpgp/import.test

tests/openpgp/mds.test

tests/openpgp/mkdemodirs

tests/openpgp/multisig.test

tests/openpgp/plain-1-pgp.asc

tests/openpgp/plain-1.asc

tests/openpgp/plain-1o.asc

tests/openpgp/plain-2.asc

tests/openpgp/plain-2o.asc

tests/openpgp/plain-3.asc

tests/openpgp/plain-3o.asc

tests/openpgp/pubdemo.asc

tests/openpgp/pubring.asc

tests/openpgp/pubring.pkr.asc

tests/openpgp/seat.test

tests/openpgp/secdemo.asc

tests/openpgp/secring.asc

tests/openpgp/secring.skr.asc

tests/openpgp/signdemokey

tests/openpgp/signencrypt-dsa.test

tests/openpgp/signencrypt.test

tests/openpgp/sigs-dsa.test

tests/openpgp/sigs.test

tests/openpgp/verify.test

tests/openpgp/version.test

tests/pkits/Makefile.in

tests/pkits/basic-certificate-revocation

tests/pkits/certificate-policies

tests/pkits/delta-crls

tests/pkits/distribution-points

tests/pkits/inhibit-any-policy

tests/pkits/inhibit-policy-mapping

tests/pkits/key-usage

tests/pkits/name-constraints

tests/pkits/policy-mappings

tests/pkits/private-certificate-extensions

tests/pkits/require-explicit-policy

tests/pkits/signature-verification

tests/pkits/validity-periods

tests/pkits/verifying-basic-constraints

tests/pkits/verifying-name-chaining

tests/pkits/verifying-paths-self-issued

tools/applygnupgdefaults

tools/convert-from-106

tools/gpg-check-pattern.c

tools/gpg-zip.in

tools/make-dns-cert.c

tools/sockprox.c

files removed:
BUGS

NOTES

OBUGS

PROJECTS

README.CVS

THOUGHTS

agent/keyformat.txt

agent/query.c

agent/simple-pwquery.h

artwork

artwork/README

artwork/ascii-key

artwork/gnu-head-sm.jpg

artwork/gnu1.jpg

artwork/gnu5.png

artwork/gnud.png

artwork/gnue.png

artwork/gnue2.png

artwork/gnupg-1.0-available-now.png

artwork/gnupg-1.0-ist-da.png

artwork/gnupg-badge-openpgp.cdr.gz

artwork/gnupg-badge-openpgp.eps.gz

artwork/gnupg-badge-openpgp.jpg

artwork/gnupg-logo-black.jpg

artwork/gnupg-logo-cia.jpg

artwork/gnupg-logo-cia2.jpg

artwork/gnurieg.png

artwork/gpglogo.eps.gz

artwork/gpglogo.fig

artwork/gpglogo.jpg

artwork/tl-gnu1.jpg

assuan

assuan/ChangeLog

assuan/Makefile.am

assuan/assuan-buffer.c

assuan/assuan-client.c

assuan/assuan-connect.c

assuan/assuan-defs.h

assuan/assuan-handler.c

assuan/assuan-inquire.c

assuan/assuan-listen.c

assuan/assuan-pipe-connect.c

assuan/assuan-pipe-server.c

assuan/assuan-socket-connect.c

assuan/assuan-socket-server.c

assuan/assuan-util.c

assuan/assuan.h

assuan/mkerrors

build-w32.sh

checks

checks/ChangeLog

checks/Makefile.am

checks/armdetach.test

checks/armdetachm.test

checks/armencrypt.test

checks/armencryptp.test

checks/armsignencrypt.test

checks/armsigs.test

checks/challenge-1

checks/clearsig.test

checks/conventional-mdc.test

checks/conventional.test

checks/decrypt-dsa.test

checks/decrypt.test

checks/defs.inc

checks/detach.test

checks/detachm.test

checks/encrypt-dsa.test

checks/encrypt.test

checks/encryptp.test

checks/genkey1024.test

checks/mds.test

checks/mkdemodirs

checks/multisig.test

checks/options.in

checks/pgp263-test.pub.asc

checks/pgp263-test.sec.asc

checks/plain-1-pgp.asc

checks/plain-1.asc

checks/plain-1o.asc

checks/plain-2

checks/plain-2.asc

checks/plain-2o.asc

checks/plain-3.asc

checks/plain-3o.asc

checks/pubdemo.asc

checks/pubring.asc

checks/pubring.pkr.asc

checks/run-gpg.patterns

checks/run-gpgm

checks/seat.test

checks/secdemo.asc

checks/secring.asc

checks/secring.g10

checks/secring.skr.asc

checks/signdemokey

checks/signencrypt-dsa.test

checks/signencrypt.test

checks/sigs-dsa.test

checks/sigs.test

checks/version.test

cipher

cipher/ChangeLog

cipher/Makefile.am

cipher/Makefile.in

cipher/algorithms.h

cipher/arcfour.c

cipher/arcfour.h

cipher/bithelp.h

cipher/blowfish.c

cipher/cast5.c

cipher/cast5.h

cipher/cipher.c

cipher/des.c

cipher/des.h

cipher/dsa.c

cipher/dsa.h

cipher/dynload.c

cipher/dynload.h

cipher/elgamal.c

cipher/elgamal.h

cipher/g10c.c

cipher/gost.c

cipher/gost.h

cipher/idea-stub.c

cipher/idea.h

cipher/md.c

cipher/md5.c

cipher/primegen.c

cipher/pubkey.c

cipher/rand-internal.h

cipher/rand-unix.c

cipher/rand-w32.c

cipher/random.c

cipher/random.h

cipher/rijndael.c

cipher/rmd.h

cipher/rmd160.c

cipher/rmd160test.c

cipher/rndegd.c

cipher/rndlinux.c

cipher/rndriscos.c

cipher/rndunix.c

cipher/rndw32.c

cipher/rsa.c

cipher/rsa.h

cipher/sha1.c

cipher/sha1.h

cipher/smallprime.c

cipher/tiger.c

cipher/tiger.h

cipher/twofish.c

common/dynload.h

common/errors.h

common/ftello.c

common/isascii.c

common/maperror.c

common/mkdtemp.c

common/mkerrors

common/mkerrtok

common/putc_unlocked.c

common/simple-gettext.c

common/strsep.c

common/ttyname.c

common/vasprintf.c

common/w32reg.c

configure.in

contrib

contrib/UTF-8-test.txt

contrib/changes-in-2000

contrib/why-gnupg

debian/README.Debian

debian/distfiles

debian/gnupg-agent.files

debian/gnupg2.files

debian/gnupg2.postinst

debian/gnupg2.postrm

debian/gpgsm.files

debian/lintian.override

debian/point-to-info.1

debian/postinst

debian/postrm

debian/preinst

doc/Notes

doc/README.W32

doc/assuan.texi

doc/credits-1.0

doc/fdl.texi

doc/fr

doc/fr/ChangeLog

doc/fr/DETAILS

doc/fr/FAQ

doc/fr/README.fr

doc/gcryptref-digest.sgml

doc/gcryptref-misc.sgml

doc/gcryptref-pubkey.sgml

doc/gcryptref.sgml

doc/gnupg-badge-openpgp.eps

doc/gnupg-badge-openpgp.jpg

doc/gnupg-w32.reg

doc/gnupg.7

doc/gpg.sgml

doc/gpgv.sgml

doc/gph

doc/gph/ChangeLog

doc/gph/Makefile.am

doc/gph/c1.sgml

doc/gph/c2.sgml

doc/gph/c3.sgml

doc/gph/c4.sgml

doc/gph/c5.sgml

doc/gph/c6.sgml

doc/gph/c7.sgml

doc/gph/manual.sgml

doc/gph/signatures.fig

doc/gph/signatures.jpg.asc

doc/version.sgml.in

g10/OPTIONS

g10/comment.c

g10/elg.c

g10/g10.c

g10/global.h

g10/hkp.h

g10/kbx.h

g10/kbxblob.c

g10/kbxfile.c

g10/kbxio.c

g10/kbxutil.c

g10/ks-proto.c

g10/ks-proto.h

g10/mkdtemp.c

g10/overwrite.c

g10/pipemode.c

g10/pref.h

g10/pubring.asc

g10/ringedit.c

g10/rsa.c

g10/signal.c

g10/status.c

g10/status.h

gl/asnprintf.c

gl/asprintf.c

gl/m4/eoverflow.m4

gl/m4/gnulib-cache.m4

gl/m4/gnulib.m4

gl/m4/intmax_t.m4

gl/m4/inttypes_h.m4

gl/m4/longdouble.m4

gl/m4/longlong.m4

gl/m4/onceonly_2_57.m4

gl/m4/signed.m4

gl/m4/size_max.m4

gl/m4/stdint_h.m4

gl/m4/strsep.m4

gl/m4/uintmax_t.m4

gl/m4/ulonglong.m4

gl/m4/vasnprintf.m4

gl/m4/vasprintf.m4

gl/m4/wchar_t.m4

gl/m4/wint_t.m4

gl/m4/xsize.m4

gl/printf-args.c

gl/printf-args.h

gl/printf-parse.c

gl/printf-parse.h

gl/strsep.c

gl/strsep.h

gl/vasnprintf.c

gl/vasnprintf.h

gl/vasprintf.c

gl/vasprintf.h

gnupg.txt

include/distfiles

include/errors.h

include/gpga-prot.h

include/http.h

include/i18n.h

include/keyserver.h

include/memory.h

include/mpi.h

include/ttyio.h

include/util.h

include/zlib-riscos.h

intl

intl/ChangeLog

intl/Makefile.in

intl/VERSION

intl/bindtextdom.c

intl/config.charset

intl/dcgettext.c

intl/dcigettext.c

intl/dcngettext.c

intl/dgettext.c

intl/dngettext.c

intl/eval-plural.h

intl/explodename.c

intl/finddomain.c

intl/gettext.c

intl/gettext.h

intl/gettextP.h

intl/gmo.h

intl/hash-string.h

intl/intl-compat.c

intl/l10nflist.c

intl/libgettext.h

intl/libgnuintl.h

intl/libgnuintl.h.in

intl/loadinfo.h

intl/loadmsgcat.c

intl/localcharset.c

intl/localcharset.h

intl/locale.alias

intl/localealias.c

intl/localename.c

intl/log.c

intl/ngettext.c

intl/os2compat.c

intl/os2compat.h

intl/osdep.c

intl/plural-exp.c

intl/plural-exp.h

intl/plural.c

intl/plural.y

intl/printf-args.c

intl/printf-args.h

intl/printf-parse.c

intl/printf-parse.h

intl/printf.c

intl/ref-add.sin

intl/ref-del.sin

intl/relocatable.c

intl/relocatable.h

intl/textdomain.c

intl/vasnprintf.c

intl/vasnprintf.h

intl/vasnwprintf.h

intl/wprintf-parse.h

intl/xsize.h

jnlib/w32-pth.c

jnlib/w32-pth.h

jnlib/xmalloc.c

jnlib/xmalloc.h

kbx/Manifest

kbx/keybox-errors.c

keyserver/gpgkeys_http.c

keyserver/gpgkeys_mailto.in

keyserver/gpgkeys_test.in

m4/longlong.m4

m4/ulonglong.m4

mpi/ChangeLog

mpi/Makefile.am

mpi/Makefile.in

mpi/alpha

mpi/alpha/README

mpi/alpha/distfiles

mpi/alpha/mpih-add1.S

mpi/alpha/mpih-lshift.S

mpi/alpha/mpih-mul1.S

mpi/alpha/mpih-mul2.S

mpi/alpha/mpih-mul3.S

mpi/alpha/mpih-rshift.S

mpi/alpha/mpih-sub1.S

mpi/alpha/udiv-qrnnd.S

mpi/config.links

mpi/g10m.c

mpi/generic

mpi/generic/distfiles

mpi/generic/mpi-asm-defs.h

mpi/generic/mpih-add1.c

mpi/generic/mpih-lshift.c

mpi/generic/mpih-mul1.c

mpi/generic/mpih-mul2.c

mpi/generic/mpih-mul3.c

mpi/generic/mpih-rshift.c

mpi/generic/mpih-sub1.c

mpi/generic/udiv-w-sdiv.c

mpi/hppa

mpi/hppa/README

mpi/hppa/distfiles

mpi/hppa/mpih-add1.S

mpi/hppa/mpih-lshift.S

mpi/hppa/mpih-rshift.S

mpi/hppa/mpih-shift.S

mpi/hppa/mpih-sub1.S

mpi/hppa/udiv-qrnnd.S

mpi/hppa1.1

mpi/hppa1.1/distfiles

mpi/hppa1.1/mpih-mul1.S

mpi/hppa1.1/mpih-mul2.S

mpi/hppa1.1/mpih-mul3.S

mpi/hppa1.1/udiv-qrnnd.S

mpi/i386

mpi/i386-openbsd

mpi/i386-openbsd/README

mpi/i386-openbsd/distfiles

mpi/i386-openbsd/mpih-add1.S

mpi/i386-openbsd/mpih-lshift.S

mpi/i386-openbsd/mpih-mul1.S

mpi/i386-openbsd/mpih-mul2.S

mpi/i386-openbsd/mpih-mul3.S

mpi/i386-openbsd/mpih-rshift.S

mpi/i386-openbsd/mpih-sub1.S

mpi/i386-openbsd/syntax.h

mpi/i386/distfiles

mpi/i386/mpih-add1.S

mpi/i386/mpih-lshift.S

mpi/i386/mpih-mul1.S

mpi/i386/mpih-mul2.S

mpi/i386/mpih-mul3.S

mpi/i386/mpih-rshift.S

mpi/i386/mpih-shift.S

mpi/i386/mpih-sub1.S

mpi/i386/syntax.h

mpi/i586

mpi/i586/README

mpi/i586/distfiles

mpi/i586/mpih-add1.S

mpi/i586/mpih-lshift.S

mpi/i586/mpih-mul1.S

mpi/i586/mpih-mul2.S

mpi/i586/mpih-mul3.S

mpi/i586/mpih-rshift.S

mpi/i586/mpih-shift.S

mpi/i586/mpih-sub1.S

mpi/longlong.h

mpi/m68k

mpi/m68k/distfiles

mpi/m68k/mc68020

mpi/m68k/mc68020/distfiles

mpi/m68k/mc68020/mpih-mul1.S

mpi/m68k/mc68020/mpih-mul2.S

mpi/m68k/mc68020/mpih-mul3.S

mpi/m68k/mpih-add1.S

mpi/m68k/mpih-lshift.S

mpi/m68k/mpih-rshift.S

mpi/m68k/mpih-shift.S

mpi/m68k/mpih-sub1.S

mpi/m68k/syntax.h

mpi/mips3

mpi/mips3/README

mpi/mips3/distfiles

mpi/mips3/mpi-asm-defs.h

mpi/mips3/mpih-add1.S

mpi/mips3/mpih-lshift.S

mpi/mips3/mpih-mul1.S

mpi/mips3/mpih-mul2.S

mpi/mips3/mpih-mul3.S

mpi/mips3/mpih-rshift.S

mpi/mips3/mpih-sub1.S

mpi/mpi-add.c

mpi/mpi-bit.c

mpi/mpi-cmp.c

mpi/mpi-div.c

mpi/mpi-gcd.c

mpi/mpi-inline.c

mpi/mpi-inline.h

mpi/mpi-internal.h

mpi/mpi-inv.c

mpi/mpi-mpow.c

mpi/mpi-mul.c

mpi/mpi-pow.c

mpi/mpi-scan.c

mpi/mpicoder.c

mpi/mpih-cmp.c

mpi/mpih-div.c

mpi/mpih-mul.c

mpi/mpih-sub.c

mpi/mpiutil.c

mpi/pa7100

mpi/pa7100/distfiles

mpi/pa7100/mpih-lshift.S

mpi/pa7100/mpih-rshift.S

mpi/pa7100/mpih-shift.S

mpi/power

mpi/power/distfiles

mpi/power/mpih-add1.S

mpi/power/mpih-lshift.S

mpi/power/mpih-mul1.S

mpi/power/mpih-mul2.S

mpi/power/mpih-mul3.S

mpi/power/mpih-rshift.S

mpi/power/mpih-sub1.S

mpi/powerpc32

mpi/powerpc32/distfiles

mpi/powerpc32/mpih-add1.S

mpi/powerpc32/mpih-lshift.S

mpi/powerpc32/mpih-mul1.S

mpi/powerpc32/mpih-mul2.S

mpi/powerpc32/mpih-mul3.S

mpi/powerpc32/mpih-rshift.S

mpi/powerpc32/mpih-sub1.S

mpi/powerpc32/syntax.h

mpi/powerpc64

mpi/powerpc64/distfiles

mpi/sparc32

mpi/sparc32/distfiles

mpi/sparc32/mpih-add1.S

mpi/sparc32/mpih-lshift.S

mpi/sparc32/mpih-rshift.S

mpi/sparc32/udiv.S

mpi/sparc32v8

mpi/sparc32v8/distfiles

mpi/sparc32v8/mpih-mul1.S

mpi/sparc32v8/mpih-mul2.S

mpi/sparc32v8/mpih-mul3.S

mpi/supersparc

mpi/supersparc/distfiles

mpi/supersparc/udiv.S

po/de.glo

po/es_ES.po

po/nl.po

po/pt_PT.po

po/remove-potcdate.sed

scd/atr.c

scd/atr.h

scd/card-common.h

scd/card-dinsig.c

scd/card-p15.c

scd/card.c

scd/sc-copykeys.c

scd/tlv.c

scd/tlv.h

scripts/autogen.sh

scripts/build-riscos

scripts/build-w32

scripts/commit

scripts/conf-riscos

scripts/conf-riscos/Makefile

scripts/conf-riscos/cipher

scripts/conf-riscos/cipher/constructv.c

scripts/conf-riscos/include

scripts/conf-riscos/include/config.h

scripts/conf-riscos/include/g10defs.h

scripts/db2html.in

scripts/distfiles

scripts/gnupg.spec.in

scripts/gnupgbug

scripts/log_accum

scripts/mail-to-translators

scripts/mk-gpg-texi

scripts/mk-w32-dist

scripts/mkdiff

scripts/mksnapshot

scripts/mkwebpage

sm/util.h

stamp-h.in

tests/567064FE6D14A17B2D811ABB407728BC558AA455

tests/cert_cci_sphinx_ca.pem

tests/cert_cci_test_wzs.pem

tests/cert_cci_test_zs.pem

tests/cert_cci_user02.pem

tests/cert_cci_user03.pem

tests/cert_cci_user04.pem

tests/cert_cci_user06.pem

tests/cert_cci_user07.pem

tests/cert_g10code_test1.pem

tests/cert_g10code_theo1.pem

tests/cert_testpki_testpca.pem

tests/crl_testpki_testpca.pem

tests/extrasamples

tests/extrasamples/README

tests/extrasamples/dod-test9.p12

tests/key_g10code_pete1.pem

tests/key_g10code_theo1.pem

tests/pkits/PKITS_data.tar.bz2

tests/pkits/import-all-certs.data

tests/samplekeys/8D6D17B4B94BBE8304926C016D2C5C7805EB6705.key

tests/samplekeys/README

tests/samplekeys/cert_g10code_enconly_1.pem

tests/samplekeys/cert_g10code_test_ca.pem

tests/samplekeys/cryptlib-key.p12

tests/samplekeys/opensc-test.p12

tests/samplekeys/ossl-rentec-user.pem

tests/samplekeys/ov-server.p12

tests/samplekeys/ov-user.p12

tests/samplekeys/webdeca.der

tests/samplekeys/webderoot.der

tests/samplemsgs

tests/samplemsgs/webde-buenemann-signed.cms

tests/skey_g10code_test1.pem

tests/text-1.osig-badusage.pem

tools/README.gpgconf

tools/bftest.c

tools/crlf.c

tools/der-to-pem

tools/mpicalc.c

tools/primes.scm

tools/ring-a-party

tools/shmtest.c

tools/signmany

util

util/ChangeLog

util/Makefile.am

util/Makefile.in

util/README

util/argparse.c

util/argparse.h

util/dotlock.c

util/errors.c

util/fileutil.c

util/g10u.c

util/http.c

util/iobuf.c

util/libutil-config.h

util/logger.c

util/logging.c

util/logging.h

util/memory.c

util/mischelp.h

util/miscutil.c

util/riscos.c

util/secmem.c

util/simple-gettext.c

util/srv.h

util/strgutil.c

util/stringhelp.c

util/stringhelp.h

util/ttyio.c

util/w32reg.c

util/xmalloc.c

util/xmalloc.h

zlib

zlib/ChangeLog

zlib/Makefile.am

zlib/Makefile.in

zlib/README

zlib/adler32.c

zlib/algorithm.doc

zlib/compress.c

zlib/crc32.c

zlib/deflate.c

zlib/deflate.h

zlib/example.c

zlib/gzio.c

zlib/infblock.c

zlib/infblock.h

zlib/infcodes.c

zlib/infcodes.h

zlib/inffast.c

zlib/inffast.h

zlib/inffixed.h

zlib/inflate.c

zlib/inftrees.c

zlib/inftrees.h

zlib/infutil.c

zlib/infutil.h

zlib/trees.c

zlib/trees.h

zlib/uncompr.c

zlib/zconf.h

zlib/zconf.h~

zlib/zlib.h

zlib/zlib.h~

zlib/zutil.c

zlib/zutil.h

files modified:
ABOUT-NLS

AUTHORS

COPYING

ChangeLog

INSTALL

Makefile.am

Makefile.in

NEWS

README

THANKS

TODO

acinclude.m4

aclocal.m4

agent/ChangeLog

agent/Makefile.am

agent/Makefile.in

agent/agent.h

agent/cache.c

agent/call-scd.c

agent/command-ssh.c

agent/command.c

agent/divert-scd.c

agent/findkey.c

agent/genkey.c

agent/gpg-agent.c

agent/learncard.c

agent/minip12.c

agent/minip12.h

agent/pkdecrypt.c

agent/pksign.c

agent/preset-passphrase.c

agent/protect-tool.c

agent/protect.c

agent/t-protect.c

agent/trans.c

agent/trustlist.c

am/cmacros.am

autogen.sh *

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/README

common/asshelp.c

common/asshelp.h

common/b64enc.c

common/estream.c

common/estream.h

common/exechelp.c

common/exechelp.h

common/gettime.c

common/homedir.c

common/i18n.h

common/iobuf.c

common/iobuf.h

common/membuf.c

common/membuf.h

common/miscellaneous.c

common/sexp-parse.h

common/sexputil.c

common/signal.c

common/simple-pwquery.c

common/simple-pwquery.h

common/sysutils.c

common/sysutils.h

common/ttyio.c

common/ttyio.h

common/util.h

common/xasprintf.c

common/xreadline.c

common/yesno.c

config.guess

config.h.in

config.sub

configure *

configure.ac

debian/changelog

debian/control

debian/copyright

debian/gnupg-agent.xsession

debian/rules

doc/ChangeLog

doc/DETAILS

doc/FAQ

doc/HACKING

doc/Makefile.am

doc/Makefile.in

doc/debugging.texi

doc/faq.raw

doc/glossary.texi

doc/gnupg-card-architecture.fig

doc/gnupg.texi

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/gpgv.texi

doc/gpl.texi

doc/qualified.txt

doc/samplekeys.asc

doc/scdaemon.texi

doc/sysnotes.texi

doc/tools.texi

g10/ChangeLog

g10/Makefile.am

g10/Makefile.in

g10/armor.c

g10/build-packet.c

g10/call-agent.c

g10/call-agent.h

g10/card-util.c

g10/cipher.c

g10/compress.c

g10/dearmor.c

g10/decrypt.c

g10/delkey.c

g10/encode.c

g10/encr-data.c

g10/exec.c

g10/exec.h

g10/export.c

g10/filter.h

g10/free-packet.c

g10/getkey.c

g10/gpg.c

g10/gpg.h

g10/gpgv.c

g10/helptext.c

g10/import.c

g10/kbnode.c

g10/keydb.c

g10/keydb.h

g10/keyedit.c

g10/keygen.c

g10/keyid.c

g10/keylist.c

g10/keyring.c

g10/keyring.h

g10/keyserver-internal.h

g10/keyserver.c

g10/main.h

g10/mainproc.c

g10/mdfilter.c

g10/misc.c

g10/openfile.c

g10/options.h

g10/options.skel

g10/packet.h

g10/parse-packet.c

g10/passphrase.c

g10/photoid.c

g10/photoid.h

g10/pkclist.c

g10/pkglue.c

g10/pkglue.h

g10/plaintext.c

g10/progress.c

g10/pubkey-enc.c

g10/revoke.c

g10/seckey-cert.c

g10/seskey.c

g10/sig-check.c

g10/sign.c

g10/skclist.c

g10/tdbdump.c

g10/tdbio.c

g10/tdbio.h

g10/textfilter.c

g10/trustdb.c

g10/trustdb.h

g10/verify.c

gl/Makefile.am

gl/Makefile.in

gl/alloca_.h

gl/allocsa.c

gl/allocsa.h

gl/m4/allocsa.m4

gl/m4/gnulib-comp.m4

gl/m4/mkdtemp.m4

gl/m4/setenv.m4

gl/mkdtemp.c

gl/mkdtemp.h

gl/setenv.c

gl/setenv.h

gl/size_max.h

gl/strpbrk.c

gl/strpbrk.h

gl/unsetenv.c

gl/xsize.h

include/ChangeLog

include/_regex.h

include/cipher.h

include/host2net.h

include/types.h

jnlib/ChangeLog

jnlib/Makefile.am

jnlib/Makefile.in

jnlib/README

jnlib/argparse.c

jnlib/argparse.h

jnlib/dotlock.c

jnlib/dotlock.h

jnlib/libjnlib-config.h

jnlib/logging.c

jnlib/logging.h

jnlib/mischelp.h

jnlib/stringhelp.c

jnlib/stringhelp.h

jnlib/strlist.c

jnlib/strlist.h

jnlib/types.h

jnlib/utf8conv.c

jnlib/utf8conv.h

jnlib/w32-afunix.c

jnlib/w32-afunix.h

kbx/ChangeLog

kbx/Makefile.am

kbx/Makefile.in

kbx/kbxutil.c

kbx/keybox-blob.c

kbx/keybox-defs.h

kbx/keybox-dump.c

kbx/keybox-file.c

kbx/keybox-init.c

kbx/keybox-openpgp.c

kbx/keybox-search-desc.h

kbx/keybox-search.c

kbx/keybox-update.c

kbx/keybox-util.c

kbx/keybox.h

kbx/mkerrors *

keyserver/ChangeLog

keyserver/Makefile.am

keyserver/gpgkeys_curl.c

keyserver/gpgkeys_finger.c

keyserver/gpgkeys_hkp.c

keyserver/gpgkeys_ldap.c

keyserver/ksutil.c

keyserver/ksutil.h

m4/ChangeLog

m4/Makefile.am

m4/Makefile.in

m4/codeset.m4

m4/gettext.m4

m4/glibc21.m4

m4/gpg-error.m4

m4/iconv.m4

m4/intdiv0.m4

m4/intmax.m4

m4/inttypes-pri.m4

m4/inttypes_h.m4

m4/ksba.m4

m4/lcmessage.m4

m4/lib-ld.m4

m4/lib-link.m4

m4/lib-prefix.m4

m4/libassuan.m4

m4/libgcrypt.m4

m4/longdouble.m4

m4/nls.m4

m4/po.m4

m4/printf-posix.m4

m4/progtest.m4

m4/signed.m4

m4/size_max.m4

m4/stdint_h.m4

m4/uintmax_t.m4

m4/wchar_t.m4

m4/wint_t.m4

m4/xsize.m4

po/ChangeLog

po/LINGUAS

po/Makefile.in.in

po/POTFILES.in

po/ca.po

po/cs.po

po/da.po

po/de.po

po/el.po

po/eo.po

po/es.po

po/et.po

po/fr.po

po/gl.po

po/id.po

po/it.po

po/ja.po

po/pl.po

po/pt.po

po/pt_BR.po

po/ru.po

po/sv.po

po/tr.po

scd/ChangeLog

scd/Makefile.am

scd/Makefile.in

scd/apdu.c

scd/apdu.h

scd/app-common.h

scd/app-dinsig.c

scd/app-help.c

scd/app-nks.c

scd/app-openpgp.c

scd/app-p15.c

scd/app.c

scd/ccid-driver.c

scd/ccid-driver.h

scd/command.c

scd/iso7816.c

scd/iso7816.h

scd/pcsc-wrapper.c

scd/scdaemon.c

scd/scdaemon.h

scripts/ChangeLog

scripts/compile *

scripts/config.guess *

scripts/config.rpath *

scripts/config.sub *

scripts/depcomp *

scripts/install-sh *

scripts/mdate-sh *

scripts/missing *

scripts/mkinstalldirs *

scripts/texinfo.tex

sm/ChangeLog

sm/Makefile.am

sm/Makefile.in

sm/base64.c

sm/call-agent.c

sm/call-dirmngr.c

sm/certchain.c

sm/certcheck.c

sm/certdump.c

sm/certlist.c

sm/certreqgen.c

sm/decrypt.c

sm/delete.c

sm/encrypt.c

sm/export.c

sm/fingerprint.c

sm/gpgsm.c

sm/gpgsm.h

sm/import.c

sm/keydb.c

sm/keydb.h

sm/keylist.c

sm/misc.c

sm/qualified.c

sm/server.c

sm/sign.c

sm/verify.c

tests/ChangeLog

tests/Makefile.am

tests/Makefile.in

tests/asschk.c

tests/inittests *

tests/pkits/ChangeLog

tests/pkits/Makefile.am

tests/pkits/README

tests/pkits/common.sh

tests/pkits/import-all-certs *

tests/pkits/inittests *

tests/pkits/runtest *

tests/pkits/validate-all-certs *

tests/runtest *

tools/ChangeLog

tools/Makefile.am

tools/Makefile.in

tools/addgnupghome *

tools/gpg-connect-agent.c

tools/gpgconf-comp.c

tools/gpgconf.c

tools/gpgconf.h

tools/gpgkey2ssh.c

tools/gpgparsemail.c

tools/gpgsm-gencert.sh *

tools/gpgsplit.c

tools/lspgpot *

tools/mail-signed-keys *

tools/mk-tdata.c

tools/no-libgcrypt.c

tools/rfc822parse.c

tools/rfc822parse.h

tools/symcryptrun.c

tools/watchgnupg.c

version

Show diffs side-by-side

added added

removed removed

sm/keylist.c

* GnuPG is free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* the Free Software Foundation; either version 3 of the License, or

* (at your option) any later version.

* GnuPG is distributed in the hope that it will be useful,

* GNU General Public License for more details.

* You should have received a copy of the GNU General Public License

* along with this program; if not, write to the Free Software

* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA

* along with this program; if not, see <http://www.gnu.org/licenses/>.

#include <config.h>

#include "../kbx/keybox.h" /* for KEYBOX_FLAG_* */

#include "i18n.h"

struct list_external_parm_s {

struct list_external_parm_s

{

ctrl_t ctrl;

FILE *fp;

estream_t fp;

int print_header;

int with_colons;

int with_chain;

/* This table is to map Extended Key Usage OIDs to human readable

names. */

struct {

struct

{

const char *oid;

const char *name;

} key_purpose_map[] = {

{ "2.16.840.1.113730.4.1", "serverGatedCrypto.ns" }, /* Netscape. */

{ "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms"}, /* Microsoft. */

{ "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck" },

{ NULL, NULL }

};

/* A table mapping OIDs to a descriptive string. */

static struct {

static struct

{

char *oid;

char *name;

unsigned int flag;

124

129

{ "1.3.6.1.5.5.7.1.10", "acProxying" },

125

130

{ "1.3.6.1.5.5.7.1.11", "subjectInfoAccess" },

126

131

132

{ "1.3.6.1.5.5.7.48.1", "ocsp" },

133

{ "1.3.6.1.5.5.7.48.2", "caIssuers" },

134

{ "1.3.6.1.5.5.7.48.3", "timeStamping" },

135

{ "1.3.6.1.5.5.7.48.5", "caRepository" },

136

127

137

/* X.509 id-ce */

128

138

{ "2.5.29.14", "subjectKeyIdentifier", 1},

129

139

{ "2.5.29.15", "keyUsage", 1 },

166

176

/* GnuPG extensions */

167

177

{ "1.3.6.1.4.1.11591.2.1.1", "pkaAddress" },

168

178

179

/* Extensions used by the Bundesnetzagentur. */

180

{ "1.3.6.1.4.1.8301.3.5", "validityModel" },

181

169

182

{ NULL }

170

183

};

171

184

192

205

193

206

194

207

static void

195

print_key_data (ksba_cert_t cert, FILE *fp)

208

print_key_data (ksba_cert_t cert, estream_t fp)

196

209

{

197

210

#if 0

198

211

int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;

200

213

201

214

for(i=0; i < n; i++ )

202

215

{

203

fprintf (fp, "pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );

216

es_fprintf (fp, "pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );

204

217

mpi_print(stdout, pk->pkey[i], 1 );

205

218

putchar(':');

206

219

putchar('\n');

209

222

}

210

223

211

224

static void

212

print_capabilities (ksba_cert_t cert, FILE *fp)

225

print_capabilities (ksba_cert_t cert, estream_t fp)

213

226

{

214

227

gpg_error_t err;

215

228

unsigned int use;

221

234

if (!err && buflen)

222

235

{

223

236

if (*buffer)

224

putc ('q', fp);

237

es_putc ('q', fp);

225

238

}

226

239

else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)

227

240

; /* Don't know - will not get marked as 'q' */

232

245

err = ksba_cert_get_key_usage (cert, &use);

233

246

if (gpg_err_code (err) == GPG_ERR_NO_DATA)

234

247

{

235

putc ('e', fp);

236

putc ('s', fp);

237

putc ('c', fp);

238

putc ('E', fp);

239

putc ('S', fp);

240

putc ('C', fp);

248

es_putc ('e', fp);

249

es_putc ('s', fp);

250

es_putc ('c', fp);

251

es_putc ('E', fp);

252

es_putc ('S', fp);

253

es_putc ('C', fp);

241

254

return;

242

255

}

243

256

if (err)

248

261

}

249

262

250

263

if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))

251

putc ('e', fp);

264

es_putc ('e', fp);

252

265

if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))

253

putc ('s', fp);

266

es_putc ('s', fp);

254

267

if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))

255

putc ('c', fp);

268

es_putc ('c', fp);

256

269

if ((use & (KSBA_KEYUSAGE_KEY_ENCIPHERMENT|KSBA_KEYUSAGE_DATA_ENCIPHERMENT)))

257

putc ('E', fp);

270

es_putc ('E', fp);

258

271

if ((use & (KSBA_KEYUSAGE_DIGITAL_SIGNATURE|KSBA_KEYUSAGE_NON_REPUDIATION)))

259

putc ('S', fp);

272

es_putc ('S', fp);

260

273

if ((use & KSBA_KEYUSAGE_KEY_CERT_SIGN))

261

putc ('C', fp);

274

es_putc ('C', fp);

262

275

}

263

276

264

277

265

278

static void

266

print_time (gnupg_isotime_t t, FILE *fp)

279

print_time (gnupg_isotime_t t, estream_t fp)

267

280

{

268

281

if (!t || !*t)

269

282

;

270

283

else

271

fputs (t, fp);

284

es_fputs (t, fp);

272

285

}

273

286

274

287

275

288

/* Return an allocated string with the email address extracted from a

276

DN */

289

DN. Note hat we use this code also in ../kbx/keybox-blob.c. */

277

290

static char *

278

291

email_kludge (const char *name)

279

292

{

298

311

299

312

/* This looks pretty much like an email address in the subject's DN

300

313

we use this to add an additional user ID entry. This way,

301

openSSL generated keys get a nicer and usable listing */

314

OpenSSL generated keys get a nicer and usable listing. */

302

315

for (n=0, p=name; hexdigitp (p) && hexdigitp (p+1); p +=2, n++)

303

316

;

304

317

if (!n)

320

333

/* List one certificate in colon mode */

321

334

static void

322

335

list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity,

323

FILE *fp, int have_secret)

336

estream_t fp, int have_secret)

324

337

{

325

338

int rc;

326

339

int idx;

335

348

const char *chain_id;

336

349

char *chain_id_buffer = NULL;

337

350

int is_root = 0;

351

char *kludge_uid;

338

352

339

353

if (ctrl->with_validation)

340

valerr = gpgsm_validate_chain (ctrl, cert, NULL, 1, NULL, 0);

354

valerr = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, NULL, 0, NULL);

341

355

else

342

356

valerr = 0;

343

357

347

361

{

348

362

ksba_cert_t next;

349

363

350

rc = gpgsm_walk_cert_chain (cert, &next);

364

rc = gpgsm_walk_cert_chain (ctrl, cert, &next);

351

365

if (!rc) /* We known the issuer's certificate. */

352

366

{

353

367

p = gpgsm_get_fingerprint_hexstring (next, GCRY_MD_SHA1);

365

379

}

366

380

367

381

368

fputs (have_secret? "crs:":"crt:", fp);

382

es_fputs (have_secret? "crs:":"crt:", fp);

369

383

370

384

/* Note: We can't use multiple flags, like "ei", because the

371

385

validation check does only return one error. */

392

406

*truststring = 'i';

393

407

}

394

408

395

/* Is we have no truststring yet (i.e. the certificate might be

409

/* If we have no truststring yet (i.e. the certificate might be

396

410

good) and this is a root certificate, we ask the agent whether

397

411

this is a trusted root certificate. */

398

412

if (!*truststring && is_root)

399

413

{

400

rc = gpgsm_agent_istrusted (ctrl, cert);

414

struct rootca_flags_s dummy_flags;

415

416

rc = gpgsm_agent_istrusted (ctrl, cert, &dummy_flags);

401

417

if (!rc)

402

418

*truststring = 'u'; /* Yes, we trust this one (ultimately). */

403

419

else if (gpg_err_code (rc) == GPG_ERR_NOT_TRUSTED)

406

422

}

407

423

408

424

if (*truststring)

409

fputs (truststring, fp);

425

es_fputs (truststring, fp);

410

426

411

427

algo = gpgsm_get_key_algo_info (cert, &nbits);

412

fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);

428

es_fprintf (fp, ":%u:%d:%s:", nbits, algo, fpr+24);

413

429

414

430

/* We assume --fixed-list-mode for gpgsm */

415

431

ksba_cert_get_validity (cert, 0, t);

416

432

print_time (t, fp);

417

putc (':', fp);

433

es_putc (':', fp);

418

434

ksba_cert_get_validity (cert, 1, t);

419

435

print_time ( t, fp);

420

putc (':', fp);

436

es_putc (':', fp);

421

437

/* Field 8, serial number: */

422

438

if ((sexp = ksba_cert_get_serial (cert)))

423

439

{

431

447

len = len*10 + atoi_1 (s);

432

448

if (*s == ':')

433

449

for (s++; len; len--, s++)

434

fprintf (fp,"%02X", *s);

450

es_fprintf (fp,"%02X", *s);

435

451

}

436

452

xfree (sexp);

437

453

}

438

putc (':', fp);

454

es_putc (':', fp);

439

455

/* Field 9, ownertrust - not used here */

440

putc (':', fp);

456

es_putc (':', fp);

441

457

/* field 10, old user ID - we use it here for the issuer DN */

442

458

if ((p = ksba_cert_get_issuer (cert,0)))

443

459

{

444

print_sanitized_string (fp, p, ':');

460

es_write_sanitized (fp, p, strlen (p), ":", NULL);

445

461

xfree (p);

446

462

}

447

putc (':', fp);

463

es_putc (':', fp);

448

464

/* Field 11, signature class - not used */

449

putc (':', fp);

465

es_putc (':', fp);

450

466

/* Field 12, capabilities: */

451

467

print_capabilities (cert, fp);

452

putc (':', fp);

453

putc ('\n', fp);

468

es_putc (':', fp);

469

es_putc ('\n', fp);

454

470

455

471

/* FPR record */

456

fprintf (fp, "fpr:::::::::%s:::", fpr);

472

es_fprintf (fp, "fpr:::::::::%s:::", fpr);

457

473

/* Print chaining ID (field 13)*/

458

474

if (chain_id)

459

fputs (chain_id, fp);

460

putc (':', fp);

461

putc ('\n', fp);

475

es_fputs (chain_id, fp);

476

es_putc (':', fp);

477

es_putc ('\n', fp);

462

478

xfree (fpr); fpr = NULL; chain_id = NULL;

463

479

xfree (chain_id_buffer); chain_id_buffer = NULL;

464

480

466

482

{

467

483

if ( (p = gpgsm_get_keygrip_hexstring (cert)))

468

484

{

469

fprintf (fp, "grp:::::::::%s:\n", p);

485

es_fprintf (fp, "grp:::::::::%s:\n", p);

470

486

xfree (p);

471

487

}

472

488

print_key_data (cert, fp);

473

489

}

474

490

491

kludge_uid = NULL;

475

492

for (idx=0; (p = ksba_cert_get_subject (cert,idx)); idx++)

476

493

{

477

fprintf (fp, "uid:%s::::::::", truststring);

478

print_sanitized_string (fp, p, ':');

479

putc (':', fp);

480

putc (':', fp);

481

putc ('\n', fp);

494

/* In the case that the same email address is in the subject DN

495

as well as in an alternate subject name we avoid printing it

496

a second time. */

497

if (kludge_uid && !strcmp (kludge_uid, p))

498

continue;

499

500

es_fprintf (fp, "uid:%s::::::::", truststring);

501

es_write_sanitized (fp, p, strlen (p), ":", NULL);

502

es_putc (':', fp);

503

es_putc (':', fp);

504

es_putc ('\n', fp);

482

505

if (!idx)

483

506

{

484

507

/* It would be better to get the faked email address from

485

508

the keydb. But as long as we don't have a way to pass

486

509

the meta data back, we just check it the same way as the

487

510

code used to create the keybox meta data does */

488

char *pp = email_kludge (p);

489

if (pp)

511

kludge_uid = email_kludge (p);

512

if (kludge_uid)

490

513

{

491

fprintf (fp, "uid:%s::::::::", truststring);

492

print_sanitized_string (fp, pp, ':');

493

putc (':', fp);

494

putc (':', fp);

495

putc ('\n', fp);

496

xfree (pp);

514

es_fprintf (fp, "uid:%s::::::::", truststring);

515

es_write_sanitized (fp, kludge_uid, strlen (kludge_uid),

516

":", NULL);

517

es_putc (':', fp);

518

es_putc (':', fp);

519

es_putc ('\n', fp);

497

520

}

498

521

}

499

522

xfree (p);

500

523

}

524

xfree (kludge_uid);

501

525

}

502

526

503

527

504

528

static void

505

print_name_raw (FILE *fp, const char *string)

529

print_name_raw (estream_t fp, const char *string)

506

530

{

507

531

if (!string)

508

fputs ("[error]", fp);

532

es_fputs ("[error]", fp);

509

533

else

510

print_sanitized_string (fp, string, 0);

534

es_write_sanitized (fp, string, strlen (string), NULL, NULL);

511

535

}

512

536

513

537

static void

514

print_names_raw (FILE *fp, int indent, ksba_name_t name)

538

print_names_raw (estream_t fp, int indent, ksba_name_t name)

515

539

{

516

540

int idx;

517

541

const char *s;

522

546

523

547

if (!name)

524

548

{

525

fputs ("none\n", fp);

549

es_fputs ("none\n", fp);

526

550

return;

527

551

}

528

552

529

553

for (idx=0; (s = ksba_name_enum (name, idx)); idx++)

530

554

{

531

555

char *p = ksba_name_get_uri (name, idx);

532

printf ("%*s%s\n", idx||indent_all?indent:0, "", p?p:s);

556

es_fprintf (fp, "%*s", idx||indent_all?indent:0, "");

557

es_write_sanitized (fp, p?p:s, strlen (p?p:s), NULL, NULL);

558

es_putc ('\n', fp);

533

559

xfree (p);

534

560

}

535

561

}

540

566

output sanitation. It is mainly useful for debugging. */

541

567

static void

542

568

list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,

543

ksba_cert_t cert, FILE *fp, int have_secret,

569

ksba_cert_t cert, estream_t fp, int have_secret,

544

570

int with_validation)

545

571

{

546

572

gpg_error_t err;

556

582

ksba_name_t name, name2;

557

583

unsigned int reason;

558

584

585

es_fprintf (fp, " ID: 0x%08lX\n",

586

gpgsm_get_short_fingerprint (cert));

587

559

588

sexp = ksba_cert_get_serial (cert);

560

fputs ("Serial number: ", fp);

589

es_fputs (" S/N: ", fp);

561

590

gpgsm_print_serial (fp, sexp);

562

591

ksba_free (sexp);

563

putc ('\n', fp);

592

es_putc ('\n', fp);

564

593

565

594

dn = ksba_cert_get_issuer (cert, 0);

566

fputs (" Issuer: ", fp);

595

es_fputs (" Issuer: ", fp);

567

596

print_name_raw (fp, dn);

568

597

ksba_free (dn);

569

putc ('\n', fp);

598

es_putc ('\n', fp);

570

599

for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)

571

600

{

572

fputs (" aka: ", fp);

601

es_fputs (" aka: ", fp);

573

602

print_name_raw (fp, dn);

574

603

ksba_free (dn);

575

putc ('\n', fp);

604

es_putc ('\n', fp);

576

605

}

577

606

578

607

dn = ksba_cert_get_subject (cert, 0);

579

fputs (" Subject: ", fp);

608

es_fputs (" Subject: ", fp);

580

609

print_name_raw (fp, dn);

581

610

ksba_free (dn);

582

putc ('\n', fp);

611

es_putc ('\n', fp);

583

612

for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)

584

613

{

585

fputs (" aka: ", fp);

614

es_fputs (" aka: ", fp);

586

615

print_name_raw (fp, dn);

587

616

ksba_free (dn);

588

putc ('\n', fp);

617

es_putc ('\n', fp);

589

618

}

590

619

591

620

dn = gpgsm_get_fingerprint_string (cert, 0);

592

fprintf (fp, " sha1_fpr: %s\n", dn?dn:"error");

621

es_fprintf (fp, " sha1_fpr: %s\n", dn?dn:"error");

593

622

xfree (dn);

594

623

595

624

dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);

596

fprintf (fp, " md5_fpr: %s\n", dn?dn:"error");

625

es_fprintf (fp, " md5_fpr: %s\n", dn?dn:"error");

626

xfree (dn);

627

628

dn = gpgsm_get_certid (cert);

629

es_fprintf (fp, " certid: %s\n", dn?dn:"error");

597

630

xfree (dn);

598

631

599

632

dn = gpgsm_get_keygrip_hexstring (cert);

600

fprintf (fp, " keygrip: %s\n", dn?dn:"error");

633

es_fprintf (fp, " keygrip: %s\n", dn?dn:"error");

601

634

xfree (dn);

602

635

603

636

ksba_cert_get_validity (cert, 0, t);

604

fputs (" notBefore: ", fp);

637

es_fputs (" notBefore: ", fp);

605

638

gpgsm_print_time (fp, t);

606

putc ('\n', fp);

607

fputs (" notAfter: ", fp);

639

es_putc ('\n', fp);

640

es_fputs (" notAfter: ", fp);

608

641

ksba_cert_get_validity (cert, 1, t);

609

642

gpgsm_print_time (fp, t);

610

putc ('\n', fp);

643

es_putc ('\n', fp);

611

644

612

645

oid = ksba_cert_get_digest_algo (cert);

613

646

s = get_oid_desc (oid, NULL);

614

fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");

647

es_fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");

615

648

616

649

{

617

650

const char *algoname;

618

651

unsigned int nbits;

619

652

620

653

algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));

621

fprintf (fp, " keyType: %u bit %s\n", nbits, algoname? algoname:"?");

654

es_fprintf (fp, " keyType: %u bit %s\n",

655

nbits, algoname? algoname:"?");

622

656

}

623

657

624

658

/* subjectKeyIdentifier */

625

fputs (" subjKeyId: ", fp);

659

es_fputs (" subjKeyId: ", fp);

626

660

err = ksba_cert_get_subj_key_id (cert, NULL, &keyid);

627

661

if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)

628

662

{

629

663

if (gpg_err_code (err) == GPG_ERR_NO_DATA)

630

fputs ("[none]\n", fp);

664

es_fputs ("[none]\n", fp);

631

665

else

632

666

{

633

667

gpgsm_print_serial (fp, keyid);

634

668

ksba_free (keyid);

635

putc ('\n', fp);

669

es_putc ('\n', fp);

636

670

}

637

671

}

638

672

else

639

fputs ("[?]\n", fp);

673

es_fputs ("[?]\n", fp);

640

674

641

675

642

676

/* authorityKeyIdentifier */

643

fputs (" authKeyId: ", fp);

677

es_fputs (" authKeyId: ", fp);

644

678

err = ksba_cert_get_auth_key_id (cert, &keyid, &name, &sexp);

645

679

if (!err || gpg_err_code (err) == GPG_ERR_NO_DATA)

646

680

{

647

681

if (gpg_err_code (err) == GPG_ERR_NO_DATA || !name)

648

fputs ("[none]\n", fp);

682

es_fputs ("[none]\n", fp);

649

683

else

650

684

{

651

685

gpgsm_print_serial (fp, sexp);

652

686

ksba_free (sexp);

653

putc ('\n', fp);

687

es_putc ('\n', fp);

654

688

print_names_raw (fp, -15, name);

655

689

ksba_name_release (name);

656

690

}

657

691

if (keyid)

658

692

{

659

fputs (" authKeyId.ki: ", fp);

693

es_fputs (" authKeyId.ki: ", fp);

660

694

gpgsm_print_serial (fp, keyid);

661

695

ksba_free (keyid);

662

putc ('\n', fp);

696

es_putc ('\n', fp);

663

697

}

664

698

}

665

699

else

666

fputs ("[?]\n", fp);

700

es_fputs ("[?]\n", fp);

667

701

668

fputs (" keyUsage:", fp);

702

es_fputs (" keyUsage:", fp);

669

703

err = ksba_cert_get_key_usage (cert, &kusage);

670

704

if (gpg_err_code (err) != GPG_ERR_NO_DATA)

671

705

{

672

706

if (err)

673

fprintf (fp, " [error: %s]", gpg_strerror (err));

707

es_fprintf (fp, " [error: %s]", gpg_strerror (err));

674

708

else

675

709

{

676

710

if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))

677

fputs (" digitalSignature", fp);

711

es_fputs (" digitalSignature", fp);

678

712

if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))

679

fputs (" nonRepudiation", fp);

713

es_fputs (" nonRepudiation", fp);

680

714

if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))

681

fputs (" keyEncipherment", fp);

715

es_fputs (" keyEncipherment", fp);

682

716

if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))

683

fputs (" dataEncipherment", fp);

717

es_fputs (" dataEncipherment", fp);

684

718

if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))

685

fputs (" keyAgreement", fp);

719

es_fputs (" keyAgreement", fp);

686

720

if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))

687

fputs (" certSign", fp);

721

es_fputs (" certSign", fp);

688

722

if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))

689

fputs (" crlSign", fp);

723

es_fputs (" crlSign", fp);

690

724

if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))

691

fputs (" encipherOnly", fp);

725

es_fputs (" encipherOnly", fp);

692

726

if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))

693

fputs (" decipherOnly", fp);

727

es_fputs (" decipherOnly", fp);

694

728

}

695

putc ('\n', fp);

729

es_putc ('\n', fp);

696

730

}

697

731

else

698

fputs ("[none]\n", fp);

732

es_fputs (" [none]\n", fp);

699

733

700

fputs (" extKeyUsage: ", fp);

734

es_fputs (" extKeyUsage: ", fp);

701

735

err = ksba_cert_get_ext_key_usages (cert, &string);

702

736

if (gpg_err_code (err) != GPG_ERR_NO_DATA)

703

737

{

704

738

if (err)

705

fprintf (fp, "[error: %s]", gpg_strerror (err));

739

es_fprintf (fp, "[error: %s]", gpg_strerror (err));

706

740

else

707

741

{

708

742

p = string;

712

746

for (i=0; key_purpose_map[i].oid; i++)

713

747

if ( !strcmp (key_purpose_map[i].oid, p) )

714

748

break;

715

fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);

749

es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);

716

750

p = pend;

717

751

if (*p != 'C')

718

fputs (" (suggested)", fp);

752

es_fputs (" (suggested)", fp);

719

753

if ((p = strchr (p, '\n')))

720

754

{

721

755

p++;

722

fputs ("\n ", fp);

756

es_fputs ("\n ", fp);

723

757

}

724

758

}

725

759

xfree (string);

726

760

}

727

putc ('\n', fp);

761

es_putc ('\n', fp);

728

762

}

729

763

else

730

fputs ("[none]\n", fp);

731

732

733

fputs (" policies: ", fp);

764

es_fputs ("[none]\n", fp);

765

766

767

es_fputs (" policies: ", fp);

734

768

err = ksba_cert_get_cert_policies (cert, &string);

735

769

if (gpg_err_code (err) != GPG_ERR_NO_DATA)

736

770

{

737

771

if (err)

738

fprintf (fp, "[error: %s]", gpg_strerror (err));

772

es_fprintf (fp, "[error: %s]", gpg_strerror (err));

739

773

else

740

774

{

741

775

p = string;

745

779

for (i=0; key_purpose_map[i].oid; i++)

746

780

if ( !strcmp (key_purpose_map[i].oid, p) )

747

781

break;

748

fputs (p, fp);

782

es_fputs (p, fp);

749

783

p = pend;

750

784

if (*p == 'C')

751

fputs (" (critical)", fp);

785

es_fputs (" (critical)", fp);

752

786

if ((p = strchr (p, '\n')))

753

787

{

754

788

p++;

755

fputs ("\n ", fp);

789

es_fputs ("\n ", fp);

756

790

}

757

791

}

758

792

xfree (string);

759

793

}

760

putc ('\n', fp);

794

es_putc ('\n', fp);

761

795

}

762

796

else

763

fputs ("[none]\n", fp);

797

es_fputs ("[none]\n", fp);

764

798

765

fputs (" chainLength: ", fp);

799

es_fputs (" chainLength: ", fp);

766

800

err = ksba_cert_is_ca (cert, &is_ca, &chainlen);

767

801

if (err || is_ca)

768

802

{

769

if (err)

770

fprintf (fp, "[error: %s]", gpg_strerror (err));

803

if (gpg_err_code (err) == GPG_ERR_NO_VALUE )

804

es_fprintf (fp, "[none]");

805

else if (err)

806

es_fprintf (fp, "[error: %s]", gpg_strerror (err));

771

807

else if (chainlen == -1)

772

fputs ("unlimited", fp);

808

es_fputs ("unlimited", fp);

773

809

else

774

fprintf (fp, "%d", chainlen);

775

putc ('\n', fp);

810

es_fprintf (fp, "%d", chainlen);

811

es_putc ('\n', fp);

776

812

}

777

813

else

778

fputs ("not a CA\n", fp);

814

es_fputs ("not a CA\n", fp);

779

815

780

816

781

817

/* CRL distribution point */

782

818

for (idx=0; !(err=ksba_cert_get_crl_dist_point (cert, idx, &name, &name2,

783

819

&reason)) ;idx++)

784

820

{

785

fputs (" crlDP: ", fp);

821

es_fputs (" crlDP: ", fp);

786

822

print_names_raw (fp, 15, name);

787

823

if (reason)

788

824

{

789

fputs (" reason: ", fp);

825

es_fputs (" reason: ", fp);

790

826

if ( (reason & KSBA_CRLREASON_UNSPECIFIED))

791

fputs (" unused", stdout);

827

es_fputs (" unused", fp);

792

828

if ( (reason & KSBA_CRLREASON_KEY_COMPROMISE))

793

fputs (" keyCompromise", stdout);

829

es_fputs (" keyCompromise", fp);

794

830

if ( (reason & KSBA_CRLREASON_CA_COMPROMISE))

795

fputs (" caCompromise", stdout);

831

es_fputs (" caCompromise", fp);

796

832

if ( (reason & KSBA_CRLREASON_AFFILIATION_CHANGED))

797

fputs (" affiliationChanged", stdout);

833

es_fputs (" affiliationChanged", fp);

798

834

if ( (reason & KSBA_CRLREASON_SUPERSEDED))

799

fputs (" superseded", stdout);

835

es_fputs (" superseded", fp);

800

836

if ( (reason & KSBA_CRLREASON_CESSATION_OF_OPERATION))

801

fputs (" cessationOfOperation", stdout);

837

es_fputs (" cessationOfOperation", fp);

802

838

if ( (reason & KSBA_CRLREASON_CERTIFICATE_HOLD))

803

fputs (" certificateHold", stdout);

804

putchar ('\n');

839

es_fputs (" certificateHold", fp);

840

es_putc ('\n', fp);

805

841

}

806

fputs (" issuer: ", fp);

842

es_fputs (" issuer: ", fp);

807

843

print_names_raw (fp, 23, name2);

808

844

ksba_name_release (name);

809

845

ksba_name_release (name2);

810

846

}

811

if (err && gpg_err_code (err) != GPG_ERR_EOF)

812

fputs (" crlDP: [error]\n", fp);

847

if (err && gpg_err_code (err) != GPG_ERR_EOF

848

&& gpg_err_code (err) != GPG_ERR_NO_VALUE)

849

es_fputs (" crlDP: [error]\n", fp);

813

850

else if (!idx)

814

fputs (" crlDP: [none]\n", fp);

851

es_fputs (" crlDP: [none]\n", fp);

815

852

816

853

817

854

/* authorityInfoAccess. */

818

855

for (idx=0; !(err=ksba_cert_get_authority_info_access (cert, idx, &string,

819

856

&name)); idx++)

820

857

{

821

fputs (" authInfo: ", fp);

858

es_fputs (" authInfo: ", fp);

822

859

s = get_oid_desc (string, NULL);

823

fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");

860

es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");

824

861

print_names_raw (fp, -15, name);

825

862

ksba_name_release (name);

826

863

ksba_free (string);

827

864

}

828

if (err && gpg_err_code (err) != GPG_ERR_EOF)

829

fputs (" authInfo: [error]\n", fp);

865

if (err && gpg_err_code (err) != GPG_ERR_EOF

866

&& gpg_err_code (err) != GPG_ERR_NO_VALUE)

867

es_fputs (" authInfo: [error]\n", fp);

830

868

else if (!idx)

831

fputs (" authInfo: [none]\n", fp);

869

es_fputs (" authInfo: [none]\n", fp);

832

870

833

871

/* subjectInfoAccess. */

834

872

for (idx=0; !(err=ksba_cert_get_subject_info_access (cert, idx, &string,

835

873

&name)); idx++)

836

874

{

837

fputs (" subjectInfo: ", fp);

875

es_fputs (" subjectInfo: ", fp);

838

876

s = get_oid_desc (string, NULL);

839

fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");

877

es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");

840

878

print_names_raw (fp, -15, name);

841

879

ksba_name_release (name);

842

880

ksba_free (string);

843

881

}

844

if (err && gpg_err_code (err) != GPG_ERR_EOF)

845

fputs (" subjInfo: [error]\n", fp);

882

if (err && gpg_err_code (err) != GPG_ERR_EOF

883

&& gpg_err_code (err) != GPG_ERR_NO_VALUE)

884

es_fputs (" subjInfo: [error]\n", fp);

846

885

else if (!idx)

847

fputs (" subjInfo: [none]\n", fp);

886

es_fputs (" subjInfo: [none]\n", fp);

848

887

849

888

850

889

for (idx=0; !(err=ksba_cert_get_extension (cert, idx,

855

894

s = get_oid_desc (oid, &flag);

856

895

857

896

if (!(flag & 1))

858

fprintf (fp, " %s: %s%s%s%s [%d octets]\n",

897

es_fprintf (fp, " %s: %s%s%s%s [%d octets]\n",

859

898

i? "critExtn":" extn",

860

899

oid, s?" (":"", s?s:"", s?")":"", (int)len);

861

900

}

863

902

864

903

if (with_validation)

865

904

{

866

err = gpgsm_validate_chain (ctrl, cert, NULL, 1, fp, 0);

905

err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL);

867

906

if (!err)

868

fprintf (fp, " [certificate is good]\n");

907

es_fprintf (fp, " [certificate is good]\n");

869

908

else

870

fprintf (fp, " [certificate is bad: %s]\n", gpg_strerror (err));

909

es_fprintf (fp, " [certificate is bad: %s]\n", gpg_strerror (err));

871

910

}

872

911

873

912

if (opt.with_ephemeral_keys && hd)

876

915

877

916

err = keydb_get_flags (hd, KEYBOX_FLAG_BLOB, 0, &blobflags);

878

917

if (err)

879

fprintf (fp, " [error getting keyflags: %s]\n", gpg_strerror (err));

880

else if ((blobflags & 2))

881

fprintf (fp, " [stored as ephemeral]\n");

918

es_fprintf (fp, " [error getting keyflags: %s]\n",gpg_strerror (err));

919

else if ((blobflags & KEYBOX_FLAG_BLOB_EPHEMERAL))

920

es_fprintf (fp, " [stored as ephemeral]\n");

882

921

}

883

922

884

923

}

888

927

889

928

/* List one certificate in standard mode */

890

929

static void

891

list_cert_std (ctrl_t ctrl, ksba_cert_t cert, FILE *fp, int have_secret,

930

list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,

892

931

int with_validation)

893

932

{

894

933

gpg_error_t err;

900

939

unsigned int kusage;

901

940

char *string, *p, *pend;

902

941

942

es_fprintf (fp, " ID: 0x%08lX\n",

943

gpgsm_get_short_fingerprint (cert));

944

903

945

sexp = ksba_cert_get_serial (cert);

904

fputs ("Serial number: ", fp);

946

es_fputs (" S/N: ", fp);

905

947

gpgsm_print_serial (fp, sexp);

906

948

ksba_free (sexp);

907

putc ('\n', fp);

949

es_putc ('\n', fp);

908

950

909

951

dn = ksba_cert_get_issuer (cert, 0);

910

fputs (" Issuer: ", fp);

911

gpgsm_print_name (fp, dn);

952

es_fputs (" Issuer: ", fp);

953

gpgsm_es_print_name (fp, dn);

912

954

ksba_free (dn);

913

putc ('\n', fp);

955

es_putc ('\n', fp);

914

956

for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)

915

957

{

916

fputs (" aka: ", fp);

917

gpgsm_print_name (fp, dn);

958

es_fputs (" aka: ", fp);

959

gpgsm_es_print_name (fp, dn);

918

960

ksba_free (dn);

919

putc ('\n', fp);

961

es_putc ('\n', fp);

920

962

}

921

963

922

964

dn = ksba_cert_get_subject (cert, 0);

923

fputs (" Subject: ", fp);

924

gpgsm_print_name (fp, dn);

965

es_fputs (" Subject: ", fp);

966

gpgsm_es_print_name (fp, dn);

925

967

ksba_free (dn);

926

putc ('\n', fp);

968

es_putc ('\n', fp);

927

969

for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)

928

970

{

929

fputs (" aka: ", fp);

930

gpgsm_print_name (fp, dn);

971

es_fputs (" aka: ", fp);

972

gpgsm_es_print_name (fp, dn);

931

973

ksba_free (dn);

932

putc ('\n', fp);

974

es_putc ('\n', fp);

933

975

}

934

976

935

977

ksba_cert_get_validity (cert, 0, t);

936

fputs (" validity: ", fp);

978

es_fputs (" validity: ", fp);

937

979

gpgsm_print_time (fp, t);

938

fputs (" through ", fp);

980

es_fputs (" through ", fp);

939

981

ksba_cert_get_validity (cert, 1, t);

940

982

gpgsm_print_time (fp, t);

941

putc ('\n', fp);

983

es_putc ('\n', fp);

942

984

943

985

944

986

{

946

988

unsigned int nbits;

947

989

948

990

algoname = gcry_pk_algo_name (gpgsm_get_key_algo_info (cert, &nbits));

949

fprintf (fp, " key type: %u bit %s\n", nbits, algoname? algoname:"?");

991

es_fprintf (fp, " key type: %u bit %s\n",

992

nbits, algoname? algoname:"?");

950

993

}

951

994

952

995

953

996

err = ksba_cert_get_key_usage (cert, &kusage);

954

997

if (gpg_err_code (err) != GPG_ERR_NO_DATA)

955

998

{

956

fputs (" key usage:", fp);

999

es_fputs (" key usage:", fp);

957

1000

if (err)

958

fprintf (fp, " [error: %s]", gpg_strerror (err));

1001

es_fprintf (fp, " [error: %s]", gpg_strerror (err));

959

1002

else

960

1003

{

961

1004

if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))

962

fputs (" digitalSignature", fp);

1005

es_fputs (" digitalSignature", fp);

963

1006

if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))

964

fputs (" nonRepudiation", fp);

1007

es_fputs (" nonRepudiation", fp);

965

1008

if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))

966

fputs (" keyEncipherment", fp);

1009

es_fputs (" keyEncipherment", fp);

967

1010

if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))

968

fputs (" dataEncipherment", fp);

1011

es_fputs (" dataEncipherment", fp);

969

1012

if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))

970

fputs (" keyAgreement", fp);

1013

es_fputs (" keyAgreement", fp);

971

1014

if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))

972

fputs (" certSign", fp);

1015

es_fputs (" certSign", fp);

973

1016

if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))

974

fputs (" crlSign", fp);

1017

es_fputs (" crlSign", fp);

975

1018

if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))

976

fputs (" encipherOnly", fp);

1019

es_fputs (" encipherOnly", fp);

977

1020

if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))

978

fputs (" decipherOnly", fp);

1021

es_fputs (" decipherOnly", fp);

979

1022

}

980

putc ('\n', fp);

1023

es_putc ('\n', fp);

981

1024

}

982

1025

983

1026

err = ksba_cert_get_ext_key_usages (cert, &string);

984

1027

if (gpg_err_code (err) != GPG_ERR_NO_DATA)

985

1028

{

986

fputs ("ext key usage: ", fp);

1029

es_fputs ("ext key usage: ", fp);

987

1030

if (err)

988

fprintf (fp, "[error: %s]", gpg_strerror (err));

1031

es_fprintf (fp, "[error: %s]", gpg_strerror (err));

989

1032

else

990

1033

{

991

1034

p = string;

995

1038

for (i=0; key_purpose_map[i].oid; i++)

996

1039

if ( !strcmp (key_purpose_map[i].oid, p) )

997

1040

break;

998

fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);

1041

es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);

999

1042

p = pend;

1000

1043

if (*p != 'C')

1001

fputs (" (suggested)", fp);

1044

es_fputs (" (suggested)", fp);

1002

1045

if ((p = strchr (p, '\n')))

1003

1046

{

1004

1047

p++;

1005

fputs (", ", fp);

1048

es_fputs (", ", fp);

1006

1049

}

1007

1050

}

1008

1051

xfree (string);

1009

1052

}

1010

putc ('\n', fp);

1053

es_putc ('\n', fp);

1011

1054

}

1012

1055

1013

1056

err = ksba_cert_get_cert_policies (cert, &string);

1014

1057

if (gpg_err_code (err) != GPG_ERR_NO_DATA)

1015

1058

{

1016

fputs (" policies: ", fp);

1059

es_fputs (" policies: ", fp);

1017

1060

if (err)

1018

fprintf (fp, "[error: %s]", gpg_strerror (err));

1061

es_fprintf (fp, "[error: %s]", gpg_strerror (err));

1019

1062

else

1020

1063

{

1021

1064

for (p=string; *p; p++)

1023

1066

if (*p == '\n')

1024

1067

*p = ',';

1025

1068

}

1026

print_sanitized_string (fp, string, 0);

1069

es_write_sanitized (fp, string, strlen (string), NULL, NULL);

1027

1070

xfree (string);

1028

1071

}

1029

putc ('\n', fp);

1072

es_putc ('\n', fp);

1030

1073

}

1031

1074

1032

1075

err = ksba_cert_is_ca (cert, &is_ca, &chainlen);

1033

1076

if (err || is_ca)

1034

1077

{

1035

fputs (" chain length: ", fp);

1036

if (err)

1037

fprintf (fp, "[error: %s]", gpg_strerror (err));

1078

es_fputs (" chain length: ", fp);

1079

if (gpg_err_code (err) == GPG_ERR_NO_VALUE )

1080

es_fprintf (fp, "none");

1081

else if (err)

1082

es_fprintf (fp, "[error: %s]", gpg_strerror (err));

1038

1083

else if (chainlen == -1)

1039

fputs ("unlimited", fp);

1084

es_fputs ("unlimited", fp);

1040

1085

else

1041

fprintf (fp, "%d", chainlen);

1042

putc ('\n', fp);

1086

es_fprintf (fp, "%d", chainlen);

1087

es_putc ('\n', fp);

1043

1088

}

1044

1089

1045

1090

if (opt.with_md5_fingerprint)

1046

1091

{

1047

1092

dn = gpgsm_get_fingerprint_string (cert, GCRY_MD_MD5);

1048

fprintf (fp, " md5 fpr: %s\n", dn?dn:"error");

1093

es_fprintf (fp, " md5 fpr: %s\n", dn?dn:"error");

1049

1094

xfree (dn);

1050

1095

}

1051

1096

1052

1097

dn = gpgsm_get_fingerprint_string (cert, 0);

1053

fprintf (fp, " fingerprint: %s\n", dn?dn:"error");

1098

es_fprintf (fp, " fingerprint: %s\n", dn?dn:"error");

1054

1099

xfree (dn);

1055

1100

1056

1101

1061

1106

size_t buflen;

1062

1107

char buffer[1];

1063

1108

1064

err = gpgsm_validate_chain (ctrl, cert, NULL, 1, fp, 0);

1109

err = gpgsm_validate_chain (ctrl, cert, "", NULL, 1, fp, 0, NULL);

1065

1110

tmperr = ksba_cert_get_user_data (cert, "is_qualified",

1066

1111

&buffer, sizeof (buffer), &buflen);

1067

1112

if (!tmperr && buflen)

1068

1113

{

1069

1114

if (*buffer)

1070

fputs (" [qualified]\n", fp);

1115

es_fputs (" [qualified]\n", fp);

1071

1116

}

1072

1117

else if (gpg_err_code (tmperr) == GPG_ERR_NOT_FOUND)

1073

1118

; /* Don't know - will not get marked as 'q' */

1076

1121

gpg_strerror (tmperr));

1077

1122

1078

1123

if (!err)

1079

fprintf (fp, " [certificate is good]\n");

1124

es_fprintf (fp, " [certificate is good]\n");

1080

1125

else

1081

fprintf (fp, " [certificate is bad: %s]\n", gpg_strerror (err));

1126

es_fprintf (fp, " [certificate is bad: %s]\n", gpg_strerror (err));

1082

1127

}

1083

1128

}

1084

1129

1087

1132

static void

1088

1133

list_cert_chain (ctrl_t ctrl, KEYDB_HANDLE hd,

1089

1134

ksba_cert_t cert, int raw_mode,

1090

FILE *fp, int with_validation)

1135

estream_t fp, int with_validation)

1091

1136

{

1092

1137

ksba_cert_t next = NULL;

1093

1138

1096

1141

else

1097

1142

list_cert_std (ctrl, cert, fp, 0, with_validation);

1098

1143

ksba_cert_ref (cert);

1099

while (!gpgsm_walk_cert_chain (cert, &next))

1144

while (!gpgsm_walk_cert_chain (ctrl, cert, &next))

1100

1145

{

1101

1146

ksba_cert_release (cert);

1102

fputs ("Certified by\n", fp);

1147

es_fputs ("Certified by\n", fp);

1103

1148

if (raw_mode)

1104

1149

list_cert_raw (ctrl, hd, next, fp, 0, with_validation);

1105

1150

else

1107

1152

cert = next;

1108

1153

}

1109

1154

ksba_cert_release (cert);

1110

putc ('\n', fp);

1155

es_putc ('\n', fp);

1111

1156

}

1112

1157

1113

1158

1115

1160

/* List all internal keys or just the keys given as NAMES. MODE is a

1116

1161

bit vector to specify what keys are to be included; see

1117

1162

gpgsm_list_keys (below) for details. If RAW_MODE is true, the raw

1118

output mode will be used intead of the standard beautified one.

1163

output mode will be used instead of the standard beautified one.

1119

1164

1120

1165

static gpg_error_t

1121

list_internal_keys (ctrl_t ctrl, STRLIST names, FILE *fp,

1166

list_internal_keys (ctrl_t ctrl, strlist_t names, estream_t fp,

1122

1167

unsigned int mode, int raw_mode)

1123

1168

{

1124

1169

KEYDB_HANDLE hd;

1125

1170

KEYDB_SEARCH_DESC *desc = NULL;

1126

STRLIST sl;

1171

strlist_t sl;

1127

1172

int ndesc;

1128

1173

ksba_cert_t cert = NULL;

1174

ksba_cert_t lastcert = NULL;

1129

1175

gpg_error_t rc = 0;

1130

1176

const char *lastresname, *resname;

1131

1177

int have_secret;

1149

1195

desc = xtrycalloc (ndesc, sizeof *desc);

1150

1196

if (!ndesc)

1151

1197

{

1152

rc = gpg_error_from_errno (errno);

1198

rc = gpg_error_from_syserror ();

1153

1199

log_error ("out of core\n");

1154

1200

goto leave;

1155

1201

}

1183

1229

currently we stop at the first match. To do this we need an

1184

1230

extra flag to enable this feature so */

1185

1231

1232

/* Suppress duplicates at least when they follow each other. */

1186

1233

lastresname = NULL;

1187

1234

while (!(rc = keydb_search (hd, desc, ndesc)))

1188

1235

{

1203

1250

log_error ("keydb_get_cert failed: %s\n", gpg_strerror (rc));

1204

1251

goto leave;

1205

1252

}

1206

1253

/* Skip duplicated certificates, at least if they follow each

1254

others. This works best if a single key is searched for and

1255

expected. FIXME: Non-sequential duplicates remain. */

1256

if (gpgsm_certs_identical_p (cert, lastcert))

1257

{

1258

ksba_cert_release (cert);

1259

continue;

1260

}

1261

1207

1262

resname = keydb_get_resource_name (hd);

1208

1263

1209

1264

if (lastresname != resname )

1212

1267

1213

1268

if (ctrl->no_server)

1214

1269

{

1215

fprintf (fp, "%s\n", resname );

1270

es_fprintf (fp, "%s\n", resname );

1216

1271

for (i=strlen(resname); i; i-- )

1217

putchar('-');

1218

putc ('\n', fp);

1272

es_putc ('-', fp);

1273

es_putc ('\n', fp);

1219

1274

lastresname = resname;

1220

1275

}

1221

1276

}

1253

1308

else

1254

1309

list_cert_std (ctrl, cert, fp, have_secret,

1255

1310

ctrl->with_validation);

1256

putc ('\n', fp);

1311

es_putc ('\n', fp);

1257

1312

}

1258

1313

}

1259

ksba_cert_release (cert);

1314

1315

ksba_cert_release (lastcert);

1316

lastcert = cert;

1260

1317

cert = NULL;

1261

1318

}

1262

1319

if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1 )

1266

1323

1267

1324

leave:

1268

1325

ksba_cert_release (cert);

1326

ksba_cert_release (lastcert);

1269

1327

xfree (desc);

1270

1328

keydb_release (hd);

1271

1329

return rc;

1286

1344

const char *resname = "[external keys]";

1287

1345

int i;

1288

1346

1289

fprintf (parm->fp, "%s\n", resname );

1347

es_fprintf (parm->fp, "%s\n", resname );

1290

1348

for (i=strlen(resname); i; i-- )

1291

putchar('-');

1292

putc ('\n', parm->fp);

1349

es_putc('-', parm->fp);

1350

es_putc ('\n', parm->fp);

1293

1351

parm->print_header = 0;

1294

1352

}

1295

1353

1303

1361

list_cert_raw (parm->ctrl, NULL, cert, parm->fp, 0, 0);

1304

1362

else

1305

1363

list_cert_std (parm->ctrl, cert, parm->fp, 0, 0);

1306

putc ('\n', parm->fp);

1364

es_putc ('\n', parm->fp);

1307

1365

}

1308

1366

}

1309

1367

1312

1370

make sense here because it would be unwise to list external secret

1313

1371

keys */

1314

1372

static gpg_error_t

1315

list_external_keys (CTRL ctrl, STRLIST names, FILE *fp, int raw_mode)

1373

list_external_keys (ctrl_t ctrl, strlist_t names, estream_t fp, int raw_mode)

1316

1374

{

1317

1375

int rc;

1318

1376

struct list_external_parm_s parm;

1324

1382

parm.with_chain = ctrl->with_chain;

1325

1383

parm.raw_mode = raw_mode;

1326

1384

1327

rc = gpgsm_dirmngr_lookup (ctrl, names, list_external_cb, &parm);

1385

rc = gpgsm_dirmngr_lookup (ctrl, names, 0, list_external_cb, &parm);

1328

1386

if (rc)

1329

1387

log_error ("listing external keys failed: %s\n", gpg_strerror (rc));

1330

1388

return rc;

1342

1400

Bit 8: Do a raw format dump.

1343

1401

1344

1402

gpg_error_t

1345

gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)

1403

gpgsm_list_keys (ctrl_t ctrl, strlist_t names, estream_t fp,

1404

unsigned int mode)

1346

1405

{

1347

1406

gpg_error_t err = 0;

1348

1407

Older »