* configure.ac: Do not build gpg by default.

* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
* certchain.c (gpgsm_validate_chain): Make use of it.

* certchain.c (gpgsm_validate_chain): Check revocations even for
expired certificates.  This is required because on signature
verification an expired key is fine whereas a revoked one is not.

* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.

15 files changed, 97 insertions, 43 deletions

diff --git a/ChangeLog b/ChangeLog
index 013241648..cfe0f863b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2005-04-21  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Do not build gpg by default.
+
+2005-04-20  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Test whether GPG_ERR_LOCKED is declared and
+	provide a replacement if not.
+
 2005-04-15  Werner Koch  <wk@g10code.com>
 
 	* configure.ac: Require libksba 0.9.11.
diff --git a/README b/README
index 7e44765a6..7bb83f1f2 100644
--- a/README
+++ b/README
@@ -11,7 +11,8 @@ available in 1.9.
 
 You should use this GnuPG version if you want to use the gpg-agent or
 gpgsm (the S/MIME variant of gpg).  Note that the gpg-agent is also
-helpful when using the standard gpg versions (1.2.x or 1.3.x).
+helpful when using the standard gpg versions (1.3.x as well as some of
+the old 1.2.x).
 
 
 BUILD INSTRUCTIONS
@@ -51,7 +52,7 @@ If everything succeeds, you have a working GnuPG with support for
 S/MIME and smartcards.  Note that there is no binary gpg but a gpg2 so
 that this package won't confict with a GnuPG 1.2 or 1.3
 installation. gpg2 behaves just like gpg; it is however suggested to
-keep using gpg 1.2.x or 1.3.x.
+keep using gpg 1.2.x or 1.3.x. gpg2 is not even build by default.
 
 In case of problem please ask on gpa-dev@gnupg.org for advise.  Note
 that this release is only expected to build on GNU and *BSD systems.
diff --git a/TODO b/TODO
index 26b2cee60..6a0e9b18e 100644
--- a/TODO
+++ b/TODO
@@ -1,10 +1,5 @@
                                                               -*- outline -*-
 
-* IMPORTANT
-Check that openpty and pty.h are available and build symcryptrun only
-then.  Run shred on the temporary files.
-
-
 * src/base64
 ** Make parsing more robust
 Currently we don't cope with overlong lines in the best way.
@@ -23,14 +18,7 @@ might want to have an agent context for each service request
 
 * sm/certchain.c
 ** When a certificate chain was sucessfully verified, make ephemeral certs used  in this chain permanent.
-** figure out how to auto retrieve a key by serialno+issuer.
-   Dirmngr is currently not able to parse more than the CN.
 
-* sm/certlist.c
-** ocspSigning usage is not fully implemented
-   We should review the entire CRL and OCSP validation system.
-   Okay.  This has been fixed in dirmngr when running it in system
-   daemon mode.
 
 * sm/decrypt.c
 ** replace leading zero in integer hack by a cleaner solution
@@ -58,8 +46,6 @@ might want to have an agent context for each service request
 ** A SIGHUP should also restart the scdaemon
    But do this only after all connections terminated.  As of now we
    only send a RESET.
-** Watch the child process if not invoked as a daemon
-   and terminate after the child has terminated
 
 * agent/command.c
 ** Make sure that secure memory is used where appropriate
@@ -69,7 +55,8 @@ might want to have an agent context for each service request
 ** Support DSA
 
 * agent/divert-scd.c
- Remove the agent_reset_scd kludge.
+ Remove the agent_reset_scd kludge.  We will do this after Scdaemon
+ has been changed to allow multiple sessions.  Currently in progress.
 
 * Move pkcs-1 encoding into libgcrypt.
 
@@ -93,11 +80,7 @@ might want to have an agent context for each service request
 ** Explain how to setup a root CA key as trusted
 ** Explain how trustlist.txt might be managed.
 ** Write a script to generate man pages from texi.
-
-* Requirements by the BSI
-** Support authorityKeyIdentifier.keyIdentifier
-   This needs support in libksba/src/cert.c as well as in sm/*.c.
-   Need test certs as well.  Same goes for CRL authorityKeyIdentifier.
+   In progress (yatm)
 
 
 * Windows port
@@ -108,5 +91,9 @@ might want to have an agent context for each service request
 ** No card status notifications.
 
 
-* [scdaemon] release the card after use so that gpg 1.4 is abale to access it
+* scd/
+** Release the card after use so that gpg 1.4 is able to access it
+ This won't be a sufficient change.  we need to change gpg 1.4 to make
+ use of the agent.  Work is underway.
+
 
diff --git a/configure.ac b/configure.ac
index d0ffa8ca4..8654785ee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -62,7 +62,7 @@ have_ksba=no
 have_opensc=no
 have_pth=no
 
-GNUPG_BUILD_PROGRAM(gpg, yes)
+GNUPG_BUILD_PROGRAM(gpg, no)
 GNUPG_BUILD_PROGRAM(gpgsm, yes)
 GNUPG_BUILD_PROGRAM(agent, yes)
 GNUPG_BUILD_PROGRAM(scdaemon, yes)
@@ -313,6 +313,11 @@ AH_BOTTOM([
 #define EXEC_TEMPFILE_ONLY
 #endif
 
+/* Temporary hacks to avoid requring a libgpg-error update. */
+#if !HAVE_DECL_GPG_ERR_LOCKED
+#define GPG_ERR_LOCKED  173
+#endif
+
 ])
 
 AM_MAINTAINER_MODE
@@ -437,6 +442,10 @@ AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)
 #
 AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
                   have_gpg_error=yes,have_gpg_error=no)
+_tmp_gpg_error_save_cflags="$CFLAGS"
+CFLAGS="$CFLAGS $GPG_ERROR_CFLAGS"
+AC_CHECK_DECLS(GPG_ERR_LOCKED,,,[#include <gpg-error.h>])
+CFLAGS="${_tmp_gpg_error_save_cflags}"
 
 
 #
diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi
index df2f71bce..ba98ae87c 100644
--- a/doc/gpgsm.texi
+++ b/doc/gpgsm.texi
@@ -315,6 +315,18 @@ By default the @acronym{CRL} checks are enabled and the DirMngr is used
 to check for revoked certificates.  The disable option is most useful
 with an off-line network connection to suppress this check.
 
+@item  --enable-trusted-cert-crl-check
+@itemx --disable-trusted-cert-crl-check
+@opindex enable-trusted-cert-crl-check
+@opindex disable-trusted-cert-crl-check
+By default the @acronym{CRL} for trusted root certificates are checked
+like for any other certificates.  This allows a CA to revoke its own
+certificates voluntary without the need of putting all ever issued
+certificates into a CRL.  The disable option may be used to switch this
+extra check off.  Due to the caching done by the Dirmngr, there won't be
+any noticeable performance gain.  Note, that this also disables possible
+OCSP checks for trusted root certificates.
+
 @item --force-crl-refresh
 @opindex force-crl-refresh
 Tell the dirmngr to reload the CRL for each request.  For better
diff --git a/scd/ChangeLog b/scd/ChangeLog
index 9d246ffca..c5a1062b8 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,3 +1,7 @@
+2005-04-20  Werner Koch  <wk@g10code.com>
+
+	* command.c: Use GPG_ERR_LOCKED instead of EBUSY.
+
 2005-04-14  Werner Koch  <wk@g10code.com>
 
 	* app-openpgp.c (retrieve_key_material): Rewritten.  Return a
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 13e11e4bc..e9666ee17 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -1274,7 +1274,7 @@ ccid_poll (ccid_driver_t handle)
 }
 
 
-/* Note that this fucntion won't return the error codes NO_CARD or
+/* Note that this function won't return the error codes NO_CARD or
    CARD_INACTIVE */
 int 
 ccid_slot_status (ccid_driver_t handle, int *statusbits)
diff --git a/scd/command.c b/scd/command.c
index 9881b1be0..7d777d8b7 100644
--- a/scd/command.c
+++ b/scd/command.c
@@ -263,7 +263,7 @@ open_card (ctrl_t ctrl, const char *apptype)
     return 0; /* Already initialized using a card context. */
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   if (ctrl->reader_slot != -1)
     slot = ctrl->reader_slot;
@@ -360,7 +360,7 @@ cmd_serialno (assuan_context_t ctx, char *line)
   if (ctrl->server_local->card_removed)
     {
       if ( IS_LOCKED (ctrl) )
-        return gpg_error (GPG_ERR_EBUSY);
+        return gpg_error (GPG_ERR_LOCKED);
       do_reset (ctrl, 0);
     }
 
@@ -745,7 +745,7 @@ cmd_setdata (assuan_context_t ctx, char *line)
   unsigned char *buf;
 
   if (locked_session && locked_session != ctrl->server_local)
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   /* Parse the hexstring. */
   for (p=line,n=0; hexdigitp (p); p++, n++)
@@ -817,7 +817,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
   char *keyidstr;
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   if ((rc = open_card (ctrl, NULL)))
     return rc;
@@ -871,7 +871,7 @@ cmd_pkauth (assuan_context_t ctx, char *line)
   char *keyidstr;
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   if ((rc = open_card (ctrl, NULL)))
     return rc;
@@ -921,7 +921,7 @@ cmd_pkdecrypt (assuan_context_t ctx, char *line)
   char *keyidstr;
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   if ((rc = open_card (ctrl, NULL)))
     return rc;
@@ -1021,7 +1021,7 @@ cmd_setattr (assuan_context_t ctx, char *orig_line)
   char *line, *linebuf;
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   if ((rc = open_card (ctrl, NULL)))
     return rc;
@@ -1076,7 +1076,7 @@ cmd_genkey (assuan_context_t ctx, char *line)
   int force = has_option (line, "--force");
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   /* Skip over options. */
   while ( *line == '-' && line[1] == '-' )
@@ -1165,7 +1165,7 @@ cmd_passwd (assuan_context_t ctx, char *line)
   int reset_mode = has_option (line, "--reset");
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   /* Skip over options. */
   while (*line == '-' && line[1] == '-')
@@ -1212,7 +1212,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
   char *keyidstr;
 
   if ( IS_LOCKED (ctrl) )
-    return gpg_error (GPG_ERR_EBUSY);
+    return gpg_error (GPG_ERR_LOCKED);
 
   if ((rc = open_card (ctrl, NULL)))
     return rc;
@@ -1244,7 +1244,7 @@ cmd_checkpin (assuan_context_t ctx, char *line)
    Grant exclusive card access to this session.  Note that there is
    no lock counter used and a second lock from the same session will
    get ignore.  A single unlock (or RESET) unlocks the session.
-   Return GPG_ERR_EBUSY if another session has locked the reader.
+   Return GPG_ERR_LOCKED if another session has locked the reader.
 
    If the option --wait is given the command will wait until a
    lock has been released.
@@ -1259,7 +1259,7 @@ cmd_lock (assuan_context_t ctx, char *line)
   if (locked_session)
     {
       if (locked_session != ctrl->server_local)
-        rc = gpg_error (GPG_ERR_EBUSY);
+        rc = gpg_error (GPG_ERR_LOCKED);
     }
   else
     locked_session = ctrl->server_local;
@@ -1293,7 +1293,7 @@ cmd_unlock (assuan_context_t ctx, char *line)
   if (locked_session)
     {
       if (locked_session != ctrl->server_local)
-        rc = gpg_error (GPG_ERR_EBUSY);
+        rc = gpg_error (GPG_ERR_LOCKED);
       else
         locked_session = NULL;
     }
diff --git a/sm/ChangeLog b/sm/ChangeLog
index b209b9d4b..aa8e8671f 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,5 +1,8 @@
 2005-04-21  Werner Koch  <wk@g10code.com>
 
+	* gpgsm.c: New options --{enable,disable}-trusted-cert-crl-check.
+	* certchain.c (gpgsm_validate_chain): Make use of it.
+
 	* certchain.c (gpgsm_validate_chain): Check revocations even for
 	expired certificates.  This is required because on signature
 	verification an expired key is fine whereas a revoked one is not.
diff --git a/sm/certchain.c b/sm/certchain.c
index 2e491f590..02e5b409f 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -752,13 +752,13 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
         }
 
 
-      /* Is this a self-signed certificate? */
+      /* Is this a self-issued certificate? */
       if (subject && !strcmp (issuer, subject))
         {  /* Yes. */
           if (gpgsm_check_cert_sig (subject_cert, subject_cert) )
             {
               do_list (1, lm, fp,
-                       _("selfsigned certificate has a BAD signature"));
+                       _("self-signed certificate has a BAD signature"));
               if (DBG_X509)
                 {
                   gpgsm_dump_cert ("self-signing cert", subject_cert);
@@ -816,7 +816,9 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime,
 
           /* Check for revocations etc. */
           if ((flags & 1))
-            rc = 0;
+            ;
+          else if (opt.no_trusted_cert_crl_check)
+            ; 
           else
             rc = is_cert_still_valid (ctrl, lm, fp,
                                       subject_cert, subject_cert,
@@ -1045,7 +1047,7 @@ gpgsm_basic_cert_check (ksba_cert_t cert)
       rc = gpgsm_check_cert_sig (cert, cert);
       if (rc)
         {
-          log_error ("selfsigned certificate has a BAD signature: %s\n",
+          log_error ("self-signed certificate has a BAD signature: %s\n",
                      gpg_strerror (rc));
           if (DBG_X509)
             {
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index dae547702..fb6533030 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -130,6 +130,8 @@ enum cmd_and_opt_values {
 
   oDisableCRLChecks,
   oEnableCRLChecks,
+  oDisableTrustedCertCRLCheck,
+  oEnableTrustedCertCRLCheck,
   oForceCRLRefresh,
 
   oDisableOCSP,
@@ -285,6 +287,8 @@ static ARGPARSE_OPTS opts[] = {
       N_("use system's dirmngr if available")},
     { oDisableCRLChecks, "disable-crl-checks", 0, N_("never consult a CRL")},
     { oEnableCRLChecks, "enable-crl-checks", 0, "@"},
+    { oDisableTrustedCertCRLCheck, "disable-trusted-cert-crl-check", 0, "@"},
+    { oEnableTrustedCertCRLCheck, "enable-trusted-cert-crl-check", 0, "@"},
     { oForceCRLRefresh, "force-crl-refresh", 0, "@"},
 
     { oDisableOCSP, "disable-ocsp", 0, "@" },
@@ -973,6 +977,12 @@ main ( int argc, char **argv)
         case oEnableCRLChecks:
           opt.no_crl_check = 0;
           break;
+        case oDisableTrustedCertCRLCheck:
+          opt.no_trusted_cert_crl_check = 1;
+          break;
+        case oEnableTrustedCertCRLCheck:
+          opt.no_trusted_cert_crl_check = 0;
+          break;
         case oForceCRLRefresh:
           opt.force_crl_refresh = 1;
           break;
@@ -1352,6 +1362,8 @@ main ( int argc, char **argv)
                 GC_OPT_FLAG_NONE );
         printf ("disable-crl-checks:%lu:\n",
                 GC_OPT_FLAG_NONE );
+        printf ("disable-trusted-cert-crl-check:%lu:\n",
+                GC_OPT_FLAG_NONE );
         printf ("enable-ocsp:%lu:\n",
                 GC_OPT_FLAG_NONE );
         printf ("include-certs:%lu:1:\n",
diff --git a/sm/gpgsm.h b/sm/gpgsm.h
index aafc4815d..1068e9d5e 100644
--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@@ -97,6 +97,7 @@ struct {
   int ignore_time_conflict; /* Ignore certain time conflicts */
 
   int no_crl_check;         /* Don't do a CRL check */
+  int no_trusted_cert_crl_check; /* Don't run a CRL check for trusted certs. */
   int force_crl_refresh;    /* Force refreshing the CRL. */
   int enable_ocsp;          /* Default to use OCSP checks. */
 
diff --git a/tools/ChangeLog b/tools/ChangeLog
index 7fd4c2899..b5a104ce6 100644
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@@ -1,3 +1,11 @@
+2005-04-21  Werner Koch  <wk@g10code.com>
+
+	* gpgconf-comp.c: Add gpgsm option disable-trusted-cert-crl-check.
+
+2005-04-20  Werner Koch  <wk@g10code.com>
+
+	* gpgconf-comp.c: Add gpg-agent:disable-scdaemon.
+
 2005-04-19  Marcus Brinkmann  <marcus@g10code.de>
 
 	* symcryptrun.c: Add --input option.
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 5e6777e1f..c49d1dcbb 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -449,6 +449,9 @@ static gc_option_t gc_options_gpg_agent[] =
    { "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
      "gnupg", "|FILE|read options from FILE",
      GC_ARG_TYPE_PATHNAME, GC_BACKEND_GPG_AGENT },
+   { "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
+     "gnupg", "do not use the SCdaemon",
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
 
    { "Debug",
      GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
@@ -651,6 +654,9 @@ static gc_option_t gc_options_gpgsm[] =
    { "disable-crl-checks", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
      "gnupg", "never consult a CRL",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
+   { "disable-trusted-cert-crl-check", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
+     "gnupg", N_("do not check CRLs for root certificates"),
+     GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
    { "enable-ocsp", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
      "gnupg", "check validity using OCSP",
      GC_ARG_TYPE_NONE, GC_BACKEND_GPGSM },
diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c
index 8637987f8..f5fd496b8 100644
--- a/tools/symcryptrun.c
+++ b/tools/symcryptrun.c
@@ -124,7 +124,7 @@ enum cmd_and_opt_values
     oKeyfile,
     oDecrypt,
     oEncrypt,
-    oInput,
+    oInput
   };