Exporting secret keys via gpg-agent is now basically supported.

A couple of forward ported changes. Doc updates.
author: Werner Koch <wk@gnupg.org> 2010-10-01 22:33:53 +0200
committer: Werner Koch <wk@gnupg.org> 2010-10-01 22:33:53 +0200
commit: bfbd80feb95fba36292cd9dab43016f17b1e6972 (patch)
tree: 9afbfd29e8aeb78fa34a1a49d8b8071554d4f593 /sm
parent: * options.skel: Make the example for force-v3-sigs match reality (it (diff)
download: gnupg2-bfbd80feb95fba36292cd9dab43016f17b1e6972.tar.xz
gnupg2-bfbd80feb95fba36292cd9dab43016f17b1e6972.zip
5 files changed, 26 insertions, 9 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog
index 82a1f998b..9a68f8d43 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,13 @@
+2010-09-16  Werner Koch  <wk@g10code.com>
+
+	* certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT.
+	(do_validate_chain): Ditto.
+	(gpgsm_basic_cert_check): Ditto.
+	* call-agent.c (learn_cb): Take care of new
+	GPG_ERR_MISSING_ISSUER_CERT.
+	* import.c (check_and_store): Ditto.
+	(check_and_store): Ditto.
+
 2010-08-16  Werner Koch  <wk@g10code.com>
 
 	* gpgsm.c (main) <aGPGConfList>: Use es_printf.
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 3bfa9f049..81d486bd2 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -887,7 +887,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
      because we can assume that the --learn-card command has been used
      on purpose.  */
   rc = gpgsm_basic_cert_check (parm->ctrl, cert);
-  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT)
+  if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT
+      && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT)
     log_error ("invalid certificate: %s\n", gpg_strerror (rc));
   else
     {
diff --git a/sm/certchain.c b/sm/certchain.c
index bbb8bbe8d..40ab6a4b5 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -789,7 +789,7 @@ gpgsm_walk_cert_chain (ctrl_t ctrl, ksba_cert_t start, ksba_cert_t *r_next)
          print an error here.  */
       if (rc != -1 && opt.verbose > 1)
         log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-      rc = gpg_error (GPG_ERR_MISSING_CERT);
+      rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
       goto leave;
     }
 
@@ -1496,7 +1496,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg,
             }
           else
             log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-          rc = gpg_error (GPG_ERR_MISSING_CERT);
+          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
           goto leave;
         }
 
@@ -1897,7 +1897,7 @@ gpgsm_basic_cert_check (ctrl_t ctrl, ksba_cert_t cert)
             }
           else
             log_error ("failed to find issuer's certificate: rc=%d\n", rc);
-          rc = gpg_error (GPG_ERR_MISSING_CERT);
+          rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT);
           goto leave;
         }
       
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index cc8c5404e..226704a98 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -287,7 +287,7 @@ static ARGPARSE_OPTS opts[] = {
 
   ARGPARSE_s_s (oAuditLog, "audit-log", 
                 N_("|FILE|write an audit log to FILE")),
-  ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""),
+  ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"),
   ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")),
   ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")),
   ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")),
diff --git a/sm/import.c b/sm/import.c
index 69a64f1c8..c70e4e916 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -194,7 +194,8 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
   if (!rc && ctrl->with_validation)
     rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL);
   if (!rc || (!ctrl->with_validation
-              && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) )
+              && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT
+                  || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT)))
     {
       int existed;
 
@@ -253,9 +254,14 @@ check_and_store (ctrl_t ctrl, struct stats_s *stats,
       log_error (_("basic certificate checks failed - not imported\n"));
       if (stats)
         stats->not_imported++;
-      print_import_problem (ctrl, cert,
-                            gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
-                            gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
+      /* We keep the test for GPG_ERR_MISSING_CERT only in case
+         GPG_ERR_MISSING_CERT has been used instead of the newer
+         GPG_ERR_MISSING_ISSUER_CERT.  */
+      print_import_problem 
+        (ctrl, cert,
+         gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 :
+         gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 :
+         gpg_err_code (rc) == GPG_ERR_BAD_CERT?     1 : 0);
     }
 }
author	Werner Koch <wk@gnupg.org>	2010-10-01 22:33:53 +0200
committer	Werner Koch <wk@gnupg.org>	2010-10-01 22:33:53 +0200
commit	bfbd80feb95fba36292cd9dab43016f17b1e6972 (patch)
tree	9afbfd29e8aeb78fa34a1a49d8b8071554d4f593 /sm
parent	* options.skel: Make the example for force-v3-sigs match reality (it (diff)
download	gnupg2-bfbd80feb95fba36292cd9dab43016f17b1e6972.tar.xz gnupg2-bfbd80feb95fba36292cd9dab43016f17b1e6972.zip