2002-12-03  Werner Koch  <wk@gnupg.org>

	* ber-decoder.c (cmp_tag): Handle ANY tag even when the classes
	don't match.  Test case arecertificates with a id-aa-encrypKeyPref.

2002-11-25  Werner Koch  <wk@gnupg.org>

	* cms.c (ksba_cms_get_sigattr_oids): New.
	(build_signed_data_attributes): Store the content-type.
	* der-encoder.c (_ksba_der_store_oid): Handle TYPE_ANY.

2002-10-22  Werner Koch  <wk@gnupg.org>

	* asn1-parse.y (yyparse): Prefix with _ksba_asn1_.

	* asn1-func.c (_asn1_find_left): Made static.

	* dn.c (parse_rdn): Add a parse-only mode to determine the end os
	a part.
	(_ksba_dn_from_str): Parse the string in reversed order as
	specified by rfc2253.

2002-08-23  Werner Koch  <wk@gnupg.org>

	* ksba.m4: Removed unnecessary libs
	* ksba-config.in: Made --prefix work for --libs.
	* Makefile.am (EXTRA_DIST): Add ksba.m4

2002-08-21  Werner Koch  <wk@gnupg.org>

	* der-encoder.c (_ksba_der_copy_tree)
	* crl.c (ksba_crl_get_issuer)
	* cms.c (ksba_cms_get_issuer_serial)
	(ksba_cms_get_sig_val)
	(ksba_cms_get_enc_val) 
	* cert.c (ksba_cert_get_image)
	(ksba_cert_hash)
	(ksba_cert_get_serial)
	(ksba_cert_get_sig_val): Removed all debugging output for encoding
	errors.

2002-08-13  Werner Koch  <wk@gnupg.org>

	* ksba.m4: New.

2002-08-06  Werner Koch  <wk@gnupg.org>

	* cms.h (signer_info_s, sig_val_s): New.  Actually moved out of
	ksba_cms_s and made it pointers there.
	* cms.c (ksba_cms_release): Changed for new types of signer_info
	and sig_val.
	(ksba_cms_get_issuer_serial): Implemented index for signer_info.
	(ksba_cms_get_digest_algo): Ditto.
	(ksba_cms_get_message_digest): Ditto.
	(ksba_cms_get_sig_val): Ditto.
	(ksba_cms_hash_signed_attrs): Ditto.
	(build_signed_data_attributes): Build the list of signer_infos.
	(build_signed_data_rest): And process the list.
	(ksba_cms_set_sig_val): Append values.
	(build_signed_data_rest): Use the sig_val list.
	(ct_build_signed_data): Changed check for set sig_val.
	(build_signed_data_header): Fixed writing of more than one algo.
	* cms-parser.c (_ksba_cms_parse_signed_data_part_2): Create a list
	of signer_infos and not just one.

2002-08-05  Werner Koch  <wk@gnupg.org>

	* cms.c (ksba_cms_add_cert): Don't add duplicates.
	* cert.c (_ksba_cert_cmp): New.

2002-07-04  Werner Koch  <wk@gnupg.org>

	* cms.c (ksba_cms_identify): Make sure to read the full first 20
	bytes.

2002-07-02  Werner Koch  <wk@gnupg.org>

	* certreq.c (ksba_certreq_set_sig_val): Don't store a leanding zero.

2002-06-27  Werner Koch  <wk@gnupg.org>

	* cert.c (ksba_cert_get_auth_key_id): Skip keyIdentifier tag.

2002-06-17  Werner Koch  <wk@gnupg.org>

	* cms.c (write_encrypted_cont): Don't use write_octet_stream here
	because this is used with an implicit tag and the outer context
	already provides the constructed containter.

2002-06-13  Werner Koch  <wk@gnupg.org>

	* writer.c (ksba_writer_write_octet_string): Correctly write
	undefined length octet strings.
	* cms.c (ct_build_signed_data): Write an end tag for non-detached
	sigs.
	(build_enveloped_data_header): Fix doc; it is an explicit octect
	string.
	(read_encrypted_cont): Read constructed octet strings.

2002-06-12  Werner Koch  <wk@gnupg.org>

	* writer.c (ksba_writer_write_octet_string): New.
	* cms.c (write_encrypted_cont): Use it here.

2002-05-17  Werner Koch  <wk@gnupg.org>

	* Makefile.am: Tweaked to avoid double compilations.

	* cms.c (ksba_cms_identify): New.

2002-05-16  Werner Koch  <wk@gnupg.org>

	* cms-parser.c (_ksba_cms_parse_signed_data_part_1): Never
	allocate 0 bytes - this is not defined.

2002-05-04  Werner Koch  <wk@gnupg.org>

	* dn.c (parse_rdn): Better detection of empty elements.

2002-04-27  Werner Koch  <wk@gnupg.org>

	* cms.c (read_and_hash_cont): Handle constructed octet strings.
	* cms-parser.c (_ksba_cms_parse_signed_data_part_2): Eat one
	pending end tag.

2002-04-15  Werner Koch  <wk@gnupg.org>

	* version.c: New.

	* dn.c (append_ucs4_value,append_ucs2_value): Implemented.

	* cert.c (ksba_cert_get_auth_key_id): New.
	* name.c (_ksba_name_new_from_der): Add support for "Name" type.
	* dn.c (_ksba_derdn_to_str): New.

2002-03-22  Werner Koch  <wk@gnupg.org>

	* cert.c (get_name): Fixed enumerating of alternate names.

	* name.c: New.
	* ksba.h (KsbaName): New.  Added defintions for the name functions.
	(KsbaCRLReason): Changed values to allow use as bit flags.
	* cert.c (parse_distribution_point): New. 
	(ksba_cert_get_crl_dist_point): New.

2002-03-15  Werner Koch  <wk@gnupg.org>

	* asn1-func.c (_ksba_asn_check_identifier): Better check against
	overflow, also the data used is static.

2002-03-13  Werner Koch  <wk@gnupg.org>

	* cms.h (value_tree_s): New and use it for recp_info.
	(enc_val_s): New, use it in certlist and remove it from the
	ksba_cms_s and change all users.
	* cms.c (ksba_cms_set_enc_val): Allow multiple recipients.
	(ksba_cms_add_signer): Keep ordering of signers so that they can
	be implictly counted by an index.
	(build_enveloped_data_header): Fixed the creation of the RID.

	* cms.c (release_value_tree): New.
	(ksba_cms_release): And use it here.
	(ksba_cms_get_issuer_serial): Use the new recp_list structure and
	take the IDX into account.
	(ksba_cms_get_enc_val): Ditto.
	(ksba_cms_set_sig_val,ksba_cms_set_enc_val): Don't store a leading
	zero.

	* cms-parser.c (_ksba_cms_parse_enveloped_data_part_1): Handle
	multiple recipients.

	* cms.c (build_signed_data_rest): Write 3 end tags.
	(ct_build_enveloped_data): Write 4 end tags.

2002-03-12  Werner Koch  <wk@gnupg.org>

	* cms-parser.c (_ksba_cms_parse_signed_data_part_2): Allow an
	empty set of signer infos.

2002-03-11  Werner Koch  <wk@gnupg.org>

	* keyinfo.c: Fixed last change; forgot to set the length.

2002-03-09  Werner Koch  <wk@gnupg.org>

	* keyinfo.c: Add algo for Telesec NetKey cards.

2002-02-19  Werner Koch  <wk@gnupg.org>

	* cert.c (ksba_cert_get_cert_policies): New.

2002-02-07  Werner Koch  <wk@gnupg.org>

	* cert.c (ksba_cert_release): Release the nodes.

2002-02-01  Marcus Brinkmann  <marcus@g10code.de>

	* asn1-parse.y: Add missing colon at end of block.

2002-02-01  Werner Koch  <wk@gnupg.org>

	* cms.c (ksba_cms_set_sig_val): Add kludge to allow "rsa" instead
	of an OID.

2002-01-28  Werner Koch  <wk@gnupg.org>

	* oid.c (ksba_oid_from_str): Fixed docs and return type.

	* certreq.c (ksba_certreq_set_subject): Renamed to..
	(ksba_certreq_add_subject): this and added logic to store
	subjectAltNames.
	(build_extensions): New.
	(build_cri): Write the extensions.

	* ber-help.c (_ksba_ber_encode_tl): New.

2002-01-25  Werner Koch  <wk@gnupg.org>

	* cms.c (build_signed_data_attributes): Write the optional certs.
	* cert.c (ksba_cert_get_image): Don't return the image length but
	the parsed length.

2002-01-24  Werner Koch  <wk@gnupg.org>

	* cms.h: Add new member cert_info_list. 
	* cms.c (ksba_cms_add_cert): New.
	(ksba_cms_release): Release the cert info list.

2002-01-23  Werner Koch  <wk@gnupg.org>

	* crl.c (parse_to_next_update): Use measured length to fixup the
	tbs_len after reading the name.  Check tbs_len before checking 
	for the entry list.

	* ksba.h (KsbaKeyUsage): New.
	* cert.c (ksba_cert_get_key_usage): New.

	* cert.c (get_name): New, implemented rfc822 AltNames.
	(ksba_cert_get_issuer,ksba_cert_get_subject): Use it.

2002-01-22  Werner Koch  <wk@gnupg.org>

	* cert.c (ksba_cert_is_ca): New.

	* ber-help.c (premature_eof): New.
	(eof_or_error): Use it here.
	(_ksba_ber_parse_tl): New.

2002-01-21  Werner Koch  <wk@gnupg.org>

	* cert.c (ksba_cert_get_extension): New.
	(read_extensions): New.
	(ksba_cert_release): Release the cached extension info.

2002-01-14  Werner Koch  <wk@gnupg.org>

	* dn.c: Fixed oid table according to rfc2253.
	(append_atv): Do only use the allowed names.

2002-01-11  Werner Koch  <wk@gnupg.org>

	* dn.c (append_atv): Don't write a trailing hash sign.

	* time.c (_ksba_asntime_to_epoch): Kludge to cope with the Y2038
	problem.

	* crl.c (do_hash): New.  Apply the hashing where needed.

2002-01-10  Werner Koch  <wk@gnupg.org>

	* certreq.c, certreq.h: New.
	* keyinfo.c (_ksba_keyinfo_from_sexp): New.

	* der-encoder.c: Removed commented code.

2002-01-09  Werner Koch  <wk@gnupg.org>

	* dn.c (count_quoted_string, parse_rdn, write_escaped): New.
	(_ksba_dn_from_str): Implemented.

	* ber-help.c (_ksba_ber_count_tl): New.

	* util.h (spacep): New.
	(hexdigitp): Now takes a pointer as arg.
	
	* writer.c (do_writer_write): Set the error flag when we are out
	of core.
	(ksba_writer_snatch_mem): New.

2002-01-08  Werner Koch  <wk@gnupg.org>

	* writer.c (ksba_writer_set_mem): New.
	(do_writer_write): Implemented it here.
	(ksba_writer_get_mem): New.

	* tmttv2.asn (CertificationRequestInfo): Added.

2002-01-07  Werner Koch  <wk@gnupg.org>

	* ksba.h (KsbaCRLReason): New.
	* crl.c: Basically works.

2002-01-05  Werner Koch  <wk@gnupg.org>

	* asn1-func.c (_ksba_asn_find_node): Moved code to ..
	(find_node): new function which allows resolving of identifiers.
	(_ksba_asn_expand_tree): Use the resolving find_node here.

	* keyinfo.c (_ksba_parse_algorithm_identifier2): Reset len2 so
	that a given r_parm returns correct values.

	* ksba.h (KsbaCRL): New typedef and prototypes for the CRL functions.
	* crl.c, crl.h: New but not yet complete.

2001-12-20  Werner Koch  <wk@gnupg.org>

	* cms.c (read_and_hash_cont): New.
	(ct_parse_signed_data): Use it here for non-detached signatures.
	* cms-parser.c (_ksba_cms_parse_signed_data_part_1): Store the
	inner content length.
	(_ksba_cms_parse_signed_data_part_2): Add dummy read code for CRLs.

	* cert.c (ksba_cert_set_serial): Changed to return an entire S-Exp
	and not just an octet string.
	* cms.c (ksba_cms_get_issuer_serial): Ditto.

2001-12-18  Werner Koch  <wk@gnupg.org>

	* Makefile.am (DISTCLEANFILES): Add asn1-tables.c

2001-12-17  Werner Koch  <wk@gnupg.org>

	* cert.c (ksba_cert_get_serial): Does now return a S-expression.
	* cms.c (ksba_cms_get_issuer_serial): Ditto.

	* keyinfo.c: Changed all functions to return canonical encoded S-Exp.

	* Makefile.am (asn1-tables.c): Fixed rule to work with VPATH builds.

2001-12-14  Werner Koch  <wk@gnupg.org>

	* oid.c, time.c, cms.c : Moved atoi macros and digitp macro to ..
	* util.h: .. here.  Fixed digitp macro.  Added hexdigitp.

2001-12-13  Werner Koch  <wk@gnupg.org>

	* cert.c (ksba_cert_get_issuer): Added an idx argument so that the
	function can be used to enumerate alternate names. 
	(ksba_cert_get_subject): Ditto.
	

 Copyright 2001, 2002 g10 Code GmbH

 This file is free software; as a special exception the author gives
 unlimited permission to copy and/or distribute it, with or without
 modifications, as long as this notice is preserved.

 This file is distributed in the hope that it will be useful, but
 WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
