Added support for SHA256. Applied fixes from debian and some other sources.

Improved gui behavior.
7 years ago · 4bb2b88a2a
parent e136e7cbbf
commit 4bb2b88a2a
17 changed files with 255 additions and 61 deletions
--- a/install.sh
+++ b/install.sh
@ -1,9 +1,15 @@
 #!/bin/bash

+rm -rf locale
+
 mkdir -p locale/de/LC_MESSAGES
 mkdir -p locale/es/LC_MESSAGES
 mkdir -p locale/cs/LC_MESSAGES
+mkdir -p locale/fr/LC_MESSAGES
+mkdir -p locale/sv/LC_MESSAGES

 msgfmt po/de.po -o locale/de/LC_MESSAGES/tinyca2.mo
 msgfmt po/es.po -o locale/es/LC_MESSAGES/tinyca2.mo
 msgfmt po/cs.po -o locale/cs/LC_MESSAGES/tinyca2.mo
+msgfmt po/fr.po -o locale/fr/LC_MESSAGES/tinyca2.mo
+msgfmt po/sv.po -o locale/sv/LC_MESSAGES/tinyca2.mo
--- a/lib/CA.pm
+++ b/lib/CA.pm
@ -349,7 +349,7 @@ sub get_ca_create {
      $opts = {};
      $opts->{'days'} = 3650; # set default to 10 years
      $opts->{'bits'} = 4096;
-      $opts->{'digest'} = 'sha1';
+      $opts->{'digest'} = 'sha256';

      if(defined($mode) && $mode eq "sub") { # create SubCA, use defaults
         $opts->{'parentca'} = $main->{'CA'}->{'actca'};
@ -453,7 +453,7 @@ sub get_ca_import {
      $opts = {};
      $opts->{'days'} = 3650; # set default to 10 years
      $opts->{'bits'} = 4096;
-      $opts->{'digest'} = 'sha1';
+      $opts->{'digest'} = 'sha256';
      
      $main->show_ca_import_dialog($opts);
      return;
@ -1062,6 +1062,7 @@ sub create_ca {
            'outdir'     => $self->{$ca}->{'dir'}."/newcerts/",
            'keyfile'    => $self->{$ca}->{'dir'}."/cacert.key",
            'cacertfile' => $self->{$ca}->{'dir'}."/cacert.pem",
+            'digest'     => $opts->{'digest'},
            'pass'       => $opts->{'passwd'},
            'days'       => $opts->{'days'},
            'parentpw'   => $opts->{'parentpw'},
--- a/lib/CERT.pm
+++ b/lib/CERT.pm
@ -480,6 +480,9 @@ sub export_cert {
         $out = '';
         $out .= "Fingerprint (MD5): $opts->{'parsed'}->{'FINGERPRINTMD5'}\n";
         $out .= "Fingerprint (SHA1): $opts->{'parsed'}->{'FINGERPRINTSHA1'}\n\n";
+         $out .= "Fingerprint (SHA256): $opts->{'parsed'}->{'FINGERPRINTSHA256'}\n\n";
+         $out .= "Fingerprint (SHA384): $opts->{'parsed'}->{'FINGERPRINTSHA384'}\n\n";
+         $out .= "Fingerprint (SHA512): $opts->{'parsed'}->{'FINGERPRINTSHA512'}\n\n";
      } else {
         $out = '';
      }
--- a/lib/GUI.pm
+++ b/lib/GUI.pm
@ -29,14 +29,16 @@ my $true=1;
 # This hash maps our internal MD names to the displayed digest names.
 # Maybe it should live in a crypto-related file instead of a UI-related file?
 my %md_algorithms = (
-		     'md5' => 'MD5',
-		     'sha1' => 'SHA1',
-		     'md2' => 'MD2',
-		     'mdc2' => 'MDC2',
-		     'md4' => 'MD4',
+		     'sha256' => 'SHA-256',
+		     'md5' => 'ins.MD5',
+# n/a		     'md2' => 'MD2',
+# n/a		     'mdc2' => 'MDC2',
+		     'md4' => 'ins.MD4',
 		     'ripemd160' => 'RIPEMD-160',
 #		     'sha' => 'SHA',
-		     'sha1' => 'SHA-1',
+		     'sha1' => 'ins.SHA-1',
+		     'sha384' => 'SHA-384',
+		     'sha512' => 'SHA-512',
 		     );

 my %bit_lengths = (
@ -58,7 +60,7 @@ sub new {

   bless($self, $class);

-   $self->{'version'} = '0.7.5';
+   $self->{'version'} = '0.7.6';

   $self->{'words'} = GUI::WORDS->new();

@ -573,6 +575,12 @@ sub create_toolbar {
      
   } elsif($mode eq 'key') {

+      $button = Gtk2::ToolButton->new_from_stock('gtk-revert-to-saved');
+      $self->{'toolbar'}->insert($button, -1);
+      $button->set_label(_("Import"));
+      $button->signal_connect('clicked', sub {
+            $self->{'KEY'}->get_import_key($self) });
+
      $button = Gtk2::ToolButton->new_from_stock('gtk-save');
      $self->{'toolbar'}->insert($button, -1);
      $button->set_label(_("Export"));
@ -978,7 +986,7 @@ sub create_detail_tree {
   $piter = $store->append($root);
   $store->set($piter, 0 => $t);

-   for my $l qw(CN EMAIL O OU C ST L) {
+   for my $l (qw(CN EMAIL O OU C ST L)) {
      if(defined($parsed->{$l})) {
         if($l eq "OU") {
            foreach my $ou (@{$parsed->{'OU'}}) {
@ -1003,7 +1011,7 @@ sub create_detail_tree {
      $piter = $store->append($root);
      $store->set($piter, 0 => $t);
   
-      for my $l qw(CN EMAIL O OU C ST L) {
+      for my $l (qw(CN EMAIL O OU C ST L)) {
         if(defined($parsed->{'ISSUERDN'}->{$l})) {
            if($l eq "OU") {
               foreach my $ou (@{$parsed->{'ISSUERDN'}->{'OU'}}) {
@ -1029,7 +1037,7 @@ sub create_detail_tree {
      $piter = $store->append($root);
      $store->set($piter, 0 => $t);
   
-      for my $l qw(STATUS NOTBEFORE NOTAFTER) {
+      for my $l (qw(STATUS NOTBEFORE NOTAFTER)) {
         if(defined($parsed->{$l})) {
            $citer = $store->append($piter);
            $store->set($citer, 
@ -1045,7 +1053,7 @@ sub create_detail_tree {
   $store->set($piter, 0 => $t);


-   for my $l qw(STATUS SERIAL KEYSIZE PK_ALGORITHM SIG_ALGORITHM TYPE) {
+   for my $l (qw(STATUS SERIAL KEYSIZE PK_ALGORITHM SIG_ALGORITHM TYPE)) {
      if(defined($parsed->{$l})) {
         $citer = $store->append($piter);
         $store->set($citer, 
@ -1060,7 +1068,7 @@ sub create_detail_tree {
      $piter = $store->append($root);
      $store->set($piter, 0 => $t);
   
-      for my $l qw(FINGERPRINTMD5 FINGERPRINTSHA1) {
+      for my $l (qw(FINGERPRINTMD5 FINGERPRINTSHA1 FINGERPRINTSHA256 FINGERPRINTSHA384 FINGERPRINTSHA512)) {
         if(defined($parsed->{$l})) {
            $citer = $store->append($piter);
            $store->set($citer, 
@ -1171,6 +1179,7 @@ sub show_select_ca_dialog {
   );

   $box = GUI::HELPERS::dialog_box($t, $t, $button_ok, $button_cancel);
+   $box->set_default_size(240,320);

   $button_ok->grab_default();

@ -1249,7 +1258,7 @@ sub show_req_dialog {
   # table for request data
   my $cc=0;
   my $ous = 1;
-   if(defined($opts->{'OU'})) {
+   if(defined($opts->{'OU'}) and ref($opts->{'OU'}) eq 'ARRAY') {
      $ous = @{$opts->{'OU'}} - 1;
   }
   $reqtable = Gtk2::Table->new(1, 13 + $ous, 0);
@ -1297,7 +1306,7 @@ sub show_req_dialog {
         _("Organization Name (eg. company):"),
         \$opts->{'O'}, $reqtable, 10, 1);

-   if(defined($opts->{'OU'})) {
+   if(defined($opts->{'OU'}) and ref($opts->{'OU'}) eq 'ARRAY') {
      foreach my $ou (@{$opts->{'OU'}}) {
         $entry = GUI::HELPERS::entry_to_table(
               _("Organizational Unit Name (eg. section):"),
@ -1616,6 +1625,17 @@ sub show_ca_export_dialog {
   return;
 }

+#
+# get filename for importing keys
+#
+sub show_key_import_dialog {
+   my ($self, $opts) = @_;
+
+   # my $opts = {};
+   my($box, $button_ok, $button_cancel, $button, $entry, $table, $label);
+
+}
+
 #
 # get password for exporting keys
 #
@ -1746,6 +1766,7 @@ sub show_export_dialog {
   }
   
   $box = GUI::HELPERS::dialog_box($title, $text, $button_ok, $button_cancel);
+   $box->set_default_size(640, -1);

   # small table for file selection
   $table = Gtk2::Table->new(1, 3, 0);
@ -1753,7 +1774,7 @@ sub show_export_dialog {
   $box->vbox->add($table);

   $label = GUI::HELPERS::create_label(_("File:"), 'left', 0, 0);
-   $table->attach_defaults($label, 0, 1, 0, 1);
+   $table->attach($label, 0, 1, 0, 1, 'fill', 'fill', 0, 0);

   if($mode eq 'cert') {
      $t = _("Export Certificate");
@ -1773,7 +1794,7 @@ sub show_export_dialog {
   $button->signal_connect('clicked' => 
         sub{GUI::HELPERS::browse_file(
            $t, $fileentry, 'save')});
-   $table->attach_defaults($button, 2, 3, 0, 1);
+   $table->attach($button, 2, 3, 0, 1, 'fill', 'fill', 0, 0);

   $label = GUI::HELPERS::create_label(
      _("Export Format:"), 'center', 0, 0);
@ -2521,12 +2542,14 @@ sub about {
   my ($aboutdialog, $href, $label);

   $aboutdialog = Gtk2::AboutDialog->new();
-   $aboutdialog->set_name("TinyCA2");
+   $aboutdialog->set_program_name("TinyCA2");
   $aboutdialog->set_version($main->{'version'});
   $aboutdialog->set_copyright("2002-2006 Stephan Martin");
   $aboutdialog->set_license("GNU Public License (GPL)");
   $aboutdialog->set_website("http://tinyca.sm-zone.net/");
-   $aboutdialog->set_authors("Stephan Martin <sm\@sm-zone.net>");
+   $aboutdialog->set_authors(
+         "Stephan Martin <sm\@sm-zone.net>"."\n".
+         "Thomas Hooge <thomas\@hoogi.de>");
   $aboutdialog->set_translator_credits(
         _("Czech: Robert Wolf <gentoo\@slave.umbr.cas.cz>")."\n".
         _("Swedish: Daniel Nylander <yeager\@lidkoping.net>")."\n".
@ -2534,6 +2557,8 @@ sub about {
         _("French: Thibault Le Meur <Thibault.Lemeur\@supelec.fr>"));

   $aboutdialog->show_all();
+   $aboutdialog->run;
+   $aboutdialog->destroy;

   return;
 }
@ -2634,7 +2659,7 @@ sub show_req_date_warning {

   my ($box, $button_ok, $button_cancel, $t);

-   $t = _("The Certificate will be longer valid than your CA!");
+   $t = _("The certificate will be valid longer than its CA!");
   $t .= "\n";
   $t .= _("This may cause problems with some software!!");

@ -3088,18 +3113,21 @@ sub _create_req_menu {

 sub _fill_radiobox {
   my($radiobox, $var, %values) = @_;
-   my($previous_key, $value);
+   my($active_key, $previous_key, $value);

+   $active_key = undef;
   $previous_key = undef;
-   for $value (keys %values) {
+   for $value (sort keys %values) {
      my $display_name = $values{$value};
      my $key = Gtk2::RadioButton->new($previous_key, $display_name);
-      $key->set_active(1) if(defined($$var) && $$var eq $value);
+      #$key->set_active(1) if(defined($$var) && $$var eq $value);
+      $active_key = $key if(defined($$var) && $$var eq $value);
      $key->signal_connect('toggled' =>
 			   sub{GUI::CALLBACK::toggle_to_var($key, $var, $value)});
      $radiobox->add($key);
      $previous_key = $key;
   }
+   $active_key->set_active(1) if ($active_key);
 }

 1
--- a/lib/GUI/WORDS.pm
+++ b/lib/GUI/WORDS.pm
@ -70,6 +70,9 @@ sub new {
    'STATUS'                => _("Status"),
    'FINGERPRINTMD5'        => _("Fingerprint (MD5)"),
    'FINGERPRINTSHA1'       => _("Fingerprint (SHA1)"),
+    'FINGERPRINTSHA256'     => _("Fingerprint (SHA256)"),
+    'FINGERPRINTSHA384'     => _("Fingerprint (SHA384)"),
+    'FINGERPRINTSHA512'     => _("Fingerprint (SHA512)"),
    _("Not set")                             => 'none',
    _("Ask User")                            => 'user',
    _("critical")                            => 'critical',
--- a/lib/GUI/X509_browser.pm
+++ b/lib/GUI/X509_browser.pm
@ -624,7 +624,7 @@ sub selection_cadir {

  $dir = $self->{'actdir'};
  # cut off the last directory name to provide the ca-directory
-  $dir =~ s/\/certs|\/req|\/keys$//;
+  $dir =~ s/(\/certs|\/req|\/keys)$//;
  return($dir);
 }

--- a/lib/GUI/X509_infobox.pm
+++ b/lib/GUI/X509_infobox.pm
@ -90,6 +90,15 @@ sub display {
            'center', 0, 0);
      $self->{'x509textbox'}->pack_start($self->{'certfingerprintsha1'}, 
            0, 0, 0);
+
+      if(defined($self->{'certfingerprintsha256'})) {
+         $self->{'certfingerprintsha256'}->destroy();
+      }
+      $self->{'certfingerprintsha256'} = GUI::HELPERS::create_label(
+            _("Fingerprint (SHA256)").": ".$parsed->{'FINGERPRINTSHA256'},
+            'center', 0, 0);
+      $self->{'x509textbox'}->pack_start($self->{'certfingerprintsha256'},
+            0, 0, 0);
   }

   if (($mode eq 'cert') || ($mode eq 'cacert')) {
--- a/lib/KEY.pm
+++ b/lib/KEY.pm
@ -30,6 +30,23 @@ sub new {
   bless($self, $class);
 }

+#
+# get informations to import key from file
+#
+sub get_import_key {
+   my ($self, $main, $opts, $box) = @_;
+
+   $box->destroy() if(defined($box));
+
+   GUI::HELPERS::print_warning(_("Import Key: Function does not yet exist."));
+
+#   if(not defined($opts)) {
+#      $main->show_key_import_dialog();
+#      return;
+#   }
+
+}
+
 #
 # get name of keyfile to delete
 #
--- a/lib/OpenSSL.pm
+++ b/lib/OpenSSL.pm
@ -22,6 +22,7 @@ package OpenSSL;

 use POSIX;
 use IPC::Open3;
+use IO::Select;
 use Time::Local;

 sub new {
@ -41,7 +42,7 @@ sub new {
   close(TEST);

   # set version (format: e.g. 0.9.7 or 0.9.7a)
-   if($v =~ /\b(0\.9\.[678][a-z]?)\b/) {
+   if($v =~ /\b(0\.9\.[6-9][a-z]?)\b/ || $v =~ /\b(1\.0\.[01][a-z]?)\b/) {
      $self->{'version'} = $1;
   }

@ -142,7 +143,13 @@ sub signreq {
   $cmd .= " -in \"$opts->{'reqfile'}\"";
   $cmd .= " -days $opts->{'days'}";
   $cmd .= " -preserveDN";
-   $cmd .= " -md $opts->{'digest'}" if($opts->{'digest'});
+   if($opts->{'digest'}){
+      if (lc $opts->{'digest'} eq 'sha1') {
+         # force sha256 instead of deprecated sha1
+         $opts->{'digest'} = "sha256";
+      }
+      $cmd .= " -md $opts->{'digest'}";
+   };

   if(defined($opts->{'mode'}) && $opts->{'mode'} eq "sub") {
      $cmd .= " -keyfile \"$opts->{'keyfile'}\"";
@ -673,6 +680,47 @@ sub parsecert {
      GUI::HELPERS::print_warning($t, $ext);
   }

+   $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha256 -in $file";
+   $ext = "$cmd\n\n";
+   $pid = open3($wtfh, $rdfh, $rdfh, $cmd);
+   while(<$rdfh>){
+      $ext .= $_;
+      ($k, $v) = split(/=/);
+      $tmp->{'FINGERPRINTSHA256'} = $v if($k =~ /SHA256 Fingerprint/i);
+      chomp($tmp->{'FINGERPRINTSHA256'});
+   }
+   waitpid($pid, 0);
+   $ret = $? >> 8;
+
+   $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha384 -in $file";
+   $ext = "$cmd\n\n";
+   $pid = open3($wtfh, $rdfh, $rdfh, $cmd);
+   while(<$rdfh>){
+      $ext .= $_;
+      ($k, $v) = split(/=/);
+      $tmp->{'FINGERPRINTSHA384'} = $v if($k =~ /SHA384 Fingerprint/i);
+      chomp($tmp->{'FINGERPRINTSHA384'});
+   }
+   waitpid($pid, 0);
+   $ret = $? >> 8;
+
+   $cmd = "$self->{'bin'} x509 -noout -fingerprint -sha512 -in $file";
+   $ext = "$cmd\n\n";
+   $pid = open3($wtfh, $rdfh, $rdfh, $cmd);
+   while(<$rdfh>){
+      $ext .= $_;
+      ($k, $v) = split(/=/);
+      $tmp->{'FINGERPRINTSHA512'} = $v if($k =~ /SHA512 Fingerprint/i);
+      chomp($tmp->{'FINGERPRINTSHA512'});
+   }
+   waitpid($pid, 0);
+   $ret = $? >> 8;
+
+   if($ret) {
+      $t = _("Error reading fingerprint from Certificate");
+      GUI::HELPERS::print_warning($t, $ext);
+   }
+
   # get subject in openssl format
   $cmd = "$self->{'bin'} x509 -noout -subject -in $file";
   $ext = "$cmd\n\n";
@ -817,7 +865,7 @@ sub convdata {
   my $self = shift;
   my $opts = { @_ };
   
-   my ($tmp, $ext, $ret, $file, $pid, $cmd);
+   my ($tmp, $ext, $ret, $file, $pid, $cmd, $cmdout, $cmderr);
   $file = HELPERS::mktmp($self->{'tmp'}."/data");

   $cmd = "$self->{'bin'} $opts->{'cmd'}";
@ -830,16 +878,7 @@ sub convdata {
      $cmd .= " -outform $opts->{'outform'}";
   }

-   my($rdfh, $wtfh);
-   $ext = "$cmd\n\n";
-   $pid = open3($wtfh, $rdfh, $rdfh, $cmd);
-   print $wtfh "$opts->{'data'}\n";
-   while(<$rdfh>){
-      $ext .= $_;
-      # print STDERR "DEBUG: cmd ret: $_";
-   };
-   waitpid($pid, 0);
-   $ret = $?>>8;
+   ($ret, $tmp, $ext) = _run_with_fixed_input($cmd, $opts->{'data'});

   if($self->{'broken'}) {
       if(($ret != 0 && $opts->{'cmd'} ne 'crl') ||
@ -859,14 +898,15 @@ sub convdata {
      }
   }

-   open(IN, $file) || do {
-      my $t = sprintf(_("Can't open file %s: %s"), $file, $!);
-      GUI::HELPERS::print_warning($t);
-      return;
-   };
-   $tmp .= $_ while(<IN>);
-   close(IN);
-
+   if (-s $file) { # If the file is empty, the payload is in $tmp (via STDOUT of the called process).
+      open(IN, $file) || do {
+         my $t = sprintf(_("Can't open file %s: %s"), $file, $!);
+         GUI::HELPERS::print_warning($t);
+         return;
+      };
+      $tmp .= $_ while(<IN>);
+      close(IN);
+   }
   unlink($file);

   return($ret, $tmp, $ext);
@ -1076,4 +1116,72 @@ sub _get_index {
   }
 }
   
+
+=over
+
+=item _run_with_fixed_input($cmd, $input)
+
+This function runs C<$cmd> and writes the C<$input> to STDIN of the
+new process (all at once).
+
+While the command runs, all of its output to STDOUT and STDERR is
+collected.
+
+After the command terminates (closes both STDOUT and STDIN) the
+function returns the command's return value as well as everything it
+wrote to its STDOUT and STDERR in a list.
+
+=back
+
+=cut
+
+sub _run_with_fixed_input {
+   my $cmd = shift;
+   my $input = shift;
+
+   my ($wtfh, $rdfh, $erfh, $pid, $sel, $ret, $stdout, $stderr);
+   $erfh = Symbol::gensym; # Must not be false, otherwise it is lumped together with rdfh
+
+   # Run the command
+   $pid = open3($wtfh, $rdfh, $erfh, $cmd);
+   print $wtfh $input, "\n";
+
+   $stdout = '';
+   $stderr = '';
+   $sel = new IO::Select($rdfh, $erfh);
+   while (my @fhs = $sel->can_read()) {
+      foreach my $fh (@fhs) {
+         if ($fh == $rdfh) { # STDOUT
+            my $bytes_read = sysread($fh, my $buf='', 1024);
+            if ($bytes_read == -1) {
+               warn("Error reading from child's STDOUT: $!\n");
+               $sel->remove($fh);
+             } elsif ($bytes_read == 0) {
+               # print("Child's STDOUT closed.\n");
+               $sel->remove($fh);
+             } else {
+               $stdout .= $buf;
+             }
+         }
+         elsif ($fh == $erfh) { # STDERR
+            my $bytes_read = sysread($fh, my $buf='', 1024);
+            if ($bytes_read == -1) {
+               warn("Error reading from child's STDERR: $!\n");
+               $sel->remove($fh);
+            } elsif ($bytes_read == 0) {
+               # print("Child's STDERR closed.\n");
+               $sel->remove($fh);
+            } else {
+              $stderr .= $buf;
+            }
+         }
+      }
+   }
+
+   waitpid($pid, 0);
+   $ret = $?>>8;
+
+   return ($ret, $stdout, $stderr)
+   }
+
 1
--- a/lib/REQ.pm
+++ b/lib/REQ.pm
@ -59,7 +59,7 @@ sub get_req_create {
         GUI::HELPERS::print_error($t);
      }
      $opts->{'bits'}   = 4096;
-      $opts->{'digest'} = 'sha1';
+      $opts->{'digest'} = 'sha256';
      $opts->{'algo'}   = 'rsa';
      if(defined($opts) && $opts eq "sign") {
         $opts->{'sign'} = 1;
@ -426,6 +426,12 @@ sub get_sign_req {
         $opts->{'digest'} = "md5";
      } elsif ($opts->{'digest'} =~ /^sha1/) {
         $opts->{'digest'} = "sha1";
+      } elsif ($opts->{'digest'} =~ /^sha256/) {
+         $opts->{'digest'} = "sha256";
+      } elsif ($opts->{'digest'} =~ /^sha384/) {
+         $opts->{'digest'} = "sha384";
+      } elsif ($opts->{'digest'} =~ /^sha512/) {
+         $opts->{'digest'} = "sha512";
      } elsif ($opts->{'digest'} =~ /^ripemd160/) {
         $opts->{'digest'} = "ripemd160";
      } else {
--- a/po/cs.po
+++ b/po/cs.po
@ -1257,7 +1257,7 @@ msgid "if the corresponding certificate is still valid"
 msgstr "pokud odpovídající certifikát je stále platný"

 #: ../lib/GUI.pm:2636
-msgid "The Certificate will be longer valid than your CA!"
+msgid "The certificate will be valid longer than its CA!"
 msgstr "Certifikát bude platný déle než Vaše CA!"

 #: ../lib/GUI.pm:2638
--- a/po/de.po
+++ b/po/de.po
@ -1245,7 +1245,7 @@ msgid "if the corresponding certificate is still valid"
 msgstr "falls das Zertifikat noch gültig ist"

 #: ../lib/GUI.pm:2636
-msgid "The Certificate will be longer valid than your CA!"
+msgid "The certificate will be valid longer than its CA!"
 msgstr "Das Zertifikat wird länger gültig sein als die CA!"

 #: ../lib/GUI.pm:2638
--- a/po/es.po
+++ b/po/es.po
@ -1260,7 +1260,7 @@ msgid "if the corresponding certificate is still valid"
 msgstr "¡Si el Certificado correspondiente no ha caducado o ha sido revocado "

 #: ../lib/GUI.pm:2636
-msgid "The Certificate will be longer valid than your CA!"
+msgid "The certificate will be valid longer than its CA!"
 msgstr "¡El Certificado tendrá mayor duración que la CA!"

 #: ../lib/GUI.pm:2638
--- a/po/fr.po
+++ b/po/fr.po
@ -1257,7 +1257,7 @@ msgid "if the corresponding certificate is still valid"
 msgstr "Si le Certificat correspondant est tjours valide"

 #: ../lib/GUI.pm:2636
-msgid "The Certificate will be longer valid than your CA!"
+msgid "The certificate will be valid longer than its CA!"
 msgstr ""
 "La date de validité du Certificat dépasse la date de validité de la CA!"

--- a/po/sv.po
+++ b/po/sv.po
@ -1,19 +1,23 @@
 # Swedish translation of tinyca.
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
 # This file is distributed under the same license as the tinyca package.
+#
 # Daniel Nylander <po@danielnylander.se>, 2006.
+# Marcus Better <marcus@better.se>, 2009.
 #
 msgid ""
 msgstr ""
 "Project-Id-Version: tinyca\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2005-06-05 18:44+0200\n"
-"PO-Revision-Date: 2006-07-10 16:23+0100\n"
-"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
+"PO-Revision-Date: 2009-10-19 12:02+0200\n"
+"Last-Translator: Marcus Better <marcus@better.se>\n"
 "Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"X-Generator: Lokalize 1.0\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"

 #: ../lib/CA.pm:45
 msgid "error: can't open basedir: "
@ -253,7 +257,7 @@ msgstr "Kan inte skriva certifikatfil: %s"
 #: ../lib/CA.pm:766
 #: ../lib/CA.pm:912
 msgid "Can't open Index file: "
-msgstr "Kan inte öppna Index-fil: "
+msgstr "Kan inte öppna indexfil: "

 #: ../lib/CA.pm:774
 #: ../lib/CA.pm:919
@ -652,7 +656,7 @@ msgstr "Typ"

 #: ../lib/GUI.pm:246
 msgid "Keys"
-msgstr "Tangenter"
+msgstr "Nycklar"

 #: ../lib/GUI.pm:289
 msgid "Requests"
@ -1383,7 +1387,7 @@ msgid "if the corresponding certificate is still valid"
 msgstr "om det korresponderande certifikatet är giltigt fortfarande"

 #: ../lib/GUI.pm:2675
-msgid "The Certificate will be longer valid than your CA!"
+msgid "The certificate will be valid longer than its CA!"
 msgstr "Certifikatet kommer vara giltigt längre än ditt CA!"

 #: ../lib/GUI.pm:2677
--- a/templates/openssl.cnf
+++ b/templates/openssl.cnf
@ -15,7 +15,7 @@ RANDFILE        = $dir/.rand
 x509_extensions = client_cert
 default_days    = 365
 default_crl_days= 30
-default_md      = sha1
+default_md      = sha256
 preserve        = no
 policy          = policy_client

@ -33,7 +33,7 @@ RANDFILE        = $dir/.rand
 x509_extensions = server_cert
 default_days    = 365
 default_crl_days= 30
-default_md      = sha1
+default_md      = sha256
 preserve        = no
 policy          = policy_server

@ -51,7 +51,7 @@ RANDFILE        = $dir/.rand
 x509_extensions = v3_ca
 default_days    = 365
 default_crl_days= 30
-default_md      = sha1
+default_md      = sha256
 preserve        = no
 policy          = policy_ca

--- a/13
+++ b/13
@ -85,8 +85,17 @@ if(not -d $init->{'templatedir'}) {
 }

 # location for CA files
-$init->{'basedir'}   = $ENV{HOME}."/.TinyCA";
-$init->{'exportdir'} = $ENV{HOME};
+if( exists $ENV{'TINYCA_BASEDIR'}) {
+   $init->{'basedir'}   = $ENV{'TINYCA_BASEDIR'}
+} else {
+   $init->{'basedir'}   = $ENV{HOME}."/.TinyCA";
+}
+
+if( exists $ENV{'TINYCA_EXPORTDIR'}) {
+   $init->{'exportdir'} = $ENV{'TINYCA_EXPORTDIR'};
+} else {
+   $init->{'exportdir'} = $ENV{HOME};
+}

 umask(0077);