yeah, I can log into cacert.org using my fellowship card and my Cacert

generated certificate.  I just wonder wheter I will also be able to do this
using the test certificates I once generated.  There keys are not very well
protected. There seems to be a big securty hole at cacert.

ChangeLog

@@ -1,3 +1,11 @@
+2006-10-13  Werner Koch  <wk@g10code.com>
+
+	* src/cert-gpgsm.c (MAX_LINE_LEN): Increased.
+
+	* src/locking.c: Include string.h for memset declaration.
+
+	* configure.ac: New option --disable-optimization.
+
 2006-08-02  Marcus Brinkmann  <marcus@g10code.de>
 
 	* Initial version.

configure.ac

@@ -67,6 +67,14 @@ AC_PROG_CC
 # -std=gnu99 is required.
 CFLAGS="-std=gnu99 -Wall -Wno-pointer-sign -g -O3"
 
+AC_ARG_ENABLE(optimization,
+   AC_HELP_STRING([--disable-optimization],
+                  [disable compiler optimization]),
+                  [if test $enableval = no ; then
+                      CFLAGS=`echo $CFLAGS | sed 's/-O[[0-9]]//'`
+                   fi])
+
+
 AC_SUBST(LIBSCUTE_LT_CURRENT)
 AC_SUBST(LIBSCUTE_LT_AGE)
 AC_SUBST(LIBSCUTE_LT_REVISION)

src/cert-gpgsm.c

@@ -48,8 +48,11 @@
 #include "support.h"
 
 
-/* The maximum length of a key listing line.  */
-#define MAX_LINE_LEN	256
+/* The maximum length of a key listing line.  We take the double of
+   the allowed Assuan line length to avoid a memmove after a part of a
+   line has been processed.  FIXME: There is actually no limit on the
+   length of the line. */
+#define MAX_LINE_LEN	(1024*2)
 
 struct search_ctx
 {

src/locking.c

@@ -33,6 +33,8 @@
 #if HAVE_CONFIG_H
 #include <config.h>
 #endif
+#include <string.h>
+
 
 #include "locking.h"