* Addition of openpgp support!

This is not enabled by default. Instructions to enable are at the end of msg. This is 60% complete. Supports creation of certificates, adding friends and connections. Parts still to do: pgpids, p3discovery, signing and trusting peers. The main reason it is being commited is so that connections between peers can be properly tested, and development on OSX and win can start. This requires gpg and the gpgme.h development libraries, and no longer requires the custom ssl libraries. To compile it switch the configuration flags in scripts/config-linux.mk To compile XPGP (v0.4.x) enable PQI_USE_XPGP: #PQI_USE_SSLONLY = 1 PQI_USE_XPGP = 1 To compile SSL only, enable PQI_USE_SSLONLY: PQI_USE_SSLONLY = 1 #PQI_USE_XPGP = 1 To compile OpenPGP, disable both: #PQI_USE_SSLONLY = 1 #PQI_USE_XPGP = 1 and enable RS_USEPGPSSL in rsiface/rsinit.h git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1265 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2024-10-01 02:35:48 -04:00 · 2009-05-23 15:07:35 +00:00 · 2009-05-23 15:07:35 +00:00 · 5f28f76b07
commit 5f28f76b07
parent eea261d739
23 changed files with 1224 additions and 3160 deletions
--- a/libretroshare/src/pqi/Makefile
+++ b/libretroshare/src/pqi/Makefile
@ -14,11 +14,32 @@ LOOP_OBJ = pqiloopback.o
 STREAM_OBJ = pqistreamer.o pqiarchive.o pqistore.o pqibin.o
 MGR_OBJ = pqimonitor.o p3dhtmgr.o p3connmgr.o p3cfgmgr.o p3authmgr.o
 GRP_OBJ = pqiperson.o pqihandler.o pqiservice.o pqipersongrp.o  
-SSL_OBJ  = pqissl.o pqissllistener.o pqisslpersongrp.o
+SSL_OBJ  = pqissl.o pqissllistener.o pqisslpersongrp.o cleanupxpgp.o
 UDP_OBJ  = pqissludp.o
 OTHER_OBJ = p3notify.o
 TESTOBJ  = net_test.o dht_test.o net_test1.o
 #conn_test.o
 TESTS  = net_test dht_test net_test1
 #conn_test
 ifdef PQI_USE_XPGP
 	SSL_OBJ += authxpgp.o 
 	TESTOBJ += xpgp_id.o
 	TESTS   += xpgp_id
 else
 ifdef PQI_USE_SSLONLY 
 	SSL_OBJ += authssl.o 
 else
 	SSL_OBJ += authssl.o authgpg.o 
 	TESTOBJ += gpgme_tst.o
 	TESTS   += gpgme_tst
 endif
 endif
 RSOBJ = $(BASE_OBJ) $(LOOP_OBJ) \
 	$(STREAM_OBJ) \
 	$(MGR_OBJ) \
@ -27,23 +48,11 @@ RSOBJ = $(BASE_OBJ) $(LOOP_OBJ) \
 	$(GRP_OBJ) \
 	$(OTHER_OBJ)
 TESTOBJ  = net_test.o dht_test.o net_test1.o
 #conn_test.o
 TESTS  = net_test dht_test net_test1
 #conn_test
 ifdef PQI_USE_XPGP
 	SSL_OBJ += authxpgp.o cleanupxpgp.o  
 	TESTOBJ += xpgp_id.o
 	TESTS   += xpgp_id
 else
 	SSL_OBJ  = authssl.o  
 endif
 all: librs tests
 gpgme_tst: gpgme_tst.o 
 	$(CC) $(CFLAGS) -o gpgme_tst gpgme_tst.o $(LIBS)
 xpgp_id: xpgp_id.o 
 	$(CC) $(CFLAGS) -o xpgp_id xpgp_id.o $(LIBS)
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
--- a/libretroshare/src/pqi/authssl.h
+++ b/libretroshare/src/pqi/authssl.h
@ -26,11 +26,19 @@
 #ifndef MRK_AUTH_SSL_HEADER
 #define MRK_AUTH_SSL_HEADER
-/* This is a dummy auth header.... to 
+/* 
- * work with the standard OpenSSL as opposed to the patched version.
+ * This is an implementation of SSL certificate authentication, which can be 
 * overloaded with pgp style signatures, and web-of-trust authentication.
 *
- * It is expected to be replaced by authpgp shortly.
+ * There are several virtual functions with can be overloaded to acheive this.
- * (or provide the base OpenSSL iteraction for authpgp).
+ *      SignCertificate()
 *	AuthCertificate()
 * 	
 * To use as an SSL authentication system, you must use a common CA certificate.
 * and compilation should be done with PQI_USE_XPGP off, and PQI_USE_SSLONLY on
 *  * The pqissl stuff doesn't need to differentiate between SSL, SSL + PGP,
 *  as its X509 certs.
 *  * The rsserver stuff has to distinguish between all three types ;(
 * 
 */
@ -60,6 +68,8 @@ class sslcert
        std::string org;
        std::string email;
        std::string issuer;
        std::string fpr;
        std::list<std::string> signers;
@ -77,12 +87,17 @@ class AuthSSL: public p3AuthMgr
 	/* Initialisation Functions (Unique) */
 	AuthSSL();
 bool    validateOwnCertificate(X509 *x509, EVP_PKEY *pkey);
 virtual bool	active();
 virtual int	InitAuth(const char *srvr_cert, const char *priv_key, 
 					const char *passwd);
 virtual bool	CloseAuth();
 virtual int     setConfigDirectories(std::string confFile, std::string neighDir);
 	/* Extra Function SSL only */
 std::string 	getIssuerName(std::string id);
 	/*********** Overloaded Functions from p3AuthMgr **********/
 	/* get Certificate Ids */
@ -138,16 +153,26 @@ virtual bool    VerifySignBin(std::string, const void*, uint32_t, unsigned char*
 	/*********** Overloaded Functions from p3AuthMgr **********/
 	/************* Virtual Functions from AuthSSL *************/
 virtual int 	VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
 virtual bool 	ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
 	/************* Virtual Functions from AuthSSL *************/
 	public: /* SSL specific functions used in pqissl/pqissllistener */
 SSL_CTX *getCTX();
-bool 	ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
+
 bool 	FailedCertificate(X509 *x509, bool incoming);     /* store for discovery */
 bool 	CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
 	/* Special Config Loading (backwards compatibility) */
 bool  	loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
 	private:
 	/* Helper Functions */
@ -184,6 +209,16 @@ bool 	locked_FindCert(std::string id, sslcert **cert);
 };
 X509_REQ *GenerateX509Req(
                std::string pkey_file, std::string passwd,
                std::string name, std::string email, std::string org,
                std::string loc, std::string state, std::string country,
                int nbits_in, std::string &errString);
 X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, long days);
 /* Helper Functions */
 int printSSLError(SSL *ssl, int retval, int err, unsigned long err2, std::ostream &out);
 std::string getX509NameString(X509_NAME *name);
@ -195,13 +230,14 @@ std::string getX509CountryString(X509_NAME *name);
 #if 0
 std::list<std::string> getXPGPsigners(XPGP *cert);
 std::string getXPGPInfo(XPGP *cert);
 std::string getXPGPAuthCode(XPGP *xpgp);
 int     LoadCheckXPGPandGetName(const char *cert_file, 
 			std::string &userName, std::string &userId);
 #endif
 std::string getX509Info(X509 *cert);
 bool 	getX509id(X509 *x509, std::string &xid);
 int     LoadCheckX509andGetName(const char *cert_file, 
 			std::string &userName, std::string &userId);
 #endif // MRK_AUTH_SSL_HEADER
--- a/libretroshare/src/pqi/cleanupxpgp.cc
+++ b/libretroshare/src/pqi/cleanupxpgp.cc
@ -25,7 +25,7 @@
 #include "cleanupxpgp.h"
 #include <iostream>
-#include <string.h>  #strlen
+#include <string.h>  //strlen
 /*
 Method for cleaning up the certificate. This method removes any unnecessay white spaces and unnecessary
--- a/libretroshare/src/pqi/p3authmgr.h
+++ b/libretroshare/src/pqi/p3authmgr.h
@ -58,6 +58,8 @@ class pqiAuthDetails
 	std::string location;
 	std::string org;
 	std::string issuer;
 	std::string fpr; /* fingerprint */
 	std::list<std::string> signers;
@ -105,6 +107,10 @@ virtual bool loadCertificates() = 0;
 virtual bool isTrustingMe(std::string id) = 0;
 virtual void addTrustingPeer(std::string id) = 0;
 		/* Extra Fns for PGP, call std versions if not overloaded */
 virtual std::string PGPOwnId() { return OwnId(); }
 virtual bool    getPGPAllList(std::list<std::string> &ids) { return getAllList(ids); };
 		/* Load/Save certificates */
 virtual bool LoadCertificateFromString(std::string pem, std::string &id)  = 0;
--- a/libretroshare/src/pqi/p3connmgr.cc
+++ b/libretroshare/src/pqi/p3connmgr.cc
@ -64,6 +64,7 @@ const uint32_t MAX_UPNP_INIT = 		10; /* seconds UPnP timeout */
 * #define P3CONNMGR_NO_AUTO_CONNECTION 1
 ***/
 #define CONN_DEBUG 1
 const uint32_t P3CONNMGR_TCP_DEFAULT_DELAY = 2; /* 2 Seconds? is it be enough! */
 const uint32_t P3CONNMGR_UDP_DHT_DELAY     = DHT_NOTIFY_PERIOD + 60; /* + 1 minute for DHT POST */
@ -123,7 +124,8 @@ p3ConnectMgr::p3ConnectMgr(p3AuthMgr *am)
 		ownState.name = mAuthMgr->getName(ownState.id);
 		ownState.netMode = RS_NET_MODE_UDP;
 	}
-	use_extr_addr_finder = true ;
+	//use_extr_addr_finder = true ;
 	use_extr_addr_finder = false;
 	mExtAddrFinder = new ExtAddrFinder ;
 	return;
--- a/libretroshare/src/pqi/pqissl.cc
+++ b/libretroshare/src/pqi/pqissl.cc
@ -1112,9 +1112,6 @@ int 	pqissl::Authorise_SSL_Connection()
 	// reset switch.
 	waiting = WAITING_NOT;
 	// Get the Peer Certificate....
 	//AuthXPGP *authXPGP = (AuthXPGP *) getAuthMgr();
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	XPGP *peercert = SSL_get_peer_pgp_certificate(ssl_connection);
--- a/libretroshare/src/pqi/pqissl.h
+++ b/libretroshare/src/pqi/pqissl.h
@ -202,6 +202,7 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd)
 	uint32_t mConnectTimeout;
 	time_t   mTimeoutTS;
 	/* Need Certificate specific functions here! */
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
@ -210,7 +211,6 @@ virtual int net_internal_fcntl_nonblock(int fd) { return unix_fcntl_nonblock(fd)
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	//p3AuthMgr *mAuthMgr;
 	AuthSSL *mAuthMgr;
 #endif /* X509 Certificates */
--- a/libretroshare/src/pqi/pqissllistener.cc
+++ b/libretroshare/src/pqi/pqissllistener.cc
@ -616,7 +616,14 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
 	bool certOk = mAuthMgr->ValidateCertificateXPGP(peercert, newPeerId);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	/****
 	 * As the validation is actually done before this...
 	 * we should only need to call CheckCertificate here!
 	 ****/
 	bool certOk = mAuthMgr->ValidateCertificate(peercert, newPeerId);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
--- a/libretroshare/src/pqi/pqissllistener.h
+++ b/libretroshare/src/pqi/pqissllistener.h
@ -104,7 +104,6 @@ int     Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_in *inaddr);
 /**************** PQI_USE_XPGP ******************/
 	AuthSSL *mAuthMgr;
 	//p3AuthMgr *mAuthMgr;
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
--- a/libretroshare/src/rsiface/rsinit.h
+++ b/libretroshare/src/rsiface/rsinit.h
@ -1,5 +1,9 @@
 /* Initialisation Class (not publicly disclosed to RsIFace) */
 /****
 * #define RS_USE_PGPSSL 1
 ***/
 class RsInit
 {
 	public:
@ -7,6 +11,7 @@ class RsInit
 		static const char *RsConfigDirectory() ;
 		static bool	setStartMinimised() ;
 		static int 	InitRetroShare(int argcIgnored, char **argvIgnored) ;
 		static int 	LoadCertificates(bool autoLoginNT) ;
@ -23,6 +28,16 @@ class RsInit
 		static std::string getHomePath() ;
 		/* PGPSSL init functions */
 #ifdef RS_USE_PGPSSL
 		static bool 	LoadGPGPassword(std::string id, std::string passwd);
 		static int 	GetLogins(std::list<std::string> &pgpIds);
 		static int 	GetLoginDetails(std::string id, std::string &name, std::string &email);
 		static std::string gpgPasswd;
 #endif
 		/* Key Parameters that must be set before
 		 * RetroShare will start up:
 		 */
--- a/libretroshare/src/rsiface/rspeers.h
+++ b/libretroshare/src/rsiface/rspeers.h
@ -78,7 +78,7 @@ class RsPeerDetails
 	std::string location;
 	std::string org;
-	std::string fpr; /* fingerprint */
+	std::string fpr; /* pgp fingerprint */
 	std::string authcode; 
 	std::list<std::string> signers;
@ -130,6 +130,11 @@ virtual bool    isFriend(std::string id)			= 0;
 virtual std::string getPeerName(std::string id)			= 0;
 virtual bool	getPeerDetails(std::string id, RsPeerDetails &d) = 0;
 		/* Using PGP Ids */
 virtual std::string getPGPOwnId()				= 0;
 virtual bool    getPGPFriendList(std::list<std::string> &ids)   = 0;
 virtual bool    getPGPAllList(std::list<std::string> &ids) 	= 0;
 	/* Add/Remove Friends */
 virtual	bool addFriend(std::string id)        			= 0;
 virtual	bool removeFriend(std::string id)  			= 0;
--- a/libretroshare/src/rsserver/Makefile
+++ b/libretroshare/src/rsserver/Makefile
@ -20,12 +20,6 @@ RSOBJ = p3peers.o \
 	rsiface.o \
 	rstypes.o 
 #	p3files.o  \
 #	p3face-file.o \
 #	pqistrings.o \
 #	p3face-people.o 
 #	p3face-network.o \
 #TESTOBJ  = 
 #TESTS  = 
--- a/libretroshare/src/rsserver/p3face-file.cc
+++ b/libretroshare/src/rsserver/p3face-file.cc
@ -1,404 +0,0 @@
 /*
 * "$Id: p3face-file.cc,v 1.6 2007-04-15 18:45:23 rmf24 Exp $"
 *
 * RetroShare C++ Interface.
 *
 * Copyright 2004-2006 by Robert Fernie.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License Version 2 as published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 *
 * Please report all bugs and problems to "retroshare@lunamutt.com".
 *
 */
 #include "rsiface/rsiface.h"
 #include "rsserver/p3face.h"
 #include "util/rsdir.h"
 #include "serialiser/rsconfigitems.h"
 #include <iostream>
 #include <sstream>
 #include "util/rsdebug.h"
 const int p3facefilezone = 11452;
 #include <sys/time.h>
 #include <time.h>
 static const int FileMaxAge = 1800; /* Reload Data after 30 minutes */
 //int ensureExtension(std::string &name, std::string def_ext);
 /****************************************/
 /****************************************/
 int     RsServer::UpdateRemotePeople()
 {
        RsIface &iface = getIface();
        /* lock Mutexes */
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
        /* unlock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
        return 1;
 }
 /****************************************/
 /****************************************/
 int     RsServer::UpdateAllTransfers()
 {
        NotifyBase &cb = getNotify();
        cb.notifyListPreChange(NOTIFY_LIST_TRANSFERLIST, NOTIFY_TYPE_MOD);
        RsIface &iface = getIface();
        /* lock Mutexes */
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
 	/* clear the old transfer list() */
 	std::list<FileTransferInfo> &transfers = iface.mTransferList;
 	transfers.clear();
 	std::list<RsFileTransfer *> nTransList = server -> getTransfers();
 	std::list<RsFileTransfer *>::iterator it;
 	for(it = nTransList.begin(); it != nTransList.end(); it++)
 	{
 		FileTransferInfo ti;
 		ti.id = (*it)->cPeerId;
 		ti.source = mAuthMgr->getName(ti.id);
 		ti.peerIds = (*it) -> allPeerIds.ids;
 		ti.fname = (*it) -> file.name;
 		ti.hash  = (*it) -> file.hash;
 		ti.path  = (*it) -> file.path;
 		ti.size  = (*it) -> file.filesize;
 		ti.transfered = (*it) -> transferred;
 		/* other ones!!! */
 		ti.tfRate = (*it) -> crate / 1000;
 		ti.download = (*it) -> in;
 		ti.downloadStatus = (*it) -> state;
 		transfers.push_back(ti);
 		delete (*it); 
 	}
        iface.setChanged(RsIface::Transfer);
        /* unlock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
        /* Now Notify of the Change */
        cb.notifyListChange(NOTIFY_LIST_TRANSFERLIST, NOTIFY_TYPE_MOD);
        return 1;
 }
 int RsServer::FileRequest(std::string fname, std::string hash, 
 			uint32_t size, std::string dest)
 {
 	lockRsCore(); /* LOCKED */
 	std::cerr << "RsServer::FileRequest(" << fname << ", ";
 	std::cerr << hash << ", " << size << ", " << dest << ")" << std::endl;
 	int ret = server -> getFile(fname, hash, size, dest);
 	unlockRsCore(); /* UNLOCKED */
 	return ret;
 }
        /* Actions For Upload/Download */
 int RsServer::FileRecommend(std::string fname, std::string hash, int size)
 {
 	/* check for new data */
        RsIface &iface = getIface();
        /* lock Mutexes */
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
 	/* add the entry to FileRecommends.
 	 */
 	std::list<FileInfo> &recList = iface.mRecommendList;
 	std::list<FileInfo>::iterator it;
 	FileInfo fi;
 	fi.path  = ""; /* this is not needed / wanted anymore */
 	fi.hash  = hash;
 	fi.fname = fname;
 	fi.size = size;
 	fi.rank = 1;
 	fi.inRecommend = false;
 	/* check if it exists already! */
 	bool found = false;
 	for(it = recList.begin(); (!found) && (it != recList.end()); it++)
 	{
 		if ((it->hash == fi.hash) && (it -> fname == fi.fname))
 		{
 			found = true;
 		}
 	}
 	if (!found)
 	{
 		recList.push_back(fi);
 	}
 	/* Notify of change */
 	iface.setChanged(RsIface::Recommend);
        /* lock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
 	return true;
 }
 int RsServer::FileCancel(std::string fname, std::string hash, uint32_t size)
 {
 	lockRsCore(); /* LOCKED */
 	server -> cancelTransfer(fname, hash, size);
 	unlockRsCore(); /* UNLOCKED */
 	return 1;
 }
 int RsServer::FileClearCompleted()
 {
 	std::cerr << "RsServer::FileClearCompleted()" << std::endl;
 	/* check for new data */
        RsIface &iface = getIface();
        /* lock Mutexes */
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
 	server -> clear_old_transfers();
        /* lock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
 	/* update data */
 	UpdateAllTransfers();
 	return 1;
 }
 int RsServer::FileSetBandwidthTotals(float outkB, float inkB)
 {
 	int ret = 0;
 	return ret;
 }
 /**************************************************************************/
 #if 0
 int RsServer::FileBroadcast(std::string id, std::string src, int size)
 {
 	lockRsCore(); /* LOCKED */
 	RsCertId uId(id);
 	int ret = 1;
 	cert *c = intFindCert(uId);
 	if ((c == NULL) || (c == sslr -> getOwnCert()))
 	{
 		ret = 0;
 	}
 	if (ret)
 	{
 		/* TO DO */
 	}
 	unlockRsCore(); /* UNLOCKED */
 	return ret;
 }
 int RsServer::FileDelete(std::string id, std::string fname)
 {
 	lockRsCore(); /* LOCKED */
 	RsCertId uId(id);
 	int ret = 1;
 	cert *c = intFindCert(uId);
 	if ((c == NULL) || (c == sslr -> getOwnCert()))
 	{
 		ret = 0;
 	}
 	if (ret)
 	{
 		/* TO DO */
 	}
 	unlockRsCore(); /* UNLOCKED */
 	return ret;
 }
 #endif
 /**************************************************************************/
 int RsServer::RequestDirDetails(std::string uid, std::string path, 
                                        DirDetails &details)
 {
        /* lock Mutexes */
        RsIface &iface = getIface();
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
 	/* call to filedexserver */
 	int val = server->RequestDirDetails(uid, path, details);
 	/* done! */
        /* unlock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 int RsServer::RequestDirDetails(void *ref, DirDetails &details, uint32_t flags)
 {
        /* lock Mutexes */
        RsIface &iface = getIface();
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
 	/* call to filedexserver */
 	int val = server->RequestDirDetails(ref, details, flags);
 	/* done! */
        /* unlock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 int RsServer::SearchKeywords(std::list<std::string> keywords, std::list<FileDetail> &results)
 {
        /* lock Mutexes */
        RsIface &iface = getIface();
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
 	/* call to filedexserver */
 	int val = server->SearchKeywords(keywords, results);
 	/* done! */
        /* unlock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 int RsServer::SearchBoolExp(Expression *exp, std::list<FileDetail> &results)
 {
        /* lock Mutexes */
        RsIface &iface = getIface();
        lockRsCore();     /* LOCK */
        iface.lockData(); /* LOCK */
 	/* call to filedexserver */
 	int val = server->SearchBoolExp(exp, results);
 	/* done! */
        /* unlock Mutexes */
        iface.unlockData(); /* UNLOCK */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 bool RsServer::ConvertSharedFilePath(std::string path, std::string &fullpath)
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexserver */
 	bool val = server->ConvertSharedFilePath(path, fullpath);
 	/* done! */
        /* unlock Mutexes */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 void RsServer::ForceDirectoryCheck()
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexserver */
 	server->ForceDirectoryCheck();
 	/* done! */
        /* unlock Mutexes */
        unlockRsCore();     /* UNLOCK */
 }
 bool RsServer::InDirectoryCheck()
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexserver */
 	bool val = server->InDirectoryCheck();
 	/* done! */
        /* unlock Mutexes */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
--- a/libretroshare/src/rsserver/p3face-network.cc
+++ b/libretroshare/src/rsserver/p3face-network.cc
@ -1,435 +0,0 @@
 /*
 * "$Id: p3face-people.cc,v 1.8 2007-04-15 18:45:23 rmf24 Exp $"
 *
 * RetroShare C++ Interface.
 *
 * Copyright 2004-2006 by Robert Fernie.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License Version 2 as published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 *
 * Please report all bugs and problems to "retroshare@lunamutt.com".
 *
 */
 #include "dht/dhthandler.h"
 #include "upnp/upnphandler.h"
 #include "rsserver/p3face.h"
 #include "rsserver/pqistrings.h"
 #include <iostream>
 #include <sstream>
 #include "util/rsdebug.h"
 #include <sys/time.h>
 #include <time.h>
 const int p3facenetworkzone = 4219;
 /*****
 int RsServer::NetworkDHTActive(bool active);
 int RsServer::NetworkUPnPActive(bool active);
 int RsServer::NetworkDHTStatus();
 int RsServer::NetworkUPnPStatus();
 ********/
 /* internal */
 /*****
 int	RsServer::CheckNetworking();
 int	RsServer::InitNetworking();
 int RsServer::InitDHT();
 int RsServer::CheckDHT();
 int RsServer::InitUPnP();
 int RsServer::CheckUPnP();
 ********/
 int RsServer::NetworkDHTActive(bool active)
 {
 	lockRsCore(); /* LOCK */
 	server->setDHTEnabled(active);
 	unlockRsCore(); /* UNLOCK */
 	return 1;
 }
 int RsServer::NetworkUPnPActive(bool active)
 {
 	lockRsCore(); /* LOCK */
 	server->setUPnPEnabled(active);
 	unlockRsCore(); /* UNLOCK */
 	return 1;
 }
 int RsServer::NetworkDHTStatus()
 {
 	lockRsCore(); /* LOCK */
 	server->getDHTEnabled();
 	unlockRsCore(); /* UNLOCK */
 	return 1;
 }
 int RsServer::NetworkUPnPStatus()
 {
 	lockRsCore(); /* LOCK */
 	server->getUPnPEnabled();
 	unlockRsCore(); /* UNLOCK */
 	return 1;
 }
 int	RsServer::InitNetworking(std::string dhtfile)
 {
 	InitDHT(dhtfile);
 	InitUPnP();
 	return 1;
 }
 int	RsServer::CheckNetworking()
 {
 	CheckDHT();
 	CheckUPnP();
 	return 1;
 }
 dhthandler *dhtp = NULL;
 upnphandler *upnpp = NULL;
 pqiAddrStore *getDHTServer()
 {
 	return dhtp;
 }
 int	RsServer::InitDHT(std::string file)
 {
 	/* only startup if it is supposed to be started! */
 	if (server -> getDHTEnabled()) 
 	{
 	  dhtp = new dhthandler(file);
 	}
 	else
 	{
 	  dhtp = new dhthandler("");
 	}
 	/* 
 	 *
 	 */
 	dhtp -> start();
 	cert *c = sslr -> getOwnCert();
 	SetExternalPorts();
 	/* give it our port, and hash */
 	dhtp -> setOwnHash(c->Signature());
 	return 1;
 }
 int	RsServer::SetExternalPorts()
 {
 	cert *c = sslr -> getOwnCert();
 	/* decide on the most sensible port */
 	unsigned short port = ntohs(c -> serveraddr.sin_port);
 	if (port < 100)
 	{
 		port = ntohs(c -> localaddr.sin_port);
 	}
 	/* set for both DHT and UPnP -> so they are the same! */
 	if (upnpp)
 		upnpp -> setExternalPort(port);
 	if (dhtp)
 		dhtp -> setOwnPort(port);
 	return 1;
 }
 int	RsServer::CheckDHT()
 {
 	lockRsCore(); /* LOCK */
 	int i;
 	int ret = 1;
 	if (server -> getDHTEnabled()) 
 	{
 		/* startup if necessary */
 	}
 	else
 	{
 		/* shutdown if necessary */
 	}
 	/* for each friend */
 	/* add, and then check */
 	std::list<cert *>::iterator it;
 	std::list<cert *> &certs = sslr -> getCertList();
 	std::string emptystr("");
 	//int online = 0;
 	for(it = certs.begin(), i = 0; it != certs.end(); it++, i++)
 	{
 		cert *c = (*it);
 		/* skip own cert */
 		if (c == sslr -> getOwnCert())
 		{
 			continue;
 		}
 		if (c -> hasDHT())
 		{
 			/* ignore */
 		}
 		else
 		{
 			std::string id = c -> Signature();
 			dhtp -> addFriend(id);
 			struct sockaddr_in addr;
 			unsigned int flags;
 			if (dhtp -> addrFriend(id, addr, flags))
 			{
 				c -> setDHT(addr, flags);
 				/* connect attempt! */
 				c -> nc_timestamp = 0;
 				c -> WillConnect(true);
 			}
 		}
 	}
 	unlockRsCore(); /* UNLOCK */
 	return ret;
 }
 int	RsServer::InitUPnP()
 {
 	upnpp = new upnphandler();
 	/* 
 	 *
 	 */
 	/* set our internal address to it */
 	cert *c = sslr -> getOwnCert();
 	upnpp -> setInternalAddress(c -> localaddr);
 	SetExternalPorts();
 	upnpp -> start();
 	return 1;
 }
 int	RsServer::CheckUPnP()
 {
 	lockRsCore(); /* LOCK */
 	int ret = 1;
 	/* set our internal address to it */
 	cert *c = sslr -> getOwnCert();
 	upnpp -> setInternalAddress(c -> localaddr);
 	/* get the state */
 	upnpentry ent;
 	int state = upnpp -> getUPnPStatus(ent);
 	if (server -> getUPnPEnabled()) 
 	{
 		std::cerr << "UPnP ENABLED: ";
 		switch(state)
 		{
 			case RS_UPNP_S_ACTIVE:
 				std::cerr << "UPnP Forwarding already up";
 			break;
 			case RS_UPNP_S_UDP_FAILED:
 				std::cerr << "UPnP TCP Forwarding Ok / UDP Failed";
 			break;
 			case RS_UPNP_S_TCP_FAILED:
 				std::cerr << "UPnP Forwarding Failed";
 			break;
 			case RS_UPNP_S_READY:
 				std::cerr << "Setting up UPnP Forwarding";
 				upnpp -> setupUPnPForwarding();
 			break;
 			case RS_UPNP_S_UNAVAILABLE:
 			case RS_UPNP_S_UNINITIALISED:
 				std::cerr << "Error UPNP not working";
 			break;
 		}
 	}
 	else
 	{
 		std::cerr << "UPnP DISABLED: ";
                /* shutdown a forward */
 		switch(state)
 		{
 			case RS_UPNP_S_ACTIVE:
 			case RS_UPNP_S_UDP_FAILED:
 			case RS_UPNP_S_TCP_FAILED:
 				std::cerr << "Shutting down UPnP Forwarding";
                		upnpp->shutdownUPnPForwarding();
 			break;
 			case RS_UPNP_S_READY:
 				std::cerr << "UPnP Forwarding already down";
 			break;
 			case RS_UPNP_S_UNAVAILABLE:
 			case RS_UPNP_S_UNINITIALISED:
 				std::cerr << "Error UPNP not working";
 			break;
 		}
 	}
 	std::cerr << std::endl;
 	unlockRsCore(); /* UNLOCK */
 	return ret;
 }
 /* called from update Config (inside locks) */
 int	RsServer::UpdateNetworkConfig(RsConfig &config)
 {
 	upnpentry ent;
 	int state = upnpp -> getUPnPStatus(ent);
 	config.DHTActive  = server -> getDHTEnabled();
 	config.DHTPeers   = dhtp   -> dhtPeers();
 	config.uPnPActive = server -> getUPnPEnabled();
 	config.uPnPState  = state;
 	return 1;
 }
 /************************/
 int     RsServer::ConfigSetLocalAddr( std::string ipAddr, int port )
 {
 	/* check if this is all necessary */
 	struct in_addr inaddr_local;
 	if (0 == inet_aton(ipAddr.c_str(), &inaddr_local))
 	{
 		//bad address - reset.
 		return 0;
 	}
 	/* fill the rsiface class */
 	RsIface &iface = getIface();
 	/* lock Mutexes */
 	lockRsCore();     /* LOCK */
 	iface.lockData(); /* LOCK */
 	/* a little rough and ready, should be moved to the server! */
 	cert *c = sslr -> getOwnCert();
 	/* always change the address (checked by sslr->checkNetAddress()) */
 	c -> localaddr.sin_addr = inaddr_local;
 	c -> localaddr.sin_port = htons((short) port);
 	sslr -> checkNetAddress();
 	pqih -> restart_listener();
 	sslr -> CertsChanged();
 	/* update local port address on uPnP */
 	upnpp -> setInternalAddress(c -> localaddr);
 	/* unlock Mutexes */
 	iface.unlockData(); /* UNLOCK */
 	unlockRsCore();     /* UNLOCK */
 	/* does its own locking */
 	UpdateAllConfig();
 	return 1;
 }
 int     RsServer::ConfigSetExtAddr( std::string ipAddr, int port )
 {
 	/* check if this is all necessary */
 	struct in_addr inaddr;
 	if (0 == inet_aton(ipAddr.c_str(), &inaddr))
 	{
 		//bad address - reset.
 		return 0;
 	}
 	/* fill the rsiface class */
 	RsIface &iface = getIface();
 	/* lock Mutexes */
 	lockRsCore();     /* LOCK */
 	iface.lockData(); /* LOCK */
 	/* a little rough and ready, should be moved to the server! */
 	cert *c = sslr -> getOwnCert();
 	/* always change the address (checked by sslr->checkNetAddress()) */
 	c -> serveraddr.sin_addr = inaddr;
 	c -> serveraddr.sin_port = htons((short) port);
 	sslr -> checkNetAddress();
 	sslr -> CertsChanged();
 	/* update the DHT/UPnP port (in_addr is auto found ) */
 	SetExternalPorts();
 	/* unlock Mutexes */
 	iface.unlockData(); /* UNLOCK */
 	unlockRsCore();     /* UNLOCK */
 	/* does its own locking */
 	UpdateAllConfig();
 	return 1;
 }
--- a/libretroshare/src/rsserver/p3face-people.cc
+++ b/libretroshare/src/rsserver/p3face-people.cc
@ -1,932 +0,0 @@
 /*
 * "$Id: p3face-people.cc,v 1.8 2007-04-15 18:45:23 rmf24 Exp $"
 *
 * RetroShare C++ Interface.
 *
 * Copyright 2004-2006 by Robert Fernie.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License Version 2 as published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 *
 * Please report all bugs and problems to "retroshare@lunamutt.com".
 *
 */
 #include "rsserver/p3face.h"
 #include "rsserver/pqistrings.h"
 #include "dht/dhthandler.h"
 const int p3facepersonzone = 11451;
 /*****
 *
 *
 * Friend Interface
 *
 //	Basic Connect/Denied Fns 
 int RsServer::FriendStatus(std::string id, bool accept);
 int RsServer::FriendRemove(std::string id);
 int RsServer::FriendConnectAttempt(std::string id);
 //	Configuration
 int RsServer::FriendSetAddress(std::string id, std::string &addr, 
 		unsigned short port);
 int RsServer::FriendSaveCertificate(std::string id, std::string fname); (TODO)
 int RsServer::FriendSetBandwidth(std::string id, float outkB, float inkB);
 //	Trust
 int RsServer::FriendSignCert(std::string id);
 int RsServer::FriendTrustSignature(std::string id, bool trust);
 *
 * Neighbour Interface
 *
 // Not much here.
 std::string RsServer::NeighGetInvite();
 int     RsServer::NeighLoadPEMString(std::string pem, std::string &id);
 int 	RsServer::NeighLoadCertificate(std::string fname, std::string &id);
 int     RsServer::NeighAuthFriend(std::string id, RsAuthId code);
 int 	RsServer::NeighAddFriend(std::string id);
 int RsServer::NeighGetSigners(std::string uid, char *out, int len);
 * This file implements the Above fns from the set of RsCore
 * functions. Above are the public entry points.
 *
 * Below are the private util fns....
 * These are unique the the functions here, 
 * any common util fns are defined in p3face.cc
 *
 // Update Functions.
 int	RsServer::UpdateAllCerts():
 int	RsServer::UpdateAllNetwork();
 * These must be run from outside the lock 
 *
 void intNotifyCertError(RsCertId &id, std::string str)
 void intNotifyChangeCert(RsCertId &id)
 *
 *
 */
 #include "rsserver/p3face.h"
 #include <iostream>
 #include <sstream>
 #include "util/rsdebug.h"
 const int fltksrvrzone = 25915;
 #include <sys/time.h>
 #include <time.h>
 /* Internal->Ext Translation */
 void initRsNI(cert *c, NeighbourInfo &ni);
 /* so first the cert */
 /* Public Functions */
 /****************************************/
 	/* Public Friend Operations
 	 * will lock control/iface if needed.
 	 *
 	 * Notifies must be outside the lock
 	 * (so that it can read iface really)
 	 *
 	 * */
 int RsServer::FriendStatus(std::string uid, bool accept)
 {
 	lockRsCore(); /* LOCK */
 	RsCertId id(uid);
 	std::cerr << "RsServer::FriendStatus() " << uid << " accept: " << accept << std::endl;
 	if (accept)
 	{
 		mConnMgr->addFriend(uid);
 	}
 	else
 	{
 		mConnMgr->removeFriend(uid);
 	}
 	unlockRsCore(); /* UNLOCK */
 	/* call the repopulate fn */
 	UpdateAllCerts();
 	return 1;
 }
 int RsServer::FriendRemove(std::string uid)
 {
 	lockRsCore(); /* LOCK */
 	std::cerr << "RsServer::FriendRemove() " << uid << std::endl;
 	mConnMgr->removeFriend(uid);
 	unlockRsCore(); /* UNLOCK */
 	/* call the repopulate fn */
 	UpdateAllCerts();
 	return 1;
 }
 int RsServer::FriendConnectAttempt(std::string uid)
 {
 	int err = 0;
 	lockRsCore(); /* LOCK */
 	err = mConnMgr->connectFriend(uid);
 	unlockRsCore(); /* UNLOCK */
 	/* call the repopulate fn */
 	UpdateAllCerts();
 	return err;
 }
 int RsServer::FriendSignCert(std::string uid)
 {
 	lockRsCore(); /* LOCK */
 	int ret = mConnMgr->signCertificate(uid);
 	unlockRsCore(); /* UNLOCK */
 	/* notify */
 	UpdateAllCerts();
 	return ret;
 }
 int RsServer::FriendTrustSignature(std::string uid, bool trust)
 {
 	lockRsCore(); /* LOCK */
 	int ret = -1;
 	ret = mConnMgr -> trustCertificate(uid, trust);
 	unlockRsCore(); /* UNLOCK */
 	/* notify */
 	UpdateAllCerts();
 	return ret;
 }
 /* XXX This should be changed to handle
 * (1) dns name 
 * (2) ip address.
 */
 int RsServer::FriendSetFirewall(std::string uid, bool firewalled, bool forwarded)
 {
 	lockRsCore(); /* LOCK */
 	RsCertId id(uid);
 	int ret = 1;
 	cert *c = intFindCert(id);
 	if ((c == NULL) || (c == sslr -> getOwnCert()))
 	{
 		pqioutput(PQL_ALERT, fltksrvrzone, "NULL/Own cert!");
 		ret = 0;
 	}
 	if (ret)
 	{
 		// get the server address.
 		c -> Firewalled(firewalled);
 		c -> Forwarded(forwarded);
 		/* tell SSL */
 		getSSLRoot() -> IndicateCertsChanged();
 		ret = 1;
 	}
 	unlockRsCore(); /* UNLOCK */
 	if (ret)
 	{
 		/* notify */
 		UpdateAllCerts();
 	}
 	else
 	{
 		/* error message? */
 		intNotifyCertError(id, "Failed to Change Cert Address");
 	}
 	return ret;
 }
 int RsServer::FriendSetLocalAddress(std::string uid, 
 				std::string addr_str, 
 				unsigned short port)
 {
 	struct sockaddr_in addr;
 	lockRsCore(); /* LOCK */
 	int ret = 1;
 /********************************** WINDOWS/UNIX SPECIFIC PART *******************/
 #ifndef WINDOWS_SYS
 	if (ret && (0 != inet_aton(addr_str.c_str(), &(addr.sin_addr))))
 #else
 	addr.sin_addr.s_addr = inet_addr(addr_str.c_str());
 	if (ret)
 #endif
 /********************************** WINDOWS/UNIX SPECIFIC PART *******************/
 	{
 		addr.sin_family = AF_INET;
 		addr.sin_port = htons(port);
 		mConnMgr->setPeerLocalAddress(uid, addr);
 		ret = 1;
 	}
 	unlockRsCore(); /* UNLOCK */
 	if (ret)
 	{
 		/* notify */
 		UpdateAllCerts();
 	}
 	else
 	{
 		/* error message? */
 		intNotifyCertError(id, "Failed to Change Cert Address");
 	}
 	return ret;
 }
 int RsServer::FriendSetExtAddress(std::string uid, 
 				std::string addr_str, 
 				unsigned short port)
 {
 	struct sockaddr_in addr;
 	lockRsCore(); /* LOCK */
 	int ret = 1;
 /********************************** WINDOWS/UNIX SPECIFIC PART *******************/
 #ifndef WINDOWS_SYS
 	if (ret && (0 != inet_aton(addr_str.c_str(), &(addr.sin_addr))))
 #else
 	addr.sin_addr.s_addr = inet_addr(addr_str.c_str());
 	if (ret)
 #endif
 /********************************** WINDOWS/UNIX SPECIFIC PART *******************/
 	{
 		// get the server address.
 		addr.sin_family = AF_INET;
 		addr.sin_port = htons(port);
 		mConnMgr->setPeerExtAddress(uid, addr);
 		ret = 1;
 	}
 	unlockRsCore(); /* UNLOCK */
 	if (ret)
 	{
 		/* notify */
 		UpdateAllCerts();
 	}
 	else
 	{
 		/* error message? */
 		intNotifyCertError(id, "Failed to Change Cert Address");
 	}
 	return ret;
 }
 int RsServer::FriendSetDNSAddress(std::string uid, std::string addr_str)
 {
 	lockRsCore(); /* LOCK */
 	RsCertId id(uid);
 	int ret = 1;
 	unlockRsCore(); /* UNLOCK */
 	return ret;
 }
 int RsServer::FriendSaveCertificate(std::string uid, std::string fname)
 {
 	lockRsCore(); /* LOCK */
 	RsCertId id(uid);
 	int ret = 1;
 	ensureExtension(fname, "pqi");
 	mConnMgr->saveCertificate(uid, fname);
 	unlockRsCore(); /* UNLOCK */
 	return ret;
 }
 int RsServer::FriendSetBandwidth(std::string uid, float outkB, float inkB)
 {
 	lockRsCore(); /* LOCK */
 	RsCertId id(uid);
 	int ret = 1;
 	/* don't do nothing yet */
 	unlockRsCore(); /* UNLOCK */
 	/* notify */
 	UpdateAllCerts();
 	return ret;
 }
 /********** INTERNAL PUBLIC ... 
 * a brutal but honest update.
 *
 */
 int	RsServer::UpdateAllCerts()
 {
 	/* PreNotify of the Change */
 	NotifyBase &cb = getNotify();
        cb.notifyListPreChange(NOTIFY_LIST_FRIENDS, NOTIFY_TYPE_MOD);
 	lockRsCore(); /* LOCK */
 	RsIface &iface = getIface();
 	iface.lockData(); /* LOCK IFACE */
 	int i;
 	int ret = 1;
 	std::list<std::string> peers;
 	std::list<std::string>::iterator it;
 	mConnMgr->getFriendList(peers);
 	// clear the data.
 	std::map<RsChanId, NeighbourInfo> &frnds = iface.mFriendMap;
 	frnds.clear();
 	for(it = peers.begin(); it != peers.end(); it++)
 	{
 		peerConnectState state;
 		mConnMgr->setFriendNetStatus(*it, state);
 		std::string emptystr("");
 		NeighbourInfo ni;
 		initRsNI(state, ni); /* same as for neighbour */
 		frnds[ni.id] = ni;
 		/* let the GUI know */
 		iface.setChanged(RsIface::Friend);
 	}
 	iface.unlockData(); /* UNLOCK IFACE */
 	unlockRsCore(); /* UNLOCK */
 	/* Now Notify of the Change */
        cb.notifyListChange(NOTIFY_LIST_FRIENDS, NOTIFY_TYPE_MOD);
 	return ret;
 }
 /********* UNLOCKED INTERNAL CERT FNS....
 * These must be called from 
 * outside the lock
 */
 void RsServer::intNotifyCertError(RsCertId &id, std::string str)
 {
 	NotifyBase &cb = getNotify();
 	cb.notifyErrorMsg(NOTIFY_LIST_FRIENDS, 0, str);
 	return;
 }
 void RsServer::intNotifyChangeCert(RsCertId &id)
 {
 	RsIface &iface = getIface();
 	/* flag certId as modified */
 	bool mods;
 	iface.lockData();
 	std::map<RsCertId,NeighbourInfo> &nl = iface.mNeighbourMap;
 	std::map<RsCertId,NeighbourInfo>::iterator it;
 	if (nl.end() != (it = nl.find(id)))
 	{
 		it -> second.flags = INFO_CHG;
 		mods = true;
 		/* Flag as changed */
 		iface.setChanged(RsIface::Neighbour);
 	}
 	nl = iface.mFriendMap;
 	//std::map<RsCertId,NeighbourInfo>::iterator it;
 	if (nl.end() != (it = nl.find(id)))
 	{
 		it -> second.flags = INFO_CHG;
 		mods = true;
 		/* Flag as changed */
 		iface.setChanged(RsIface::Friend);
 	}
 	iface.unlockData();
 	/* send the notify message */
 	if (mods)
 	{
 		std::cerr << "************** Notifying neighbor change *******************" << std::endl ;
 	  getNotify().notifyListChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD);
 	  getNotify().notifyListChange(NOTIFY_LIST_FRIENDS, NOTIFY_TYPE_MOD);
 	}
 }
 /********* LOCKED INTERNAL CERT FNS....
 * These must be called from within the Mutex.
 */
 /**************************** NEIGHBOUR FNS *******************
 *
 *
 *
 */
 /****************************************/
 	/* Neighbour Operations */
 std::string RsServer::NeighGetInvite()
 {
 	lockRsCore(); /* LOCK */
 	peerConnectState state;
 	mConnMgr->getOwnNetStatus(state);
 	std::string name = state.name;
 	std::string certstr = mConnMgr -> getCertificateAsString(state.id);
 	unlockRsCore(); /* UNLOCK */
 	std::ostringstream out;
 	out << "You have been invited to join the retroshare";
 	out << " community by: " << name;
 	out << std::endl;
 	out << std::endl;
 	out << "Retroshare is a Friend-2-Friend network that enables you to";
 	out << " communicate securely and";
 	out << std::endl;
 	out << "privately with your friends. ";
 	out << "You can use it for chat, messages, ";
 	out << "channels, and file-sharing. ";
 	out << std::endl;
 	out << std::endl;
 	out << "Download it from: ";
 	out << "http://retroshare.sf.net";
 	out << std::endl;
 	out << std::endl;
 	out << "Thanks, ";
 	out << "  " << name << ", DrBob and the RetroShare Team!";
 	out << std::endl;
 	out << std::endl;
 	out << certstr;
 	out << std::endl;
 	return out.str();
 }
 /* same as the one below (almost) */
 int     RsServer::NeighLoadPEMString(std::string pem, std::string &id)
 {
 	lockRsCore(); /* LOCK */
 	id = mConnMgr -> loadCertificateAsString(pem);
 	/* ensure it gets to p3disc */
 	if (ad)
 	{
 		ad -> distillData();
 	}
 	unlockRsCore(); /* UNLOCK */
 	if (id != "")
 	{
 		UpdateAllNetwork();
 		return 1;
 	}
 	return 0;
 }
 int  RsServer::NeighLoadCertificate(std::string fname, std::string &id)
 {
 	lockRsCore(); /* LOCK */
 	int ret = 1;
 	lockRsCore(); /* LOCK */
 	id = mConnMgr -> loadCertificateFromFile(fname);
 	/* ensure it gets to p3disc */
 	if (ad)
 	{
 		ad -> distillData();
 	}
 	unlockRsCore(); /* UNLOCK */
 	if (id != "")
 	{
 		UpdateAllNetwork();
 		return 1;
 	}
 	return 0;
 }
 int RsServer::NeighAuthFriend(std::string uid, RsAuthId code)
 {
 	lockRsCore(); /* LOCK */
 	RsCertId id(uid);
 	int ret = mConnMgr -> AuthNeighbour(uid, code);
 	unlockRsCore(); /* UNLOCK */
 	if (ret)
 	{
 		/* Notify of changes */
 		return UpdateAllNetwork();
 	}
 	return (ret);
 }
 int 	RsServer::NeighAddFriend(std::string uid)
 {
 	lockRsCore(); /* LOCK */
 	int ret = mConnMgr -> AddNeighbour(uid);
 	unlockRsCore(); /* UNLOCK */
 	if (ret)
 	{
 		/* Changed Cert Lists -> Notify */
 		return UpdateAllCerts();
 	}
 	return (ret);
 }
 int RsServer::NeighGetSigners(std::string uid, char *out, int len)
 {
 	lockRsCore(); /* LOCK */
 	RsCertId id(uid);
 	std::list<std::string> signers;
 	std::list<std::string>::iterator it;
 	int ret = 1;
 	cert *c = intFindCert(id);
 	if ((c == NULL) || (c->certificate == NULL))
 	{
 		ret = 0;
 	}
 	/* if valid, get signers */
 	if (ret)
 	{
 		std::string str;
 		signers = getXPGPsigners(c->certificate);
 		for(it = signers.begin(); it != signers.end(); it++)
 		{
 			str += (*it);
 			str += "\n";
 		}
 		strncpy(out, str.c_str(), len);
 		std::cerr << "SIGNERS(1): " << str << std::endl;
 		std::cerr << "SIGNERS(2): " << out << std::endl;
 		ret = signers.size();
 	}
 	unlockRsCore(); /* UNLOCK */
 	return ret;
 }
 int  RsServer::UpdateAllNetwork()
 {
 	/* PreNotify of the Change */
 	NotifyBase &cb = getNotify();
 		std::cerr << "************** Notifying neighbor change 2 *******************" << std::endl ;
        cb.notifyListPreChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD);
 	lockRsCore(); /* LOCK */
 	RsIface &iface = getIface();
 	iface.lockData(); /* LOCK IFACE */
 	int ret = 1;
 	int i;
 	std::list<std::string> peers;
 	std::list<std::string>::iterator it;
 	mConnMgr->getOthersList(peers);
 	// clear the data.
 	std::map<RsChanId, NeighbourInfo> &neighs = iface.mNeighbourMap;
 	neighs.clear();
 	for(it = peers.begin(); it != peers.end(); it++)
 	{
 		peerConnectState state;
 		mConnMgr->getOthersNetStatus(*it, state);
 		NeighbourInfo ni;
 		initRsNI(state, ni); /* same as for neighbour */
 		neighs[ni.id] = ni;
 		/* let the GUI know */
 		iface.setChanged(RsIface::Friend);
 	}
 	/* let the GUI know */
 	iface.setChanged(RsIface::Neighbour);
 	iface.unlockData(); /* UNLOCK IFACE */
 	unlockRsCore(); /* UNLOCK */
 	/* Now Notify of the Change */
 		std::cerr << "************** Notifying neighbor change 3 *******************" << std::endl ;
        cb.notifyListChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD);
 	return ret;
 }
 /******************** Translation from Int -> Ext Dtype *******************
 *
 * MUST BE UNDER LOCK!
 *
 */
 void RsServer::initRsNI(cert *c, NeighbourInfo &ni)
 {
 	ni.id = intGetCertId(c);    /* get Id! */
 	ni.name = get_cert_name(c);
 	ni.org = get_cert_org(c);
 	ni.loc = get_cert_loc(c);
 	ni.country = get_cert_country(c);
 	ni.authCode = getXPGPAuthCode(c->certificate);
 	if (c->trustLvl == TRUST_SIGN_UNKNOWN)
 	{
 		sslr -> checkAuthCertificate(c);
 	}
 	ni.trustLvl = c->trustLvl;
 	ni.trustString = get_trust_string(c);
 	ni.statusString = get_status_string(c->Status());
 	ni.connectString = get_autoconnect_string(c);
 	ni.peerAddress = get_server_string(c);
        ni.lastConnect = get_lastconnecttime_string(c);
 	if (c -> Accepted())
 	{
 		ni.acceptString = "Accept";
 	}
 	else
 	{
 		ni.acceptString = "Deny";
 	}
 	std::list<std::string>::iterator it;
 	/**** TODO ****
 	std::list<std::string> signers = getXPGPsigners(c->certificate);
 	for(it = signers.begin(); it != signers.end(); it++)
 	{
 		ni.signIds = 
 		ui -> neigh_signers -> add(it->c_str());
 		std::cerr << *it << std::endl;
 	}
 	******/
 	  /* check if we have signed the certificate */
 	ni.ownsign = (0 < validateCertificateIsSignedByKey(c->certificate, 
 			sslr -> getOwnCert() -> certificate));
        /* ports */
 	ni.localAddr = inet_ntoa(c->localaddr.sin_addr);
 	ni.localPort = ntohs(c->localaddr.sin_port);
 	ni.firewalled = c -> Firewalled();
 	ni.forwardPort  = c -> Forwarded();
 	if (c -> Firewalled() && !c -> Forwarded())
 	{
 		ni.extAddr = "0.0.0.0";
 		ni.extPort = 0;
 		ni.extName = "<Incoming Not Possible>";
 	}
 	else
 	{
 		ni.extAddr = inet_ntoa(c -> serveraddr.sin_addr);
 		ni.extPort = ntohs(c -> serveraddr.sin_port);
 		ni.extName = c->dynDNSaddr;
 	}
 	/* data rates */
 	ni.maxRate = (int) pqih -> getMaxIndivRate(true);/* kb */
 	ni.inChat = c -> InChat();
 	ni.inMsg  = c -> InMessage();
 	return;
 }
 /* Add rest to neighbourItem later */
 #if 0
 	int status = c -> Status();
 	if (!isfriend)
 	{
 		status = 0;
 	}
 	ui -> cert_status -> value((get_status_string(status)).c_str());
 	if (isfriend)
 	{
 	  ui -> cert_status -> value((get_status_string(status)).c_str());
 	}
 	else
 	{
 	  ui -> cert_status -> value("Neighbour");
 	}
 	// SET SERVER.
 	if (!cert_item_ok)
 	{
 	  ui->cert_server->value(inet_ntoa(c->serveraddr.sin_addr));
 	  ui ->cert_port->value(ntohs(c->serveraddr.sin_port));
 	  /* check if we have signed the certificate */
 	  if (0 < validateCertificateIsSignedByKey(c->certificate, 
 			sslr -> getOwnCert() -> certificate))
 	  {
 	  	ui->cert_authcode->value(
 			getXPGPAuthCode(c->certificate).c_str());
 	  	ui ->cert_authcode->deactivate();
 	  	ui ->cert_sign_button->deactivate();
 	  }
 	  else
 	  {
 	  	ui ->cert_authcode->value("");
 	  	ui ->cert_authcode->activate();
 	  	ui ->cert_sign_button->deactivate();
 	  }
 	}
 	if (c -> Manual() || (!isfriend))
 		ui -> cert_auto -> value(0);
 	else
 		ui -> cert_auto -> value(1);
 	// Finally Fill in the Text Editor.
 	certtext = get_cert_info(c);
 	// Last Connection 
 	// Server Address
 	// Status
 	// Hashes
 	buf = ui -> cert_details -> buffer();
 	buf -> text(certtext.c_str());
 	if (status & PERSON_STATUS_ACCEPTED)
 		ui -> cert_allow -> value(1);
 	else
 		ui -> cert_allow -> value(0);
 	if (status & PERSON_STATUS_WILL_LISTEN)
 		ui -> cert_listen -> value(1);
 	else
 		ui -> cert_listen -> value(0);
 	if (status & PERSON_STATUS_WILL_CONNECT)
 		ui -> cert_connect -> value(1);
 	else
 		ui -> cert_connect -> value(0);
 	if (status & PERSON_STATUS_TRUSTED)
 	{
 		ui -> cert_trust_person -> value(1);
 	}
 	else
 	{
 		ui -> cert_trust_person -> value(0);
 	}
 	cert_item_ok = true;
 	return 1;
 }
 #endif
 int RsServer::ensureExtension(std::string &name, std::string def_ext)
 {
 	/* if it has an extension, don't change */
 	int len = name.length();
 	int extpos = name.find_last_of('.');
 	std::ostringstream out;
 	out << "ensureExtension() name: " << name << std::endl;
 	out << "\t\t extpos: " << extpos;
 	out << " len: " << len << std::endl;
 	/* check that the '.' has between 1 and 4 char after it (an extension) */
 	if ((extpos > 0) && (extpos < len - 1) && (extpos + 6 > len))
 	{
 		/* extension there */
 		std::string curext = name.substr(extpos, len);
 		out << "ensureExtension() curext: " << curext << std::endl;
 		std::cerr << out.str();
 		return 0;
 	}
 	if (extpos != len - 1)
 	{
 		name += ".";
 	}
 	name += def_ext;
 	out << "ensureExtension() added ext: " << name << std::endl;
 	std::cerr << out.str();
 	return 1;
 }
--- a/libretroshare/src/rsserver/p3face-startup.cc
+++ b/libretroshare/src/rsserver/p3face-startup.cc
@ -97,7 +97,16 @@ RsTurtle *rsTurtle = NULL ;
 	#include "pqi/authxpgp.h"
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 /**************** PQI_USE_SSLONLY ***************/
  #if defined(PQI_USE_SSLONLY)
 	#include "pqi/authssl.h"
  #else /* X509 Certificates */
  /**************** PQI_USE_SSLONLY ***************/
  /**************** SSL + OPENPGP *****************/
 	#include "pqi/authgpg.h"
 	#include "pqi/authssl.h"
  #endif /* X509 Certificates */
  /**************** SSL + OPENPGP *****************/
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
@ -479,27 +488,27 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored)
 		std::cerr << "No Existing User" << std::endl;
 	}
 #else /* X509 Certificates */
-/**************** PQI_USE_XPGP ******************/
+/**************** PQI_USE_SSLONLY ***************/
-
+	/* Initial Certificate load will be X509 for SSL cases.
-	/* here we need to decide if existing user is okay....
+	 * in the OpenPGP case, this needs to be checked too.
 	 * obviously - it can't be until we have functions
 	 * to do it!
 	 */
 	if (LoadCheckX509andGetName(load_cert.c_str(), userName, userId))
 	{
 		std::cerr << "X509 Existing Name: " << userName << std::endl;
 		std::cerr << "Existing Id: " << userId << std::endl;
 		existingUser = true;
 	}
 	else
 	{
 		std::cerr << "No Existing User" << std::endl;
 	}
 /**************** SSL + OPENPGP *****************/
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	/* do a null init to allow the SSL libray to startup! */
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	/* do a null init to allow the SSL libray to startup! */
 	getAuthMgr() -> InitAuth(NULL, NULL, NULL);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	getAuthMgr() -> InitAuth(NULL, NULL, NULL);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	/* if existing user, and havePasswd .... we can skip the login prompt */
 	if (existingUser)
@ -516,6 +525,74 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored)
 	return 0;
 }
 #ifdef RS_USE_PGPSSL
 int	RsInit::GetLogins(std::list<std::string> &pgpIds)
 {
  #ifdef PQI_USE_XPGP
 	return 0;
  #else
    #ifdef PQI_USE_SSLONLY
 	return 0;
    #else  // PGP+SSL
 	GPGAuthMgr *mgr = (GPGAuthMgr *) getAuthMgr();
 	mgr->availablePGPCertificates(pgpIds);
 	return 1;
    #endif
  #endif
 }
 int RsInit::GetLoginDetails(std::string id, std::string &name, std::string &email)
 {
  #ifdef PQI_USE_XPGP
 	return 0;
  #else
    #ifdef PQI_USE_SSLONLY
 	return 0;
    #else  // PGP+SSL
 	GPGAuthMgr *mgr = (GPGAuthMgr *) getAuthMgr();
 	name = id;
 	email = id;
 	return 1;
    #endif
  #endif
 }
 std::string RsInit::gpgPasswd;
 bool RsInit::LoadGPGPassword(std::string id, std::string _passwd)
 {
 	bool ok = false;
 	std::string gpgId = id;
 	std::string name = id;
 	gpgPasswd = _passwd;
 	GPGAuthMgr *gpgAuthMgr = (GPGAuthMgr *) getAuthMgr();
 	if (0 < gpgAuthMgr -> GPGInit(gpgId, name, gpgPasswd.c_str()))
 	{
 		ok = true;
 		std::cerr << "PGP Auth Success!";
 		std::cerr << "ID: " << id << " NAME: " << name;
 		std::cerr << std::endl;
 	}
 	else
 	{
 		std::cerr << "PGP Auth Failed!";
 		std::cerr << "ID: " << id << " NAME: " << name;
 		std::cerr << std::endl;
 	}
 	return ok;
 }
 #endif // RS_USE_PGPSSL
 const std::string& RsServer::certificateFileName() { return RsInit::load_cert ; }
 /*
@ -594,15 +671,7 @@ int RsServer::StartupRetroShare()
 	mAuthMgr -> setConfigDirectories(certConfigFile, certNeighDir);
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	((AuthXPGP *) mAuthMgr) -> loadCertificates(oldFormat, oldConfigMap);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	mAuthMgr -> loadCertificates();
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	/**************************************************************************/
 	/* setup classes / structures */
@ -774,23 +843,6 @@ int RsServer::StartupRetroShare()
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	if (oldFormat)
 	{
 		std::cerr << "Startup() Loaded Old Certificate Format" << std::endl;
 		/* transfer all authenticated peers to friend list */
 		std::list<std::string> authIds;
 		mAuthMgr->getAuthenticatedList(authIds);
 		std::list<std::string>::iterator it;
 		for(it = authIds.begin(); it != authIds.end(); it++)
 		{
 			mConnMgr->addFriend(*it);
 		}
 		/* move other configuration options */
 	}
 	/**************************************************************************/
 	/* trigger generalConfig loading for classes that require it */
 	/**************************************************************************/
@ -948,20 +1000,46 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 	p3AuthMgr *authMgr = getAuthMgr();
 	bool ok = false;
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	if (0 < authMgr -> InitAuth(load_cert.c_str(), load_key.c_str(),passwd.c_str()))
 	{
 		ok = true;
 	}
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	/* The SSL + PGP version will require
+	/* The SSL / SSL + PGP version requires, SSL init + PGP init.  */
-	 *  Id of pgp account + password
+  /**************** PQI_USE_XPGP ******************/
-	 * padding with NULLs
+  #if defined(PQI_USE_SSLONLY)
-	 */
+	if (0 < authMgr -> InitAuth(load_cert.c_str(), load_key.c_str(),passwd.c_str()))
 	{
 		ok = true;
 	}
 	else
 	{
 		std::cerr << "AuthSSL::InitAuth Failed" << std::endl;
 	}
-	if (0 < authMgr -> InitAuth(load_cert.c_str(), NULL, passwd.c_str()))
+  #else /* X509 Certificates */
  /**************** PQI_USE_XPGP ******************/
 	/* The SSL / SSL + PGP version requires, SSL init + PGP init.  */
 	if (0 < authMgr -> InitAuth(load_cert.c_str(), load_key.c_str(),passwd.c_str()))
 	{
 		ok = true;
 	}
 	else
 	{
 		std::cerr << "SSL Auth Failed!";
 		std::cerr << std::endl;
 	}
  #endif /* X509 Certificates */
  /**************** PQI_USE_XPGP ******************/
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	if (ok)
 	{
 		if (autoLoginNT)
 		{
@ -1003,6 +1081,7 @@ bool RsInit::ValidateCertificate(std::string &userName)
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 		/* check against authmanagers private keys */
 		return LoadCheckX509andGetName(fname.c_str(), userName, userId);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
@ -1019,6 +1098,7 @@ bool RsInit::ValidateTrustedUser(std::string fname, std::string &userName)
 	valid = LoadCheckXPGPandGetName(fname.c_str(), userName, userId);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	valid = LoadCheckX509andGetName(fname.c_str(), userName, userId);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
@ -1041,6 +1121,7 @@ bool RsInit::LoadPassword(std::string _passwd)
 	return true;
 }
 /* A little nasty fn....
 * (1) returns true, if successful, and updates config.
 * (2) returns false if fails, with error msg to errString.
@ -1083,6 +1164,7 @@ bool RsInit::RsGenerateCertificate(
 	std::string key_name = basename + "_pk.pem";
 	std::string cert_name = basename + "_cert.pem";
 	bool gen_ok = false;
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
@ -1095,18 +1177,187 @@ bool RsInit::RsGenerateCertificate(
 			"", //ui -> gen_state -> value(),
 			country.c_str(),
 			nbits))
 	{
 		gen_ok = true;
 	}
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
-	/* UNTIL THIS IS FILLED IN CANNOT GENERATE X509 REQ */
+/**************** PQI_USE_XPGP ******************/
-	/* What should happen here - is a new openpgp certificate
+   #if defined(PQI_USE_SSLONLY)
-	 * is created, with a retroshare subkey, 
+	X509_REQ *req = GenerateX509Req(
-	 * this is then used to generate a self-signed certificate 
+			key_name.c_str(),
 			password.c_str(),
 			name.c_str(),
 			"", //ui -> gen_email -> value(),
 			org.c_str(),
 			loc.c_str(),
 			"", //ui -> gen_state -> value(),
 			country.c_str(),
 			nbits, errString);
 	/* load private key */
 	/* now convert to a self-signed certificate */
 	EVP_PKEY *privkey = NULL;
 	long days = 3000;
 	gen_ok = true;
        /********** Test Loading the private Key.... ************/
        FILE *tst_in = NULL;
        if (NULL == (tst_in = fopen(key_name.c_str(), "rb")))
        {
                fprintf(stderr,"RsGenerateCert() Couldn't Open Private Key");
                fprintf(stderr," : %s\n", key_name.c_str());
                gen_ok = false;
        }
        if ((gen_ok) && (NULL == (privkey =
                PEM_read_PrivateKey(tst_in,NULL,NULL,(void *) password.c_str()))))
        {
                fprintf(stderr,"RsGenerateCert() Couldn't Read Private Key");
                fprintf(stderr," : %s\n", key_name.c_str());
 		gen_ok = false;
        }
 	X509 *cert = NULL;
 	if (gen_ok)
 	{
 		cert = SignX509Certificate(X509_REQ_get_subject_name(req), 
 						privkey,req,days);
 		/* Print the signed Certificate! */
       		BIO *bio_out = NULL;
        	bio_out = BIO_new(BIO_s_file());
        	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
        	/* Print it out */
        	int nmflag = 0;
        	int reqflag = 0;
        	X509_print_ex(bio_out, cert, nmflag, reqflag);
        	BIO_flush(bio_out);
        	BIO_free(bio_out);
 	}
 	else
        {
                fprintf(stderr,"RsGenerateCert() Didn't Sign Certificate\n");
 		gen_ok = false;
        }
 	/* Save cert to file */
        // open the file.
        FILE *out = NULL;
        if (NULL == (out = fopen(cert_name.c_str(), "w")))
        {
                fprintf(stderr,"RsGenerateCert() Couldn't create Cert File");
                fprintf(stderr," : %s\n", cert_name.c_str());
                return 0;
        }
        if (!PEM_write_X509(out,cert))
        {
                fprintf(stderr,"RsGenerateCert() Couldn't Save Cert");
                fprintf(stderr," : %s\n", cert_name.c_str());
                return 0;
        }
 	if (cert)
 	{	
 		gen_ok = true;
 	}
 	X509_free(cert);
 	X509_REQ_free(req);
        fclose(tst_in);
 	fclose(out);
        EVP_PKEY_free(privkey);
  #else /* X509 Certificates */
  /**************** PQI_USE_XPGP ******************/
 	/* Extra step required for SSL + PGP, user must have selected
 	 * or generated a suitable key so the signing can happen.
 	 */
-	//mAuthMgr->createUser( );
+
 	X509_REQ *req = GenerateX509Req(
 			key_name.c_str(),
 			password.c_str(),
 			name.c_str(),
 			"", //ui -> gen_email -> value(),
 			org.c_str(),
 			loc.c_str(),
 			"", //ui -> gen_state -> value(),
 			country.c_str(),
 			nbits, errString);
 	GPGAuthMgr *mgr = (GPGAuthMgr *) getAuthMgr();
 	long days = 3000;
 	X509 *x509 = mgr->SignX509Req(req, days, "dummypassword");
 	X509_REQ_free(req);
 	/* save to file */
 	if (x509)
 	{	
 		gen_ok = true;
 		/* Print the signed Certificate! */
       		BIO *bio_out = NULL;
        	bio_out = BIO_new(BIO_s_file());
        	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
        	/* Print it out */
        	int nmflag = 0;
        	int reqflag = 0;
        	X509_print_ex(bio_out, x509, nmflag, reqflag);
        	BIO_flush(bio_out);
        	BIO_free(bio_out);
 	}
 	else
        {
 		gen_ok = false;
        }
 	if (gen_ok)
 	{
 		/* Save cert to file */
        	// open the file.
        	FILE *out = NULL;
        	if (NULL == (out = fopen(cert_name.c_str(), "w")))
        	{
               		fprintf(stderr,"RsGenerateCert() Couldn't create Cert File");
                	fprintf(stderr," : %s\n", cert_name.c_str());
 			gen_ok = false;
        	}
 	        if (!PEM_write_X509(out,x509))
 	        {
 	                fprintf(stderr,"RsGenerateCert() Couldn't Save Cert");
 	                fprintf(stderr," : %s\n", cert_name.c_str());
 			gen_ok = false;
 	        }
 		fclose(out);
 		X509_free(x509);
 	}
  #endif /* X509 Certificates */
  /**************** PQI_USE_XPGP ******************/
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	if (!gen_ok)
 	{
-		errString = "Generation of XPGP Failed";
+		errString = "Generation of Certificate Failed";
 		return false;
 	}
--- a/libretroshare/src/rsserver/p3files.cc
+++ b/libretroshare/src/rsserver/p3files.cc
@ -1,396 +0,0 @@
 /*
 * "$Id: p3face-file.cc,v 1.6 2007-04-15 18:45:23 rmf24 Exp $"
 *
 * RetroShare C++ Interface.
 *
 * Copyright 2004-2006 by Robert Fernie.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License Version 2 as published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 *
 * Please report all bugs and problems to "retroshare@lunamutt.com".
 *
 */
 #include "rsserver/p3files.h"
 #include "rsserver/p3face.h"
 #include "server/filedexserver.h"
 #include <iostream>
 #include <sstream>
 //RsFiles *rsFiles = NULL;
 void	p3Files::lockRsCore()
 {
 	mCore->lockRsCore();
 }
 void	p3Files::unlockRsCore()
 {
 	mCore->unlockRsCore();
 }
 int     p3Files::UpdateAllTransfers()
 {
        /* lock Mutexes */
        lockRsCore();     /* LOCK */
 	std::list<RsFileTransfer *> nTransList = mServer -> getTransfers();
 	std::list<RsFileTransfer *>::iterator it;
 	mTransfers.clear();
 	for(it = nTransList.begin(); it != nTransList.end(); it++)
 	{
 		FileInfo ti;
 		ti.id = (*it)->cPeerId;
 		ti.source = mAuthMgr->getName(ti.id);
 		ti.peerIds = (*it) -> allPeerIds.ids;
 		ti.fname = (*it) -> file.name;
 		ti.hash  = (*it) -> file.hash;
 		ti.path  = (*it) -> file.path;
 		ti.size  = (*it) -> file.filesize;
 		ti.transfered = (*it) -> transferred;
 		ti.avail = ti.transfered;
 		/* other ones!!! */
 		ti.tfRate = (*it) -> crate / 1000;
 		ti.download = (*it) -> in;
 		ti.downloadStatus = (*it) -> state;
 		mTransfers[ti.hash] = ti;
 		delete (*it); 
 	}
        unlockRsCore();     /* UNLOCK */
        return 1;
 }
 /* 1) Access to downloading / uploading files.  */
 bool p3Files::FileDownloads(std::list<std::string> &hashs)
 {
 	RsStackMutex stack(fMutex); /**** LOCKED ****/
 	std::map<std::string, FileInfo>::iterator it;
 	for(it = mTransfers.begin(); it != mTransfers.end(); it++)
 	{
 		if (it->second.download)
 		{
 			hashs.push_back(it->second.hash);
 		}
 	}
 	return true;
 }
 bool p3Files::FileUploads(std::list<std::string> &hashs)
 {
 	RsStackMutex stack(fMutex); /**** LOCKED ****/
 	std::map<std::string, FileInfo>::iterator it;
 	for(it = mTransfers.begin(); it != mTransfers.end(); it++)
 	{
 		if (!(it->second.download))
 		{
 			hashs.push_back(it->second.hash);
 		}
 	}
 	return true;
 }
 bool p3Files::FileDetails(std::string hash, uint32_t hintflags, FileInfo &info)
 {
 	RsStackMutex stack(fMutex); /**** LOCKED ****/
 	/* for the moment this will only show transferred data */
 	std::map<std::string, FileInfo>::iterator it;
 	if (mTransfers.end() == (it = mTransfers.find(hash)))
 	{
 		return false;
 	}
 	info = it->second;
 	return true;
 }
 /* 2) Control of Downloads. */
 bool p3Files::FileControl(std::string hash, uint32_t flags)
 {
 	/* dummy function for now */
 	return false;
 }
 bool p3Files::FileRequest(std::string fname, std::string hash, uint64_t size, 
 	std::string dest, uint32_t flags, std::list<std::string> srcIds)
 {
 	std::cerr << "p3Files::FileRequest()";
 	std::cerr << std::endl;
 	std::cerr << "name:" << fname;
 	std::cerr << std::endl;
 	std::cerr << "size:" << size;
 	std::cerr << std::endl;
 	std::cerr << "dest:" << dest;
 	std::cerr << std::endl;
 	lockRsCore(); /* LOCKED */
 	std::cerr << "p3Files::FileRequest(" << fname << ", ";
 	std::cerr << hash << ", " << size << ", " << dest << ")" << std::endl;
 	int ret = mServer -> getFile(fname, hash, size, dest);
 	unlockRsCore(); /* UNLOCKED */
 	std::cerr << "p3Files::FileRequest() Done";
 	std::cerr << std::endl;
 	return ret;
 }
 bool p3Files::FileCancel(std::string hash)
 {
 	lockRsCore(); /* LOCKED */
 	mServer -> cancelTransfer("", hash, 0); // other args not actually used!.
 	unlockRsCore(); /* UNLOCKED */
 	return 1;
 }
 bool p3Files::FileClearCompleted()
 {
 	std::cerr << "p3Files::FileClearCompleted()" << std::endl;
        /* lock Mutexes */
        lockRsCore();     /* LOCK */
 	mServer -> clear_old_transfers();
        unlockRsCore();     /* UNLOCK */
 	/* update data */
 	UpdateAllTransfers();
 	return 1;
 }
 /* 3) Addition of Extra Files... From File System (Dummy at the moment) */
 bool p3Files::ExtraFileAdd(std::string fname, std::string hash, uint64_t size,
 				uint32_t period, uint32_t flags)
 {
 	return false;
 }
 bool p3Files::ExtraFileRemove(std::string hash, uint32_t flags)
 {
 	return false;
 }
 bool p3Files::ExtraFileHash(std::string localpath, 
 				uint32_t period, uint32_t flags)
 {
 	return false;
 }
 bool p3Files::ExtraFileStatus(std::string localpath, FileInfo &info)
 {
 	return false;
 }
 /* 4) Search and Listing Interface */
 int p3Files::RequestDirDetails(std::string uid, std::string path, 
                                        DirDetails &details)
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexmServer */
 	int val = mServer->RequestDirDetails(uid, path, details);
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 int p3Files::RequestDirDetails(void *ref, DirDetails &details, uint32_t flags)
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexmServer */
 	int val = mServer->RequestDirDetails(ref, details, flags);
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 int p3Files::SearchKeywords(std::list<std::string> keywords, std::list<FileDetail> &results,uint32_t flags)
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexmServer */
 	int val = mServer->SearchKeywords(keywords, results,flags);
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 int p3Files::SearchBoolExp(Expression *exp, std::list<FileDetail> &results)
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexmServer */
 	int val = mServer->SearchBoolExp(exp, results);
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 /* 5) Utility Functions.  */
 bool p3Files::ConvertSharedFilePath(std::string path, std::string &fullpath)
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexmServer */
 	bool val = mServer->ConvertSharedFilePath(path, fullpath);
 	/* done! */
        /* unlock Mutexes */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 void p3Files::ForceDirectoryCheck()
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexmServer */
 	mServer->ForceDirectoryCheck();
 	/* done! */
        /* unlock Mutexes */
        unlockRsCore();     /* UNLOCK */
 }
 bool p3Files::InDirectoryCheck()
 {
        lockRsCore();     /* LOCK */
 	/* call to filedexmServer */
 	bool val = mServer->InDirectoryCheck();
 	/* done! */
        /* unlock Mutexes */
        unlockRsCore();     /* UNLOCK */
 	return val;
 }
 void    p3Files::setDownloadDirectory(std::string path)
 {
 	/* lock Mutexes */
 	lockRsCore();     /* LOCK */
 	mServer -> setSaveDir(path);
 	unlockRsCore();     /* UNLOCK */
 }
 std::string p3Files::getDownloadDirectory()
 {
 	/* lock Mutexes */
 	lockRsCore();     /* LOCK */
 	std::string path = mServer -> getSaveDir();
 	unlockRsCore();     /* UNLOCK */
 	return path;
 }
 void    p3Files::setPartialsDirectory(std::string path)
 {
 	/* dummy */
 	return;
 }
 std::string p3Files::getPartialsDirectory()
 {
 	std::string path;
 	return path;
 }
 bool    p3Files::getSharedDirectories(std::list<std::string> &dirs)
 {
 	/* lock Mutexes */
 	lockRsCore();     /* LOCK */
 	dirs = mServer -> getSearchDirectories();
 	unlockRsCore();     /* UNLOCK */
 	return true;
 }
 bool    p3Files::addSharedDirectory(std::string dir)
 {
 	/* lock Mutexes */
 	lockRsCore();     /* LOCK */
 	mServer -> addSearchDirectory(dir);
 	unlockRsCore();     /* UNLOCK */
 	return true;
 }
 bool    p3Files::removeSharedDirectory(std::string dir)
 {
 	lockRsCore();     /* LOCK */
 	mServer -> removeSearchDirectory(dir);
 	unlockRsCore();     /* UNLOCK */
 	return true;
 }
--- a/libretroshare/src/rsserver/p3peers.cc
+++ b/libretroshare/src/rsserver/p3peers.cc
@ -33,6 +33,8 @@
 #include <fstream>
 #include <sstream>
 #include <gpgme.h>
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
        #include "pqi/authxpgp.h"
@ -48,13 +50,42 @@ RsPeers *rsPeers = NULL;
 /*******
 * #define P3PEERS_DEBUG 1
 *******/
 #define P3PEERS_DEBUG 1
 static uint32_t RsPeerTranslateTrust(uint32_t trustLvl);
 int ensureExtension(std::string &name, std::string def_ext);
 std::string RsPeerTrustString(uint32_t trustLvl)
 {
 	std::string str;
 #ifdef RS_USE_PGPSSL
 	switch(trustLvl)
 	{
 		default:
 		case GPGME_VALIDITY_UNKNOWN:
 			str = "GPGME_VALIDITY_UNKNOWN";
 			break;
 		case GPGME_VALIDITY_UNDEFINED:
 			str = "GPGME_VALIDITY_UNDEFINED";
 			break;
 		case GPGME_VALIDITY_NEVER:
 			str = "GPGME_VALIDITY_NEVER";
 			break;
 		case GPGME_VALIDITY_MARGINAL:
 			str = "GPGME_VALIDITY_MARGINAL";
 			break;
 		case GPGME_VALIDITY_FULL:
 			str = "GPGME_VALIDITY_FULL";
 			break;
 		case GPGME_VALIDITY_ULTIMATE:
 			str = "GPGME_VALIDITY_ULTIMATE";
 			break;
 	}
 	return str;
 #endif
 	if (trustLvl == RS_TRUST_LVL_GOOD)
 	{
 		str = "Good";
@ -262,6 +293,7 @@ bool	p3Peers::getPeerDetails(std::string id, RsPeerDetails &d)
 		return false;
 	}
 	d.fpr		= authDetail.fpr;
 	d.id 		= authDetail.id;
 	d.name 		= authDetail.name;
 	d.email 	= authDetail.email;
@ -272,7 +304,11 @@ bool	p3Peers::getPeerDetails(std::string id, RsPeerDetails &d)
 	d.ownsign 	= authDetail.ownsign;
 	d.trusted 	= authDetail.trusted;
 #ifdef RS_USE_PGPSSL
 	d.trustLvl 	= authDetail.trustLvl;
 #else
 	d.trustLvl 	= RsPeerTranslateTrust(authDetail.trustLvl);
 #endif
 	/* generate */
 	d.authcode  	= "AUTHCODE";
@ -427,6 +463,84 @@ std::string p3Peers::getPeerName(std::string id)
 	return mAuthMgr->getName(id);
 }
 bool	p3Peers::getPGPFriendList(std::list<std::string> &ids)
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::getPGPFriendList()";
 	std::cerr << std::endl;
 #endif
 	std::list<std::string> certids;
 	std::list<std::string>::iterator it;
 	mConnMgr->getFriendList(certids);
        /* get from mAuthMgr (first) */
 	for(it = certids.begin(); it != certids.end(); it++)
 	{
     		pqiAuthDetails detail;
        	if (!mAuthMgr->getDetails(*it, detail))
        	{
 			continue;
 		}
 #ifdef P3PEERS_DEBUG
 		std::cerr << "p3Peers::getPGPFriendList() Cert Id: " << *it;
 		std::cerr << " Issuer: " << detail.issuer;
 		std::cerr << std::endl;
 #endif
 #if 0
 		if (!mAuthMgr->isPGPvalid(detail.issuer))
 		{
 			continue;
 		}
 #endif
 		if (ids.end() == std::find(ids.begin(),ids.end(),detail.issuer))
 		{
 #ifdef P3PEERS_DEBUG
 			std::cerr << "p3Peers::getPGPFriendList() Adding Friend: ";
 			std::cerr << detail.issuer;
 			std::cerr << std::endl;
 #endif
 			ids.push_back(detail.issuer);
 		}
 	}
 	return true;
 }
 bool	p3Peers::getPGPAllList(std::list<std::string> &ids)
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::getPGPOthersList()";
 	std::cerr << std::endl;
 #endif
 	/* get from mAuthMgr */
 	mAuthMgr->getPGPAllList(ids);
 	return true;
 }
 std::string p3Peers::getPGPOwnId()
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::getPGPOwnId()";
 	std::cerr << std::endl;
 #endif
 	/* get from mAuthMgr */
 	return mAuthMgr->PGPOwnId();
 }
 	/* Add/Remove Friends */
 bool 	p3Peers::addFriend(std::string id)
 {
@ -583,27 +697,32 @@ p3Peers::GetRetroshareInvite()
 	std::cerr << std::endl;
 #endif
 	std::cerr << "p3Peers::GetRetroshareInvite()";
 	std::cerr << std::endl;
 	std::string ownId = mAuthMgr->OwnId();
-	//std::string certstr = mAuthMgr->SaveCertificateToString(ownId);
+	std::string certstr = mAuthMgr->SaveCertificateToString(ownId);
 	std::string certstr ;
 	FILE *fcert = fopen(RsInit::load_cert.c_str(), "r");
 	char c ;
 	if(fcert == NULL)
 		return "Error: could not open certificate file." ;
 	while( (c=fgetc(fcert))!=EOF)
 		certstr.push_back(c) ;
 	fclose(fcert) ;
 	std::string name = mAuthMgr->getName(ownId);
-	std::ostringstream out;
+	std::string pgpownId = mAuthMgr->PGPOwnId();
-	out << certstr;
+	std::string pgpcertstr = mAuthMgr->SaveCertificateToString(pgpownId);
 	out << std::endl;
-	return out.str();
+	std::cerr << "p3Peers::GetRetroshareInvite() SSL Cert:";
 	std::cerr << std::endl;
 	std::cerr << certstr;
 	std::cerr << std::endl;
 	std::cerr << "p3Peers::GetRetroshareInvite() PGP Cert:";
 	std::cerr << std::endl;
 	std::cerr << pgpcertstr;
 	std::cerr << std::endl;
 	std::string combinedcerts = certstr;
 	combinedcerts += '\n';
 	combinedcerts += pgpcertstr;
 	combinedcerts += '\n';
 	return combinedcerts;
 }
 //===========================================================================
@ -618,6 +737,51 @@ bool 	p3Peers::LoadCertificateFromFile(std::string fname, std::string &id)
 	return mAuthMgr->LoadCertificateFromFile(fname, id);
 }
 bool splitCerts(std::string in, std::string &sslcert, std::string &pgpcert)
 {
 	std::cerr << "splitCerts():" << in;
 	std::cerr << std::endl;
 	/* search for -----END CERTIFICATE----- */
 	std::string sslend("-----END CERTIFICATE-----");
 	std::string pgpend("-----END PGP PUBLIC KEY BLOCK-----");
 	size_t pos = in.find(sslend);
 	size_t pos2 = in.find(pgpend);
 	size_t ssllen, pgplen;
 	if (pos != std::string::npos)
 	{
 		std::cerr << "splitCerts(): Found SSL Cert";
 		std::cerr << std::endl;
 		ssllen = pos + sslend.length();
 		sslcert = in.substr(0, ssllen);
 		if (pos2 != std::string::npos)
 		{
 			std::cerr << "splitCerts(): Found SSL + PGP Cert";
 			std::cerr << std::endl;
 			pgplen = pos2 + pgpend.length() - ssllen;
 			pgpcert = in.substr(ssllen, pgplen);
 		}
 		return true;
 	}
 	else if (pos2 != std::string::npos)
 	{
 		std::cerr << "splitCerts(): Found PGP Cert Only";
 		std::cerr << std::endl;
 		pgplen = pos2 + pgpend.length();
 		pgpcert = in.substr(0, pgplen);
 		return true;
 	}
 	return false;
 }
 bool 	p3Peers::LoadCertificateFromString(std::string cert, std::string &id)
 {
 #ifdef P3PEERS_DEBUG
@ -625,9 +789,34 @@ bool 	p3Peers::LoadCertificateFromString(std::string cert, std::string &id)
 	std::cerr << std::endl;
 #endif
-	return mAuthMgr->LoadCertificateFromString(cert, id);
+	std::string sslcert;
 	std::string pgpcert;
 	bool ret = false;
 	if (splitCerts(cert, sslcert, pgpcert))
 	{
 		if (pgpcert != "")
 		{
 			std::cerr << "pgpcert .... " << std::endl;
 			std::cerr << pgpcert << std::endl;
 			ret = mAuthMgr->LoadCertificateFromString(pgpcert, id);
 		}
 		if (sslcert != "")
 		{
 			std::cerr << "sslcert .... " << std::endl;
 			std::cerr << sslcert << std::endl;
 			ret = mAuthMgr->LoadCertificateFromString(sslcert, id);
 		}
 	}
 	return ret;
 }
 bool 	p3Peers::SaveCertificateToFile(std::string id, std::string fname)
 {
 #ifdef P3PEERS_DEBUG
@ -659,6 +848,11 @@ bool 	p3Peers::AuthCertificate(std::string id, std::string code)
 	if (mAuthMgr->AuthCertificate(id))
 	{
 #ifdef P3PEERS_DEBUG
 		std::cerr << "p3Peers::AuthCertificate() OK ... Adding as Friend";
 		std::cerr << std::endl;
 #endif
 		/* add in as a friend */
 		return mConnMgr->addFriend(id);
 	}
--- a/libretroshare/src/rsserver/p3peers.h
+++ b/libretroshare/src/rsserver/p3peers.h
@ -53,6 +53,12 @@ virtual bool    isFriend(std::string id);
 virtual std::string getPeerName(std::string id);
 virtual bool	getPeerDetails(std::string id, RsPeerDetails &d);
                /* Using PGP Ids */
 virtual std::string getPGPOwnId();
 virtual bool    getPGPFriendList(std::list<std::string> &ids);
 virtual bool    getPGPAllList(std::list<std::string> &ids);
 	/* Add/Remove Friends */
 virtual	bool addFriend(std::string id);
 virtual	bool removeFriend(std::string id);
--- a/libretroshare/src/rsserver/pqistrings.cc
+++ b/libretroshare/src/rsserver/pqistrings.cc
@ -1,744 +0,0 @@
 /*
 * "$Id: pqistrings.cc,v 1.1 2007-02-19 20:08:30 rmf24 Exp $"
 *
 * RetroShare C++ Interface.
 *
 * Copyright 2004-2006 by Robert Fernie.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License Version 2 as published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 *
 * Please report all bugs and problems to "retroshare@lunamutt.com".
 *
 */
 #include "pqi/pqi.h"
 #include "pqi/pqinetwork.h"
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 #include "pqi/xpgpcert.h"
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 #include "pqi/sslcert.h"
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 #include "rsserver/pqistrings.h"
 #include <iostream>
 #include <iomanip>
 #include <sstream>
 #include <time.h>
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 std::string getXPGPInfo(XPGP *cert);
 #endif /* XPGP Certificates */
 /**************** PQI_USE_XPGP ******************/
 std::string get_status_string(int status)
 {
 	std::string sstr("");
 	if (status & PERSON_STATUS_CONNECTED)
 	{
 		sstr += "Online";
 		return sstr;
 	}
 	if (!(status & PERSON_STATUS_ACCEPTED))
 	{
 		sstr += "Denied Access";
 		return sstr;
 	}
 	if (status & PERSON_STATUS_INUSE)
 	{
 		sstr += "Connecting";
 		/*
 		if (status & PERSON_STATUS_WILL_LISTEN)
 		{
 			sstr += "Listening";
 		}
 		sstr += "/";
 		if (status & PERSON_STATUS_WILL_CONNECT)
 		{
 			sstr += "Connecting";
 		}
 		sstr += "]";
 		*/
 		return sstr;
 	}
 	sstr += "Unknown";
 	return sstr;
 }
 std::string get_neighbourstatus_string(Person *p)
 {
 	// if connected - show how long
 	// if !autoconnected - tick to connect.
 	//
 	// if connecting.
 	// 	show time to next connect attempt.
 	// else show the last connect time.
 	std::ostringstream connstr;
 	connstr << "Last Conn/Recv: ";
 	int lct = time(NULL) - p -> lc_timestamp;
 	int lrt = time(NULL) - p -> lr_timestamp;
 	if (lct < 100000000)
 	{
 		connstr << get_timeperiod_string(lct);
 	}
 	else
 	{
 		connstr << "Never";
 	}
 	connstr << "/";
 	if (lrt < 100000000)
 	{
 		connstr << get_timeperiod_string(lrt);
 	}
 	else
 	{
 		connstr << "Never";
 	}
 	return connstr.str();
 }
 int get_lastconnecttime(Person *p)
 {
 	std::ostringstream connstr;
 	int lct = time(NULL) - p -> lc_timestamp;
 	int lrt = time(NULL) - p -> lr_timestamp;
 	if (lrt < lct)
 	{
 		lct = lrt;
 	}
 	return lct;
 }
 std::string get_lastconnecttime_string(Person *p)
 {
 	int lct = get_lastconnecttime(p);
 	if (lct < 32000000)
 	{
 		return get_timeperiod_string(lct);
 	}
 	else
 	{
 		return std::string("Never");
 	}
 }
 std::string get_autoconnect_string(Person *p)
 {
 	// if connected - show how long
 	// if !autoconnected - tick to connect.
 	//
 	// if connecting.
 	// 	show time to next connect attempt.
 	// else show the last connect time.
 	std::ostringstream connstr;
 	Person *own = getSSLRoot() -> getOwnCert();
 	if (p == own)
 	{
 		connstr << "Yourself"; 
 		return connstr.str();
 	}
 	if (p -> Connected())
 	{
 		/*
 		long ct = p->lc_timestamp;
 		if (ct < p->lr_timestamp)
 			ct = p->lr_timestamp;
 		connstr << "Online: " << get_timeperiod_string(time(NULL) - ct);
 		*/
 		connstr << "Online";
 	}
 	else if (p -> Manual())
 	{
 		if (p->trustLvl < TRUST_SIGN_AUTHEN)
 		{
 			connstr << "Please Authenticate";
 		}
 		else
 		{
 			connstr << "Tick to Connect";
 		}
 	}
 	else
 	{
 		connstr << "Offline";
 	}
 	/*
 	else if (p -> WillConnect())
 	{
 		connstr << "Connect in:";
 		connstr << get_timeperiod_string(p->nc_timestamp - time(NULL));
 	}
 	else
 	{
 		connstr << "Last Conn:";
 		long ct = p->lc_timestamp;
 		if (ct < p->lr_timestamp)
 		{
 			ct = p->lr_timestamp;
 			connstr << "(I):";
 		}
 		else
 		{
 			connstr << "(O):";
 		}
 		connstr << get_timeperiod_string(time(NULL) - ct);
 	}
 	*/
 	return connstr.str();
 }
 std::string get_trust_string(Person *p)
 {
 	std::ostringstream srvstr;
 	/* This is now changing to display 2 things. 
 	 *
 	 * (1) - Proxy 
 	 * (2) - Auth Level.
 	 */
 	Person *own = getSSLRoot() -> getOwnCert();
 	if (p == own)
 	{
 		srvstr << "Yourself"; // Certificate";
 		return srvstr.str();
 	}
 	switch(p -> trustLvl)
 	{
 		case TRUST_SIGN_OWN:
 			srvstr << "Auth (S)"; //Good: Own Signature";
 			break;
 		case TRUST_SIGN_TRSTED:
 			srvstr << "Trusted (ST)"; //Good: Trusted Signer";
 			break;
 		case TRUST_SIGN_AUTHEN:
 			srvstr << "Auth"; //Good: Authenticated";
 			break;
 		case TRUST_SIGN_BASIC:
 			srvstr << "Untrusted"; // : Acquaintance ";
 			break;
 		case TRUST_SIGN_UNTRUSTED:
 			srvstr << "Unknown (2)";
 			break;
 		case TRUST_SIGN_UNKNOWN:
 			srvstr << "Unknown (1)";
 			break;
 		case TRUST_SIGN_NONE:
 			srvstr << "Unknown (0)";
 			break;
 		case TRUST_SIGN_BAD: /* not checked yet */ 
 			srvstr << "Not Avail";
 			break;
 		default:
 			srvstr << "UNKNOWN";
 			break;
 	}
 	return srvstr.str();
 }
 std::string get_server_string(Person *p)
 {
 	std::ostringstream srvstr;
 	if ((0 == inaddr_cmp(p -> serveraddr, 0)) || (p -> Local()))
 	{
 		if (0 == inaddr_cmp(p -> localaddr, 0))
 		{
 			srvstr << "Unknown Addr";
 		}
 		else
 		{
 			srvstr << "L: " << inet_ntoa(p -> localaddr.sin_addr);
 			srvstr << ":" << ntohs(p -> localaddr.sin_port);
 		}
 	}
 	else
 	{
 		srvstr << "S: " << inet_ntoa(p -> serveraddr.sin_addr);
 		srvstr << ":" << ntohs(p -> serveraddr.sin_port);
 	}
 	// need own cert!
 	Person *own = getSSLRoot() -> getOwnCert();
        if ((isValidNet(&(p->serveraddr.sin_addr))) &&
          (!isPrivateNet(&(p->serveraddr.sin_addr))) &&
          (!sameNet(&(own->localaddr.sin_addr), &(p->serveraddr.sin_addr))))
 	{
 		srvstr << " (Proxy-S) ";
 	}
        else if ((!p->Firewalled()) && (isValidNet(&(p->localaddr.sin_addr))) &&
                (!isPrivateNet(&(p->localaddr.sin_addr))) &&
                (!sameNet(&(own->localaddr.sin_addr), &(p->localaddr.sin_addr))))
 	{
 		srvstr << " (Proxy-L) ";
 	}
 	return srvstr.str();
 }
 const int sec_per_min = 60;
 const int sec_per_hour = 3600;
 const int sec_per_day = 3600 * 24;
 std::string get_timeperiod_string(int secs)
 {
 	int days = secs / sec_per_day;
 	secs -= days * sec_per_day;
 	int hours = secs / sec_per_hour;
 	secs -= hours * sec_per_hour;
 	int mins = secs / sec_per_min;
 	secs -= mins * sec_per_min;
 	std::ostringstream srvstr;
 	if (days > 0)
 	{
 		srvstr << days << " days ";
 	}
 	else if (hours > 0)
 	{
 		srvstr << hours << ":" << mins << " hours";
 	}
 	else
 	{
 		srvstr << mins << ":" << secs << " min";
 	}
 	return srvstr.str();
 }
 std::string get_neighbour_info(cert *c)
 {
 	std::ostringstream ostr;
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	ostr << getX509CNString(c -> certificate -> subject -> subject);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	ostr << getX509CNString(c -> certificate -> cert_info -> subject);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	ostr << "\t" << get_neighbourstatus_string(c);
 	return ostr.str();
 }
 std::string get_cert_info(cert *c)
 {
 	std::ostringstream ostr;
 	ostr << "************ Certificate **************" << std::endl;
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	ostr << getXPGPInfo(c -> certificate);
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	ostr << getX509Info(c -> certificate);
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	ostr << "********** Connection Info ************" << std::endl;
 	ostr << "Local Addr       : " << inet_ntoa(c -> localaddr.sin_addr);
 	ostr << ":" << ntohs(c -> localaddr.sin_port) << std::endl;
 	ostr << "Server Addr      : " << inet_ntoa(c -> serveraddr.sin_addr);
 	ostr << ":" << ntohs(c -> serveraddr.sin_port) << std::endl;
 	ostr << "FLAGS: ";
 	if (!c -> Firewalled())
 	{
 		ostr << "Not ";
 	}
 	ostr << "Firewalled, ";
 	if (!c -> Forwarded())
 	{
 		ostr << "Not ";
 	}
 	ostr << "Forwarded" << std::endl;
 	ostr << std::endl;
 	ostr << "Last Connect Addr: " << inet_ntoa(c -> lastaddr.sin_addr);
 	ostr << ":" << ntohs(c -> lastaddr.sin_port) << std::endl;
 	ostr << "Last Connect Time: ";
 	ostr << get_timeperiod_string(time(NULL) - c -> lc_timestamp);
 	ostr << std::endl;
 	ostr << "Last Receive Time: ";
 	ostr << get_timeperiod_string(time(NULL) - c -> lr_timestamp);
 	ostr << std::endl;
 	ostr << std::endl;
 	ostr << "Next Connect in  : ";
 	ostr << get_timeperiod_string(c->nc_timestamp - time(NULL));
 	ostr << std::endl;
 	ostr << "AutoConnect: " << get_autoconnect_string(c);
 	ostr << std::endl;
 	ostr << "***************************************" << std::endl;
 	return ostr.str();
 }
 std::string getX509Info(X509 *cert)
 {
 	// Details from the structure
 	// cert_info (X509_CINF *)
 	// sig_alg (X509_ALGOR *)
 	// signature (ASN1_BIT_STRING *)
 	// valid (int)
 	// references (int)
 	// name (char *)
 	//
 	// random flags
 	//
 	// skid (ASN1_OCTET_STRING *)
 	// akid (AUTHORITY_KEYID *)
 	// aux (X509_CERT_AUX *)
 	std::string certstr;
 	char numstr[1000];
 	sprintf(numstr, "%ld", ASN1_INTEGER_get(cert -> cert_info -> version));
 	certstr += "Version: ";
 	certstr += numstr;
 	sprintf(numstr, "%ld", ASN1_INTEGER_get(cert -> 
 					cert_info -> serialNumber));
 	certstr += "\nSerial Number: ";
 	certstr += numstr;
 //	switch(cert -> cert_info -> signature)
 //	{
 //		case STANDRD:
 //			certstr += "\nSig Algorithm: Standard";
 //			break;
 //		default:
 //			certstr += "\nSig Algorithm: Unknown";
 //			break;
 //	}
 //
 	certstr += "\nSubject:\n";
 	certstr += getX509NameString(cert -> cert_info -> subject);
 	// Validity in Here.  cert -> cert_info -> validity;
 	certstr += "\nIssuer:\n";
 	certstr += getX509NameString(cert -> cert_info -> issuer);
 	// Key cert -> cert_info -> key;
 	//
 	// IDS + extensions. cert -> cert_info -> issuerUID/subjectUID;
 	// cert -> cert_info -> extensions;
 	// END OF INFO.	
 	// Next sigalg again?
 	// next sig... 
 	certstr += "\nSignature:";
 	for(int i = 0; i < cert -> signature -> length;)
 	{
 		if (i % 128 == 0)
 		{
 			certstr += "\n\t";
 		}
 		char hbyte = 0;
 		for(int j = 0; (j < 4) && (i < cert -> signature -> length);
 				j++, i++)
 		{
 			hbyte = hbyte << 1;
 			if (ASN1_BIT_STRING_get_bit(cert -> signature, i) == 1)
 			{
 				hbyte++;
 				//std::cerr << "1";
 			}
 			else
 			{
 				//std::cerr << "0";
 			}
 		}
 		if (hbyte > 9)
 		{
 			certstr += ('a' + (hbyte - 10));
 		}
 		else
 		{
 			certstr += ('0' + hbyte);
 		}
 		//std::cerr << " " << i << " " << (char) ('0' + hbyte);
 		//std::cerr << " " << (int) hbyte << std::endl;
 	}
 	sprintf(numstr, "%d/%d", cert -> valid, cert -> references);
 	certstr += "\nValid/References: ";
 	certstr += numstr;
 	certstr += "\n";
 	// That will do for now.
 	return certstr;
 }
 /* Helper function to convert a Epoch Timestamp
 * into a string.
 */
 static const char *TIME_FORMAT_STR_BRIEF = "%H:%M:%S";
 static const char *TIME_FORMAT_STR_OLDVAGUE_NOW = "%H:%M:%S";
 static const char *TIME_FORMAT_STR_OLDVAGUE_WEEK = "%a %H:%M";
 static const char *TIME_FORMAT_STR_OLDVAGUE_OLD = "%a, %d %b";
 static const char *TIME_FORMAT_STR_LONG = "%c";
 static const char *TIME_FORMAT_STR_NORMAL = "%a, %H:%M:%S";
 std::string timeFormat(int epoch, int format)
 {
 	time_t ctime = epoch;
        struct tm *stime = localtime(&ctime);
 	size_t msize = 1024;
 	char space[msize];
 	const char *fmtstr = NULL;
 	if (format == TIME_FORMAT_OLDVAGUE)
 	{
 		int itime = time(NULL);
 		int delta = abs(itime - ctime);
 		if (delta < 12 * 3600)
 		{
 			format = TIME_FORMAT_OLDVAGUE_NOW;
 		}
 		else if (delta < 3 * 24 * 3600)
 		{
 			format = TIME_FORMAT_OLDVAGUE_WEEK;
 		}
 		else 
 		{
 			format = TIME_FORMAT_OLDVAGUE_OLD;
 		}
 	}
 	switch(format)
 	{
 		case TIME_FORMAT_BRIEF:
 			fmtstr = TIME_FORMAT_STR_BRIEF;
 			break;
 		case TIME_FORMAT_OLDVAGUE_NOW:
 			fmtstr = TIME_FORMAT_STR_OLDVAGUE_NOW;
 			break;
 		case TIME_FORMAT_OLDVAGUE_WEEK:
 			fmtstr = TIME_FORMAT_STR_OLDVAGUE_WEEK;
 			break;
 		case TIME_FORMAT_OLDVAGUE_OLD:
 			fmtstr = TIME_FORMAT_STR_OLDVAGUE_OLD;
 			break;
 		case TIME_FORMAT_LONG:
 			fmtstr = TIME_FORMAT_STR_LONG;
 			break;
 		case TIME_FORMAT_NORMAL:
 		default:
 			fmtstr = TIME_FORMAT_STR_NORMAL;
 			break;
 	}
 	if (fmtstr != NULL) // Short -> Only Time.
 	{
            int usize = strftime(space, msize, fmtstr, stime);
 	    if (usize > 0)
 	    	return std::string(space);
 	}
 	return std::string("");
 }
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 std::string getXPGPInfo(XPGP *cert)
 {
 	std::stringstream out;
 	long l;
 	int i,j;
 	out << "XPGP Certificate:" << std::endl;
 	l=XPGP_get_version(cert);
 	out << "     Version: " << l+1 << "(0x" << l << ")" << std::endl;
 	out << "     Subject: " << std::endl;
 	out << "  " << getX509NameString(cert -> subject -> subject);
 	out << std::endl;
 	out << std::endl;
 	out << "     Signatures:" << std::endl;
 	for(i = 0; i < sk_XPGP_SIGNATURE_num(cert->signs); i++)
 	{
 		out << "Sign[" << i << "] -> [";
 		XPGP_SIGNATURE *sig = sk_XPGP_SIGNATURE_value(cert->signs,i);
 	        ASN1_BIT_STRING *signature = sig->signature;
 	        int signlen = ASN1_STRING_length(signature);
 	        unsigned char *signdata = ASN1_STRING_data(signature);
 		/* only show the first 8 bytes */
 		if (signlen > 8)
 			signlen = 8;
 		for(j=0;j<signlen;j++)
 		{
 			out << std::hex << std::setw(2) << (int) (signdata[j]);
 			if ((j+1)%16==0)
 			{
 				out << std::endl;
 			}
 			else
 			{
 				out << ":";
 			}
 		}
 		out << "] by:";
 		out << std::endl;
 		out << getX509NameString(sig->issuer);
 		out << std::endl;
 		out << std::endl;
 	}
 	return out.str();
 }
 std::string getXPGPAuthCode(XPGP *xpgp)
 {
 	/* get the self signature -> the first signature */
 	std::stringstream out;
 	if (1 >  sk_XPGP_SIGNATURE_num(xpgp->signs))
 	{
 		out.str();
 	}
 	XPGP_SIGNATURE *sig = sk_XPGP_SIGNATURE_value(xpgp->signs,0);
 	ASN1_BIT_STRING *signature = sig->signature;
 	int signlen = ASN1_STRING_length(signature);
 	unsigned char *signdata = ASN1_STRING_data(signature);
 	/* extract the authcode from the signature */
 	/* convert it to a string, inverse of 2 bytes of signdata */
 	if (signlen > 2)
 		signlen = 2;
 	int j;
 	for(j=0;j<signlen;j++)
 	{
 		out << std::hex << std::setprecision(2) << std::setw(2) 
 		<< std::setfill('0') << (unsigned int) (signdata[j]);
 	}
 	return out.str();
 }
 std::list<std::string> getXPGPsigners(XPGP *cert)
 {
 	std::list<std::string> signers;
 	int i;
 	for(i = 0; i < sk_XPGP_SIGNATURE_num(cert->signs); i++)
 	{
 		XPGP_SIGNATURE *sig = sk_XPGP_SIGNATURE_value(cert->signs,i);
 		std::string str = getX509CNString(sig->issuer);
 		signers.push_back(str);
 		std::cerr << "XPGPsigners(" << i << ")" << str << std::endl;
 	}
 	return signers;
 }
 #endif /* XPGP Certificates */
 /**************** PQI_USE_XPGP ******************/
 std::string get_cert_name(cert *c)
 {
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	return getX509CNString(c->certificate->subject -> subject);
 #else
 	return getX509CNString(c->certificate->cert_info -> subject);
 #endif /* XPGP Certificates */
 /**************** PQI_USE_XPGP ******************/
 }
 std::string get_cert_org(cert *c)
 {
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	return getX509OrgString(c->certificate->subject -> subject);
 #else
 	return getX509OrgString(c->certificate->cert_info -> subject);
 #endif /* XPGP Certificates */
 /**************** PQI_USE_XPGP ******************/
 }
 std::string get_cert_loc(cert *c)
 {
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	return getX509LocString(c->certificate->subject -> subject);
 #else
 	return getX509LocString(c->certificate->cert_info -> subject);
 #endif /* XPGP Certificates */
 /**************** PQI_USE_XPGP ******************/
 }
 std::string get_cert_country(cert *c)
 {
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	return getX509CountryString(c->certificate->subject -> subject);
 #else
 	return getX509CountryString(c->certificate->cert_info -> subject);
 #endif /* XPGP Certificates */
 /**************** PQI_USE_XPGP ******************/
 }
--- a/libretroshare/src/rsserver/pqistrings.h
+++ b/libretroshare/src/rsserver/pqistrings.h
@ -1,78 +0,0 @@
 #ifndef PQI_STRINGS_H
 #define PQI_STRINGS_H
 /*
 * "$Id: pqistrings.h,v 1.1 2007-02-19 20:08:30 rmf24 Exp $"
 *
 * RetroShare C++ Interface.
 *
 * Copyright 2004-2006 by Robert Fernie.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Library General Public
 * License Version 2 as published by the Free Software Foundation.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA.
 *
 * Please report all bugs and problems to "retroshare@lunamutt.com".
 *
 */
 #include <string>
 #include <list>
 class Person;
 class cert;
 #include <openssl/ssl.h>
 std::string get_cert_country(cert *c);
 std::string get_cert_loc(cert *c);
 std::string get_cert_org(cert *c);
 std::string get_cert_name(cert *c);
 std::string get_status_string(int status);
 std::string get_autoconnect_string(Person *p);
 std::string get_server_string(Person *p);
 std::string get_trust_string(Person *p);
 std::string get_timeperiod_string(int secs);
 std::string get_cert_info(cert *c);
 std::string get_neighbour_info(cert *c);
 int get_lastconnecttime(Person *p);
 std::string get_lastconnecttime_string(Person *p);
 std::string getX509NameString(X509_NAME *name);
 std::string getX509Info(X509 *cert);
 std::string getX509CNString(X509_NAME *name);
 #define TIME_FORMAT_BRIEF		0x001
 #define TIME_FORMAT_LONG		0x002
 #define TIME_FORMAT_NORMAL		0x003
 #define TIME_FORMAT_OLDVAGUE		0x004
 #define TIME_FORMAT_OLDVAGUE_NOW	0x005
 #define TIME_FORMAT_OLDVAGUE_WEEK	0x006
 #define TIME_FORMAT_OLDVAGUE_OLD	0x007
 std::string timeFormat(int epoch, int format);
 #if defined(PQI_USE_XPGP)
 std::string getXPGPInfo(XPGP *cert);
 std::string getXPGPAuthCode(XPGP *xpgp);
 std::list<std::string> getXPGPsigners(XPGP *cert);
 #endif /* XPGP Certificates */
 #endif
--- a/libretroshare/src/scripts/config-linux.mk
+++ b/libretroshare/src/scripts/config-linux.mk
@ -8,7 +8,10 @@ endif
 ############   LINUX CONFIGURATION    ########################
 # flags for components....
 #PQI_USE_SSLONLY = 1
 PQI_USE_XPGP = 1
 #PQI_USE_PROXY = 1
 #PQI_USE_CHANNELS = 1
 #USE_FILELOOK = 1
@ -44,6 +47,10 @@ ifdef PQI_USE_XPGP
 	CFLAGS += -DPQI_USE_XPGP
 endif
 ifdef PQI_USE_SSLONLY
 	CFLAGS += -DPQI_USE_SSLONLY
 endif
 ifdef PQI_USE_PROXY
 	CFLAGS += -DPQI_USE_PROXY
 endif
@ -84,6 +91,7 @@ ifdef PQI_USE_XPGP
 LIBS +=  -lssl -lcrypto  -lpthread
 LIBS +=  -L$(UPNPC_DIR) -lminiupnpc
 LIBS +=  $(XLIB) -ldl -lz 
 LIBS +=  -lgpgme
 RSLIBS = $(LIBS)