3 # Copyright (C) 2001,2002 Oliver Ehli <elmy@acm.org>
4 # Copyright (C) 2001 Mike Schiraldi <raldi@research.netsol.com>
5 # Copyright (C) 2003 Bjoern Jacke <bjoern@j3e.de>
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 2 of the License, or
10 # (at your option) any later version.
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program; if not, write to the Free Software
19 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
26 require "timelocal.pl";
33 # directory setup routines
34 sub mkdir_recursive ($ );
37 # key/certificate management methods
40 sub add_entry ($$$$$ );
41 sub add_certificate ($$$$;$ );
43 sub add_root_cert ($ );
46 sub modify_entry ($$$;$ );
48 sub change_label ($ );
52 # Get the directories mutt uses for certificate/key storage.
54 my $mutt = $ENV{MUTT_CMDLINE} || 'mutt';
55 my $opensslbin = "/usr/bin/openssl";
57 my @cert_tmp_file = ();
60 my $private_keys_path = mutt_Q 'smime_keys';
61 my $certificates_path = mutt_Q 'smime_certificates';
62 my $root_certs_path = mutt_Q 'smime_ca_location';
63 my $root_certs_switch;
64 if ( -d $root_certs_path) {
65 $root_certs_switch = -CApath;
67 $root_certs_switch = -CAfile;
75 if(@ARGV == 1 and $ARGV[0] eq "init") {
78 elsif(@ARGV == 1 and $ARGV[0] eq "list") {
81 elsif(@ARGV == 2 and $ARGV[0] eq "label") {
82 change_label($ARGV[1]);
84 elsif(@ARGV == 2 and $ARGV[0] eq "add_cert") {
85 my $format = -B $ARGV[1] ? 'DER' : 'PEM';
86 my $cmd = "$opensslbin x509 -noout -hash -in $ARGV[1] -inform $format";
87 my $cert_hash = `$cmd`;
88 $? and die "'$cmd' returned $?";
90 my $label = query_label;
91 &add_certificate($ARGV[1], \$cert_hash, 1, $label, '?');
93 elsif(@ARGV == 2 and $ARGV[0] eq "add_pem") {
94 -e $ARGV[1] and -s $ARGV[1] or die("$ARGV[1] is nonexistent or empty.");
95 open(PEM_FILE, "<$ARGV[1]") or die("Can't open $ARGV[1]: $!");
100 elsif( @ARGV == 2 and $ARGV[0] eq "add_p12") {
101 -e $ARGV[1] and -s $ARGV[1] or die("$ARGV[1] is nonexistent or empty.");
103 print "\nNOTE: This will ask you for two passphrases:\n";
104 print " 1. The passphrase you used for exporting\n";
105 print " 2. The passphrase you wish to secure your private key with.\n\n";
107 my $pem_file = "$ARGV[1].pem";
109 my $cmd = "$opensslbin pkcs12 -in $ARGV[1] -out $pem_file";
110 system $cmd and die "'$cmd' returned $?";
112 -e $pem_file and -s $pem_file or die("Conversion of $ARGV[1] failed.");
113 open(PEM_FILE, $pem_file) or die("Can't open $pem_file: $!");
114 my @pem = <PEM_FILE>;
119 elsif(@ARGV == 4 and $ARGV[0] eq "add_chain") {
121 my $format = -B $ARGV[2] ? 'DER' : 'PEM';
122 my $cmd = "$opensslbin x509 -noout -hash -in $ARGV[2] -inform $format";
123 my $cert_hash = `$cmd`;
125 $? and die "'$cmd' returned $?";
127 $format = -B $ARGV[3] ? 'DER' : 'PEM';
129 $cmd = "$opensslbin x509 -noout -hash -in $ARGV[3] -inform $format";
130 my $issuer_hash = `$cmd`;
131 $? and die "'$cmd' returned $?";
136 my $label = query_label;
138 add_certificate($ARGV[3], \$issuer_hash, 0, $label);
139 my @mailbox = &add_certificate($ARGV[2], \$cert_hash, 1, $label, $issuer_hash);
141 foreach $mailbox (@mailbox) {
143 add_key($ARGV[1], $cert_hash, $mailbox, $label);
146 elsif((@ARGV == 2 or @ARGV == 3) and $ARGV[0] eq "verify") {
147 verify_cert($ARGV[1], $ARGV[2]);
149 elsif(@ARGV == 2 and $ARGV[0] eq "remove") {
150 remove_pair($ARGV[1]);
152 elsif(@ARGV == 2 and $ARGV[0] eq "add_root") {
153 add_root_cert($ARGV[1]);
166 ############## sub-routines ########################
171 Usage: smime_keys <operation> [file(s) | keyID [file(s)]]
173 with operation being one of:
175 init : no files needed, inits directory structure.
177 list : lists the certificates stored in database.
178 label : keyID required. changes/removes/adds label.
179 remove : keyID required.
180 verify : 1=keyID and optionally 2=CRL
181 Verifies the certificate chain, and optionally wether
182 this certificate is included in supplied CRL (PEM format).
183 Note: to verify all certificates at the same time,
184 replace keyID with "all"
186 add_cert : certificate required.
187 add_chain : three files reqd: 1=Key, 2=certificate
188 plus 3=intermediate certificate(s).
189 add_p12 : one file reqd. Adds keypair to database.
190 file is PKCS12 (e.g. export from netscape).
191 add_pem : one file reqd. Adds keypair to database.
192 (file was converted from e.g. PKCS12).
194 add_root : one file reqd. Adds PEM root certificate to the location
195 specified within muttrc (smime_verify_* command)
201 my $var = shift or die;
203 my $cmd = "$mutt -v >/dev/null 2>/dev/null";
206 Couldn't launch mutt. I attempted to do so by running the command "$mutt".
207 If that's not the right command, you can override it by setting the
208 environment variable \$MUTT_CMDLINE
211 $cmd = "$mutt -Q $var 2>/dev/null";
215 Couldn't look up the value of the mutt variable "$var".
216 You must set this in your mutt config file. See contrib/smime.rc for an example.
220 $answer =~ /\"(.*?)\"/ and return $1;
222 $answer =~ /^Mutt (.*?) / and die<<EOF;
223 This script requires mutt 1.5.0 or later. You are using mutt $1.
226 die "Value of $var is weird\n";
230 my $source = shift or die;
231 my $dest = shift or die;
233 copy $source, $dest or die "Problem copying $source to $dest: $!\n";
237 # directory setup routines
241 sub mkdir_recursive ($) {
242 my $path = shift or die;
245 for my $dir (split /\//, $path) {
246 $tmp_path .= "$dir/";
249 or mkdir $tmp_path, 0700
250 or die "Can't mkdir $tmp_path: $!";
255 mkdir_recursive($certificates_path);
256 mkdir_recursive($private_keys_path);
260 $file = $certificates_path . "/.index";
261 -f $file or open(TMP_FILE, ">$file") and close(TMP_FILE)
262 or die "Can't touch $file: $!";
264 $file = $private_keys_path . "/.index";
265 -f $file or open(TMP_FILE, ">$file") and close(TMP_FILE)
266 or die "Can't touch $file: $!";
272 # certificate management methods
276 my %keyflags = ( 'i', '(Invalid)', 'r', '(Revoked)', 'e', '(Expired)',
277 'u', '(Unverified)', 'v', '(Valid)', 't', '(Trusted)');
279 open(INDEX, "<$certificates_path/.index") or
280 die "Couldn't open $certificates_path/.index: $!";
289 if($fields[2] eq '-') {
290 print "$fields[1]: Issued for: $fields[0] $keyflags{$fields[4]}\n";
292 print "$fields[1]: Issued for: $fields[0] \"$fields[2]\" $keyflags{$fields[4]}\n";
295 my $certfile = "$certificates_path/$fields[1]";
299 die "Couldn't open $certfile: $!";
310 my $format = -B $certfile ? 'DER' : 'PEM';
311 my $cmd = "$opensslbin x509 -subject -issuer -dates -noout -in $certfile -inform $format";
312 ($subject_in, $issuer_in, $date1_in, $date2_in) = `$cmd`;
313 $? and print "ERROR: '$cmd' returned $?\n\n" and next;
316 my @subject = split(/\//, $subject_in);
318 $tmp = shift @subject;
319 ($tmp =~ /^CN\=/) and last;
322 defined $tmp and @tmp = split (/\=/, $tmp) and
323 print $tab."Subject: $tmp[1]\n";
325 my @issuer = split(/\//, $issuer_in);
327 $tmp = shift @issuer;
328 ($tmp =~ /^CN\=/) and last;
331 defined $tmp and @tmp = split (/\=/, $tmp) and
332 print $tab."Issued by: $tmp[1]";
334 if ( defined $date1_in and defined $date2_in ) {
335 @tmp = split (/\=/, $date1_in);
337 @tmp = split (/\=/, $date2_in);
338 print $tab."Certificate is not valid before $tmp".
339 $tab." or after ".$tmp[1];
342 -e "$private_keys_path/$fields[1]" and
343 print "$tab - Matching private key installed -\n";
345 $format = -B "$certificates_path/$fields[1]" ? 'DER' : 'PEM';
346 $cmd = "$opensslbin x509 -purpose -noout -in $certfile -inform $format";
347 my $purpose_in = `$cmd`;
348 $? and die "'$cmd' returned $?";
350 my @purpose = split (/\n/, $purpose_in);
351 print "$tab$purpose[0] (displays S/MIME options only)\n";
353 $tmp = shift @purpose;
354 ($tmp =~ /^S\/MIME/ and $tmp =~ /Yes/) or next;
355 my @tmptmp = split (/:/, $tmp);
356 print "$tab $tmptmp[0]\n";
371 print "\nYou may assign a label to this key, so you don't have to remember\n";
372 print "the key ID. This has to be _one_ word (no whitespaces).\n\n";
374 print "Enter label: ";
375 chomp($input = <STDIN>);
377 my ($label, $junk) = split(/\s/, $input, 2);
380 and print "\nUsing '$label' as label; ignoring '$junk'\n";
382 defined $label || ($label = "-");
389 sub add_entry ($$$$$) {
390 my $mailbox = shift or die;
391 my $hashvalue = shift or die;
392 my $use_cert = shift;
393 my $label = shift or die;
394 my $issuer_hash = shift;
399 open(INDEX, "+<$certificates_path/.index") or
400 die "Couldn't open $certificates_path/.index: $!";
403 open(INDEX, "+<$private_keys_path/.index") or
404 die "Couldn't open $private_keys_path/.index: $!";
409 return if ($fields[0] eq $mailbox && $fields[1] eq $hashvalue);
413 print INDEX "$mailbox $hashvalue $label $issuer_hash u\n";
416 print INDEX "$mailbox $hashvalue $label \n";
423 sub add_certificate ($$$$;$) {
424 my $filename = shift or die;
425 my $hashvalue = shift or die;
426 my $add_to_index = shift;
427 my $label = shift or die;
428 my $issuer_hash = shift;
434 while(-e "$certificates_path/$$hashvalue.$iter") {
436 my $format = -B $filename ? 'DER' : 'PEM';
437 my $cmd = "$opensslbin x509 -in $filename -inform $format -fingerprint -noout";
439 $? and die "'$cmd' returned $?";
441 $format = -B "$certificates_path/$$hashvalue.$iter" ? 'DER' : 'PEM';
442 $cmd = "$opensslbin x509 -in $certificates_path/$$hashvalue.$iter -inform $format -fingerprint -noout";
444 $? and die "'$cmd' returned $?";
450 $$hashvalue .= ".$iter";
452 if (-e "$certificates_path/$$hashvalue") {
453 print "\nCertificate: $certificates_path/$$hashvalue already installed.\n";
456 mycopy $filename, "$certificates_path/$$hashvalue";
459 my $format = -B $filename ? 'DER' : 'PEM';
460 my $cmd = "$opensslbin x509 -in $filename -inform $format -email -noout";
462 $? and die "'$cmd' returned $?";
464 foreach $mailbox (@mailbox) {
466 add_entry($mailbox, $$hashvalue, 1, $label, $issuer_hash);
468 print "\ncertificate $$hashvalue ($label) for $mailbox added.\n";
470 verify_cert($$hashvalue, undef);
473 print "added certificate: $certificates_path/$$hashvalue.\n";
482 my $file = shift or die;
483 my $hashvalue = shift or die;
484 my $mailbox = shift or die;
485 my $label = shift or die;
487 unless (-e "$private_keys_path/$hashvalue") {
488 mycopy $file, "$private_keys_path/$hashvalue";
491 add_entry($mailbox, $hashvalue, 0, $label, "");
492 print "added private key: " .
493 "$private_keys_path/$hashvalue for $mailbox\n";
507 $cert_tmp_file[$cert_iter] = newfile("cert_tmp.$cert_iter","temp");
508 my $cert_tmp_iter = $cert_tmp_file[$cert_iter];
509 open(CERT_FILE, ">$cert_tmp_iter")
510 or die "Couldn't open $cert_tmp_iter: $!";
512 while($_ = shift(@_)) {
513 if(/^Bag Attributes/) {
515 $state == 0 or die("PEM-parse error at: $.");
517 $bag_attribs[$cert_iter*4+1] = "";
518 $bag_attribs[$cert_iter*4+2] = "";
519 $bag_attribs[$cert_iter*4+3] = "";
522 ($state == 1) and /localKeyID:\s*(.*)/
523 and ($bag_attribs[$cert_iter*4+1] = $1);
525 ($state == 1) and /subject=\s*(.*)/
526 and ($bag_attribs[$cert_iter*4+2] = $1);
528 ($state == 1) and /issuer=\s*(.*)/
529 and ($bag_attribs[$cert_iter*4+3] = $1);
537 $bag_attribs[$cert_iter*4] = "K";
541 $bag_attribs[$cert_iter*4] = "C";
544 die("What's this: $_");
551 $cert_tmp_file[$cert_iter] = newfile("cert_tmp.$cert_iter","temp");
552 $cert_tmp_iter = $cert_tmp_file[$cert_iter];
553 open(CERT_FILE, ">$cert_tmp_iter")
554 or die "Couldn't open $cert_tmp_iter: $!";
562 # I'll add support for unbagged cetificates, in case this is needed.
563 $numBags == $cert_iter or
564 die("Not all contents were bagged. can't continue.");
570 # This requires the Bag Attributes to be set
582 @pem_contents = &parse_pem(@_);
584 # private key and certificate use the same 'localKeyID'
585 while($iter <= $#pem_contents / 4) {
586 if($pem_contents[$iter * 4] eq "K") {
592 ($iter > $#pem_contents / 2) and die("Couldn't find private key!");
594 $pem_contents[($key * 4)+1] or die("Attribute 'localKeyID' wasn't set.");
597 while($iter <= $#pem_contents / 4) {
598 $iter == $key and ($iter++) and next;
599 if($pem_contents[($iter * 4)+1] eq $pem_contents[($key * 4)+1]) {
600 $certificate = $iter;
605 ($iter > $#pem_contents / 4) and die("Couldn't find matching certificate!");
607 my $tmp_key = newfile("tmp_key","temp");
608 mycopy $cert_tmp_file[$key], $tmp_key;
609 my $tmp_certificate = newfile("tmp_certificate","temp");
610 mycopy $cert_tmp_file[$certificate], $tmp_certificate;
612 # root certificate is self signed
615 while($iter <= $#pem_contents / 4) {
616 if ($iter == $key or $iter == $certificate) {
621 if($pem_contents[($iter * 4)+2] eq $pem_contents[($iter * 4)+3]) {
627 if ($iter > $#pem_contents / 4) {
628 print "Couldn't identify root certificate!\n";
632 # what's left are intermediate certificates.
635 # needs to be set, so we can check it later
636 $intermediate = $root_cert;
637 my $tmp_issuer_cert = newfile("tmp_issuer_cert","temp");
638 while($iter <= $#pem_contents / 4) {
639 if ($iter == $key or $iter == $certificate or $iter == $root_cert) {
644 open (IC, ">> $tmp_issuer_cert") or die "can't open $tmp_issuer_cert: $?";
645 my $cert_tmp_iter = $cert_tmp_file[$iter];
646 open (CERT, "< $cert_tmp_iter") or die "can't open $cert_tmp_iter: $?";
647 print IC while (<CERT>);
651 # although there may be many, just need to know if there was any
652 $intermediate = $iter;
657 # no intermediate certificates ? use root-cert instead (if that was found...)
658 if($intermediate == $root_cert) {
659 if ($root_cert == -1) {
660 die("No root and no intermediate certificates. Can't continue.");
662 mycopy $cert_tmp_file[$root_cert], $tmp_issuer_cert;
665 my $label = query_label;
667 my $format = -B $tmp_certificate ? 'DER' : 'PEM';
668 my $cmd = "$opensslbin x509 -noout -hash -in $tmp_certificate -inform $format";
669 my $cert_hash = `$cmd`;
670 $? and die "'$cmd' returned $?";
672 $format = -B $tmp_issuer_cert ? 'DER' : 'PEM';
673 $cmd = "$opensslbin x509 -noout -hash -in $tmp_issuer_cert -inform $format";
674 my $issuer_hash = `$cmd`;
675 $? and die "'$cmd' returned $?";
677 chomp($cert_hash); chomp($issuer_hash);
679 # Note: $cert_hash will be changed to reflect the correct filename
680 # within add_cert() ONLY, so these _have_ to get called first..
681 add_certificate($tmp_issuer_cert, \$issuer_hash, 0, $label);
682 @mailbox = &add_certificate("$tmp_certificate", \$cert_hash, 1, $label, $issuer_hash);
683 foreach $mailbox (@mailbox) {
685 add_key($tmp_key, $cert_hash, $mailbox, $label);
694 sub modify_entry ($$$;$ ) {
695 my $op = shift or die;
696 my $hashvalue = shift or die;
697 my $use_cert = shift;
703 $op eq 'L' and ($label = shift or die);
704 $op eq 'V' and ($crl = shift);
708 $path = $certificates_path;
711 $path = $private_keys_path;
714 open(INDEX, "<$path/.index") or
715 die "Couldn't open $path/.index: $!";
716 my $newindex = newfile("$path/.index.tmp");
717 open(NEW_INDEX, ">$newindex") or
718 die "Couldn't create $newindex: $!";
722 if($fields[1] eq $hashvalue or $hashvalue eq 'all') {
724 print NEW_INDEX "$fields[0] $fields[1]";
727 print NEW_INDEX " $label $fields[3] $fields[4]";
730 print NEW_INDEX " $label";
734 print "\n==> about to verify certificate of $fields[0]\n";
735 my $flag = &do_verify($fields[1], $fields[3], $crl);
736 print NEW_INDEX " $fields[2] $fields[3] $flag";
738 print NEW_INDEX "\n";
746 rename $newindex, "$path/.index"
747 or die "Couldn't rename $newindex to $path/.index: $!\n";
755 sub remove_pair ($ ) {
756 my $keyid = shift or die;
758 if (-e "$certificates_path/$keyid") {
759 unlink "$certificates_path/$keyid";
760 modify_entry('R', $keyid, 1);
761 print "Removed certificate $keyid.\n";
764 die "No such certificate: $keyid";
767 if (-e "$private_keys_path/$keyid") {
768 unlink "$private_keys_path/$keyid";
769 modify_entry('R', $keyid, 0);
770 print "Removed private key $keyid.\n";
776 sub change_label ($ ) {
777 my $keyid = shift or die;
779 my $label = query_label;
781 if (-e "$certificates_path/$keyid") {
782 modify_entry('L', $keyid, 1, $label);
783 print "Changed label for certificate $keyid.\n";
786 die "No such certificate: $keyid";
789 if (-e "$private_keys_path/$keyid") {
790 modify_entry('L', $keyid, 0, $label);
791 print "Changed label for private key $keyid.\n";
799 sub verify_cert ($$) {
800 my $keyid = shift or die;
803 -e "$certificates_path/$keyid" or $keyid eq 'all'
804 or die "No such certificate: $keyid";
805 modify_entry('V', $keyid, 1, $crl);
813 my $cert = shift or die;
814 my $issuerid = shift or die;
820 my $cert_path = "$certificates_path/$cert";
822 if($issuerid eq '?') {
823 $issuer_path = "$certificates_path/$cert";
825 $issuer_path = "$certificates_path/$issuerid";
828 my $cmd = "$opensslbin verify $root_certs_switch $root_certs_path -purpose smimesign -purpose smimeencrypt -untrusted $issuer_path $cert_path";
830 $? and die "'$cmd' returned $?";
834 ($output =~ /OK/) and ($result = 'v');
836 $result eq 'i' and return $result;
838 my $format = -B $cert_path ? 'DER' : 'PEM';
839 $cmd = "$opensslbin x509 -dates -serial -noout -in $cert_path -inform $format";
840 (my $date1_in, my $date2_in, my $serial_in) = `$cmd`;
841 $? and die "'$cmd' returned $?";
843 if ( defined $date1_in and defined $date2_in ) {
844 my @tmp = split (/\=/, $date1_in);
846 @tmp = split (/\=/, $date2_in);
847 my %months = ('Jan', '00', 'Feb', '01', 'Mar', '02', 'Apr', '03',
848 'May', '04', 'Jun', '05', 'Jul', '06', 'Aug', '07',
849 'Sep', '08', 'Oct', '09', 'Nov', '10', 'Dec', '11');
852 $tmp =~ /(\w+)\s*(\d+)\s*(\d+):(\d+):(\d+)\s*(\d+)\s*GMT/;
854 $#fields != 5 and print "Expiration Date: Parse Error : $tmp\n\n" or
855 timegm($fields[4], $fields[3], $fields[2], $fields[1],
856 $months{$fields[0]}, $fields[5]) > time and $result = 'e';
857 $result eq 'e' and print "Certificate is not yet valid.\n" and return $result;
860 $tmp[1] =~ /(\w+)\s*(\d+)\s*(\d+):(\d+):(\d+)\s*(\d+)\s*GMT/;
862 $#fields != 5 and print "Expiration Date: Parse Error : $tmp[1]\n\n" or
863 timegm($fields[4], $fields[3], $fields[2], $fields[1],
864 $months{$fields[0]}, $fields[5]) < time and $result = 'e';
865 $result eq 'e' and print "Certificate has expired.\n" and return $result;
869 if ( defined $crl ) {
870 my @serial = split (/\=/, $serial_in);
871 my $cmd = "$opensslbin crl -text -noout -in $crl | grep -A1 $serial[1]";
872 (my $l1, my $l2) = `$cmd`;
873 $? and die "'$cmd' returned $?";
876 my @revoke_date = split (/:\s/, $l2);
877 print "FAILURE: Certificate $cert has been revoked on $revoke_date[1]\n";
883 if ($result eq 'v') {
892 sub add_root_cert ($) {
893 my $root_cert = shift or die;
895 my $format = -B $root_cert ? 'DER' : 'PEM';
897 my $cmd = "$opensslbin x509 -noout -hash -in $root_cert -inform $format";
898 my $root_hash = `$cmd`;
899 $? and die "'$cmd' returned $?";
901 if (-d $root_certs_path) {
902 -e "$root_certs_path/$root_hash" or
903 mycopy $root_cert, "$root_certs_path/$root_hash";
906 open(ROOT_CERTS, ">>$root_certs_path") or
907 die ("Couldn't open $root_certs_path for writing");
909 $cmd = "$opensslbin x509 -in $root_cert -inform $format -fingerprint -noout";
910 $? and die "'$cmd' returned $?";
911 chomp(my $md5fp = `$cmd`);
913 $cmd = "$opensslbin x509 -in $root_cert -inform $format -text -noout";
914 $? and die "'$cmd' returned $?";
915 my @cert_text = `$cmd`;
917 print "Enter a label, name or description for this certificate: ";
920 my $line = "=======================================\n";
921 print ROOT_CERTS "\n$input$line$md5fp\nPEM-Data:\n";
923 $cmd = "$opensslbin x509 -in $root_cert -inform $format";
925 $? and die "'$cmd' returned $?";
926 print ROOT_CERTS $cert;
927 print ROOT_CERTS @cert_text;
934 # returns a file name which does not exist for tmp file creation
935 my $filename = shift;
937 $option = "notemp" if (not defined($option));
938 if (! $tmpdir and $option eq "temp") {
939 $tmpdir = mutt_Q 'tmpdir';
940 $tmpdir = newfile("$tmpdir/smime");
941 mkdir $tmpdir, 0700 || die "Can't create $tmpdir: $!\n";
943 $filename = "$tmpdir/$filename" if ($option eq "temp");
944 my $newfilename = $filename;
946 while (-e $newfilename) {
947 $newfilename = "$filename.$count";
950 unshift(@tempfiles,$newfilename);
956 # remove all our temporary files in the end: