gnupg.git
13 years ago* main.h, seskey.c (encode_md_value): Modify to allow a q size greater
David Shaw [Thu, 30 Mar 2006 19:20:59 +0000 (19:20 +0000)]
* main.h, seskey.c (encode_md_value): Modify to allow a q size greater
than 160 bits as per DSA2.  This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.

* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.

13 years ago* README: Some more notes about building fat binaries.
David Shaw [Thu, 30 Mar 2006 14:19:08 +0000 (14:19 +0000)]
* README: Some more notes about building fat binaries.

13 years ago* cert.c (main): Fix test program build warning on OSX.
David Shaw [Thu, 30 Mar 2006 14:13:35 +0000 (14:13 +0000)]
* cert.c (main): Fix test program build warning on OSX.

13 years ago* gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so they use
David Shaw [Mon, 27 Mar 2006 19:06:46 +0000 (19:06 +0000)]
* gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so they use
the regular old API that is compatible with other LDAP libraries.

13 years ago* README: Missing some instructions on building a fat binary.
David Shaw [Sat, 25 Mar 2006 03:05:30 +0000 (03:05 +0000)]
* README: Missing some instructions on building a fat binary.

13 years ago* getkey.c (parse_auto_key_locate): Silently strip out duplicates rather
David Shaw [Wed, 22 Mar 2006 23:05:32 +0000 (23:05 +0000)]
* getkey.c (parse_auto_key_locate): Silently strip out duplicates rather
than causing an error.

13 years agoChanged URLs
Werner Koch [Wed, 22 Mar 2006 16:43:59 +0000 (16:43 +0000)]
Changed URLs

13 years ago* mainproc.c (get_pka_address): Fix bug introduced as part of
David Shaw [Wed, 22 Mar 2006 14:37:53 +0000 (14:37 +0000)]
* mainproc.c (get_pka_address): Fix bug introduced as part of
sig_to_notation conversion.  Noted by Peter Palfradrer.

13 years agoAllow for rmd160 signatures when using gpg-agent.
Werner Koch [Tue, 21 Mar 2006 13:01:45 +0000 (13:01 +0000)]
Allow for rmd160 signatures when using gpg-agent.

13 years ago* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Revert previous
David Shaw [Mon, 20 Mar 2006 16:40:28 +0000 (16:40 +0000)]
* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Revert previous
change.  It's now all done in configure.

13 years ago* configure.ac: Improved --disable-endian-check that doesn't involve
David Shaw [Mon, 20 Mar 2006 16:13:52 +0000 (16:13 +0000)]
* configure.ac: Improved --disable-endian-check that doesn't involve
changing #ifdefs in the rest of the code.

13 years ago* configure.ac: Add --disable-endian-check for building fat binaries
David Shaw [Mon, 20 Mar 2006 00:57:33 +0000 (00:57 +0000)]
* configure.ac: Add --disable-endian-check for building fat binaries
on OSX.

* README: Add note on how to build a fat binary on OSX.

13 years ago* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Use '#if'
David Shaw [Mon, 20 Mar 2006 00:39:44 +0000 (00:39 +0000)]
* blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Use '#if'
rather than '#ifdef' BIG_ENDIAN_HOST.  Harmless as we explicitly
define BIG_ENDIAN_HOST to 1 when we need it, but needed for OSX fat
builds when we define BIG_ENDIAN_HOST to another macro.

13 years ago* configure.ac: Allow the DNS stuff to work on OSX by trying the
David Shaw [Sat, 18 Mar 2006 05:36:32 +0000 (05:36 +0000)]
* configure.ac: Allow the DNS stuff to work on OSX by trying the
Apple-specific BIND_8_COMPAT.

13 years ago* keyserver.c (keyserver_import_cert): Handle the IPGP CERT type for
David Shaw [Fri, 17 Mar 2006 05:20:13 +0000 (05:20 +0000)]
* keyserver.c (keyserver_import_cert): Handle the IPGP CERT type for
both the fingerprint alone, and fingerprint+URL cases.

* getkey.c (get_pubkey_byname): Minor cleanup.

13 years ago* cert.c (get_cert): Handle the fixed IPGP type with fingerprint.
David Shaw [Thu, 16 Mar 2006 22:40:04 +0000 (22:40 +0000)]
* cert.c (get_cert): Handle the fixed IPGP type with fingerprint.

13 years ago* keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
David Shaw [Tue, 14 Mar 2006 03:16:21 +0000 (03:16 +0000)]
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
same API as the other auto-key-locate fetchers.

* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched.  This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it.  In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker.  By forcing the use of
the fingerprint, we won't use the attacker's key here.

13 years ago* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
David Shaw [Tue, 14 Mar 2006 02:42:02 +0000 (02:42 +0000)]
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.

13 years ago* main.h, import.c (import_one): Optionally return the fingerprint of
David Shaw [Tue, 14 Mar 2006 02:23:00 +0000 (02:23 +0000)]
* main.h, import.c (import_one): Optionally return the fingerprint of
the key being imported.  (import_keys_internal, import_keys_stream,
import): Change all callers.

13 years ago* sig-check.c (signature_check2): Print the backsig warning when there
David Shaw [Sun, 12 Mar 2006 15:33:57 +0000 (15:33 +0000)]
* sig-check.c (signature_check2): Print the backsig warning when there
is no backsig present.  Give a URL for more information.

* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.

13 years ago* samplekeys.asc: Update 99242560 to have a signing subkey backsig.
David Shaw [Sat, 11 Mar 2006 15:29:57 +0000 (15:29 +0000)]
* samplekeys.asc: Update 99242560 to have a signing subkey backsig.

13 years ago* gpg.sgml: Clarify new notation delete feature.
David Shaw [Thu, 9 Mar 2006 19:47:35 +0000 (19:47 +0000)]
* gpg.sgml: Clarify new notation delete feature.

13 years ago* build-packet.c (string_to_notation): Add ability to indicate a notation
David Shaw [Thu, 9 Mar 2006 19:43:29 +0000 (19:43 +0000)]
* build-packet.c (string_to_notation): Add ability to indicate a notation
to be deleted with a '-' prefix.

* keyedit.c (menu_set_notation): Use it here to allow deleting a notation
marked with '-'.  This works with either "-notation" or "-notation=value".

13 years agokeep on walking towards rc3
Werner Koch [Thu, 9 Mar 2006 19:24:59 +0000 (19:24 +0000)]
keep on walking towards rc3

13 years agoUpdated gnupg-1.4.3rc2
Werner Koch [Thu, 9 Mar 2006 12:58:26 +0000 (12:58 +0000)]
Updated

13 years agoPreparing for an RC23
Werner Koch [Thu, 9 Mar 2006 12:45:02 +0000 (12:45 +0000)]
Preparing for an RC23

13 years ago* gpg.sgml: Document "notation".
David Shaw [Thu, 9 Mar 2006 04:00:18 +0000 (04:00 +0000)]
* gpg.sgml: Document "notation".

13 years ago* keyedit.c (menu_set_notation): New function to set notations on
David Shaw [Thu, 9 Mar 2006 03:49:39 +0000 (03:49 +0000)]
* keyedit.c (menu_set_notation): New function to set notations on
self-signatures.  (keyedit_menu): Call it here.
(tty_print_notations): Helper.  (show_prefs): Show notations in
"showpref".

13 years ago* mainproc.c (get_pka_address), keylist.c (show_notation): Remove
David Shaw [Thu, 9 Mar 2006 03:35:26 +0000 (03:35 +0000)]
* mainproc.c (get_pka_address), keylist.c (show_notation): Remove
duplicate code by using notation functions.

13 years ago* argparse.c (default_strusage): Update copyright year to 2006.
David Shaw [Thu, 9 Mar 2006 03:31:28 +0000 (03:31 +0000)]
* argparse.c (default_strusage): Update copyright year to 2006.

13 years ago* packet.h, build-packet.c (sig_to_notation), keygen.c
David Shaw [Thu, 9 Mar 2006 01:15:18 +0000 (01:15 +0000)]
* packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Provide printable text for non-human-readable
notation values.

13 years ago* packet.h, build-packet.c (sig_to_notation), keygen.c
David Shaw [Wed, 8 Mar 2006 23:42:45 +0000 (23:42 +0000)]
* packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Tweak to handle non-human-readable notation
values.

13 years ago* options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):
David Shaw [Wed, 8 Mar 2006 23:30:12 +0000 (23:30 +0000)]
* options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):
Use it here for the various notation commands.

* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.

13 years ago* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
David Shaw [Wed, 8 Mar 2006 02:40:42 +0000 (02:40 +0000)]
* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.

13 years ago* NEWS: Note CERT retrieval. Tweak PKA and backsig language to match
David Shaw [Wed, 8 Mar 2006 02:36:37 +0000 (02:36 +0000)]
* NEWS: Note CERT retrieval.  Tweak PKA and backsig language to match
current code.

13 years ago* gpg.sgml: Rename backsigs to cross-certification (backsigs is just
David Shaw [Tue, 7 Mar 2006 22:44:23 +0000 (22:44 +0000)]
* gpg.sgml: Rename backsigs to cross-certification (backsigs is just
shorthand).  Document max-cert-size.

13 years ago* gpg.sgml: Document new way of enabling the PKA functions. Some minor
David Shaw [Tue, 7 Mar 2006 21:47:36 +0000 (21:47 +0000)]
* gpg.sgml: Document new way of enabling the PKA functions.  Some minor
other cleanups.

13 years ago* options.h, gpg.c (main, parse_trust_model), pkclist.c
David Shaw [Tue, 7 Mar 2006 20:14:20 +0000 (20:14 +0000)]
* options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.

13 years ago* NEWS: Note --auto-key-locate and that keyservers can handle binary data
David Shaw [Tue, 7 Mar 2006 16:20:03 +0000 (16:20 +0000)]
* NEWS: Note --auto-key-locate and that keyservers can handle binary data
now.

13 years agoMore tests added; make distcheck works
Werner Koch [Tue, 7 Mar 2006 11:05:41 +0000 (11:05 +0000)]
More tests added; make distcheck works

13 years ago* gpg.sgml: Document --auto-key-locate.
David Shaw [Tue, 7 Mar 2006 05:06:31 +0000 (05:06 +0000)]
* gpg.sgml: Document --auto-key-locate.

13 years ago* sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as that
David Shaw [Tue, 7 Mar 2006 01:16:31 +0000 (01:16 +0000)]
* sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as that
is not a PGP 2.x algorithm.

13 years ago* mainproc.c (proc_compressed): "Uncompressed" is not a valid compression
David Shaw [Mon, 6 Mar 2006 23:14:13 +0000 (23:14 +0000)]
* mainproc.c (proc_compressed): "Uncompressed" is not a valid compression
algorithm.

13 years agoStricter test of allowed signature packet compositions.
Werner Koch [Mon, 6 Mar 2006 21:28:25 +0000 (21:28 +0000)]
Stricter test of allowed signature packet compositions.
There is still one problem to solve.

13 years agoFixed problem with PGP2 style signatures and mutilple plaintext data
Werner Koch [Mon, 6 Mar 2006 12:28:46 +0000 (12:28 +0000)]
Fixed problem with PGP2 style signatures and mutilple plaintext data

13 years agoReplaced an assert and fixed batch mode issue in cardglue.
Werner Koch [Sun, 5 Mar 2006 15:13:18 +0000 (15:13 +0000)]
Replaced an assert and fixed batch mode issue in cardglue.

13 years ago* gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP
David Shaw [Fri, 3 Mar 2006 21:55:38 +0000 (21:55 +0000)]
* gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP
libraries that have TLS.

13 years ago* getkey.c (parse_auto_key_locate): Error if the user selects "cert" or
David Shaw [Wed, 1 Mar 2006 18:16:55 +0000 (18:16 +0000)]
* getkey.c (parse_auto_key_locate): Error if the user selects "cert" or
"pka" when those features are disabled.

* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha.  Noted by Nelson H.
F. Beebe.

13 years ago* configure.ac: Fix accidental enabling of SHA-384/512. Noted by Nelson
David Shaw [Wed, 1 Mar 2006 17:05:38 +0000 (17:05 +0000)]
* configure.ac: Fix accidental enabling of SHA-384/512.  Noted by Nelson
H. F. Beebe.

13 years ago* options.skel: Document auto-key-locate and give a pointer to Simon
David Shaw [Mon, 27 Feb 2006 19:31:13 +0000 (19:31 +0000)]
* options.skel: Document auto-key-locate and give a pointer to Simon
Josefsson's page for CERT.

13 years ago* gpg.sgml: Document new --keyserver syntax.
David Shaw [Sat, 25 Feb 2006 00:21:20 +0000 (00:21 +0000)]
* gpg.sgml: Document new --keyserver syntax.

13 years ago* keydb.h, getkey.c (release_akl), gpg.c (main): Add
David Shaw [Fri, 24 Feb 2006 14:27:22 +0000 (14:27 +0000)]
* keydb.h, getkey.c (release_akl), gpg.c (main): Add
--no-auto-key-locate.

* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.

* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New.  Find a keyserver that matches ours and
return its spec.

* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.

13 years ago* keyserver.c (parse_keyserver_options): Only change max_cert if it is
David Shaw [Fri, 24 Feb 2006 03:57:11 +0000 (03:57 +0000)]
* keyserver.c (parse_keyserver_options): Only change max_cert if it is
used.

13 years ago* options.c, gpg.c (main), keyserver.c (keyserver_spawn): No special
David Shaw [Thu, 23 Feb 2006 22:39:40 +0000 (22:39 +0000)]
* options.c, gpg.c (main), keyserver.c (keyserver_spawn): No special
treatment of include-revoked, include-subkeys, and try-dns-srv.  These are
keyserver features, and GPG shouldn't get involved here.

13 years ago* ksutil.c (init_ks_options): Default include-revoked and include-subkeys
David Shaw [Thu, 23 Feb 2006 21:06:32 +0000 (21:06 +0000)]
* ksutil.c (init_ks_options): Default include-revoked and include-subkeys
to on, as gpg isn't doing this any longer.

13 years ago* keyserver.c (parse_keyserver_uri, add_canonical_option): Always append
David Shaw [Thu, 23 Feb 2006 20:54:30 +0000 (20:54 +0000)]
* keyserver.c (parse_keyserver_uri, add_canonical_option): Always append
options to the list, as ordering may be significant to the user.

13 years ago* gpg.c (add_notation_data): Fix reversed logic for isascii check when
David Shaw [Thu, 23 Feb 2006 19:52:20 +0000 (19:52 +0000)]
* gpg.c (add_notation_data): Fix reversed logic for isascii check when
adding notations.  Noted by Christian Biere.

13 years ago* options.h, keyserver.c (add_canonical_option): New.
David Shaw [Thu, 23 Feb 2006 17:00:02 +0000 (17:00 +0000)]
* options.h, keyserver.c (add_canonical_option): New.
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).

13 years ago* options.h, keyserver-internal.h, keyserver.c (keyserver_import_name),
David Shaw [Wed, 22 Feb 2006 23:37:23 +0000 (23:37 +0000)]
* options.h, keyserver-internal.h, keyserver.c (keyserver_import_name),
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.

13 years ago* gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut down on
David Shaw [Wed, 22 Feb 2006 23:19:36 +0000 (23:19 +0000)]
* gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut down on
odd matches.

13 years ago* options.h, keyserver.c (parse_keyserver_options): Remove
David Shaw [Wed, 22 Feb 2006 20:34:48 +0000 (20:34 +0000)]
* options.h, keyserver.c (parse_keyserver_options): Remove
auto-cert-retrieve as it is no longer meaningful.  Add max-cert-size to
allow users to pick a max key size retrieved via CERT.

13 years ago* options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c
David Shaw [Wed, 22 Feb 2006 20:20:58 +0000 (20:20 +0000)]
* options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.

13 years ago* options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
David Shaw [Wed, 22 Feb 2006 19:06:23 +0000 (19:06 +0000)]
* options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate):
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.

13 years ago* gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't allow
David Shaw [Wed, 22 Feb 2006 04:19:21 +0000 (04:19 +0000)]
* gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't allow
duplicate attributes as OpenLDAP is now enforcing this.

13 years ago* gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass
David Shaw [Wed, 22 Feb 2006 03:49:49 +0000 (03:49 +0000)]
* gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass
credentials to a remote LDAP server.

13 years ago* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
David Shaw [Wed, 22 Feb 2006 02:11:35 +0000 (02:11 +0000)]
* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
curl_easy_perform): Mingw has 'stderr' as a macro?

13 years ago* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
David Shaw [Tue, 21 Feb 2006 22:23:35 +0000 (22:23 +0000)]
* getkey.c (get_pubkey_byname): Fix minor security problem with PKA when
importing at -r time.  The URL in the PKA record may point to a key put in
by an attacker.  Fix is to use the fingerprint from the PKA record as the
recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.

13 years ago* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
David Shaw [Tue, 21 Feb 2006 16:16:09 +0000 (16:16 +0000)]
* curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,
curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for easier
debugging.

13 years ago* gpgv.c: Stub keyserver_import_ldap.
David Shaw [Tue, 21 Feb 2006 16:09:09 +0000 (16:09 +0000)]
* gpgv.c: Stub keyserver_import_ldap.

* keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using
the PGP Universal trick of asking ldap://keys.(maildomain) for the key.

13 years ago* keyserver.c (parse_keyserver_uri): Include the scheme in the uri
David Shaw [Tue, 21 Feb 2006 05:20:08 +0000 (05:20 +0000)]
* keyserver.c (parse_keyserver_uri): Include the scheme in the uri
even when we've assumed "hkp" when there was no scheme.

13 years ago* http.c (send_request): A zero length proxy is the same as no proxy.
David Shaw [Sun, 19 Feb 2006 21:03:01 +0000 (21:03 +0000)]
* http.c (send_request): A zero length proxy is the same as no proxy.

13 years ago* configure.ac: Try linking the UINT64_C test program (rather than
David Shaw [Sun, 19 Feb 2006 02:08:43 +0000 (02:08 +0000)]
* configure.ac: Try linking the UINT64_C test program (rather than
just compiling it) as UINT64_C looks like a (missing) function,
causing a false positive.  Noted by Claus Assmann.

13 years agoabout to release 1.4.3rc1 gnupg-1.4.3rc1
Werner Koch [Tue, 14 Feb 2006 16:28:34 +0000 (16:28 +0000)]
about to release 1.4.3rc1

13 years agoFixed a wrong return code with gpg --verify
Werner Koch [Tue, 14 Feb 2006 10:17:57 +0000 (10:17 +0000)]
Fixed a wrong return code with gpg --verify

13 years agoLock random seed file
Werner Koch [Thu, 9 Feb 2006 12:54:41 +0000 (12:54 +0000)]
Lock random seed file

13 years agoFixed a couple of problems
Werner Koch [Wed, 8 Feb 2006 17:55:20 +0000 (17:55 +0000)]
Fixed a couple of problems

13 years agoAdd support fro CardMan 4040
Werner Koch [Mon, 6 Feb 2006 16:34:20 +0000 (16:34 +0000)]
Add support fro CardMan 4040

13 years ago* cert.c (get_cert): Disable IPGP types for now until the format questions
David Shaw [Thu, 26 Jan 2006 16:51:04 +0000 (16:51 +0000)]
* cert.c (get_cert): Disable IPGP types for now until the format questions
in the draft are settled.

* srv.c (getsrv): Error on oversize SRV responses.

13 years ago* keyserver.c (parse_keyserver_uri): If there is a path present, set the
David Shaw [Tue, 24 Jan 2006 21:03:06 +0000 (21:03 +0000)]
* keyserver.c (parse_keyserver_uri): If there is a path present, set the
direct_uri flag so the right keyserver helper is run.

13 years ago* keyserver.c (keyserver_spawn): Include the EXEEXT so we can find
David Shaw [Sun, 22 Jan 2006 21:40:20 +0000 (21:40 +0000)]
* keyserver.c (keyserver_spawn): Include the EXEEXT so we can find
keyserver helpers on systems that use extensions.

* misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with
drive letter systems.

13 years ago* configure.ac: Add define for EXEEXT so we can find keyserver helpers
David Shaw [Sun, 22 Jan 2006 21:38:02 +0000 (21:38 +0000)]
* configure.ac: Add define for EXEEXT so we can find keyserver helpers
on systems that use extensions.

13 years ago* keydb.h, passphrase.c (next_to_last_passphrase): New. "Touch" a
David Shaw [Tue, 17 Jan 2006 20:55:53 +0000 (20:55 +0000)]
* keydb.h, passphrase.c (next_to_last_passphrase): New.  "Touch" a
passphrase as if it was used (move from next_pw to last_pw).

* pubkey-enc.c (get_session_key): Use it here to handle the case where a
passphrase happens to be correct for a secret key, but yet that key isn't
the anonymous recipient (i.e. the secret key could be decrypted, but not
the session key).  This also handles the case where a secret key is
located on a card and a secret key with no passphrase.  Note this does not
fix bug 594 (anonymous recipients on smartcard do not work) - it just
prevents the anonymous search from stopping when the card is encountered.

13 years ago* libcurl.m4: Add IDN, SSPI, NTLM, and TFTP defines.
David Shaw [Tue, 17 Jan 2006 16:03:51 +0000 (16:03 +0000)]
* libcurl.m4: Add IDN, SSPI, NTLM, and TFTP defines.

13 years ago* libcurl.m4: Remove GOPHER, as that is not supported in libcurl any
David Shaw [Mon, 16 Jan 2006 20:22:58 +0000 (20:22 +0000)]
* libcurl.m4: Remove GOPHER, as that is not supported in libcurl any
longer.

13 years ago* gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST when
David Shaw [Mon, 16 Jan 2006 17:59:46 +0000 (17:59 +0000)]
* gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST when
uploading a key.

13 years ago* keyserver.c (keyserver_refresh): Fix problem when more than one key
David Shaw [Sat, 7 Jan 2006 21:04:13 +0000 (21:04 +0000)]
* keyserver.c (keyserver_refresh): Fix problem when more than one key
in a refresh batch has a preferred keyserver set.  Noted by Nicolas
Rachinsky.

13 years ago* mainproc.c (check_sig_and_print), keyserver.c
David Shaw [Sun, 1 Jan 2006 18:12:57 +0000 (18:12 +0000)]
* mainproc.c (check_sig_and_print), keyserver.c
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.

13 years ago* sign.c (write_signature_packets): Lost a digest_algo line.
David Shaw [Sun, 1 Jan 2006 17:59:57 +0000 (17:59 +0000)]
* sign.c (write_signature_packets): Lost a digest_algo line.

13 years ago* sign.c (hash_for): Add code to detect if the sk lives on a smart
David Shaw [Sun, 1 Jan 2006 17:48:54 +0000 (17:48 +0000)]
* sign.c (hash_for): Add code to detect if the sk lives on a smart
card.  If it does, only allow 160-bit hashes, a la DSA.  This involves
passing the *sk in, so change all callers.  This is correct for today,
given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160
support in the openpgp card.  It will almost certainly need changing
down the road.

* app-openpgp.c (do_sign): Give user error if hash algorithm is not
supported by the card.

13 years ago* cert.c (get_cert): Properly chase down CNAMEs pointing to CERTs.
David Shaw [Sat, 24 Dec 2005 15:35:39 +0000 (15:35 +0000)]
* cert.c (get_cert): Properly chase down CNAMEs pointing to CERTs.

13 years ago* keyserver.c (keyserver_import_pka): New. Moved from
David Shaw [Fri, 23 Dec 2005 22:17:11 +0000 (22:17 +0000)]
* keyserver.c (keyserver_import_pka): New.  Moved from
getkey.c:get_pubkey_byname which was getting crowded.

* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records.  Can handle both the PGP (actual key) and IPGP (URL) CERT types.

* getkey.c (get_pubkey_byname): Call them both here.

* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.

13 years ago* gpgv.c: Stub.
David Shaw [Fri, 23 Dec 2005 21:33:32 +0000 (21:33 +0000)]
* gpgv.c: Stub.

* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.

* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA.  Try PKA first, though, as it is
likely to be faster.

13 years ago* ksutil.h, ksutil.c (parse_ks_options): New keyserver command "getname".
David Shaw [Fri, 23 Dec 2005 20:51:48 +0000 (20:51 +0000)]
* ksutil.h, ksutil.c (parse_ks_options): New keyserver command "getname".

* gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): Use it
here to do direct name (rather than key ID) fetches.

13 years agoNew code to do DNS CERT queries.
David Shaw [Fri, 23 Dec 2005 18:15:24 +0000 (18:15 +0000)]
New code to do DNS CERT queries.

13 years ago* srv.c, Makefile.am: Only build srv.c if we need to.
David Shaw [Fri, 23 Dec 2005 05:00:55 +0000 (05:00 +0000)]
* srv.c, Makefile.am: Only build srv.c if we need to.

13 years ago* configure.ac: Split PKA checking off from DNS SRV checking.
David Shaw [Fri, 23 Dec 2005 04:58:25 +0000 (04:58 +0000)]
* configure.ac: Split PKA checking off from DNS SRV checking.
Currently PKA is only enabled if HTTP or HKP is enabled which is not
necessary.

13 years agoFinished PKA feature
Werner Koch [Tue, 20 Dec 2005 20:19:16 +0000 (20:19 +0000)]
Finished PKA feature

13 years ago* getkey.c (merge_selfsigs_main): All primary keys can certify.
David Shaw [Mon, 19 Dec 2005 22:10:20 +0000 (22:10 +0000)]
* getkey.c (merge_selfsigs_main): All primary keys can certify.

13 years ago* ksutil.h, ksutil.c (curl_armor_writer, curl_writer,
David Shaw [Mon, 19 Dec 2005 19:39:32 +0000 (19:39 +0000)]
* ksutil.h, ksutil.c (curl_armor_writer, curl_writer,
curl_writer_finalize): New functionality to handle binary format keys by
armoring them for input to GPG.

* gpgkeys_curl.c (get_key), gpgkeys_hkp.c (get_key): Call it here.

13 years ago* gpg.c (main): Restore convert-sk-to-pk as programs rely on it.
David Shaw [Mon, 19 Dec 2005 01:51:31 +0000 (01:51 +0000)]
* gpg.c (main): Restore convert-sk-to-pk as programs rely on it.

* keyid.c (usagestr_from_pk): Remove special PUBKEY_USAGE_CERT flag.
It's no longer needed.