gpg: Reject signatures made with MD5.

* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.

doc/gpg.texi

@@ -2276,9 +2276,10 @@ a message that PGP 2.x will not be able to handle. Note that `PGP
 available, but the MIT release is a good common baseline.
 
 This option implies @option{--rfc1991 --disable-mdc
---no-force-v4-certs --escape-from-lines --force-v3-sigs --cipher-algo
-IDEA --digest-algo MD5 --compress-algo ZIP}. It also disables
-@option{--textmode} when encrypting.
+--no-force-v4-certs --escape-from-lines --force-v3-sigs
+--allow-weak-digest-algos --cipher-algo IDEA --digest-algo
+MD5--compress-algo ZIP}. It also disables @option{--textmode} when
+encrypting.
 
 @item --pgp6
 @opindex pgp6
@@ -2734,6 +2735,13 @@ necessary to get as much data as possible out of the corrupt message.
 However, be aware that a MDC protection failure may also mean that the
 message was tampered with intentionally by an attacker.
 
+@item --allow-weak-digest-algos
+@opindex allow-weak-digest-algos
+Signatures made with the broken MD5 algorithm are normally rejected
+with an ``invalid digest algorithm'' message.  This option allows the
+verification of signatures made with such weak algorithms.
+
+
 @item --no-default-keyring
 @opindex no-default-keyring
 Do not add the default keyrings to the list of keyrings. Note that