* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen. Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <wk@gnupg.org>
This is a backport from master.
(backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
For compatibility reasons a few new files had to be added.
Also added estream-printf as this is now used in app-openpgp.c and provides
a better and generic asprintf implementation than the hack we used for the
W32 code in ttyio.c. Card code is not yet finished.
initialization.
* gpgv.c (i18n_init) [W32]: Ditto.
* simple-gettext.c (set_gettext_file): Use MO files depending on
the installation directory. Add new arg REGKEY.
ANSI_X3.4-1968 and 646 are actually meant as Latin-1. If
nl_langinfo is not available get the charset from environment
variables. For W32 use GetACP as error fallback. Removed Latin-15
to Latin-1 aliasing.
* LINGUAS: Better don't have comments in this file.
* mk-w32-dist: Use utf-8 encoding for all MO files.
* simple-gettext.c: Removed windows.h.
(get_string): On the fly translation from utf-8 to active
character set.
* strgutil.c (load_libiconv) [_WIN32]: new.
(set_native_charset) [_WIN32]: Call it here and autodetect the
used code page.
(native_to_utf8, utf8_to_native): Reverted arguments for
iconv_open.
(handle_iconv_error): Made this function match iconv_open argumnet
ordering.
(utf8_to_native): Disable all quoting for DELIM == -1.
(set_native_charset) [_WIN32]: Call it here and autodetect the
used code page.
(native_to_utf8, utf8_to_native): Reverted arguments for
iconv_open.
(handle_iconv_error): Made this function match iconv_open argumnet
ordering.
ttyio.c, w32reg.c: s/__MINGW32__/_WIN32/ to help building on native
Windows compilers. Requested by Brian Gladman. From Werner on stable
branch.
* http.c (connect_server): Oops - forgot to freeaddrinfo().
to avoid passing negative values and potential locale problems.
Problem noted by Christian Biere.
* strgutil.c (strlwr,strcasecmp,strncasecmp): Make sure we don't
pass a negative value.
* miscutil.c (scan_isodatestr): Ditto.