* NEWS: Note --max-output, --list-config, --min-cert-level, AIX fix, new
http-proxy keyserver-option, new LDAP server code, TLS, LDAPS, and
--show-session-key with --symmetric.
present if --expert is set.
* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.
* encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c
(ask_algo), sig-check.c (do_check_messages), skclist.c (build_sk_list):
Rename "ElGamal" to "Elgamal" as that is the proper spelling nowadays.
Suggested by Jon Callas.
attributes. This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.
* gpgconf-comp.c (struct gc_option): Add new member new_flags.
(option_check_validity): Check OPTION->new_flags beside
OPTION->new_value. Add new argument FLAGS.
(gc_component_change_options): Support default flag correctly.
(change_options_program): Likewise.
* encode.c (encode_simple): Show cipher with --verbose.
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
* README.gpgconf: Revert last change. Add new flags "default",
"default desc" and "no arg desc". Add new field ARGDEF. Add new
field FLAG to backend interface.
* gpgconf-comp.c (struct gc_option): Make flags of type unsigned
long.
(gc_component_list_options): Adjust type for flags.
Add default argument field.
(retrieve_options_from_program): Use "1" as value for non-option
arguments, not "Y".
(gc_component_change_options): Read in flags from input.
functionality added. Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID. Properly build the timestamp for pgpKeyCreateTime and
pgpKeyExpireTime.
* gpgconf-comp.c (hextobyte): New function.
(percent_deescape): New function.
(get_config_pathname): Percent deescape pathname if taken from
option (default) value. Use default value only if it exists and
is not empty. Use empty string otherwise. Don't include leading
quote in pathname.
(change_options_program): Percent deescape string before writing
it out.
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field. Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers. It makes it easy to do queries for
things like "all keys signed by Isabella".
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New. Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.
* genkey.c (reenter_compare_cb): Do not set the error text.
(agent_protect_and_store, agent_genkey): Force a re-enter after a
non-matching passphrase.
* query.c (agent_askpin): Add new arg INITIAL_ERRTEXT; changed
all callers.
* Makefile.am: We get mkdtemp.c from libutil.a now, so don't link with
@LIBOBJS@.
* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.
* Makefile.am: Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.
gpgkeys_ldap when needed.
* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.
(export_p12_file): Read a certificate from STDIN and pass it to
p12_build. Detect a keygrip and construct the filename in that
case. Unprotcet a key if needed. Print error messages for key
formats we can't handle.
(release_passphrase): New.
(get_passphrase): New arg PROMPTNO. Return the allocated
string. Changed all callers.
* minip12.c: Revamped the build part.
(p12_build): New args CERT and CERTLEN.
* simple-pwquery.c (agent_open): Don't mangle INFOSTR.
* export.c (export_p12, popen_protect_tool)
(gpgsm_p12_export): New.
* gpgsm.c (main): New command --export-secret-key-p12.
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP
keyserver.
(main): New option --gpgconf-list.
(main): Do not setup -u and -r keys when not required.
(main): Setup the used character set.
* keydb.c (keydb_add_resource): Print a hint to start the
gpg-agent.
