security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-01 20:18:44 +01:00
Code Activity
9,103 Commits 101 Branches 306 Tags 72 MiB
697d54ceca
Commit Graph

9103 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Shaw
09e3b78ea2 * keyserver.c (parse_keyserver_uri, add_canonical_option): Always append 
options to the list, as ordering may be significant to the user.
 2006-02-23 20:54:30 +00:00
David Shaw
1736866b5b * gpg.c (add_notation_data): Fix reversed logic for isascii check when 
adding notations.  Noted by Christian Biere.
 2006-02-23 19:52:20 +00:00
David Shaw
c37453211c * options.h, keyserver.c (add_canonical_option): New. 
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).
 2006-02-23 17:00:02 +00:00
David Shaw
1ae024ef81 * options.h, keyserver-internal.h, keyserver.c (keyserver_import_name), 
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
 2006-02-22 23:37:23 +00:00
David Shaw
482a3a0101 * gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut down on 
odd matches.
 2006-02-22 23:19:36 +00:00
David Shaw
305288b5f5 * options.h, keyserver.c (parse_keyserver_options): Remove 
auto-cert-retrieve as it is no longer meaningful.  Add max-cert-size to
allow users to pick a max key size retrieved via CERT.
 2006-02-22 20:34:48 +00:00
David Shaw
477defdb1b * options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c 
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
 2006-02-22 20:20:58 +00:00
David Shaw
7eab1846ca * options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate): 
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
 2006-02-22 19:06:23 +00:00
David Shaw
e396cd2c7c * gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't allow 
duplicate attributes as OpenLDAP is now enforcing this.
 2006-02-22 04:19:21 +00:00
David Shaw
c68649e1b1 * gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass 
credentials to a remote LDAP server.
 2006-02-22 03:49:49 +00:00
David Shaw
79ec50f77d * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, 
curl_easy_perform): Mingw has 'stderr' as a macro?
 2006-02-22 02:11:35 +00:00
David Shaw
d038b36c8f * getkey.c (get_pubkey_byname): Fix minor security problem with PKA when 
importing at -r time.  The URL in the PKA record may point to a key put in
by an attacker.  Fix is to use the fingerprint from the PKA record as the
recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
 2006-02-21 22:23:35 +00:00
David Shaw
e4206de3f5 * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, 
curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for easier
debugging.
 2006-02-21 16:16:09 +00:00
David Shaw
0eb4e93bd4 * gpgv.c: Stub keyserver_import_ldap. 
* keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using
the PGP Universal trick of asking ldap://keys.(maildomain) for the key.
 2006-02-21 16:09:09 +00:00
David Shaw
8a1bd087fc * keyserver.c (parse_keyserver_uri): Include the scheme in the uri 
even when we've assumed "hkp" when there was no scheme.
 2006-02-21 05:20:08 +00:00
Werner Koch
d59f87e94b Better warning messages 2006-02-19 22:09:10 +00:00
David Shaw
ca6c57bc8a * http.c (send_request): A zero length proxy is the same as no proxy. 2006-02-19 21:03:01 +00:00
David Shaw
5b209e3e4a * configure.ac: Try linking the UINT64_C test program (rather than 
just compiling it) as UINT64_C looks like a (missing) function,
causing a false positive.  Noted by Claus Assmann.
 2006-02-19 02:08:43 +00:00
Werner Koch
b121d029b5 about to release 1.4.3rc1 2006-02-14 16:28:34 +00:00
Werner Koch
6ec4e8c6a1 Added documentation for qualified signatures 2006-02-14 13:34:23 +00:00
Werner Koch
966cd80d88 Fixed a wrong return code with gpg --verify 2006-02-14 10:17:57 +00:00
Werner Koch
4472efd12c PIN caching of cards does now work. 2006-02-09 18:29:31 +00:00
Werner Koch
2410941461 Lock random seed file 2006-02-09 12:54:41 +00:00
Werner Koch
3d7b030025 Fixed a couple of problems with omnikey based readers 2006-02-08 17:56:01 +00:00
Werner Koch
af67c98ee9 Fixed a couple of problems 2006-02-08 17:55:20 +00:00
Werner Koch
ee3f99f4e4 . 2006-02-06 18:31:27 +00:00
Werner Koch
4f34366389 Add support fro CardMan 4040 2006-02-06 16:34:20 +00:00
Werner Koch
a5465705fb Support for CardMan 4040 2006-02-06 16:13:20 +00:00
David Shaw
23cfe019e9 * cert.c (get_cert): Disable IPGP types for now until the format questions 
in the draft are settled.

* srv.c (getsrv): Error on oversize SRV responses.
 2006-01-26 16:51:04 +00:00
David Shaw
214a3a646e * keyserver.c (parse_keyserver_uri): If there is a path present, set the 
direct_uri flag so the right keyserver helper is run.
 2006-01-24 21:03:06 +00:00
David Shaw
4ff7d09040 * keyserver.c (keyserver_spawn): Include the EXEEXT so we can find 
keyserver helpers on systems that use extensions.

* misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with
drive letter systems.
 2006-01-22 21:40:20 +00:00
David Shaw
d232175d8d * configure.ac: Add define for EXEEXT so we can find keyserver helpers 
on systems that use extensions.
 2006-01-22 21:38:02 +00:00
David Shaw
dbe415ea61 * keydb.h, passphrase.c (next_to_last_passphrase): New. "Touch" a 
passphrase as if it was used (move from next_pw to last_pw).

* pubkey-enc.c (get_session_key): Use it here to handle the case where a
passphrase happens to be correct for a secret key, but yet that key isn't
the anonymous recipient (i.e. the secret key could be decrypted, but not
the session key).  This also handles the case where a secret key is
located on a card and a secret key with no passphrase.  Note this does not
fix bug 594 (anonymous recipients on smartcard do not work) - it just
prevents the anonymous search from stopping when the card is encountered.
 2006-01-17 20:55:53 +00:00
David Shaw
10d917a885 * libcurl.m4: Add IDN, SSPI, NTLM, and TFTP defines. 2006-01-17 16:03:51 +00:00
David Shaw
fa4b60403b * libcurl.m4: Remove GOPHER, as that is not supported in libcurl any 
longer.
 2006-01-16 20:22:58 +00:00
David Shaw
2c4b5d5de9 * gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST when 
uploading a key.
 2006-01-16 17:59:46 +00:00
David Shaw
7b978efef8 * keyserver.c (keyserver_refresh): Fix problem when more than one key 
in a refresh batch has a preferred keyserver set.  Noted by Nicolas
Rachinsky.
 2006-01-07 21:04:13 +00:00
David Shaw
1315171b07 * mainproc.c (check_sig_and_print), keyserver.c 
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.
 2006-01-01 18:12:57 +00:00
David Shaw
5bce704dd3 * sign.c (write_signature_packets): Lost a digest_algo line. 2006-01-01 17:59:57 +00:00
David Shaw
cbc5c947d5 * sign.c (hash_for): Add code to detect if the sk lives on a smart 
card.  If it does, only allow 160-bit hashes, a la DSA.  This involves
passing the *sk in, so change all callers.  This is correct for today,
given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160
support in the openpgp card.  It will almost certainly need changing
down the road.

* app-openpgp.c (do_sign): Give user error if hash algorithm is not
supported by the card.
 2006-01-01 17:48:54 +00:00
David Shaw
74117cf4d3 * cert.c (get_cert): Properly chase down CNAMEs pointing to CERTs. 2005-12-24 15:35:39 +00:00
David Shaw
846eefaa71 * keyserver.c (keyserver_import_pka): New. Moved from 
getkey.c:get_pubkey_byname which was getting crowded.

* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records.  Can handle both the PGP (actual key) and IPGP (URL) CERT types.

* getkey.c (get_pubkey_byname): Call them both here.

* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
 2005-12-23 22:17:11 +00:00
David Shaw
8b9c16ed0a * gpgv.c: Stub. 
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.

* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA.  Try PKA first, though, as it is
likely to be faster.
 2005-12-23 21:33:32 +00:00
David Shaw
da9a10d2b0 * ksutil.h, ksutil.c (parse_ks_options): New keyserver command "getname". 
* gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): Use it
here to do direct name (rather than key ID) fetches.
 2005-12-23 20:51:48 +00:00
David Shaw
7f13d486b0 New code to do DNS CERT queries. 2005-12-23 18:15:24 +00:00
David Shaw
5e08b08da8 * srv.c, Makefile.am: Only build srv.c if we need to. 2005-12-23 05:00:55 +00:00
David Shaw
f3c99c604c * configure.ac: Split PKA checking off from DNS SRV checking. 
Currently PKA is only enabled if HTTP or HKP is enabled which is not
necessary.
 2005-12-23 04:58:25 +00:00
Werner Koch
f1482aab4e Finished PKA feature 2005-12-20 20:19:16 +00:00
Werner Koch
dfaee3d480 post release preparations 2005-12-20 11:12:16 +00:00
Werner Koch
a56dc7e7af Preparing a released 2005-12-20 10:26:32 +00:00