encrypt-dsa.test, encrypt.test, genkey1024.test, plain-1.asc,
plain-1-pgp.asc, plain-2.asc, plain-3.asc, pubring.asc, secring.asc,
sigs.test: Rework tests to work properly with a gpg binary that doesn't
have all ciphers and all pk algos. Basically, we test for the ciphers we
have, only test signing with non-160-bit hashes with RSA (we test all
hashes as hashes). Test all key lengths of AES.
* sig-check.c (check_revocation_keys): Comments.
* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.
* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs. It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.
* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.
* compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.
* tdbio.c: Fixed format string bugs related to the use of DB_NAME.
Reported by Florian Weimer.
passes the proxy in from the outside. If the command file sends a proxy,
use it. If it sends "http-proxy" with no arguments, use $http_proxy from
the environment.
parse_keyserver_uri): honor-http-proxy is no longer an option since we can
do the same thing with http-proxy with no arguments. Also remove
broken-http-proxy since it can be better handled in the HTTP helper.
(parse_keyserver_options): Use them here to allow arguments to
keyserver-options. Since none of our options need arguments yet, just
pass them through whole to the keyserver helper.
the messages about which option didn't match or matched ambiguously.
Change all callers (g10.c, keyserver.c).
* main.h, import.c (import_options), export.c (export_options): Pass the
noisy flag through.
length and not the 64 bytes we used for testing.
* app-openpgp.c (verify_chv2, verify_chv3, do_sign): Check the
minimum length of the passphrase, so that we don't need to
decrement the retry counter.
(cmd_encrypt): Add all enrypt-to marked certs to the list.
* encrypt.c (gpgsm_encrypt): Check that real recipients are
available.
* gpgsm.c (main): Make the --encrypt-to and --no-encrypt-to
options work. Pass the list of recients to gpgsm_server.
* gpgsm.h (certlist_s): Add field IS_ENCRYPT_TO.
(opt): Add NO_ENCRYPT_TO.
* certlist.c (gpgsm_add_to_certlist): New arg IS_ENCRYPT_TO.
Changed all callers and ignore duplicate entries.
(is_cert_in_certlist): New.
(gpgsm_add_cert_to_certlist): New.
(print_isoname): Ditto.
* trustdb.c (check_regexp): s/exp/expr/.
* keyedit.c (trustsig_prompt): Removed a "> 255" term; it is
always false due to the data type.
* passphrase.c (agent_get_passphrase): Use xasprintf and avoid
non-literal format strings.
* tdbio.c (upd_hashtable, drop_from_hashtable, lookup_hashtable):
Fixed log_error format string bugs. Kudos to the now working
gcc-3.3 -Wformat-nonliteral and Florian Weimer's investigations in
gnupg 1.2.3.
here... (signature_check2): ... to here. (check_key_signature2): ... and
here. This is a minor optimization to avoid fetching a key (which can be
expensive, especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if the
signature would have failed anyway because of algorithm or hash problems.
