security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-10-31 20:08:43 +01:00
Code Activity
3,178 Commits 101 Branches 306 Tags 73 MiB
9d66580cff
Commit Graph

3178 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Shaw
889c4afd78 * packet.h, build-packet.c (sig_to_notation), keygen.c 
(keygen_add_notations): Tweak to handle non-human-readable notation
values.
 2006-03-08 23:42:45 +00:00
David Shaw
4fea8fdbbb * options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data): 
Use it here for the various notation commands.

* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
 2006-03-08 23:30:12 +00:00
David Shaw
90d8377276 * options.h, mainproc.c (check_sig_and_print), gpg.c (main): 
pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
 2006-03-08 02:40:42 +00:00
David Shaw
07c48cf29e * NEWS: Note CERT retrieval. Tweak PKA and backsig language to match 
current code.
 2006-03-08 02:36:37 +00:00
David Shaw
b62ca46f62 * gpg.sgml: Rename backsigs to cross-certification (backsigs is just 
shorthand).  Document max-cert-size.
 2006-03-07 22:44:23 +00:00
David Shaw
ee3379a77d * gpg.sgml: Document new way of enabling the PKA functions. Some minor 
other cleanups.
 2006-03-07 21:47:36 +00:00
David Shaw
4f9efb7a79 * options.h, gpg.c (main, parse_trust_model), pkclist.c 
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
 2006-03-07 20:14:20 +00:00
David Shaw
81e2591421 * NEWS: Note --auto-key-locate and that keyservers can handle binary data 
now.
 2006-03-07 16:20:03 +00:00
Werner Koch
4aeb4d4b10 More tests added; make distcheck works 2006-03-07 11:05:41 +00:00
David Shaw
199f4bd626 * gpg.sgml: Document --auto-key-locate. 2006-03-07 05:06:31 +00:00
David Shaw
764b3f9395 * sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as that 
is not a PGP 2.x algorithm.
 2006-03-07 01:16:31 +00:00
David Shaw
5d2060e211 * mainproc.c (proc_compressed): "Uncompressed" is not a valid compression 
algorithm.
 2006-03-06 23:14:13 +00:00
Werner Koch
3e08d87168 Stricter test of allowed signature packet compositions. 
There is still one problem to solve.
 2006-03-06 21:28:25 +00:00
Werner Koch
a200f76dcf Fixed problem with PGP2 style signatures and mutilple plaintext data 2006-03-06 12:28:46 +00:00
Werner Koch
09203be1c6 Replaced an assert and fixed batch mode issue in cardglue. 2006-03-05 15:13:18 +00:00
David Shaw
9523139ee7 * gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP 
libraries that have TLS.
 2006-03-03 21:55:38 +00:00
David Shaw
78904c691c * getkey.c (parse_auto_key_locate): Error if the user selects "cert" or 
"pka" when those features are disabled.

* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha.  Noted by Nelson H.
F. Beebe.
 2006-03-01 18:16:55 +00:00
David Shaw
2385935afa * configure.ac: Fix accidental enabling of SHA-384/512. Noted by Nelson 
H. F. Beebe.
 2006-03-01 17:05:38 +00:00
Werner Koch
89824e5d59 Fixed card removal problems 2006-03-01 11:05:47 +00:00
David Shaw
4b67ecabcf * options.skel: Document auto-key-locate and give a pointer to Simon 
Josefsson's page for CERT.
 2006-02-27 19:31:13 +00:00
David Shaw
837a6f094d * gpg.sgml: Document new --keyserver syntax. 2006-02-25 00:21:20 +00:00
David Shaw
f4f5ea43e7 * keydb.h, getkey.c (release_akl), gpg.c (main): Add 
--no-auto-key-locate.

* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.

* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New.  Find a keyserver that matches ours and
return its spec.

* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
 2006-02-24 14:27:22 +00:00
David Shaw
4139587267 * keyserver.c (parse_keyserver_options): Only change max_cert if it is 
used.
 2006-02-24 03:57:11 +00:00
David Shaw
624f3582ba * options.c, gpg.c (main), keyserver.c (keyserver_spawn): No special 
treatment of include-revoked, include-subkeys, and try-dns-srv.  These are
keyserver features, and GPG shouldn't get involved here.
 2006-02-23 22:39:40 +00:00
David Shaw
0302c7e0ac * ksutil.c (init_ks_options): Default include-revoked and include-subkeys 
to on, as gpg isn't doing this any longer.
 2006-02-23 21:06:32 +00:00
David Shaw
09e3b78ea2 * keyserver.c (parse_keyserver_uri, add_canonical_option): Always append 
options to the list, as ordering may be significant to the user.
 2006-02-23 20:54:30 +00:00
David Shaw
1736866b5b * gpg.c (add_notation_data): Fix reversed logic for isascii check when 
adding notations.  Noted by Christian Biere.
 2006-02-23 19:52:20 +00:00
David Shaw
c37453211c * options.h, keyserver.c (add_canonical_option): New. 
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).
 2006-02-23 17:00:02 +00:00
David Shaw
1ae024ef81 * options.h, keyserver-internal.h, keyserver.c (keyserver_import_name), 
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
 2006-02-22 23:37:23 +00:00
David Shaw
482a3a0101 * gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut down on 
odd matches.
 2006-02-22 23:19:36 +00:00
David Shaw
305288b5f5 * options.h, keyserver.c (parse_keyserver_options): Remove 
auto-cert-retrieve as it is no longer meaningful.  Add max-cert-size to
allow users to pick a max key size retrieved via CERT.
 2006-02-22 20:34:48 +00:00
David Shaw
477defdb1b * options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c 
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
 2006-02-22 20:20:58 +00:00
David Shaw
7eab1846ca * options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate): 
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
 2006-02-22 19:06:23 +00:00
David Shaw
e396cd2c7c * gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't allow 
duplicate attributes as OpenLDAP is now enforcing this.
 2006-02-22 04:19:21 +00:00
David Shaw
c68649e1b1 * gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass 
credentials to a remote LDAP server.
 2006-02-22 03:49:49 +00:00
David Shaw
79ec50f77d * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, 
curl_easy_perform): Mingw has 'stderr' as a macro?
 2006-02-22 02:11:35 +00:00
David Shaw
d038b36c8f * getkey.c (get_pubkey_byname): Fix minor security problem with PKA when 
importing at -r time.  The URL in the PKA record may point to a key put in
by an attacker.  Fix is to use the fingerprint from the PKA record as the
recipient.  This ensures that the PKA record is followed.

* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
 2006-02-21 22:23:35 +00:00
David Shaw
e4206de3f5 * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt, 
curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for easier
debugging.
 2006-02-21 16:16:09 +00:00
David Shaw
0eb4e93bd4 * gpgv.c: Stub keyserver_import_ldap. 
* keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using
the PGP Universal trick of asking ldap://keys.(maildomain) for the key.
 2006-02-21 16:09:09 +00:00
David Shaw
8a1bd087fc * keyserver.c (parse_keyserver_uri): Include the scheme in the uri 
even when we've assumed "hkp" when there was no scheme.
 2006-02-21 05:20:08 +00:00
Werner Koch
d59f87e94b Better warning messages 2006-02-19 22:09:10 +00:00
David Shaw
ca6c57bc8a * http.c (send_request): A zero length proxy is the same as no proxy. 2006-02-19 21:03:01 +00:00
David Shaw
5b209e3e4a * configure.ac: Try linking the UINT64_C test program (rather than 
just compiling it) as UINT64_C looks like a (missing) function,
causing a false positive.  Noted by Claus Assmann.
 2006-02-19 02:08:43 +00:00
Werner Koch
b121d029b5 about to release 1.4.3rc1 2006-02-14 16:28:34 +00:00
Werner Koch
6ec4e8c6a1 Added documentation for qualified signatures 2006-02-14 13:34:23 +00:00
Werner Koch
966cd80d88 Fixed a wrong return code with gpg --verify 2006-02-14 10:17:57 +00:00
Werner Koch
4472efd12c PIN caching of cards does now work. 2006-02-09 18:29:31 +00:00
Werner Koch
2410941461 Lock random seed file 2006-02-09 12:54:41 +00:00
Werner Koch
3d7b030025 Fixed a couple of problems with omnikey based readers 2006-02-08 17:56:01 +00:00
Werner Koch
af67c98ee9 Fixed a couple of problems 2006-02-08 17:55:20 +00:00