1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-24 10:39:57 +01:00

1639 Commits

Author SHA1 Message Date
David Shaw
f16d78e14d * trustdb.c (add_utk, verify_own_keys, update_min_ownertrust,
get_validity, ask_ownertrust, validate_keys): --keyid-format conversion.
2004-03-15 23:15:57 +00:00
David Shaw
309273f869 * import.c (check_prefs_warning, check_prefs): --keyid-format conversion
and a little better text. (import_one, import_secret_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, merge_blocks): Still
more --keyid-format conversions.
2004-03-15 20:00:42 +00:00
David Shaw
a5208f2e1d * keylist.c (print_seckey_info, print_pubkey_info): --keyid-format
conversion. (list_keyblock_print): 0xshort should not push us into the new
list format since it is not much longer than regular 8-character short
keyids.
2004-03-06 20:45:44 +00:00
David Shaw
b8cd31217e * keydb.h, keyid.c (keystr_from_pk, keystr_from_sk): New functions to pull
a key string from a key in one step.  This isn't faster than before, but
makes for neater code.

* keylist.c (list_keyblock_print): Use keystr_from_xx here.
(print_key_data): No need to pass a keyid in.
2004-03-06 17:12:44 +00:00
David Shaw
efec599797 * keyid.c (keyid_from_sk): Minor performance boost by caching secret key
keyids so we don't have to calculate them each time.
2004-03-06 04:08:06 +00:00
David Shaw
ea73c94bc6 * getkey.c (merge_selfsigs_subkey): Do not mark subkeys valid if we do not
support their pk algorithm.  This allows for early (during get_*)
rejection of a subkey, and selection of another.

* passphrase.c (passphrase_to_dek): Give a little more information when we
have room to do so.
2004-03-05 13:34:56 +00:00
David Shaw
1e01514529 * revoke.c (export_minimal_pk), export.c (do_export_stream), passphrase.c
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use
--keyid-format.

* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.
2004-03-05 00:01:25 +00:00
David Shaw
6d4cc84f3c * iobuf.c (block_filter): Remove the old gpg indeterminate length mode.
(iobuf_set_block_mode, iobuf_in_block_mode): Removed as superfluous.
2004-03-04 20:48:46 +00:00
David Shaw
f29639dae5 * iobuf.h: Remove iobuf_set_block_mode() and iobuf_in_block_mode(). 2004-03-04 20:46:56 +00:00
David Shaw
64e3f5a313 * armor.c (fake_packet, armor_filter): Use the 2440 partial length
encoding for the faked plaintext packet.
2004-03-04 20:40:12 +00:00
David Shaw
c562c9e837 * options.h, g10.c (main), mainproc.c (check_sig_and_print): Remove
verify-option show-long-keyids and replace with the more general
keyid-format.
2004-03-03 20:54:03 +00:00
David Shaw
56a6945261 * build-packet.c (write_header2): Remove call to start old gpg partial
length mode and change all callers. (do_plaintext): Turn off partial
length encoding now that we're done writing the packet. (do_comment,
do_user_id): Try for a headerlen of 2 since that's the smallest and most
likely encoding for these packets.

* parse-packet.c (parse): Remove call to start old gpg partial length
mode.
2004-03-03 16:38:34 +00:00
David Shaw
2d7fe1d3a1 * options.h, g10.c (main): Add a more flexible --keyid-format option to
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.

* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.

* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
2004-03-03 05:47:51 +00:00
David Shaw
c57262fd57 * packet.h, free-packet.c (free_encrypted, free_plaintext), parse-packet.c
(copy_packet, skip_packet, skip_rest, read_rest, parse_plaintext,
parse_encrypted, parse_gpg_control): Use a flag to indicate partial or
indeterminate encoding.  This is the first step in some minor surgery to
remove the old gpg partial length encoding.
2004-03-03 00:09:16 +00:00
David Shaw
9eb128ef9b * parse-packet.c (parse): Only data-type packets are allowed to use
OpenPGP partial length encoding.
2004-03-01 23:10:35 +00:00
David Shaw
0a05d98b8b * iobuf.c (block_filter): Properly handle a partial body stream that ends
with a 5-byte length that happens to be zero.
2004-03-01 21:48:32 +00:00
David Shaw
e38ea662fa * unsetenv.c: Fixed debugging typo. 2004-02-28 20:53:08 +00:00
David Shaw
1f5ef591cc * Makefile.am: Don't split LDADD across two lines since some make programs
can't handle blank lines after a \ continuation.  Noted by Christoph
Moench-Tegeder.
2004-02-28 20:38:25 +00:00
Werner Koch
25344bd93e Post release version number change 2004-02-26 18:22:20 +00:00
Werner Koch
9a31df2eec Preparing for 1.3.5 V1-3-5 2004-02-26 17:18:57 +00:00
David Shaw
0c17789f3d * gpg.sgml: Document --ask-cert-level, --max-output, and
--default-cert-level.
2004-02-26 05:08:18 +00:00
David Shaw
1c5b33a126 * gpg.sgml: Document keyserver-option http-proxy, import-option
merge-only, remove old honor-http-proxy, --merge-only, and
--emulate-md-encode-bug.  Document COLUMNS and LINES.
2004-02-26 05:04:16 +00:00
David Shaw
4c4f29d256 * README: Update copyright.
* NEWS: Note --max-output, --list-config, --min-cert-level, AIX fix, new
http-proxy keyserver-option, new LDAP server code, TLS, LDAPS, and
--show-session-key with --symmetric.
2004-02-26 04:40:57 +00:00
David Shaw
f2148f03c5 * delkey.c (do_delete_key): Allow deleting a public key with a secret
present if --expert is set.

* plaintext.c (handle_plaintext): Make bytecount static so it works with
multiple literal packets inside a message.

* encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c
(ask_algo), sig-check.c (do_check_messages), skclist.c (build_sk_list):
Rename "ElGamal" to "Elgamal" as that is the proper spelling nowadays.
Suggested by Jon Callas.
2004-02-26 02:03:27 +00:00
David Shaw
0d7cae4663 * gpgkeys_ldap.c (send_key): List pgpCertID as one of the deleted
attributes.  This guarantees that if something goes wrong, we won't be
able to complete the transaction, thus leaving any key already existing on
the server intact.
2004-02-26 01:29:26 +00:00
David Shaw
a84fe549da * plaintext.c: Copyright.
* encode.c (encode_simple): Show cipher with --verbose.

* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level.  If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.

* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
2004-02-24 23:37:18 +00:00
Werner Koch
be94975af6 (lock_pool) [_AIX]: Also set errno. 2004-02-24 16:06:55 +00:00
David Shaw
17ce0c5267 * gpgkeys_ldap.c (delete_one_attr): Removed. (make_one_attr): Delete
functionality added.  Optional deduping functionality added (currently
only used for pgpSignerID). (build_attrs): Translate sig entries into
pgpSignerID.  Properly build the timestamp for pgpKeyCreateTime and
pgpKeyExpireTime.
2004-02-24 03:57:21 +00:00
David Shaw
643665c963 * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
--min-cert-check-level option to specify minimum cert check level.
Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be ignored.
2004-02-23 04:00:51 +00:00
David Shaw
07a10b451e * gpgkeys_ldap.c (delete_one_attr): New function to replace attributes
with NULL (a "delete" that works even for nonexistant attributes).
(send_key): Use it here to remove attributes so a modify operation starts
with a clean playing field.  Bias sends to modify before add, since (I
suspect) people update their existing keys more often than they make and
send new keys to the server.
2004-02-23 03:43:45 +00:00
David Shaw
d8590475fe * plaintext.c (handle_plaintext): Properly handle a --max-output of zero
(do not limit output at all).
2004-02-22 04:16:31 +00:00
David Shaw
3ddd4410ae * keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the INFO
header lines, and include "sig:" records for the benefit of people who
store their keys in LDAP servers.  It makes it easy to do queries for
things like "all keys signed by Isabella".
2004-02-22 00:36:34 +00:00
David Shaw
3b9d7a6430 * gpgkeys_ldap.c (epoch2ldaptime): New. Converse of ldap2epochtime.
(make_one_attr): New. Build a modification list in memory to send to the
LDAP server. (build_attrs): New. Parse INFO lines sent over by gpg.
(free_mod_values): New.  Unwinds a modification list.
(send_key_keyserver): Renamed from old send_key(). (send_key): New
function to send a key to a LDAP server. (main): Use send_key() for real
LDAP servers, send_key_keyserver() otherwise.
2004-02-22 00:08:53 +00:00
David Shaw
9afea90825 * util.h: Prototype for hextobyte(). 2004-02-21 22:13:39 +00:00
David Shaw
fcc02ac22a * miscutil.c (hextobyte): Moved here from g10/misc.c so I can use it in
the keyserver helpers.
2004-02-21 22:12:29 +00:00
David Shaw
93b5a811ef * main.h, misc.c (hextobyte): Removed. It's in libutil.a now. 2004-02-21 22:11:23 +00:00
David Shaw
34ccced8dc * keyserver.c (keyserver_export): Disallow user strings that aren't key
IDs. (keyserver_import): Clarify error message. (keyserver_spawn):
Properly handle 8 bit characters in user IDs in the info lines during
SEND.
2004-02-20 20:18:49 +00:00
David Shaw
9fe66c89d8 * configure.ac: Check for timegm(). Replacement functions for setenv()
and unsetenv().
2004-02-20 15:11:57 +00:00
David Shaw
a3ba17e09e * mkdtemp.c: New (moved from g10/), setenv.c: New, unsetenv.c: New.
* Makefile.am: Include @LIBOBJS@ for replacement functions.
2004-02-20 15:10:36 +00:00
David Shaw
e867829de7 * mkdtemp.c: Removed.
* Makefile.am: We get mkdtemp.c from libutil.a now, so don't link with
@LIBOBJS@.

* keyserver.c (keyserver_spawn): Pass the scheme to the keyserver helper.
2004-02-20 15:04:56 +00:00
David Shaw
925b982a0b * gpgkeys_ldap.c: Replacement prototypes for setenv and unsetenv.
(search_key): Catch a SIZELIMIT_EXCEEDED error and show the user whatever
the server did give us. (find_basekeyspacedn): There is no guarantee that
namingContexts will be readable.

* Makefile.am: Link gpgkeys_ldap with libutil.a to get the replacement
functions (and eventually translations, etc).
2004-02-20 14:59:02 +00:00
David Shaw
7f148010ab * gpgkeys_ldap.c (ldap2epochtime): LDAP timestamps are UTC, so do not
correct for timezones. (main): Find the basekeyspacedn before we try to
start TLS, so we can give a better error message when a user tries to use
TLS with a LDAP keyserver.
2004-02-19 21:32:15 +00:00
David Shaw
06d21d80f6 * configure.ac: Check for ln -s and add GPGKEYS_LDAP conditional, both for
making gpgkeys_ldaps symlink to gpgkeys_ldap.
2004-02-19 20:10:38 +00:00
David Shaw
21301028c4 * Makefile.am: Add automake conditionals to symlink gpgkeys_ldaps to
gpgkeys_ldap when needed.

* gpgkeys_ldap.c (main): Add support for LDAPS and TLS connections.
These are only useful and usable when talking to real LDAP keyservers.
Add new "tls" option to tune TLS use from off, to try quietly, to try
loudly, or to require TLS.
2004-02-19 20:09:12 +00:00
David Shaw
ce1e817dce * configure.ac: Simplify the LDAP checking code since OpenLDAP is far more
mature these days and dependencies are cleaner.  Add checks for
ldap_set_option and ldap_start_tls_s.
2004-02-19 16:34:32 +00:00
David Shaw
7e7364973d * gpgkeys_ldap.c (find_basekeyspacedn): New function to figure out what
kind of LDAP server we're talking to (either real LDAP or the LDAP
keyserver), and return the baseKeySpaceDN to find keys under. (main): Call
it from here, and remove the old code that only handled the LDAP
keyserver.
2004-02-19 15:09:14 +00:00
David Shaw
6c13b96a1d * options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.
2004-02-18 23:09:27 +00:00
David Shaw
f3de3a5eb9 * gpgkeys_ldap.c (ldap_to_gpg_err): Make sure that LDAP_OPT_ERROR_NUMBER
is defined before we use it.

* gpgkeys_mailto.in: Fix VERSION number.
2004-02-18 23:05:47 +00:00
David Shaw
2ecb28c51b * build-packet.c (do_user_id): Do not force a header for attribute packets
as they require a new CTB, and we don't support forced headers for new
CTBs yet.
2004-02-15 15:54:02 +00:00
David Shaw
95d05215c3 * build-packet.c (write_header2): If a suggested header length is provided
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.

* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.

* misc.c (parse_options): Only provide args for the true (i.e. not
"no-xxx") form of options.
2004-02-15 00:04:32 +00:00