security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-28 02:12:46 +02:00
Code Activity
2,152 Commits 100 Branches 301 Tags 70 MiB
e0ad2bda52
Commit Graph

2152 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Shaw
e0ad2bda52 * cert.c (get_cert): Handle the fixed IPGP type with fingerprint. 2006-03-16 22:40:04 +00:00
David Shaw
9f524c4a04 * keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the 
same API as the other auto-key-locate fetchers.

* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched.  This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it.  In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker.  By forcing the use of
the fingerprint, we won't use the attacker's key here.
 2006-03-14 03:16:21 +00:00
David Shaw
b478ce7a79 * keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work, 
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.
 2006-03-14 02:42:02 +00:00
David Shaw
671ec45001 * main.h, import.c (import_one): Optionally return the fingerprint of 
the key being imported.  (import_keys_internal, import_keys_stream,
import): Change all callers.
 2006-03-14 02:23:00 +00:00
David Shaw
7e3ba27aef * sig-check.c (signature_check2): Print the backsig warning when there 
is no backsig present.  Give a URL for more information.

* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
 2006-03-12 15:33:57 +00:00
David Shaw
48773e4c15 * samplekeys.asc: Update 99242560 to have a signing subkey backsig. 2006-03-11 15:29:57 +00:00
David Shaw
5784a43e65 * gpg.sgml: Clarify new notation delete feature. 2006-03-09 19:47:35 +00:00
David Shaw
e914311608 * build-packet.c (string_to_notation): Add ability to indicate a notation 
to be deleted with a '-' prefix.

* keyedit.c (menu_set_notation): Use it here to allow deleting a notation
marked with '-'.  This works with either "-notation" or "-notation=value".
 2006-03-09 19:43:29 +00:00
Werner Koch
a917165bef keep on walking towards rc3 2006-03-09 19:24:59 +00:00
Werner Koch
3ea8fc3337 Updated 2006-03-09 12:58:26 +00:00
Werner Koch
cf10c31a3f Preparing for an RC23 2006-03-09 12:45:02 +00:00
David Shaw
0317ae66f3 * gpg.sgml: Document "notation". 2006-03-09 04:00:18 +00:00
David Shaw
d810409068 * keyedit.c (menu_set_notation): New function to set notations on 
self-signatures.  (keyedit_menu): Call it here.
(tty_print_notations): Helper.  (show_prefs): Show notations in
"showpref".
 2006-03-09 03:49:39 +00:00
David Shaw
5460153264 * mainproc.c (get_pka_address), keylist.c (show_notation): Remove 
duplicate code by using notation functions.
 2006-03-09 03:35:26 +00:00
David Shaw
cc9a71c6ce * argparse.c (default_strusage): Update copyright year to 2006. 2006-03-09 03:31:28 +00:00
David Shaw
0f7b4371b2 * packet.h, build-packet.c (sig_to_notation), keygen.c 
(keygen_add_notations): Provide printable text for non-human-readable
notation values.
 2006-03-09 01:15:18 +00:00
David Shaw
889c4afd78 * packet.h, build-packet.c (sig_to_notation), keygen.c 
(keygen_add_notations): Tweak to handle non-human-readable notation
values.
 2006-03-08 23:42:45 +00:00
David Shaw
4fea8fdbbb * options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data): 
Use it here for the various notation commands.

* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
 2006-03-08 23:30:12 +00:00
David Shaw
90d8377276 * options.h, mainproc.c (check_sig_and_print), gpg.c (main): 
pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
 2006-03-08 02:40:42 +00:00
David Shaw
07c48cf29e * NEWS: Note CERT retrieval. Tweak PKA and backsig language to match 
current code.
 2006-03-08 02:36:37 +00:00
David Shaw
b62ca46f62 * gpg.sgml: Rename backsigs to cross-certification (backsigs is just 
shorthand).  Document max-cert-size.
 2006-03-07 22:44:23 +00:00
David Shaw
ee3379a77d * gpg.sgml: Document new way of enabling the PKA functions. Some minor 
other cleanups.
 2006-03-07 21:47:36 +00:00
David Shaw
4f9efb7a79 * options.h, gpg.c (main, parse_trust_model), pkclist.c 
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
 2006-03-07 20:14:20 +00:00
David Shaw
81e2591421 * NEWS: Note --auto-key-locate and that keyservers can handle binary data 
now.
 2006-03-07 16:20:03 +00:00
Werner Koch
4aeb4d4b10 More tests added; make distcheck works 2006-03-07 11:05:41 +00:00
David Shaw
199f4bd626 * gpg.sgml: Document --auto-key-locate. 2006-03-07 05:06:31 +00:00
David Shaw
764b3f9395 * sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as that 
is not a PGP 2.x algorithm.
 2006-03-07 01:16:31 +00:00
David Shaw
5d2060e211 * mainproc.c (proc_compressed): "Uncompressed" is not a valid compression 
algorithm.
 2006-03-06 23:14:13 +00:00
Werner Koch
3e08d87168 Stricter test of allowed signature packet compositions. 
There is still one problem to solve.
 2006-03-06 21:28:25 +00:00
Werner Koch
a200f76dcf Fixed problem with PGP2 style signatures and mutilple plaintext data 2006-03-06 12:28:46 +00:00
Werner Koch
09203be1c6 Replaced an assert and fixed batch mode issue in cardglue. 2006-03-05 15:13:18 +00:00
David Shaw
9523139ee7 * gpgkeys_ldap.c (main): Fix build problem with non-OpenLDAP LDAP 
libraries that have TLS.
 2006-03-03 21:55:38 +00:00
David Shaw
78904c691c * getkey.c (parse_auto_key_locate): Error if the user selects "cert" or 
"pka" when those features are disabled.

* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha.  Noted by Nelson H.
F. Beebe.
 2006-03-01 18:16:55 +00:00
David Shaw
2385935afa * configure.ac: Fix accidental enabling of SHA-384/512. Noted by Nelson 
H. F. Beebe.
 2006-03-01 17:05:38 +00:00
David Shaw
4b67ecabcf * options.skel: Document auto-key-locate and give a pointer to Simon 
Josefsson's page for CERT.
 2006-02-27 19:31:13 +00:00
David Shaw
837a6f094d * gpg.sgml: Document new --keyserver syntax. 2006-02-25 00:21:20 +00:00
David Shaw
f4f5ea43e7 * keydb.h, getkey.c (release_akl), gpg.c (main): Add 
--no-auto-key-locate.

* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.

* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New.  Find a keyserver that matches ours and
return its spec.

* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
 2006-02-24 14:27:22 +00:00
David Shaw
4139587267 * keyserver.c (parse_keyserver_options): Only change max_cert if it is 
used.
 2006-02-24 03:57:11 +00:00
David Shaw
624f3582ba * options.c, gpg.c (main), keyserver.c (keyserver_spawn): No special 
treatment of include-revoked, include-subkeys, and try-dns-srv.  These are
keyserver features, and GPG shouldn't get involved here.
 2006-02-23 22:39:40 +00:00
David Shaw
0302c7e0ac * ksutil.c (init_ks_options): Default include-revoked and include-subkeys 
to on, as gpg isn't doing this any longer.
 2006-02-23 21:06:32 +00:00
David Shaw
09e3b78ea2 * keyserver.c (parse_keyserver_uri, add_canonical_option): Always append 
options to the list, as ordering may be significant to the user.
 2006-02-23 20:54:30 +00:00
David Shaw
1736866b5b * gpg.c (add_notation_data): Fix reversed logic for isascii check when 
adding notations.  Noted by Christian Biere.
 2006-02-23 19:52:20 +00:00
David Shaw
c37453211c * options.h, keyserver.c (add_canonical_option): New. 
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).
 2006-02-23 17:00:02 +00:00
David Shaw
1ae024ef81 * options.h, keyserver-internal.h, keyserver.c (keyserver_import_name), 
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
 2006-02-22 23:37:23 +00:00
David Shaw
482a3a0101 * gpgkeys_hkp.c (get_name): A GETNAME query turns exact=on to cut down on 
odd matches.
 2006-02-22 23:19:36 +00:00
David Shaw
305288b5f5 * options.h, keyserver.c (parse_keyserver_options): Remove 
auto-cert-retrieve as it is no longer meaningful.  Add max-cert-size to
allow users to pick a max key size retrieved via CERT.
 2006-02-22 20:34:48 +00:00
David Shaw
477defdb1b * options.h, gpg.c (main), mainproc.c (check_sig_and_print), keyserver.c 
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
 2006-02-22 20:20:58 +00:00
David Shaw
7eab1846ca * options.h, keydb.h, g10.c (main), getkey.c (parse_auto_key_locate): 
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
 2006-02-22 19:06:23 +00:00
David Shaw
e396cd2c7c * gpgkeys_ldap.c (make_one_attr, build_attrs, send_key): Don't allow 
duplicate attributes as OpenLDAP is now enforcing this.
 2006-02-22 04:19:21 +00:00
David Shaw
c68649e1b1 * gpgkeys_ldap.c (main): Add binddn and bindpw so users can pass 
credentials to a remote LDAP server.
 2006-02-22 03:49:49 +00:00