1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

2324 Commits

Author SHA1 Message Date
David Shaw
4af2725d32 * memory.c (realloc): Fix compile problem with --enable-m-guard. 2006-04-06 17:58:13 +00:00
David Shaw
1f6fba7c52 * make-dns-cert.c: Some changes from Peter Palfrader to send errors to
stderr and allow spaces in a fingerprint.  Also warn when a key is
over 16k (as that is the default max-cert-size) and fail when a key is
over 64k as that is the DNS limit in many places.
2006-04-05 14:25:40 +00:00
David Shaw
d855bd31ab * make-dns-cert.c: New program to generate properly formatted CERT records
so people don't have to do it manually.
2006-04-04 22:19:13 +00:00
Werner Koch
91497480aa post release updates 2006-04-03 11:16:19 +00:00
Werner Koch
256f67675f About to release 1.4.3 2006-04-03 10:13:23 +00:00
David Shaw
4afa4eb10e * getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve unlock.
Fix strings to not start with a capital letter as per convention.
2006-04-01 02:47:53 +00:00
David Shaw
66965ccc29 Update copyright 2006-03-30 23:55:45 +00:00
David Shaw
92e1528bf2 * main.h, seskey.c (encode_md_value): Modify to allow a q size greater
than 160 bits as per DSA2.  This will allow us to verify and issue DSA2
signatures for some backwards compatibility once we start generating DSA2
keys.
* sign.c (do_sign), sig-check.c (do_check): Change all callers.

* sign.c (do_sign): Enforce the 160-bit check for new signatures here
since encode_md_value can handle non-160-bit digests now. This will need
to come out once the standard for DSA2 is firmed up.
2006-03-30 19:20:59 +00:00
David Shaw
a43c1bc874 * README: Some more notes about building fat binaries. 2006-03-30 14:19:08 +00:00
David Shaw
f99dec9e53 * cert.c (main): Fix test program build warning on OSX. 2006-03-30 14:13:35 +00:00
David Shaw
0ea95fd80f * gpgkeys_ldap.c: #define LDAP_DEPRECATED for newer OpenLDAPs so they use
the regular old API that is compatible with other LDAP libraries.
2006-03-27 19:06:46 +00:00
David Shaw
025aabfd8e * README: Missing some instructions on building a fat binary. 2006-03-25 03:05:30 +00:00
David Shaw
97b0606a95 * getkey.c (parse_auto_key_locate): Silently strip out duplicates rather
than causing an error.
2006-03-22 23:05:32 +00:00
Werner Koch
ac46433052 Changed URLs 2006-03-22 16:43:59 +00:00
David Shaw
5531da1cfc * mainproc.c (get_pka_address): Fix bug introduced as part of
sig_to_notation conversion.  Noted by Peter Palfradrer.
2006-03-22 14:37:53 +00:00
Werner Koch
7f99c71839 Allow for rmd160 signatures when using gpg-agent. 2006-03-21 13:01:45 +00:00
David Shaw
70f1c32ffd * blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Revert previous
change.  It's now all done in configure.
2006-03-20 16:40:28 +00:00
David Shaw
ca766728f4 * configure.ac: Improved --disable-endian-check that doesn't involve
changing #ifdefs in the rest of the code.
2006-03-20 16:13:52 +00:00
David Shaw
7fcba082c9 * configure.ac: Add --disable-endian-check for building fat binaries
on OSX.

* README: Add note on how to build a fat binary on OSX.
2006-03-20 00:57:33 +00:00
David Shaw
0f4f660d5f * blowfish.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c: Use '#if'
rather than '#ifdef' BIG_ENDIAN_HOST.  Harmless as we explicitly
define BIG_ENDIAN_HOST to 1 when we need it, but needed for OSX fat
builds when we define BIG_ENDIAN_HOST to another macro.
2006-03-20 00:39:44 +00:00
David Shaw
f4547924cb * configure.ac: Allow the DNS stuff to work on OSX by trying the
Apple-specific BIND_8_COMPAT.
2006-03-18 05:36:32 +00:00
David Shaw
3cfc77097d * keyserver.c (keyserver_import_cert): Handle the IPGP CERT type for
both the fingerprint alone, and fingerprint+URL cases.

* getkey.c (get_pubkey_byname): Minor cleanup.
2006-03-17 05:20:13 +00:00
David Shaw
e0ad2bda52 * cert.c (get_cert): Handle the fixed IPGP type with fingerprint. 2006-03-16 22:40:04 +00:00
David Shaw
9f524c4a04 * keyserver-internal.h, keyserver.c (keyserver_import_pka): Use the
same API as the other auto-key-locate fetchers.

* getkey.c (get_pubkey_byname): Use the fingerprint of the key that we
actually fetched.  This helps prevent problems where the key that we
fetched doesn't have the same name that we used to fetch it.  In the
case of CERT and PKA, this is an actual security requirement as the
URL might point to a key put in by an attacker.  By forcing the use of
the fingerprint, we won't use the attacker's key here.
2006-03-14 03:16:21 +00:00
David Shaw
b478ce7a79 * keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keyserver_import_cert, keyserver_import_name, keyserver_import_ldap):
Pass fingerprint info through.
2006-03-14 02:42:02 +00:00
David Shaw
671ec45001 * main.h, import.c (import_one): Optionally return the fingerprint of
the key being imported.  (import_keys_internal, import_keys_stream,
import): Change all callers.
2006-03-14 02:23:00 +00:00
David Shaw
7e3ba27aef * sig-check.c (signature_check2): Print the backsig warning when there
is no backsig present.  Give a URL for more information.

* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
2006-03-12 15:33:57 +00:00
David Shaw
48773e4c15 * samplekeys.asc: Update 99242560 to have a signing subkey backsig. 2006-03-11 15:29:57 +00:00
David Shaw
5784a43e65 * gpg.sgml: Clarify new notation delete feature. 2006-03-09 19:47:35 +00:00
David Shaw
e914311608 * build-packet.c (string_to_notation): Add ability to indicate a notation
to be deleted with a '-' prefix.

* keyedit.c (menu_set_notation): Use it here to allow deleting a notation
marked with '-'.  This works with either "-notation" or "-notation=value".
2006-03-09 19:43:29 +00:00
Werner Koch
a917165bef keep on walking towards rc3 2006-03-09 19:24:59 +00:00
Werner Koch
3ea8fc3337 Updated 2006-03-09 12:58:26 +00:00
Werner Koch
cf10c31a3f Preparing for an RC23 2006-03-09 12:45:02 +00:00
David Shaw
0317ae66f3 * gpg.sgml: Document "notation". 2006-03-09 04:00:18 +00:00
David Shaw
d810409068 * keyedit.c (menu_set_notation): New function to set notations on
self-signatures.  (keyedit_menu): Call it here.
(tty_print_notations): Helper.  (show_prefs): Show notations in
"showpref".
2006-03-09 03:49:39 +00:00
David Shaw
5460153264 * mainproc.c (get_pka_address), keylist.c (show_notation): Remove
duplicate code by using notation functions.
2006-03-09 03:35:26 +00:00
David Shaw
cc9a71c6ce * argparse.c (default_strusage): Update copyright year to 2006. 2006-03-09 03:31:28 +00:00
David Shaw
0f7b4371b2 * packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Provide printable text for non-human-readable
notation values.
2006-03-09 01:15:18 +00:00
David Shaw
889c4afd78 * packet.h, build-packet.c (sig_to_notation), keygen.c
(keygen_add_notations): Tweak to handle non-human-readable notation
values.
2006-03-08 23:42:45 +00:00
David Shaw
4fea8fdbbb * options.h, sign.c (mk_notation_policy_etc), gpg.c (add_notation_data):
Use it here for the various notation commands.

* packet.h, main.h, keygen.c (keygen_add_notations), build-packet.c
(string_to_notation, sig_to_notation) (free_notation): New "one stop
shopping" functions to handle notations and start removing some code
duplication.
2006-03-08 23:30:12 +00:00
David Shaw
90d8377276 * options.h, mainproc.c (check_sig_and_print), gpg.c (main):
pka-lookups, not pka-lookup.

* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
(signature_check2): Rename "backsign" to "cross-certify" as a more
accurate name.
2006-03-08 02:40:42 +00:00
David Shaw
07c48cf29e * NEWS: Note CERT retrieval. Tweak PKA and backsig language to match
current code.
2006-03-08 02:36:37 +00:00
David Shaw
b62ca46f62 * gpg.sgml: Rename backsigs to cross-certification (backsigs is just
shorthand).  Document max-cert-size.
2006-03-07 22:44:23 +00:00
David Shaw
ee3379a77d * gpg.sgml: Document new way of enabling the PKA functions. Some minor
other cleanups.
2006-03-07 21:47:36 +00:00
David Shaw
4f9efb7a79 * options.h, gpg.c (main, parse_trust_model), pkclist.c
(check_signatures_trust), mainproc.c (check_sig_and_print,
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so that it
is a verify-option now.
2006-03-07 20:14:20 +00:00
David Shaw
81e2591421 * NEWS: Note --auto-key-locate and that keyservers can handle binary data
now.
2006-03-07 16:20:03 +00:00
Werner Koch
4aeb4d4b10 More tests added; make distcheck works 2006-03-07 11:05:41 +00:00
David Shaw
199f4bd626 * gpg.sgml: Document --auto-key-locate. 2006-03-07 05:06:31 +00:00
David Shaw
764b3f9395 * sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as that
is not a PGP 2.x algorithm.
2006-03-07 01:16:31 +00:00
David Shaw
5d2060e211 * mainproc.c (proc_compressed): "Uncompressed" is not a valid compression
algorithm.
2006-03-06 23:14:13 +00:00