| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
"pka" when those features are disabled.
* misc.c (has_invalid_email_chars): Fix some C syntax that broke the
compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha. Noted by Nelson H.
F. Beebe.
|
| |
|
|
|
| |
H. F. Beebe.
|
| |
|
|
|
| |
Josefsson's page for CERT.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
|
| |
|
|
|
| |
used.
|
| |
|
|
|
|
| |
treatment of include-revoked, include-subkeys, and try-dns-srv. These are
keyserver features, and GPG shouldn't get involved here.
|
| |
|
|
|
| |
to on, as gpg isn't doing this any longer.
|
| |
|
|
|
| |
options to the list, as ordering may be significant to the user.
|
| |
|
|
|
| |
adding notations. Noted by Christian Biere.
|
| |
|
|
|
|
|
| |
(parse_keyserver_options): Moved from here. (parse_keyserver_uri): Use it
here so each keyserver can have some private options in addition to the
main keyserver-options (e.g. per-keyserver auth).
|
| |
|
|
|
|
| |
getkey.c (free_akl, parse_auto_key_locate, get_pubkey_byname): The obvious
next step: allow arbitrary keyservers in the auto-key-locate list.
|
| |
|
|
|
| |
odd matches.
|
| |
|
|
|
|
| |
auto-cert-retrieve as it is no longer meaningful. Add max-cert-size to
allow users to pick a max key size retrieved via CERT.
|
| |
|
|
|
|
| |
(keyserver_opts): Rename auto-pka-retrieve to honor-pka-record to be
consistent with honor-keyserver-url.
|
| |
|
|
|
|
| |
Parse a list of key access methods. (get_pubkey_byname): Walk the list
here to try and retrieve keys we don't have locally.
|
| |
|
|
|
| |
duplicate attributes as OpenLDAP is now enforcing this.
|
| |
|
|
|
| |
credentials to a remote LDAP server.
|
| |
|
|
|
| |
curl_easy_perform): Mingw has 'stderr' as a macro?
|
| |
|
|
|
|
|
|
|
|
| |
importing at -r time. The URL in the PKA record may point to a key put in
by an attacker. Fix is to use the fingerprint from the PKA record as the
recipient. This ensures that the PKA record is followed.
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
|
| |
|
|
|
|
| |
curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for easier
debugging.
|
| |
|
|
|
|
| |
* keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using
the PGP Universal trick of asking ldap://keys.(maildomain) for the key.
|
| |
|
|
|
| |
even when we've assumed "hkp" when there was no scheme.
|
| | |
|
| |
|
|
|
|
| |
just compiling it) as UINT64_C looks like a (missing) function,
causing a false positive. Noted by Claus Assmann.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
in the draft are settled.
* srv.c (getsrv): Error on oversize SRV responses.
|
| |
|
|
|
| |
direct_uri flag so the right keyserver helper is run.
|
| |
|
|
|
|
|
|
| |
keyserver helpers on systems that use extensions.
* misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with
drive letter systems.
|
| |
|
|
|
| |
on systems that use extensions.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
passphrase as if it was used (move from next_pw to last_pw).
* pubkey-enc.c (get_session_key): Use it here to handle the case where a
passphrase happens to be correct for a secret key, but yet that key isn't
the anonymous recipient (i.e. the secret key could be decrypted, but not
the session key). This also handles the case where a secret key is
located on a card and a secret key with no passphrase. Note this does not
fix bug 594 (anonymous recipients on smartcard do not work) - it just
prevents the anonymous search from stopping when the card is encountered.
|
| | |
|
| |
|
|
|
| |
longer.
|
| |
|
|
|
| |
uploading a key.
|
| |
|
|
|
|
| |
in a refresh batch has a preferred keyserver set. Noted by Nicolas
Rachinsky.
|
| |
|
|
|
|
|
| |
(keyserver_import_pka), card-util.c (fetch_url): Always require a
scheme:// for keyserver URLs except when used as part of the
--keyserver command for backwards compatibility.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
card. If it does, only allow 160-bit hashes, a la DSA. This involves
passing the *sk in, so change all callers. This is correct for today,
given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160
support in the openpgp card. It will almost certainly need changing
down the road.
* app-openpgp.c (do_sign): Give user error if hash algorithm is not
supported by the card.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records. Can handle both the PGP (actual key) and IPGP (URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
|
| |
|
|
|
|
|
|
|
|
| |
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.
* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA. Try PKA first, though, as it is
likely to be faster.
|
| |
|
|
|
|
| |
* gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): Use it
here to do direct name (rather than key ID) fetches.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Currently PKA is only enabled if HTTP or HKP is enabled which is not
necessary.
|
| | |
|
