| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util/pka.c: Rewrite.
(get_pka_info): Add arg fprbuflen. Change callers to pass this.
* util/strgutil.c (ascii_strlwr): New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another method once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <[email protected]>
This is a backport from master.
(backported from commit 2fc27c8696f5cf2ddf3212397ea49bff115d617b)
|
| |
|
|
|
|
|
| |
* include/util.h (GNUPG_GCC_A_SENTINEL): New.
* util/strgutil.c (do_strconcat, strconcat): New.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* util/cert.c (get_cert): Add arg want_ipgp. Change callers.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* util/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--
This option is currently of no use. However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG. For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option". To avoid that the following line can be put
above that option in gpg.conf
ignore-invalid-option foobar
This meta option may be given several times or several option names
may be given as arguments (space delimited). Note that this option is
not available on the command line.
(backported from commit 41d564333d35c923f473aa90625d91f8fe18cd0b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
* util/membuf.c (put_membuf_str): New.
(get_membuf): Make LEN optional.
--
This fixes an obvious bug in locales where the translated string is
longer than the original. The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.
En passant we also removed the trailing white space on continued
lines.
Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* include/dotlock.h: New. From current gnupg master.
* util/dotlock.c: Ditto. Include util.h. The major changes done in
master are: Factor Unix and W32 specific code out into specific
functions. Define HAVE_POSIX_SYSTEM. Rearrange some functions.
(disable_dotlock): Rename to dotlock_disable.
(create_dotlock): Rename to dotlock_create and add a dummy arg.
(destroy_dotlock): Rename to dotlock_destroy.
(make_dotlock): Rename to dotlock_take.
(release_dotlock): Rename to dotlock_release.
(remove_lockfiles): Rename to dotlock_remove_lockfiles.
|
| | |
|
| |
|
|
|
|
| |
heuristics succeed or not, the resulting string must be valid UTF8 as
LDAP requires that. This is bug 1055.
|
| |
|
|
|
|
|
|
| |
For compatibility reasons a few new files had to be added.
Also added estream-printf as this is now used in app-openpgp.c and provides
a better and generic asprintf implementation than the hack we used for the
W32 code in ttyio.c. Card code is not yet finished.
|
| | |
|
| |
|
|
|
| |
Updated gettext.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
can contain replacement files that can be linked to keyserver helpers
without bringing in the whole libutil.a. libutil.a contains a complete
copy of libcompat.a so we only need to link to one of them.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
(agent_scd_writekey, inq_writekey_parms): New.
(agent_openpgp_storekey): Removed.
* cardglue.h: Add a few more error code mappings.
* keygen.c (copy_mpi): Removed.
(save_unprotected_key_to_card): Changed to use agent_scd_writekey.
* app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer
version in gnupg 1.9 CVS.
|
| | |
|
| |
|
|
|
|
|
|
| |
localized asctimestamp to match the timezone used in the key
information.
* miscutil.c (isotimestamp): New.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* app-common.h (app_openpgp_storekey: Add prototype.
* app-openpgp.c (do_sign): Replace asprintf by direct allocation.
This avoids problems with missing vasprintf implementations.
* card-util.c (generate_card_keys): Add a #warning for gnupg 1.9
and use the same string there.
* util.h [!HAVE_VASPRINTF]: Removed prototype.
* vasprintf.c: Removed. It was used only at one place and I don't
want to get into build problems in 1.4.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(check_card_serialno): New.
(agent_scd_pksign, agent_scd_pkdecrypt): Use it here.
* cardglue.c (open_card): Issue insertion status message.
* status.h, status.c (STATUS_CARDCTRL): New.
* status.c (cpr_get_answer_okay_cancel): New.
* miscutil.c (answer_is_okay_cancel): New.
|
| |
|
|
|
|
| |
* util.h [WIN32]: Prototype for asprintf.
* dynload.h [WIN32]: Define RTLD_LAZY.
|
| |
|
|
|
| |
* dynload.h: New. Taken from 1.9.
|
| |
|
|
|
| |
compilers. Requested by Brian Gladman. From Werner on stable branch.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This avoids a warning on compilers that support but complain about
unsigned long long.
* util.h (ascii_isspace): New variation on isspace() that is immune from
locale changes.
* util.h: Make sure that only ascii is passed to isfoo functions. (From
Werner on stable branch).
|
| |
|
|
|
|
|
| |
preprocessor instructions to remove whitespace before the '#'. This is
not required by C89, but there are some compilers out there that don't
like it.
|
| |
|
|
|
| |
on stable branch.
|
| |
|
|
|
| |
byte to wipe with).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
log_info and log_error via log_set_strict.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
