* parse-packet.c (parse_signature): No need to reserve 8 bytes for the

unhashed signature cache any longer.

* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).

* Makefile.am: Include W32LIBS where appropriate.

* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.

* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.

* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.

* options.skel: Use subkeys.pgp.net as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.

* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction.  This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.

* signal.c, tdbio.c: Comment out the transaction code.  It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).

* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading.  This
is a temporary kludge, and will be handled properly in 1.9/2.0.

* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.

* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids).  Do not allow signing a user ID without a
self-signature.  --expert overrides.  Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181

* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl.  Noted by Christian Biere.

* getkey.c (classify_user_id2): Replaced isspace by spacep

* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.

* keyedit.c (keyedit_menu): Ditto.

* tdbdump.c (import_ownertrust): Ditto.  s/isxdigit/hexdigitp/.

* revoke.c (ask_revocation_reason):

* keyserver.c (keyserver_spawn): Dito.

1 files changed, 44 insertions, 7 deletions

diff --git a/g10/keyedit.c b/g10/keyedit.c
index d36623a6a..9c6e8f081 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -498,10 +498,46 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 			    tty_printf(_("  Unable to sign.\n"));
 			  }
 		      }
-		    else if(!uidnode->pkt->pkt.user_id->created)
+		    else if(uidnode->pkt->pkt.user_id->is_expired)
 		      {
-			tty_printf(_("WARNING: user ID \"%s\" is not "
-				     "self-signed.\n"),user);
+			tty_printf(_("User ID \"%s\" is expired."),user);
+
+			if(opt.expert)
+			  {
+			    tty_printf("\n");
+			    /* No, so remove the mark and continue */
+			    if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
+						      _("Are you sure you "
+							"still want to sign "
+							"it? (y/N) ")))
+			      uidnode->flag &= ~NODFLG_MARK_A;
+			  }
+			else
+			  {
+			    uidnode->flag &= ~NODFLG_MARK_A;
+			    tty_printf(_("  Unable to sign.\n"));
+			  }
+		      }
+		    else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
+		      {
+			tty_printf(_("User ID \"%s\" is not self-signed."),
+				   user);
+
+			if(opt.expert)
+			  {
+			    tty_printf("\n");
+			    /* No, so remove the mark and continue */
+			    if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
+						      _("Are you sure you "
+							"still want to sign "
+							"it? (y/N) ")))
+			      uidnode->flag &= ~NODFLG_MARK_A;
+			  }
+			else
+			  {
+			    uidnode->flag &= ~NODFLG_MARK_A;
+			    tty_printf(_("  Unable to sign.\n"));
+			  }
 		      }
 
 		    m_free(user);
@@ -737,8 +773,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 
 		while(class==0)
 		  {
-		    answer = cpr_get("sign_uid.class",_("Your selection? "));
-
+		    answer = cpr_get("sign_uid.class",_("Your selection? "
+					"(enter '?' for more information): "));
 		    if(answer[0]=='\0')
 		      class=0x10+opt.def_cert_check_level; /* Default */
 		    else if(ascii_strcasecmp(answer,"0")==0)
@@ -1232,7 +1268,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
 	    cmd = cmdLIST;
 	else if( *answer == CONTROL_D )
 	    cmd = cmdQUIT;
-	else if( isdigit( *answer ) ) {
+	else if( digitp(answer ) ) {
 	    cmd = cmdSELUID;
 	    arg_number = atoi(answer);
 	}
@@ -2782,7 +2818,8 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
 		 && ( mainkey || sub_pk ) ) {
 	    PKT_signature *sig = node->pkt->pkt.signature;
 	    if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
-		&& (	(mainkey && uid && (sig->sig_class&~3) == 0x10)
+		&& ( (mainkey && uid
+		      && uid->created && (sig->sig_class&~3) == 0x10)
 		     || (!mainkey && sig->sig_class == 0x18)  ) ) {
 		/* this is a selfsignature which is to be replaced */
 		PKT_signature *newsig;