aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* * getkey.c (get_pubkey_byname): Fix minor security problem with PKA whenDavid Shaw2006-02-215-6/+27
| | | | | | | | | | importing at -r time. The URL in the PKA record may point to a key put in by an attacker. Fix is to use the fingerprint from the PKA record as the recipient. This ensures that the PKA record is followed. * keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the fingerprint we requested.
* * curl-shim.h, curl-shim.c (curl_easy_init, curl_easy_setopt,David Shaw2006-02-213-3/+26
| | | | | | curl_easy_perform): Add CURLOPT_VERBOSE and CURLOPT_STDERR for easier debugging.
* * gpgv.c: Stub keyserver_import_ldap.David Shaw2006-02-214-0/+47
| | | | | | * keyserver-internal.h, keyserver.c (keyserver_import_ldap): Import using the PGP Universal trick of asking ldap://keys.(maildomain) for the key.
* * keyserver.c (parse_keyserver_uri): Include the scheme in the uriDavid Shaw2006-02-212-2/+12
| | | | | even when we've assumed "hkp" when there was no scheme.
* * http.c (send_request): A zero length proxy is the same as no proxy.David Shaw2006-02-192-1/+6
|
* * configure.ac: Try linking the UINT64_C test program (rather thanDavid Shaw2006-02-192-2/+8
| | | | | | just compiling it) as UINT64_C looks like a (missing) function, causing a false positive. Noted by Claus Assmann.
* about to release 1.4.3rc1gnupg-1.4.3rc1Werner Koch2006-02-1438-18743/+20536
|
* Fixed a wrong return code with gpg --verifyWerner Koch2006-02-1413-36/+116
|
* Lock random seed fileWerner Koch2006-02-097-2/+106
|
* Fixed a couple of problemsWerner Koch2006-02-081-20/+59
|
* Add support fro CardMan 4040Werner Koch2006-02-063-241/+563
|
* * cert.c (get_cert): Disable IPGP types for now until the format questionsDavid Shaw2006-01-263-2/+12
| | | | | | | in the draft are settled. * srv.c (getsrv): Error on oversize SRV responses.
* * keyserver.c (parse_keyserver_uri): If there is a path present, set theDavid Shaw2006-01-242-0/+8
| | | | | direct_uri flag so the right keyserver helper is run.
* * keyserver.c (keyserver_spawn): Include the EXEEXT so we can findDavid Shaw2006-01-223-3/+21
| | | | | | | | keyserver helpers on systems that use extensions. * misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing with drive letter systems.
* * configure.ac: Add define for EXEEXT so we can find keyserver helpersDavid Shaw2006-01-222-0/+8
| | | | | on systems that use extensions.
* * keydb.h, passphrase.c (next_to_last_passphrase): New. "Touch" aDavid Shaw2006-01-174-20/+43
| | | | | | | | | | | | | passphrase as if it was used (move from next_pw to last_pw). * pubkey-enc.c (get_session_key): Use it here to handle the case where a passphrase happens to be correct for a secret key, but yet that key isn't the anonymous recipient (i.e. the secret key could be decrypted, but not the session key). This also handles the case where a secret key is located on a card and a secret key with no passphrase. Note this does not fix bug 594 (anonymous recipients on smartcard do not work) - it just prevents the anonymous search from stopping when the card is encountered.
* * libcurl.m4: Add IDN, SSPI, NTLM, and TFTP defines.David Shaw2006-01-172-6/+13
|
* * libcurl.m4: Remove GOPHER, as that is not supported in libcurl anyDavid Shaw2006-01-162-4/+8
| | | | | longer.
* * gpgkeys_hkp.c (send_key): Do not escape the '=' in the HTTP POST whenDavid Shaw2006-01-162-13/+21
| | | | | uploading a key.
* * keyserver.c (keyserver_refresh): Fix problem when more than one keyDavid Shaw2006-01-072-1/+7
| | | | | | in a refresh batch has a preferred keyserver set. Noted by Nicolas Rachinsky.
* * mainproc.c (check_sig_and_print), keyserver.cDavid Shaw2006-01-014-3/+8
| | | | | | | (keyserver_import_pka), card-util.c (fetch_url): Always require a scheme:// for keyserver URLs except when used as part of the --keyserver command for backwards compatibility.
* * sign.c (write_signature_packets): Lost a digest_algo line.David Shaw2006-01-012-0/+3
|
* * sign.c (hash_for): Add code to detect if the sk lives on a smartDavid Shaw2006-01-013-19/+44
| | | | | | | | | | | | card. If it does, only allow 160-bit hashes, a la DSA. This involves passing the *sk in, so change all callers. This is correct for today, given the current 160-bit q in DSA, and the current SHA-1/RIPEMD160 support in the openpgp card. It will almost certainly need changing down the road. * app-openpgp.c (do_sign): Give user error if hash algorithm is not supported by the card.
* * cert.c (get_cert): Properly chase down CNAMEs pointing to CERTs.David Shaw2005-12-242-4/+14
|
* * keyserver.c (keyserver_import_pka): New. Moved fromDavid Shaw2005-12-236-35/+161
| | | | | | | | | | | | | getkey.c:get_pubkey_byname which was getting crowded. * keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT records. Can handle both the PGP (actual key) and IPGP (URL) CERT types. * getkey.c (get_pubkey_byname): Call them both here. * options.h, keyserver.c (parse_keyserver_options): Add "auto-cert-retrieve" option with optional max size argument.
* * gpgv.c: Stub.David Shaw2005-12-235-53/+123
| | | | | | | | | | * keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work, keygerver_getname): New keyserver_getname function to fetch keys by name. * getkey.c (get_pubkey_byname): Call it here to enable locating keys by full mailbox from a keyserver a la PKA. Try PKA first, though, as it is likely to be faster.
* * ksutil.h, ksutil.c (parse_ks_options): New keyserver command "getname".David Shaw2005-12-235-20/+252
| | | | | | * gpgkeys_hkp.c (main, get_name), gpgkeys_ldap.c (main, get_name): Use it here to do direct name (rather than key ID) fetches.
* New code to do DNS CERT queries.David Shaw2005-12-237-5/+232
|
* * srv.c, Makefile.am: Only build srv.c if we need to.David Shaw2005-12-233-4/+9
|
* * configure.ac: Split PKA checking off from DNS SRV checking.David Shaw2005-12-232-16/+37
| | | | | | Currently PKA is only enabled if HTTP or HKP is enabled which is not necessary.
* Finished PKA featureWerner Koch2005-12-2041-21194/+26231
|
* * getkey.c (merge_selfsigs_main): All primary keys can certify.David Shaw2005-12-192-1/+7
|
* * ksutil.h, ksutil.c (curl_armor_writer, curl_writer,David Shaw2005-12-195-44/+162
| | | | | | | | curl_writer_finalize): New functionality to handle binary format keys by armoring them for input to GPG. * gpgkeys_curl.c (get_key), gpgkeys_hkp.c (get_key): Call it here.
* * gpg.c (main): Restore convert-sk-to-pk as programs rely on it.David Shaw2005-12-193-6/+10
| | | | | | * keyid.c (usagestr_from_pk): Remove special PUBKEY_USAGE_CERT flag. It's no longer needed.
* * gpg.c (main): Don't default to import-options convert-sk-to-pk. ItDavid Shaw2005-12-142-1/+7
| | | | | | | causes confusing warning messages when importing a PGP-exported key that contains a secret key without selfsigs followed by the public key.
* * ttyio.c (tty_enable_completion, tty_disable_completion): Add checksDavid Shaw2005-12-122-0/+14
| | | | | | for no_terminal so we don't try to open("/dev/tty") when invoked with --no-tty.
* * NEWS: Note --fetch-keys.David Shaw2005-12-082-0/+10
|
* * gpg.sgml: Document --fetch-keys.David Shaw2005-12-082-1/+14
|
* * keyserver.c (keyserver_fetch): Switch on fast-import before weDavid Shaw2005-12-082-0/+18
| | | | | --fetch-keys so we don't rebuild the trustdb after each fetch.
* Made strings translatable. Minor fixes.Werner Koch2005-12-085-6/+13
|
* * options.h, keyserver.c (curl_cant_handle, keyserver_spawn,David Shaw2005-12-083-7/+36
| | | | | | | keyserver_fetch): Set a flag to indicate that we're doing a direct URI fetch so we can differentiate between a keyserver operation and a URI fetch for protocols like LDAP that can do either.
* * gpg.sgml: Document -d. Add [file] to a few options.David Shaw2005-12-082-7/+11
|
* * gpgkeys_finger.c (get_key), gpgkeys_curl.c (get_key): Better languageDavid Shaw2005-12-073-11/+11
| | | | | for the key-not-found error.
* * keyserver.c (keyserver_spawn): Don't print "searching for key 00000000"David Shaw2005-12-074-10/+73
| | | | | | | | | | when fetching a URI. * keyserver-internal.h, keyserver.c (keyserver_fetch): New. Fetch an arbitrary URI using the keyserver helpers. * gpg.c (main): Call it from here for --fetch-keys.
* * ksutil.c (curl_err_to_gpg_err): Add CURLE_OK and CURLE_COULDNT_CONNECT.David Shaw2005-12-073-5/+24
| | | | | | * gpgkeys_curl.c (get_key): Give key-not-found error if no data is found (or file itself is not found) during a fetch.
* Missed file.David Shaw2005-12-061-1/+3
|
* Some cleanup so we don't build files that are completely ifdeffed out. David Shaw2005-12-064-21/+36
| | | | | | This causes a warning on Sun's cc. Do the internal regex code as well for consistency.
* * idea-stub.c (load_module): Not legal to return a void * as a functionDavid Shaw2005-12-066-24/+8
| | | | | pointer.
* * curl-shim.c (curl_easy_perform): Fix build warning (code beforeDavid Shaw2005-12-062-1/+7
| | | | | declaration).
* * mkdtemp.c (mkdtemp): Fix warning.David Shaw2005-12-065-13/+20
| | | | | | * secmem.c, assuan-buffer.c, dotlock.c: Fix a few warnings from printf-ing %p where the arg wasn't void *.
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-24 12:42:10 +0000