diff options
| author | Werner Koch <[email protected]> | 2021-02-02 18:53:21 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-02-02 18:53:21 +0000 |
| commit | 7f3ce66ec56a5aea6170b7eb1bda5626eb208c83 (patch) | |
| tree | 3d57f33c5290451c3034fa88eabed0ca2ca78678 /g10/keyserver.c | |
| parent | gpg: Remove more or less useless tool gpgcompose. (diff) | |
| download | gnupg-7f3ce66ec56a5aea6170b7eb1bda5626eb208c83.tar.gz gnupg-7f3ce66ec56a5aea6170b7eb1bda5626eb208c83.zip | |
gpg: Remove support for PKA.
* g10/gpg.c (oPrintPKARecords): Remove.
(opts): Remove --print-pka-records.
(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
* g10/options.h (EXPORT_DANE_FORMAT): Remove.
(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
(KEYSERVER_HONOR_PKA_RECORD): Remove.
* g10/packet.h (pka_info_t): Remove.
(PKT_signature): Remove flags.pka_tried and pka_info.
* g10/parse-packet.c (register_known_notation): Remove
"[email protected]".
* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
* g10/export.c (parse_export_options): Remove "export-pka".
(do_export): Adjust for this.
(write_keyblock_to_output): Ditto.
(do_export_stream): Ditto.
(print_pka_or_dane_records): Rename to ...
(print_dane_records): this and remove two args. Remove PKA printing.
* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
pka_info field.
* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
* g10/keyserver.c: Remove "honor-pka-record".
(keyserver_import_pka): Remove.
* g10/mainproc.c (get_pka_address): Remove.
(pka_uri_from_sig): Remove.
(check_sig_and_print): Remove code for PKA.
--
PKA (Public Key Association) was a DNS based key discovery method
which looked up fingerprint by mail addresses in the DNS. This goes
back to the conference where DKIM was suggested to show that we
already had a better method for this available with PGP/MIME. PKA was
was later superseded by an experimental DANE method and is today not
anymore relevant. It is anyway doubtful whether PKA was ever widely
used.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/keyserver.c')
| -rw-r--r-- | g10/keyserver.c | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c index f42bca15c..0b3718050 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -99,8 +99,6 @@ static struct parse_options keyserver_opts[]= N_("automatically retrieve keys when verifying signatures")}, {"honor-keyserver-url",KEYSERVER_HONOR_KEYSERVER_URL,NULL, N_("honor the preferred keyserver URL set on the key")}, - {"honor-pka-record",KEYSERVER_HONOR_PKA_RECORD,NULL, - N_("honor the PKA record set on a key when retrieving keys")}, {NULL,0,NULL,NULL} }; @@ -2021,39 +2019,6 @@ keyserver_import_cert (ctrl_t ctrl, const char *name, int dane_mode, return err; } -/* Import key pointed to by a PKA record. Return the requested - fingerprint in fpr. */ -gpg_error_t -keyserver_import_pka (ctrl_t ctrl, const char *name, - unsigned char **fpr, size_t *fpr_len) -{ - gpg_error_t err; - char *url; - - err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url); - if (url && *url && fpr && fpr_len) - { - /* An URL is available. Lookup the key. */ - struct keyserver_spec *spec; - spec = parse_keyserver_uri (url, 1); - if (spec) - { - err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec, 0); - free_keyserver_spec (spec); - } - } - xfree (url); - - if (err) - { - xfree(*fpr); - *fpr = NULL; - *fpr_len = 0; - } - - return err; -} - /* Import a key using the Web Key Directory protocol. */ gpg_error_t |