6 files changed, 27 insertions, 14 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index cddda13c7..032d626a7 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,12 @@
 2006-03-07  David Shaw  <dshaw@jabberwocky.com>
 
+	* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
+	pka-lookups, not pka-lookup.
+
+	* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
+	(signature_check2): Rename "backsign" to "cross-certify" as a more
+	accurate name.
+
 	* options.h, gpg.c (main, parse_trust_model), pkclist.c
 	(check_signatures_trust), mainproc.c (check_sig_and_print,
 	pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so
diff --git a/g10/gpg.c b/g10/gpg.c
index 9485001d7..fa50fc207 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -357,8 +357,8 @@ enum cmd_and_opt_values
     octapiDriver,
     opcscDriver,
     oDisableCCID,
-    oRequireBacksigs,
-    oNoRequireBacksigs,
+    oRequireCrossCert,
+    oNoRequireCrossCert,
     oAutoKeyLocate,
     oNoAutoKeyLocate,
     oAllowMultisigVerification,
@@ -706,8 +706,10 @@ static ARGPARSE_OPTS opts[] = {
        I'm returning the favor. */
     { oLocalUser, "sign-with", 2, "@" },
     { oRecipient, "user", 2, "@" },
-    { oRequireBacksigs, "require-backsigs", 0, "@"},
-    { oNoRequireBacksigs, "no-require-backsigs", 0, "@"},
+    { oRequireCrossCert, "require-backsigs", 0, "@"},
+    { oRequireCrossCert, "require-cross-certification", 0, "@"},
+    { oNoRequireCrossCert, "no-require-backsigs", 0, "@"},
+    { oNoRequireCrossCert, "no-require-cross-certification", 0, "@"},
     { oAutoKeyLocate, "auto-key-locate", 2, "@"},
     { oNoAutoKeyLocate, "no-auto-key-locate", 0, "@"},
     {0,NULL,0,NULL}
@@ -2462,7 +2464,7 @@ main (int argc, char **argv )
 		   N_("show user ID validity during signature verification")},
 		  {"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
 		   N_("show revoked and expired user IDs in signature verification")},
-		  {"pka-lookup",VERIFY_PKA_LOOKUP,NULL,
+		  {"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
 		   N_("validate signatures with PKA data")},
 		  {"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
 		   N_("elevate the trust of signatures with valid PKA data")},
@@ -2625,8 +2627,8 @@ main (int argc, char **argv )
             opt.limit_card_insert_tries = pargs.r.ret_int; 
             break;
 
-	  case oRequireBacksigs: opt.require_backsigs=1; break;
-	  case oNoRequireBacksigs: opt.require_backsigs=0; break;
+	  case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
+	  case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
 
 	  case oAutoKeyLocate:
 	    if(!parse_auto_key_locate(pargs.r.ret_str))
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 52025ce27..d451e5079 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -1363,6 +1363,7 @@ static struct
     { "key"     , cmdSELKEY    , 0, N_("select subkey N") },
     { "check"   , cmdCHECK     , 0, N_("check signatures") },
     { "c"       , cmdCHECK     , 0, NULL },
+    { "cross-certify", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
     { "backsign", cmdBACKSIGN  , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
     { "sign"    , cmdSIGN      , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
       N_("sign selected user IDs [* see below for related commands]") },
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 8c8262f58..36f15097b 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1866,7 +1866,7 @@ check_sig_and_print( CTX c, KBNODE node )
 
 	if (!rc)
           {
-	    if(opt.verify_options&VERIFY_PKA_LOOKUP)
+	    if(opt.verify_options&VERIFY_PKA_LOOKUPS)
 	      pka_uri_from_sig (sig); /* Make sure PKA info is available. */
 	    rc = check_signatures_trust( sig );
           }
diff --git a/g10/options.h b/g10/options.h
index 65e7cded5..bcef4550b 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -215,10 +215,13 @@ struct
   int disable_ccid;    /* Disable the use of the internal CCID driver. */
 #endif /*ENABLE_CARD_SUPPORT*/
 
-  /* If set, require an 0x19 backsig to be present on signatures made
-     by signing subkeys.  If not set, a missing backsig is not an
-     error (but an invalid backsig still is). */
-  int require_backsigs;
+  struct
+  {
+    /* If set, require an 0x19 backsig to be present on signatures
+       made by signing subkeys.  If not set, a missing backsig is not
+       an error (but an invalid backsig still is). */
+    unsigned int require_cross_cert:1;
+  } flags;
 
   /* Linked list of ways to find a key if the key isn't on the local
      keyring. */
@@ -314,7 +317,7 @@ struct {
 #define VERIFY_SHOW_KEYSERVER_URLS       (1<<4)
 #define VERIFY_SHOW_UID_VALIDITY         (1<<5)
 #define VERIFY_SHOW_UNUSABLE_UIDS        (1<<6)
-#define VERIFY_PKA_LOOKUP                (1<<7)
+#define VERIFY_PKA_LOOKUPS               (1<<7)
 #define VERIFY_PKA_TRUST_INCREASE        (1<<8)
 
 #define KEYSERVER_USE_TEMP_FILES         (1<<0)
diff --git a/g10/sig-check.c b/g10/sig-check.c
index b0c34abde..a444bbfe7 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -100,7 +100,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
 	       have backsigs, change this to always give the warning,
 	       and have --require-backsigs enable or disable the
 	       G10ERR_GENERAL. */
-	    if(pk->backsig==0 && opt.require_backsigs)
+	    if(pk->backsig==0 && opt.flags.require_cross_cert)
 	      {
 		log_info(_("WARNING: signing subkey %s is not"
 			   " cross-certified\n"),keystr_from_pk(pk));