From 0c3e409fa31790ba997366677a4aa2839956bff4 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Sun, 3 Feb 2002 14:42:56 +0000
Subject: [PATCH] Split "--set-policy-url" into "--cert-policy-url" and
 "--sig-policy-url" so the user can set different policies for key and data
 signing.  For backwards compatibility, "--set-policy-url" sets both, as
 before.

---
 g10/ChangeLog |  8 ++++++++
 g10/g10.c     | 18 ++++++++++++++----
 g10/keyedit.c |  2 +-
 g10/options.h |  3 ++-
 g10/sign.c    | 19 +++++++++++++++++--
 5 files changed, 42 insertions(+), 8 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index fed295093..13df44ee3 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,11 @@
+2002-02-02  David Shaw  <dshaw@jabberwocky.com>
+
+	* options.h, g10.c (main), keyedit.c (sign_uids), sign.c
+	(mk_notation_and_policy): Split "--set-policy-url" into
+	"--cert-policy-url" and "--sig-policy-url" so the user can set
+	different policies for key and data signing.  For backwards
+	compatibility, "--set-policy-url" sets both, as before.
+
 2002-01-30  Werner Koch  <wk@gnupg.org>
 
 	* g10.c (main): --gen-random --armor does now output a base64
diff --git a/g10/g10.c b/g10/g10.c
index 68a97974b..ecbc3b1e7 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -195,6 +195,8 @@ enum cmd_and_opt_values { aNull = 0,
     oForYourEyesOnly,
     oNoForYourEyesOnly,
     oSetPolicyURL,
+    oSigPolicyURL,
+    oCertPolicyURL,
     oShowPolicyURL,
     oNoShowPolicyURL,
     oUseEmbeddedFilename,
@@ -460,6 +462,8 @@ static ARGPARSE_OPTS opts[] = {
     { oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
     { oNoForYourEyesOnly, "no-for-your-eyes-only", 0, "@" },
     { oSetPolicyURL, "set-policy-url", 2, "@" },
+    { oSigPolicyURL, "sig-policy-url", 2, "@" },
+    { oCertPolicyURL, "cert-policy-url", 2, "@" },
     { oShowPolicyURL, "show-policy-url", 0, "@" },
     { oNoShowPolicyURL, "no-show-policy-url", 0, "@" },
     { oShowNotation, "show-notation", 0, "@" },
@@ -1088,7 +1092,9 @@ main( int argc, char **argv )
 	  case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
 	  case oForYourEyesOnly: eyes_only = 1; break;
 	  case oNoForYourEyesOnly: eyes_only = 0; break;
-	  case oSetPolicyURL: opt.set_policy_url = pargs.r.ret_str; break;
+	  case oSetPolicyURL: opt.sig_policy_url = opt.cert_policy_url = pargs.r.ret_str; break;
+	  case oSigPolicyURL: opt.sig_policy_url = pargs.r.ret_str; break;
+	  case oCertPolicyURL: opt.cert_policy_url = pargs.r.ret_str; break;
           case oShowPolicyURL: opt.show_policy_url=1; break;
     	  case oNoShowPolicyURL: opt.show_policy_url=0; break;
 	  case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break;
@@ -1408,9 +1414,13 @@ main( int argc, char **argv )
 	if( check_digest_algo(opt.s2k_digest_algo) )
 	    log_error(_("selected digest algorithm is invalid\n"));
     }
-    if( opt.set_policy_url ) {
-	if( check_policy_url( opt.set_policy_url ) )
-	    log_error(_("the given policy URL is invalid\n"));
+    if( opt.sig_policy_url ) {
+	if( check_policy_url( opt.sig_policy_url ) )
+	    log_error(_("the given signature policy URL is invalid\n"));
+    }
+    if( opt.cert_policy_url ) {
+	if( check_policy_url( opt.cert_policy_url ) )
+	    log_error(_("the given certification policy URL is invalid\n"));
     }
     if( opt.def_compress_algo < 0 || opt.def_compress_algo > 2 )
 	log_error(_("compress algorithm must be in range %d..%d\n"), 0, 2);
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 4018bce30..cc2494c4f 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -275,7 +275,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
     int select_all = !count_selected_uids(keyblock);
     int upd_trust = 0, force_v4=0;
 
-    if(local || opt.set_policy_url || opt.notation_data)
+    if(local || opt.cert_policy_url || opt.notation_data)
       force_v4=1;
 
     /* build a list of all signators.
diff --git a/g10/options.h b/g10/options.h
index 0680d4207..dd14d5345 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -116,7 +116,8 @@ struct {
     int interactive;
     STRLIST notation_data;
     int show_notation;
-    const char *set_policy_url;
+    const char *sig_policy_url;
+    const char *cert_policy_url;
     int show_policy_url;
     int use_embedded_filename;
     int allow_non_selfsigned_uid;
diff --git a/g10/sign.c b/g10/sign.c
index 7f79e8d90..01e6c9858 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -58,7 +58,7 @@
 static void
 mk_notation_and_policy( PKT_signature *sig )
 {
-    const char *string, *s;
+    const char *string, *s=NULL;
     byte *buf;
     unsigned n1, n2;
 
@@ -92,7 +92,22 @@ mk_notation_and_policy( PKT_signature *sig )
     }
 
     /* set policy URL */
-    if( (s=opt.set_policy_url) ) {
+    if( (sig->sig_class==0 || sig->sig_class==1) && opt.sig_policy_url )
+      {
+	if(sig->version<4)
+	  log_info("can't put a policy URL into v3 signatures\n");
+	else
+	  s=opt.sig_policy_url;
+      }
+    else if( !(sig->sig_class==0 || sig->sig_class==1) && opt.cert_policy_url )
+      {
+	if(sig->version<4)
+	  log_info("can't put a policy URL into v3 key signatures\n");
+	else
+	  s=opt.cert_policy_url;
+      }
+
+    if( s ) {
 	if( *s == '!' )
 	    build_sig_subpkt( sig, SIGSUBPKT_POLICY | SIGSUBPKT_FLAG_CRITICAL,
 			      s+1, strlen(s+1) );