security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-01 16:33:02 +01:00
Code Activity

Split "--set-policy-url" into "--cert-policy-url" and "--sig-policy-url"

Browse Source 
so the user can set different policies for key and data signing.  For
backwards compatibility, "--set-policy-url" sets both, as before.
This commit is contained in:
David Shaw 2002-02-03 14:42:56 +00:00
parent e245123907
commit 0c3e409fa3
5 changed files with 42 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/ChangeLog
View File

@ -1,3 +1,11 @@
2002-02-02 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main), keyedit.c (sign_uids), sign.c
(mk_notation_and_policy): Split "--set-policy-url" into
"--cert-policy-url" and "--sig-policy-url" so the user can set
different policies for key and data signing. For backwards
compatibility, "--set-policy-url" sets both, as before.
2002-01-30 Werner Koch <wk@gnupg.org> 2002-01-30 Werner Koch <wk@gnupg.org>
* g10.c (main): --gen-random --armor does now output a base64 * g10.c (main): --gen-random --armor does now output a base64

18
g10/g10.c
View File

@ -195,6 +195,8 @@ enum cmd_and_opt_values { aNull = 0,
oForYourEyesOnly, oForYourEyesOnly,
oNoForYourEyesOnly, oNoForYourEyesOnly,
oSetPolicyURL, oSetPolicyURL,
oSigPolicyURL,
oCertPolicyURL,
oShowPolicyURL, oShowPolicyURL,
oNoShowPolicyURL, oNoShowPolicyURL,
oUseEmbeddedFilename, oUseEmbeddedFilename,
@ -460,6 +462,8 @@ static ARGPARSE_OPTS opts[] = {
{ oForYourEyesOnly, "for-your-eyes-only", 0, "@" }, { oForYourEyesOnly, "for-your-eyes-only", 0, "@" },
{ oNoForYourEyesOnly, "no-for-your-eyes-only", 0, "@" }, { oNoForYourEyesOnly, "no-for-your-eyes-only", 0, "@" },
{ oSetPolicyURL, "set-policy-url", 2, "@" }, { oSetPolicyURL, "set-policy-url", 2, "@" },
{ oSigPolicyURL, "sig-policy-url", 2, "@" },
{ oCertPolicyURL, "cert-policy-url", 2, "@" },
{ oShowPolicyURL, "show-policy-url", 0, "@" }, { oShowPolicyURL, "show-policy-url", 0, "@" },
{ oNoShowPolicyURL, "no-show-policy-url", 0, "@" }, { oNoShowPolicyURL, "no-show-policy-url", 0, "@" },
{ oShowNotation, "show-notation", 0, "@" }, { oShowNotation, "show-notation", 0, "@" },
@ -1088,7 +1092,9 @@ main( int argc, char **argv )
case oSetFilename: opt.set_filename = pargs.r.ret_str; break; case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
case oForYourEyesOnly: eyes_only = 1; break; case oForYourEyesOnly: eyes_only = 1; break;
case oNoForYourEyesOnly: eyes_only = 0; break; case oNoForYourEyesOnly: eyes_only = 0; break;
case oSetPolicyURL: opt.set_policy_url = pargs.r.ret_str; break; case oSetPolicyURL: opt.sig_policy_url = opt.cert_policy_url = pargs.r.ret_str; break;
case oSigPolicyURL: opt.sig_policy_url = pargs.r.ret_str; break;
case oCertPolicyURL: opt.cert_policy_url = pargs.r.ret_str; break;
case oShowPolicyURL: opt.show_policy_url=1; break; case oShowPolicyURL: opt.show_policy_url=1; break;
case oNoShowPolicyURL: opt.show_policy_url=0; break; case oNoShowPolicyURL: opt.show_policy_url=0; break;
case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break; case oUseEmbeddedFilename: opt.use_embedded_filename = 1; break;
@ -1408,9 +1414,13 @@ main( int argc, char **argv )
if( check_digest_algo(opt.s2k_digest_algo) ) if( check_digest_algo(opt.s2k_digest_algo) )
log_error(_("selected digest algorithm is invalid\n")); log_error(_("selected digest algorithm is invalid\n"));
} }
if( opt.set_policy_url ) { if( opt.sig_policy_url ) {
if( check_policy_url( opt.set_policy_url ) ) if( check_policy_url( opt.sig_policy_url ) )
log_error(_("the given policy URL is invalid\n")); log_error(_("the given signature policy URL is invalid\n"));
}
if( opt.cert_policy_url ) {
if( check_policy_url( opt.cert_policy_url ) )
log_error(_("the given certification policy URL is invalid\n"));
} }
if( opt.def_compress_algo < 0 || opt.def_compress_algo > 2 ) if( opt.def_compress_algo < 0 || opt.def_compress_algo > 2 )
log_error(_("compress algorithm must be in range %d..%d\n"), 0, 2); log_error(_("compress algorithm must be in range %d..%d\n"), 0, 2);

2
g10/keyedit.c
View File

@ -275,7 +275,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
int select_all = !count_selected_uids(keyblock); int select_all = !count_selected_uids(keyblock);
int upd_trust = 0, force_v4=0; int upd_trust = 0, force_v4=0;
if(local || opt.set_policy_url || opt.notation_data) if(local || opt.cert_policy_url || opt.notation_data)
force_v4=1; force_v4=1;
/* build a list of all signators. /* build a list of all signators.

3
g10/options.h
View File

@ -116,7 +116,8 @@ struct {
int interactive; int interactive;
STRLIST notation_data; STRLIST notation_data;
int show_notation; int show_notation;
const char *set_policy_url; const char *sig_policy_url;
const char *cert_policy_url;
int show_policy_url; int show_policy_url;
int use_embedded_filename; int use_embedded_filename;
int allow_non_selfsigned_uid; int allow_non_selfsigned_uid;

19
g10/sign.c
View File

@ -58,7 +58,7 @@
static void static void
mk_notation_and_policy( PKT_signature *sig ) mk_notation_and_policy( PKT_signature *sig )
{ {
const char *string, *s; const char *string, *s=NULL;
byte *buf; byte *buf;
unsigned n1, n2; unsigned n1, n2;
@ -92,7 +92,22 @@ mk_notation_and_policy( PKT_signature *sig )
} }
/* set policy URL */ /* set policy URL */
if( (s=opt.set_policy_url) ) { if( (sig->sig_class==0 || sig->sig_class==1) && opt.sig_policy_url )
{
if(sig->version<4)
log_info("can't put a policy URL into v3 signatures\n");
else
s=opt.sig_policy_url;
}
else if( !(sig->sig_class==0 || sig->sig_class==1) && opt.cert_policy_url )
{
if(sig->version<4)
log_info("can't put a policy URL into v3 key signatures\n");
else
s=opt.cert_policy_url;
}
if( s ) {
if( *s == '!' ) if( *s == '!' )
build_sig_subpkt( sig, SIGSUBPKT_POLICY | SIGSUBPKT_FLAG_CRITICAL, build_sig_subpkt( sig, SIGSUBPKT_POLICY | SIGSUBPKT_FLAG_CRITICAL,
s+1, strlen(s+1) ); s+1, strlen(s+1) );