security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Do not use self-sigs-only for LDAP keyserver imports.

Browse source 
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
can allow the import of key signature from LDAP keyservers by default.

GnuPG-bug-id: 5387
This commit is contained in:
Werner Koch 2021-04-13 14:25:16 +02:00
parent b0a7132856
commit 1303b0ed84
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 37 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
doc/gpg.texi
View file

@ -1988,7 +1988,9 @@ are available for all keyserver types, some common options are:
The default list of options is: "self-sigs-only, import-clean,
repair-keys, repair-pks-subkey-bug, export-attributes,
honor-pka-record".
honor-pka-record". However, if
the actual used source is an LDAP server "no-self-sigs-only" is
assumed unless "self-sigs-only" has been explictly configured.
@item --completes-needed @var{n}