security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Do not use self-sigs-only for LDAP keyserver imports.

Browse source 
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Print a SOURCE status.
* g10/options.h (opts): New field expl_import_self_sigs_only.
* g10/import.c (parse_import_options): Set it.
* g10/keyserver.c (keyserver_get_chunk): Add special options for LDAP.
--

I can be assumed that configured LDAP servers are somehow curated and
not affected by rogue key signatures as the HKP servers are.  Thus we
can allow the import of key signature from LDAP keyservers by default.

GnuPG-bug-id: 5387
This commit is contained in:
Werner Koch 2021-04-13 14:25:16 +02:00
parent b0a7132856
commit 1303b0ed84
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
5 changed files with 37 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
g10/import.c
View file

@ -218,8 +218,20 @@ parse_import_options(char *str,unsigned int *options,int noisy)
{NULL,0,NULL,NULL}
};
int rc;
int saved_self_sigs_only;
/* We need to set a flag indicating wether the user has set
* IMPORT_SELF_SIGS_ONLY or it came from the default. */
saved_self_sigs_only = (*options & IMPORT_SELF_SIGS_ONLY);
saved_self_sigs_only &= ~IMPORT_SELF_SIGS_ONLY;
rc = parse_options (str, options, import_opts, noisy);
if (rc && (*options & IMPORT_SELF_SIGS_ONLY))
opt.flags.expl_import_self_sigs_only = 1;
else
*options |= saved_self_sigs_only;
if (rc && (*options & IMPORT_RESTORE))
{
/* Alter other options we want or don't want for restore. */