diff --git a/g10/ChangeLog b/g10/ChangeLog index e1e5bae26..204308c9f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2002-10-01 David Shaw + + * import.c (import_one): Make sure that a newly imported key + starts with a clean ownertrust. + (import_revoke_cert): Remove ultimate trust when revoking an + ultimately trusted key. + 2002-10-01 Werner Koch * getkey.c (get_pubkey_direct): New. diff --git a/g10/import.c b/g10/import.c index 4060bdf27..1d3dddb1d 100644 --- a/g10/import.c +++ b/g10/import.c @@ -654,7 +654,15 @@ import_one( const char *fname, KBNODE keyblock, int fast, log_error (_("error writing keyring `%s': %s\n"), keydb_get_resource_name (hd), g10_errstr(rc)); else - revalidation_mark (); + { + /* This should not be possible since we delete the + ownertrust when a key is deleted, but it can happen if + the keyring and trustdb are out of sync. It can also + be made to happen with the trusted-key command. */ + + clear_ownertrust (pk); + revalidation_mark (); + } keydb_release (hd); /* we are ready */ @@ -971,6 +979,14 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats ) m_free(p); } stats->n_revoc++; + + /* If the key we just revoked was ultimately trusted, remove its + ultimate trust. This doesn't stop the user from putting the + ultimate trust back, but is a reasonable solution for the + stable code line. */ + if(get_ownertrust(pk)==TRUST_ULTIMATE) + clear_ownertrust(pk); + revalidation_mark (); leave: