1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-25 15:27:03 +01:00

* import.c (import_one): Make sure that a newly imported key starts with a

clean ownertrust. (import_revoke_cert): Remove ultimate trust when
revoking an ultimately trusted key.
This commit is contained in:
David Shaw 2002-10-01 17:25:56 +00:00
parent 901ac5ed9b
commit 1e728329d7
2 changed files with 24 additions and 1 deletions

View File

@ -1,3 +1,10 @@
2002-10-01 David Shaw <dshaw@jabberwocky.com>
* import.c (import_one): Make sure that a newly imported key
starts with a clean ownertrust.
(import_revoke_cert): Remove ultimate trust when revoking an
ultimately trusted key.
2002-10-01 Werner Koch <wk@gnupg.org> 2002-10-01 Werner Koch <wk@gnupg.org>
* getkey.c (get_pubkey_direct): New. * getkey.c (get_pubkey_direct): New.

View File

@ -654,7 +654,15 @@ import_one( const char *fname, KBNODE keyblock, int fast,
log_error (_("error writing keyring `%s': %s\n"), log_error (_("error writing keyring `%s': %s\n"),
keydb_get_resource_name (hd), g10_errstr(rc)); keydb_get_resource_name (hd), g10_errstr(rc));
else else
{
/* This should not be possible since we delete the
ownertrust when a key is deleted, but it can happen if
the keyring and trustdb are out of sync. It can also
be made to happen with the trusted-key command. */
clear_ownertrust (pk);
revalidation_mark (); revalidation_mark ();
}
keydb_release (hd); keydb_release (hd);
/* we are ready */ /* we are ready */
@ -971,6 +979,14 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
m_free(p); m_free(p);
} }
stats->n_revoc++; stats->n_revoc++;
/* If the key we just revoked was ultimately trusted, remove its
ultimate trust. This doesn't stop the user from putting the
ultimate trust back, but is a reasonable solution for the
stable code line. */
if(get_ownertrust(pk)==TRUST_ULTIMATE)
clear_ownertrust(pk);
revalidation_mark (); revalidation_mark ();
leave: leave: