mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-25 15:27:03 +01:00
* import.c (import_one): Make sure that a newly imported key starts with a
clean ownertrust. (import_revoke_cert): Remove ultimate trust when revoking an ultimately trusted key.
This commit is contained in:
parent
901ac5ed9b
commit
1e728329d7
@ -1,3 +1,10 @@
|
|||||||
|
2002-10-01 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* import.c (import_one): Make sure that a newly imported key
|
||||||
|
starts with a clean ownertrust.
|
||||||
|
(import_revoke_cert): Remove ultimate trust when revoking an
|
||||||
|
ultimately trusted key.
|
||||||
|
|
||||||
2002-10-01 Werner Koch <wk@gnupg.org>
|
2002-10-01 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
* getkey.c (get_pubkey_direct): New.
|
* getkey.c (get_pubkey_direct): New.
|
||||||
|
16
g10/import.c
16
g10/import.c
@ -654,7 +654,15 @@ import_one( const char *fname, KBNODE keyblock, int fast,
|
|||||||
log_error (_("error writing keyring `%s': %s\n"),
|
log_error (_("error writing keyring `%s': %s\n"),
|
||||||
keydb_get_resource_name (hd), g10_errstr(rc));
|
keydb_get_resource_name (hd), g10_errstr(rc));
|
||||||
else
|
else
|
||||||
|
{
|
||||||
|
/* This should not be possible since we delete the
|
||||||
|
ownertrust when a key is deleted, but it can happen if
|
||||||
|
the keyring and trustdb are out of sync. It can also
|
||||||
|
be made to happen with the trusted-key command. */
|
||||||
|
|
||||||
|
clear_ownertrust (pk);
|
||||||
revalidation_mark ();
|
revalidation_mark ();
|
||||||
|
}
|
||||||
keydb_release (hd);
|
keydb_release (hd);
|
||||||
|
|
||||||
/* we are ready */
|
/* we are ready */
|
||||||
@ -971,6 +979,14 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
|
|||||||
m_free(p);
|
m_free(p);
|
||||||
}
|
}
|
||||||
stats->n_revoc++;
|
stats->n_revoc++;
|
||||||
|
|
||||||
|
/* If the key we just revoked was ultimately trusted, remove its
|
||||||
|
ultimate trust. This doesn't stop the user from putting the
|
||||||
|
ultimate trust back, but is a reasonable solution for the
|
||||||
|
stable code line. */
|
||||||
|
if(get_ownertrust(pk)==TRUST_ULTIMATE)
|
||||||
|
clear_ownertrust(pk);
|
||||||
|
|
||||||
revalidation_mark ();
|
revalidation_mark ();
|
||||||
|
|
||||||
leave:
|
leave:
|
||||||
|
Loading…
x
Reference in New Issue
Block a user