mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
* import.c (import_one): Make sure that a newly imported key starts with a
clean ownertrust. (import_revoke_cert): Remove ultimate trust when revoking an ultimately trusted key.
This commit is contained in:
parent
901ac5ed9b
commit
1e728329d7
@ -1,3 +1,10 @@
|
||||
2002-10-01 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* import.c (import_one): Make sure that a newly imported key
|
||||
starts with a clean ownertrust.
|
||||
(import_revoke_cert): Remove ultimate trust when revoking an
|
||||
ultimately trusted key.
|
||||
|
||||
2002-10-01 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* getkey.c (get_pubkey_direct): New.
|
||||
|
18
g10/import.c
18
g10/import.c
@ -654,7 +654,15 @@ import_one( const char *fname, KBNODE keyblock, int fast,
|
||||
log_error (_("error writing keyring `%s': %s\n"),
|
||||
keydb_get_resource_name (hd), g10_errstr(rc));
|
||||
else
|
||||
revalidation_mark ();
|
||||
{
|
||||
/* This should not be possible since we delete the
|
||||
ownertrust when a key is deleted, but it can happen if
|
||||
the keyring and trustdb are out of sync. It can also
|
||||
be made to happen with the trusted-key command. */
|
||||
|
||||
clear_ownertrust (pk);
|
||||
revalidation_mark ();
|
||||
}
|
||||
keydb_release (hd);
|
||||
|
||||
/* we are ready */
|
||||
@ -971,6 +979,14 @@ import_revoke_cert( const char *fname, KBNODE node, struct stats_s *stats )
|
||||
m_free(p);
|
||||
}
|
||||
stats->n_revoc++;
|
||||
|
||||
/* If the key we just revoked was ultimately trusted, remove its
|
||||
ultimate trust. This doesn't stop the user from putting the
|
||||
ultimate trust back, but is a reasonable solution for the
|
||||
stable code line. */
|
||||
if(get_ownertrust(pk)==TRUST_ULTIMATE)
|
||||
clear_ownertrust(pk);
|
||||
|
||||
revalidation_mark ();
|
||||
|
||||
leave:
|
||||
|
Loading…
x
Reference in New Issue
Block a user