mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
* g10/mainproc.c (check_sig_and_print): Track key server request via fingerprint. -- New signatures carry the fingerprint and thus --auto-key-retrieve tries to lookup the key by fingerprint. If that failed it used to also ask the same thing by KEYID - but the keyid is part of the fingerprint and thus it will either get no response or the wrong key back. We can easily avoid this. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
da91d2106a
commit
2e54594574
@ -1658,6 +1658,7 @@ check_sig_and_print (CTX c, kbnode_t node)
|
|||||||
int is_revkey = 0;
|
int is_revkey = 0;
|
||||||
char *issuer_fpr;
|
char *issuer_fpr;
|
||||||
PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
|
PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
|
||||||
|
int tried_ks_by_fpr;
|
||||||
|
|
||||||
if (opt.skip_verify)
|
if (opt.skip_verify)
|
||||||
{
|
{
|
||||||
@ -1886,6 +1887,7 @@ check_sig_and_print (CTX c, kbnode_t node)
|
|||||||
* that the signers fingerprint is encoded in the signature. We
|
* that the signers fingerprint is encoded in the signature. We
|
||||||
* favor this over the WKD method (to be tried next), because an
|
* favor this over the WKD method (to be tried next), because an
|
||||||
* arbitrary keyserver is less subject to web bug like monitoring. */
|
* arbitrary keyserver is less subject to web bug like monitoring. */
|
||||||
|
tried_ks_by_fpr = 0;
|
||||||
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
||||||
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
||||||
&& keyserver_any_configured (c->ctrl))
|
&& keyserver_any_configured (c->ctrl))
|
||||||
@ -1902,6 +1904,7 @@ check_sig_and_print (CTX c, kbnode_t node)
|
|||||||
pk = NULL;
|
pk = NULL;
|
||||||
glo_ctrl.in_auto_key_retrieve++;
|
glo_ctrl.in_auto_key_retrieve++;
|
||||||
res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
|
res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
|
||||||
|
tried_ks_by_fpr = 1;
|
||||||
glo_ctrl.in_auto_key_retrieve--;
|
glo_ctrl.in_auto_key_retrieve--;
|
||||||
if (!res)
|
if (!res)
|
||||||
rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
|
rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
|
||||||
@ -1933,6 +1936,7 @@ check_sig_and_print (CTX c, kbnode_t node)
|
|||||||
* keyserver. */
|
* keyserver. */
|
||||||
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
|
||||||
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
|
||||||
|
&& !tried_ks_by_fpr
|
||||||
&& keyserver_any_configured (c->ctrl))
|
&& keyserver_any_configured (c->ctrl))
|
||||||
{
|
{
|
||||||
int res;
|
int res;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user