1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.

* g10/mainproc.c (check_sig_and_print): Track key server request via
fingerprint.
--

New signatures carry the fingerprint and thus --auto-key-retrieve tries
to lookup the key by fingerprint.  If that failed it used to also ask
the same thing by KEYID - but the keyid is part of the fingerprint and
thus it will either get no response or the wrong key back.  We can
easily avoid this.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-19 13:03:43 +02:00
parent da91d2106a
commit 2e54594574
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -1658,6 +1658,7 @@ check_sig_and_print (CTX c, kbnode_t node)
int is_revkey = 0; int is_revkey = 0;
char *issuer_fpr; char *issuer_fpr;
PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */ PKT_public_key *pk = NULL; /* The public key for the signature or NULL. */
int tried_ks_by_fpr;
if (opt.skip_verify) if (opt.skip_verify)
{ {
@ -1886,6 +1887,7 @@ check_sig_and_print (CTX c, kbnode_t node)
* that the signers fingerprint is encoded in the signature. We * that the signers fingerprint is encoded in the signature. We
* favor this over the WKD method (to be tried next), because an * favor this over the WKD method (to be tried next), because an
* arbitrary keyserver is less subject to web bug like monitoring. */ * arbitrary keyserver is less subject to web bug like monitoring. */
tried_ks_by_fpr = 0;
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
&& keyserver_any_configured (c->ctrl)) && keyserver_any_configured (c->ctrl))
@ -1902,6 +1904,7 @@ check_sig_and_print (CTX c, kbnode_t node)
pk = NULL; pk = NULL;
glo_ctrl.in_auto_key_retrieve++; glo_ctrl.in_auto_key_retrieve++;
res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1); res = keyserver_import_fprint (c->ctrl, p+1, n-1, opt.keyserver, 1);
tried_ks_by_fpr = 1;
glo_ctrl.in_auto_key_retrieve--; glo_ctrl.in_auto_key_retrieve--;
if (!res) if (!res)
rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk); rc = do_check_sig (c, node, NULL, &is_expkey, &is_revkey, &pk);
@ -1933,6 +1936,7 @@ check_sig_and_print (CTX c, kbnode_t node)
* keyserver. */ * keyserver. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
&& (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE) && (opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE)
&& !tried_ks_by_fpr
&& keyserver_any_configured (c->ctrl)) && keyserver_any_configured (c->ctrl))
{ {
int res; int res;