mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-20 21:29:58 +01:00
* trustdb.c (validate_keys): Reset the trustdb before checking if we have
any ultimately trusted keys. This ensures that if we lose all our ultimately trusted keys, we don't leave behind the old validity calculations. Noted by Peter Palfrader. * revoke.c (gen_desig_revoke): Specify in the comment when a designated revocation is generated. * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, get_seckey_byname2): Remove Elgamal check since we are removing type 20 keys altogether.
This commit is contained in:
parent
11859fc4a8
commit
3c0eb7790b
@ -1,3 +1,17 @@
|
||||
2003-11-29 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* trustdb.c (validate_keys): Reset the trustdb before checking if
|
||||
we have any ultimately trusted keys. This ensures that if we lose
|
||||
all our ultimately trusted keys, we don't leave behind the old
|
||||
validity calculations. Noted by Peter Palfrader.
|
||||
|
||||
* revoke.c (gen_desig_revoke): Specify in the comment when a
|
||||
designated revocation is generated.
|
||||
|
||||
* getkey.c (merge_selfsigs_main, merge_selfsigs_subkey,
|
||||
get_seckey_byname2): Remove Elgamal check since we are removing
|
||||
type 20 keys altogether.
|
||||
|
||||
2003-11-27 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* pkclist.c (build_pk_list): Do not allow an empty PK list in
|
||||
|
18
g10/getkey.c
18
g10/getkey.c
@ -1055,11 +1055,7 @@ get_seckey_byname2( GETKEY_CTX *retctx,
|
||||
ctx.items[0].mode = KEYDB_SEARCH_MODE_FIRST;
|
||||
rc = lookup( &ctx, &kb, 1 );
|
||||
if (!rc && sk )
|
||||
{
|
||||
sk_from_block ( &ctx, sk, kb );
|
||||
if(sk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
|
||||
rc=G10ERR_UNU_SECKEY;
|
||||
}
|
||||
sk_from_block ( &ctx, sk, kb );
|
||||
release_kbnode ( kb );
|
||||
get_seckey_end( &ctx );
|
||||
}
|
||||
@ -1681,11 +1677,6 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
|
||||
if ( x ) /* mask it down to the actual allowed usage */
|
||||
key_usage &= x;
|
||||
}
|
||||
|
||||
/* Type 20 Elgamal keys are not usable. */
|
||||
if(pk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
|
||||
key_usage=0;
|
||||
|
||||
pk->pubkey_usage = key_usage;
|
||||
|
||||
if ( !key_expire_seen ) {
|
||||
@ -1902,13 +1893,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
|
||||
if ( x ) /* mask it down to the actual allowed usage */
|
||||
key_usage &= x;
|
||||
}
|
||||
|
||||
/* Type 20 Elgamal subkeys or any subkey on a type 20 primary are
|
||||
not usable. */
|
||||
if(mainpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL
|
||||
|| subpk->pubkey_algo==PUBKEY_ALGO_ELGAMAL)
|
||||
key_usage=0;
|
||||
|
||||
subpk->pubkey_usage = key_usage;
|
||||
|
||||
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
|
||||
|
@ -294,7 +294,7 @@ gen_desig_revoke( const char *uname )
|
||||
goto leave;
|
||||
|
||||
afx.what = 1;
|
||||
afx.hdrlines = "Comment: A revocation certificate should follow\n";
|
||||
afx.hdrlines = "Comment: A designated revocation certificate should follow\n";
|
||||
iobuf_push_filter( out, armor_filter, &afx );
|
||||
|
||||
/* create it */
|
||||
|
@ -1949,6 +1949,10 @@ validate_keys (int interactive)
|
||||
stored = new_key_hash_table ();
|
||||
used = new_key_hash_table ();
|
||||
full_trust = new_key_hash_table ();
|
||||
|
||||
kdb = keydb_new (0);
|
||||
reset_trust_records (kdb,NULL);
|
||||
|
||||
/* Fixme: Instead of always building a UTK list, we could just build it
|
||||
* here when needed */
|
||||
if (!utk_list)
|
||||
@ -1957,10 +1961,6 @@ validate_keys (int interactive)
|
||||
goto leave;
|
||||
}
|
||||
|
||||
kdb = keydb_new (0);
|
||||
|
||||
reset_trust_records (kdb,NULL);
|
||||
|
||||
/* mark all UTKs as used and fully_trusted and set validity to
|
||||
ultimate */
|
||||
for (k=utk_list; k; k = k->next)
|
||||
|
Loading…
x
Reference in New Issue
Block a user