Merged most of David Shaw's changes in 1.3 since 2003-06-03.

2025-07-02 22:46:30 +02:00 · 2003-09-23 17:48:33 +00:00 · 2003-09-23 17:48:33 +00:00 · 4c66e94ff9
commit 4c66e94ff9
parent 47959a306e
45 changed files with 1489 additions and 509 deletions
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -591,6 +591,31 @@ trustdb_pending_check(void)
  return pending_check_trustdb;
 }

+void
+read_trust_options(byte *trust_model,ulong *created,ulong *nextcheck,
+		   byte *marginals,byte *completes,byte *cert_depth)
+{
+  TRUSTREC opts;
+
+  init_trustdb();
+
+  read_record(0,&opts,RECTYPE_VER);
+
+  if(trust_model)
+    *trust_model=opts.r.ver.trust_model;
+  if(created)
+    *created=opts.r.ver.created;
+  if(nextcheck)
+    *nextcheck=opts.r.ver.nextcheck;
+  if(marginals)
+    *marginals=opts.r.ver.marginals;
+  if(completes)
+    *completes=opts.r.ver.completes;
+  if(cert_depth)
+    *cert_depth=opts.r.ver.cert_depth;
+}
+
+

 /***********************************************
 ***********  Ownertrust et al. ****************
@ -1573,10 +1598,14 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
 	 signed (but not self-signed) uid does carry trust, of a sort,
 	 even if it is a statement being made by people other than the
 	 key owner "through" the uids on the key owner's key.  I'm
-	 going with the latter. -dshaw */
+	 going with the latter.  However, if the user ID was
+	 explicitly revoked, or passively allowed to expire, that
+	 should stop validity through the user ID until it is
+	 resigned.  -dshaw */

-      /* && node->pkt->pkt.user_id->created) */
-      if (node->pkt->pkttype == PKT_USER_ID)
+      if (node->pkt->pkttype == PKT_USER_ID
+	  && !node->pkt->pkt.user_id->is_revoked
+	  && !node->pkt->pkt.user_id->is_expired)
        {
          if (uidnode && issigned)
            {
@ -1590,12 +1619,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
            }
          uidnode = node;
 	  uid=uidnode->pkt->pkt.user_id;
-#if 0
-	  /* If the selfsig is going to expire...  This is disabled as
-	     we do count un-self-signed uids in the web of trust. */
+
+	  /* If the selfsig is going to expire... */
 	  if(uid->expiredate && uid->expiredate<*next_expire)
 	    *next_expire = uid->expiredate;
-#endif
+
          issigned = 0;
 	  get_validity_counts(pk,uid);
          mark_usable_uid_certs (kb, uidnode, main_kid, klist,