gpg: If possible TRUST values now depend on signer's UID or --sender.

* g10/mainproc.c (check_sig_and_print): Add failsafe check for PK. Pass KEYBLOCK down do check_signatures_trust. Protect existsing error ocde in case the signature expired. * g10/pkclist.c (is_in_sender_list): New. (check_signatures_trust): Add args keyblock and pk. Add new uid based checking code. * g10/test-stubs.c, g10/gpgv.c: Adjust stubs. -- GnuPG-bug-id: 4735 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2020-06-08 20:13:25 +02:00 · 2020-06-08 20:13:25 +02:00 · 5c2080f467
commit 5c2080f467
parent 61bb75d045
6 changed files with 204 additions and 49 deletions
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -263,7 +263,8 @@ gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr, size_t fprlen);

 /*-- pkclist.c --*/
 void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
-int  check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
+gpg_error_t check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock,
+                                    PKT_public_key *pk, PKT_signature *sig);

 void release_pk_list (PK_LIST pk_list);
 int expand_id (const char *id, strlist_t *into, unsigned int flags);