From 643665c963f9ebdd96b15598ec1b165a1cc22445 Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Mon, 23 Feb 2004 04:00:51 +0000
Subject: [PATCH] * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs):
 Add --min-cert-check-level option to specify minimum cert check level.
 Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be ignored.

---
 g10/ChangeLog |  7 +++++++
 g10/g10.c     | 14 ++++++++++----
 g10/options.h |  1 +
 g10/trustdb.c |  7 +++++--
 4 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 141241c62..3bf57da08 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,10 @@
+2004-02-22  David Shaw  <dshaw@jabberwocky.com>
+
+	* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
+	--min-cert-check-level option to specify minimum cert check level.
+	Defaults to 2 (so 0x11 sigs are ignored).  0x10 sigs cannot be
+	ignored.
+
 2004-02-21  David Shaw  <dshaw@jabberwocky.com>
 
 	* plaintext.c (handle_plaintext): Properly handle a --max-output
diff --git a/g10/g10.c b/g10/g10.c
index c15cea379..455b39558 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -153,6 +153,7 @@ enum cmd_and_opt_values
     oAnswerYes,
     oAnswerNo,
     oDefCertCheckLevel,
+    oMinCertCheckLevel,
     oKeyring,
     oPrimaryKeyring,
     oSecretKeyring,
@@ -567,6 +568,7 @@ static ARGPARSE_OPTS opts[] = {
     { oCompressKeys, "compress-keys",0, "@"},
     { oCompressSigs, "compress-sigs",0, "@"},
     { oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
+    { oMinCertCheckLevel, "min-cert-check-level", 1, "@"},
     { oAlwaysTrust, "always-trust", 0, "@"},
     { oTrustModel, "trust-model", 2, "@"},
     { oForceOwnertrust, "force-ownertrust", 2, "@"},
@@ -1437,7 +1439,8 @@ main( int argc, char **argv )
     opt.verify_options=
       VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
     opt.trust_model=TM_AUTO;
-    opt.mangle_dos_filenames = 0;
+    opt.mangle_dos_filenames=0;
+    opt.min_cert_check_level=2;
     set_screen_dimensions();
 #if defined (_WIN32)
     set_homedir ( read_w32_registry_string( NULL,
@@ -1779,6 +1782,7 @@ main( int argc, char **argv )
 	  case oNoArmor: opt.no_armor=1; opt.armor=0; break;
 	  case oNoDefKeyring: default_keyring = 0; break;
           case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break;
+          case oMinCertCheckLevel: opt.min_cert_check_level=pargs.r.ret_int; break;
 	  case oNoGreeting: nogreeting = 1; break;
 	  case oNoVerbose: g10_opt_verbose = 0;
 			   opt.verbose = 0; opt.list_sigs=0; break;
@@ -2471,11 +2475,13 @@ main( int argc, char **argv )
 	    log_error(_("selected digest algorithm is invalid\n"));
     }
     if( opt.completes_needed < 1 )
-	log_error(_("completes-needed must be greater than 0\n"));
+      log_error(_("completes-needed must be greater than 0\n"));
     if( opt.marginals_needed < 2 )
-	log_error(_("marginals-needed must be greater than 1\n"));
+      log_error(_("marginals-needed must be greater than 1\n"));
     if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
-	log_error(_("max-cert-depth must be in range 1 to 255\n"));
+      log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
+    if( opt.min_cert_check_level < 1 || opt.min_cert_check_level > 3 )
+      log_error(_("min-cert-check-level must be in the range from 1 to 3\n"));
     switch( opt.s2k_mode ) {
       case 0:
 	log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
diff --git a/g10/options.h b/g10/options.h
index ea5dd13be..53821aa0d 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -77,6 +77,7 @@ struct {
     char *def_recipient;
     int def_recipient_self;
     int def_cert_check_level;
+    int min_cert_check_level;
     int sk_comments;
     int no_version;
     int marginals_needed;
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 95359c492..ab3b12527 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1,6 +1,6 @@
 /* trustdb.c
- * Copyright (C) 1998, 1999, 2000, 2001, 2002
- *               2003 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
+ *               2004 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1381,6 +1381,9 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
         continue; /* ignore self-signatures */
       if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
         continue; /* we only look at these signature classes */
+      if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
+	 sig->sig_class-0x10<opt.min_cert_check_level)
+	continue;
       if (!is_in_klist (klist, sig))
         continue;  /* no need to check it then */
       if (check_key_signature (keyblock, node, NULL))