mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-09 12:54:23 +01:00
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
--min-cert-check-level option to specify minimum cert check level. Defaults to 2 (so 0x11 sigs are ignored). 0x10 sigs cannot be ignored.
This commit is contained in:
parent
07a10b451e
commit
643665c963
@ -1,3 +1,10 @@
|
|||||||
|
2004-02-22 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add
|
||||||
|
--min-cert-check-level option to specify minimum cert check level.
|
||||||
|
Defaults to 2 (so 0x11 sigs are ignored). 0x10 sigs cannot be
|
||||||
|
ignored.
|
||||||
|
|
||||||
2004-02-21 David Shaw <dshaw@jabberwocky.com>
|
2004-02-21 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* plaintext.c (handle_plaintext): Properly handle a --max-output
|
* plaintext.c (handle_plaintext): Properly handle a --max-output
|
||||||
|
@ -153,6 +153,7 @@ enum cmd_and_opt_values
|
|||||||
oAnswerYes,
|
oAnswerYes,
|
||||||
oAnswerNo,
|
oAnswerNo,
|
||||||
oDefCertCheckLevel,
|
oDefCertCheckLevel,
|
||||||
|
oMinCertCheckLevel,
|
||||||
oKeyring,
|
oKeyring,
|
||||||
oPrimaryKeyring,
|
oPrimaryKeyring,
|
||||||
oSecretKeyring,
|
oSecretKeyring,
|
||||||
@ -567,6 +568,7 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
{ oCompressKeys, "compress-keys",0, "@"},
|
{ oCompressKeys, "compress-keys",0, "@"},
|
||||||
{ oCompressSigs, "compress-sigs",0, "@"},
|
{ oCompressSigs, "compress-sigs",0, "@"},
|
||||||
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
|
{ oDefCertCheckLevel, "default-cert-check-level", 1, "@"},
|
||||||
|
{ oMinCertCheckLevel, "min-cert-check-level", 1, "@"},
|
||||||
{ oAlwaysTrust, "always-trust", 0, "@"},
|
{ oAlwaysTrust, "always-trust", 0, "@"},
|
||||||
{ oTrustModel, "trust-model", 2, "@"},
|
{ oTrustModel, "trust-model", 2, "@"},
|
||||||
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
|
{ oForceOwnertrust, "force-ownertrust", 2, "@"},
|
||||||
@ -1438,6 +1440,7 @@ main( int argc, char **argv )
|
|||||||
VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
|
VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS;
|
||||||
opt.trust_model=TM_AUTO;
|
opt.trust_model=TM_AUTO;
|
||||||
opt.mangle_dos_filenames=0;
|
opt.mangle_dos_filenames=0;
|
||||||
|
opt.min_cert_check_level=2;
|
||||||
set_screen_dimensions();
|
set_screen_dimensions();
|
||||||
#if defined (_WIN32)
|
#if defined (_WIN32)
|
||||||
set_homedir ( read_w32_registry_string( NULL,
|
set_homedir ( read_w32_registry_string( NULL,
|
||||||
@ -1779,6 +1782,7 @@ main( int argc, char **argv )
|
|||||||
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
|
case oNoArmor: opt.no_armor=1; opt.armor=0; break;
|
||||||
case oNoDefKeyring: default_keyring = 0; break;
|
case oNoDefKeyring: default_keyring = 0; break;
|
||||||
case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break;
|
case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break;
|
||||||
|
case oMinCertCheckLevel: opt.min_cert_check_level=pargs.r.ret_int; break;
|
||||||
case oNoGreeting: nogreeting = 1; break;
|
case oNoGreeting: nogreeting = 1; break;
|
||||||
case oNoVerbose: g10_opt_verbose = 0;
|
case oNoVerbose: g10_opt_verbose = 0;
|
||||||
opt.verbose = 0; opt.list_sigs=0; break;
|
opt.verbose = 0; opt.list_sigs=0; break;
|
||||||
@ -2475,7 +2479,9 @@ main( int argc, char **argv )
|
|||||||
if( opt.marginals_needed < 2 )
|
if( opt.marginals_needed < 2 )
|
||||||
log_error(_("marginals-needed must be greater than 1\n"));
|
log_error(_("marginals-needed must be greater than 1\n"));
|
||||||
if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
|
if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 )
|
||||||
log_error(_("max-cert-depth must be in range 1 to 255\n"));
|
log_error(_("max-cert-depth must be in the range from 1 to 255\n"));
|
||||||
|
if( opt.min_cert_check_level < 1 || opt.min_cert_check_level > 3 )
|
||||||
|
log_error(_("min-cert-check-level must be in the range from 1 to 3\n"));
|
||||||
switch( opt.s2k_mode ) {
|
switch( opt.s2k_mode ) {
|
||||||
case 0:
|
case 0:
|
||||||
log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
|
log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n"));
|
||||||
|
@ -77,6 +77,7 @@ struct {
|
|||||||
char *def_recipient;
|
char *def_recipient;
|
||||||
int def_recipient_self;
|
int def_recipient_self;
|
||||||
int def_cert_check_level;
|
int def_cert_check_level;
|
||||||
|
int min_cert_check_level;
|
||||||
int sk_comments;
|
int sk_comments;
|
||||||
int no_version;
|
int no_version;
|
||||||
int marginals_needed;
|
int marginals_needed;
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
/* trustdb.c
|
/* trustdb.c
|
||||||
* Copyright (C) 1998, 1999, 2000, 2001, 2002
|
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
|
||||||
* 2003 Free Software Foundation, Inc.
|
* 2004 Free Software Foundation, Inc.
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -1381,6 +1381,9 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
|
|||||||
continue; /* ignore self-signatures */
|
continue; /* ignore self-signatures */
|
||||||
if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
|
if (!IS_UID_SIG(sig) && !IS_UID_REV(sig))
|
||||||
continue; /* we only look at these signature classes */
|
continue; /* we only look at these signature classes */
|
||||||
|
if(sig->sig_class>=0x11 && sig->sig_class<=0x13 &&
|
||||||
|
sig->sig_class-0x10<opt.min_cert_check_level)
|
||||||
|
continue;
|
||||||
if (!is_in_klist (klist, sig))
|
if (!is_in_klist (klist, sig))
|
||||||
continue; /* no need to check it then */
|
continue; /* no need to check it then */
|
||||||
if (check_key_signature (keyblock, node, NULL))
|
if (check_key_signature (keyblock, node, NULL))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user