security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Tweak compliance checking for verification

Browse source 
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2017-07-27 16:22:36 +02:00
parent 1bd22a85b4
commit 6502bb0d2a
No known key found for this signature in database
GPG key ID: E3FDFF218E45B72B
3 changed files with 54 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

9
g10/sig-check.c
View file

@ -162,10 +162,10 @@ check_signature2 (ctrl_t ctrl,
NULL))
{
/* Compliance failure. */
log_info (_("key %s not suitable for signature verification"
" while in %s mode\n"),
keystr_from_pk (pk),
gnupg_compliance_option_string (opt.compliance));
log_error (_("key %s is not suitable for signature verification"
" in %s mode\n"),
keystr_from_pk (pk),
gnupg_compliance_option_string (opt.compliance));
rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
}
else if(!pk->flags.valid)
@ -207,6 +207,7 @@ check_signature2 (ctrl_t ctrl,
rc = gpg_error (GPG_ERR_GENERAL);
}
}
}
if( !rc && sig->sig_class < 2 && is_status_enabled() ) {