See ChangeLog: Thu May 6 14:18:17 CEST 1999 Werner Koch

2025-07-02 22:46:30 +02:00 · 1999-05-06 12:26:10 +00:00 · 1999-05-06 12:26:10 +00:00 · 7cb8838061
commit 7cb8838061
parent e5a79b2da8
27 changed files with 4036 additions and 3151 deletions
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -2780,6 +2780,36 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel,
 	}
    }

+    /* is a subkey has been requested, we have to check its keyflags */
+    if( !rc ) {
+	TRUSTREC krec;
+	byte fpr[MAX_FINGERPRINT_LEN] = {0}; /* to avoid compiler warnings */
+	size_t fprlen = 0;
+	ulong recno;
+	int kcount=0;
+
+	for( recno = rec.r.dir.keylist; recno; recno = krec.r.key.next ) {
+	    read_record( recno, &krec, RECTYPE_KEY );
+	    if( ++kcount == 1 )
+		continue; /* skip the primary key */
+	    if( kcount == 2 ) /* now we need the fingerprint */
+		fingerprint_from_pk( pk, fpr, &fprlen );
+
+	    if( krec.r.key.fingerprint_len == fprlen
+		&& !memcmp( krec.r.key.fingerprint, fpr, fprlen ) ) {
+		/* found the subkey */
+		if( (krec.r.key.keyflags & KEYF_REVOKED) )
+		    trustlevel |= TRUST_FLAG_SUB_REVOKED;
+		/* should we check for keybinding here??? */
+		/* Hmmm: Maybe this whole checking stuff should not go
+		 * into the trustdb, but be done direct from the keyblock.
+		 * Chnage this all when we add an abstarction layer around
+		 * the way certificates are handled by different standards */
+		break;
+	    }
+	}
+    }
+

  leave:
    if( DBG_TRUST )