gpg: Ignore all SHA-1 signatures in 3rd party key signatures.

* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date and remove debug output. -- With 2.2 we do not not support SHA-1 key signatures anymore even if that means that the WoT shrinks. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-01-30 16:17:02 +01:00 · 2019-10-03 18:20:59 +02:00 · 2019-10-03 18:20:59 +02:00 · 7d9aad63c4
commit 7d9aad63c4
parent c4f2d9e3e1
1 changed files with 2 additions and 6 deletions
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -1012,16 +1012,12 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
  else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
    {
      log_assert (packet->pkttype == PKT_USER_ID);
-      log_debug ("algo=%d selfsig=%d tm=%lu\n",
-                 sig->digest_algo, *is_selfsig, (unsigned long)sig->timestamp);
-      if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
-          && sig->timestamp > 1547856000)
+      if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig)
        {
          /* If the signature was created using SHA-1 we consider this
           * signature invalid because it makes it possible to mount a
           * chosen-prefix collision.  We don't do this for
-           * self-signatures or for signatures created before the
-           * somewhat arbitrary cut-off date 2019-01-19.  */
+           * self-signatures, though.  */
          rc = gpg_error (GPG_ERR_DIGEST_ALGO);
        }
      else