From 7d9aad63c4f1aefe97da61baf5acd96c12c0278e Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 3 Oct 2019 18:20:59 +0200
Subject: [PATCH] gpg: Ignore all SHA-1 signatures in 3rd party key signatures.

* g10/sig-check.c (check_signature_over_key_or_uid): No cut-off date
and remove debug output.
--

With 2.2 we do not not support SHA-1 key signatures anymore even if
that means that the WoT shrinks.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/sig-check.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 139ad93eb..3d8ed20f2 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -1012,16 +1012,12 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
   else if (IS_UID_SIG (sig) || IS_UID_REV (sig))
     {
       log_assert (packet->pkttype == PKT_USER_ID);
-      log_debug ("algo=%d selfsig=%d tm=%lu\n",
-                 sig->digest_algo, *is_selfsig, (unsigned long)sig->timestamp);
-      if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig
-          && sig->timestamp > 1547856000)
+      if (sig->digest_algo == DIGEST_ALGO_SHA1 && !*is_selfsig)
         {
           /* If the signature was created using SHA-1 we consider this
            * signature invalid because it makes it possible to mount a
            * chosen-prefix collision.  We don't do this for
-           * self-signatures or for signatures created before the
-           * somewhat arbitrary cut-off date 2019-01-19.  */
+           * self-signatures, though.  */
           rc = gpg_error (GPG_ERR_DIGEST_ALGO);
         }
       else