1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

* sig-check.c (signature_check2): Print the backsig warning when there

is no backsig present.  Give a URL for more information.

* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
This commit is contained in:
David Shaw 2006-03-12 15:33:57 +00:00
parent 48773e4c15
commit 7e3ba27aef
3 changed files with 20 additions and 8 deletions

View File

@ -1,3 +1,12 @@
2006-03-12 David Shaw <dshaw@jabberwocky.com>
* sig-check.c (signature_check2): Print the backsig warning when
there is no backsig present. Give a URL for more information.
* keyedit.c (menu_backsign): Small tweak to work properly with
keys originally generated with older GnuPGs that included comments
in the secret keys.
2006-03-09 David Shaw <dshaw@jabberwocky.com>
* build-packet.c (string_to_notation): Add ability to indicate a

View File

@ -3699,9 +3699,10 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
keys), so we just pick the selfsig with the right class.
This is what menu_expire does as well. */
for(node2=node2->next;
node2 && node2->pkt->pkttype==PKT_SIGNATURE;
node2 && node2->pkt->pkttype!=PKT_SECRET_SUBKEY;
node2=node2->next)
if(node2->pkt->pkt.signature->version>=4
if(node2->pkt->pkttype==PKT_SIGNATURE
&& node2->pkt->pkt.signature->version>=4
&& node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0]
&& node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1]
&& node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class)

View File

@ -96,15 +96,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
signaures issued by it. */
if(rc==0 && !pk->is_primary && pk->backsig<2)
{
/* TODO: In a future version, once enough signing subkeys
have backsigs, change this to always give the warning,
and have --require-backsigs enable or disable the
G10ERR_GENERAL. */
if(pk->backsig==0 && opt.flags.require_cross_cert)
if(pk->backsig==0)
{
log_info(_("WARNING: signing subkey %s is not"
" cross-certified\n"),keystr_from_pk(pk));
rc=G10ERR_GENERAL;
log_info(_("please see %s for more information\n"),
"http://www.gnupg.org/subkey-cross-certify.html");
/* --require-cross-certification makes this warning an
error. TODO: change the default to require this
after more keys have backsigs. */
if(opt.flags.require_cross_cert)
rc=G10ERR_GENERAL;
}
else if(pk->backsig==1)
{