security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-09 12:54:23 +01:00
Code Activity

* sig-check.c (signature_check2): Print the backsig warning when there

Browse Source 
is no backsig present.  Give a URL for more information.

* keyedit.c (menu_backsign): Small tweak to work properly with keys
originally generated with older GnuPGs that included comments in the
secret keys.
This commit is contained in:
David Shaw 2006-03-12 15:33:57 +00:00
parent 48773e4c15
commit 7e3ba27aef
3 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
g10/ChangeLog
View File

@ -1,3 +1,12 @@
2006-03-12 David Shaw <dshaw@jabberwocky.com>
* sig-check.c (signature_check2): Print the backsig warning when
there is no backsig present. Give a URL for more information.
* keyedit.c (menu_backsign): Small tweak to work properly with
keys originally generated with older GnuPGs that included comments
in the secret keys.
2006-03-09 David Shaw <dshaw@jabberwocky.com> 2006-03-09 David Shaw <dshaw@jabberwocky.com>
* build-packet.c (string_to_notation): Add ability to indicate a * build-packet.c (string_to_notation): Add ability to indicate a

5
g10/keyedit.c
View File

@ -3699,9 +3699,10 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
keys), so we just pick the selfsig with the right class. keys), so we just pick the selfsig with the right class.
This is what menu_expire does as well. */ This is what menu_expire does as well. */
for(node2=node2->next; for(node2=node2->next;
node2 && node2->pkt->pkttype==PKT_SIGNATURE; node2 && node2->pkt->pkttype!=PKT_SECRET_SUBKEY;
node2=node2->next) node2=node2->next)
if(node2->pkt->pkt.signature->version>=4 if(node2->pkt->pkttype==PKT_SIGNATURE
&& node2->pkt->pkt.signature->version>=4
&& node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0] && node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0]
&& node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1] && node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1]
&& node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class) && node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class)

14
g10/sig-check.c
View File

@ -96,15 +96,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
signaures issued by it. */ signaures issued by it. */
if(rc==0 && !pk->is_primary && pk->backsig<2) if(rc==0 && !pk->is_primary && pk->backsig<2)
{ {
/* TODO: In a future version, once enough signing subkeys if(pk->backsig==0)
have backsigs, change this to always give the warning,
and have --require-backsigs enable or disable the
G10ERR_GENERAL. */
if(pk->backsig==0 && opt.flags.require_cross_cert)
{ {
log_info(_("WARNING: signing subkey %s is not" log_info(_("WARNING: signing subkey %s is not"
" cross-certified\n"),keystr_from_pk(pk)); " cross-certified\n"),keystr_from_pk(pk));
rc=G10ERR_GENERAL; log_info(_("please see %s for more information\n"),
"http://www.gnupg.org/subkey-cross-certify.html");
/* --require-cross-certification makes this warning an
error. TODO: change the default to require this
after more keys have backsigs. */
if(opt.flags.require_cross_cert)
rc=G10ERR_GENERAL;
} }
else if(pk->backsig==1) else if(pk->backsig==1)
{ {