mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* sig-check.c (signature_check2): Print the backsig warning when there
is no backsig present. Give a URL for more information. * keyedit.c (menu_backsign): Small tweak to work properly with keys originally generated with older GnuPGs that included comments in the secret keys.
This commit is contained in:
parent
48773e4c15
commit
7e3ba27aef
@ -1,3 +1,12 @@
|
||||
2006-03-12 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* sig-check.c (signature_check2): Print the backsig warning when
|
||||
there is no backsig present. Give a URL for more information.
|
||||
|
||||
* keyedit.c (menu_backsign): Small tweak to work properly with
|
||||
keys originally generated with older GnuPGs that included comments
|
||||
in the secret keys.
|
||||
|
||||
2006-03-09 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* build-packet.c (string_to_notation): Add ability to indicate a
|
||||
|
@ -3699,9 +3699,10 @@ menu_backsign(KBNODE pub_keyblock,KBNODE sec_keyblock)
|
||||
keys), so we just pick the selfsig with the right class.
|
||||
This is what menu_expire does as well. */
|
||||
for(node2=node2->next;
|
||||
node2 && node2->pkt->pkttype==PKT_SIGNATURE;
|
||||
node2 && node2->pkt->pkttype!=PKT_SECRET_SUBKEY;
|
||||
node2=node2->next)
|
||||
if(node2->pkt->pkt.signature->version>=4
|
||||
if(node2->pkt->pkttype==PKT_SIGNATURE
|
||||
&& node2->pkt->pkt.signature->version>=4
|
||||
&& node2->pkt->pkt.signature->keyid[0]==sig_pk->pkt->pkt.signature->keyid[0]
|
||||
&& node2->pkt->pkt.signature->keyid[1]==sig_pk->pkt->pkt.signature->keyid[1]
|
||||
&& node2->pkt->pkt.signature->sig_class==sig_pk->pkt->pkt.signature->sig_class)
|
||||
|
@ -96,15 +96,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
|
||||
signaures issued by it. */
|
||||
if(rc==0 && !pk->is_primary && pk->backsig<2)
|
||||
{
|
||||
/* TODO: In a future version, once enough signing subkeys
|
||||
have backsigs, change this to always give the warning,
|
||||
and have --require-backsigs enable or disable the
|
||||
G10ERR_GENERAL. */
|
||||
if(pk->backsig==0 && opt.flags.require_cross_cert)
|
||||
if(pk->backsig==0)
|
||||
{
|
||||
log_info(_("WARNING: signing subkey %s is not"
|
||||
" cross-certified\n"),keystr_from_pk(pk));
|
||||
rc=G10ERR_GENERAL;
|
||||
log_info(_("please see %s for more information\n"),
|
||||
"http://www.gnupg.org/subkey-cross-certify.html");
|
||||
/* --require-cross-certification makes this warning an
|
||||
error. TODO: change the default to require this
|
||||
after more keys have backsigs. */
|
||||
if(opt.flags.require_cross_cert)
|
||||
rc=G10ERR_GENERAL;
|
||||
}
|
||||
else if(pk->backsig==1)
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user