mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-05 12:31:50 +01:00
* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
pka-lookups, not pka-lookup. * options.h, gpg.c (main), keyedit.c [cmds], sig-check.c (signature_check2): Rename "backsign" to "cross-certify" as a more accurate name.
This commit is contained in:
parent
07c48cf29e
commit
90d8377276
@ -1,5 +1,12 @@
|
|||||||
2006-03-07 David Shaw <dshaw@jabberwocky.com>
|
2006-03-07 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
|
* options.h, mainproc.c (check_sig_and_print), gpg.c (main):
|
||||||
|
pka-lookups, not pka-lookup.
|
||||||
|
|
||||||
|
* options.h, gpg.c (main), keyedit.c [cmds], sig-check.c
|
||||||
|
(signature_check2): Rename "backsign" to "cross-certify" as a more
|
||||||
|
accurate name.
|
||||||
|
|
||||||
* options.h, gpg.c (main, parse_trust_model), pkclist.c
|
* options.h, gpg.c (main, parse_trust_model), pkclist.c
|
||||||
(check_signatures_trust), mainproc.c (check_sig_and_print,
|
(check_signatures_trust), mainproc.c (check_sig_and_print,
|
||||||
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so
|
pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so
|
||||||
|
16
g10/gpg.c
16
g10/gpg.c
@ -357,8 +357,8 @@ enum cmd_and_opt_values
|
|||||||
octapiDriver,
|
octapiDriver,
|
||||||
opcscDriver,
|
opcscDriver,
|
||||||
oDisableCCID,
|
oDisableCCID,
|
||||||
oRequireBacksigs,
|
oRequireCrossCert,
|
||||||
oNoRequireBacksigs,
|
oNoRequireCrossCert,
|
||||||
oAutoKeyLocate,
|
oAutoKeyLocate,
|
||||||
oNoAutoKeyLocate,
|
oNoAutoKeyLocate,
|
||||||
oAllowMultisigVerification,
|
oAllowMultisigVerification,
|
||||||
@ -706,8 +706,10 @@ static ARGPARSE_OPTS opts[] = {
|
|||||||
I'm returning the favor. */
|
I'm returning the favor. */
|
||||||
{ oLocalUser, "sign-with", 2, "@" },
|
{ oLocalUser, "sign-with", 2, "@" },
|
||||||
{ oRecipient, "user", 2, "@" },
|
{ oRecipient, "user", 2, "@" },
|
||||||
{ oRequireBacksigs, "require-backsigs", 0, "@"},
|
{ oRequireCrossCert, "require-backsigs", 0, "@"},
|
||||||
{ oNoRequireBacksigs, "no-require-backsigs", 0, "@"},
|
{ oRequireCrossCert, "require-cross-certification", 0, "@"},
|
||||||
|
{ oNoRequireCrossCert, "no-require-backsigs", 0, "@"},
|
||||||
|
{ oNoRequireCrossCert, "no-require-cross-certification", 0, "@"},
|
||||||
{ oAutoKeyLocate, "auto-key-locate", 2, "@"},
|
{ oAutoKeyLocate, "auto-key-locate", 2, "@"},
|
||||||
{ oNoAutoKeyLocate, "no-auto-key-locate", 0, "@"},
|
{ oNoAutoKeyLocate, "no-auto-key-locate", 0, "@"},
|
||||||
{0,NULL,0,NULL}
|
{0,NULL,0,NULL}
|
||||||
@ -2462,7 +2464,7 @@ main (int argc, char **argv )
|
|||||||
N_("show user ID validity during signature verification")},
|
N_("show user ID validity during signature verification")},
|
||||||
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
|
{"show-unusable-uids",VERIFY_SHOW_UNUSABLE_UIDS,NULL,
|
||||||
N_("show revoked and expired user IDs in signature verification")},
|
N_("show revoked and expired user IDs in signature verification")},
|
||||||
{"pka-lookup",VERIFY_PKA_LOOKUP,NULL,
|
{"pka-lookups",VERIFY_PKA_LOOKUPS,NULL,
|
||||||
N_("validate signatures with PKA data")},
|
N_("validate signatures with PKA data")},
|
||||||
{"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
|
{"pka-trust-increase",VERIFY_PKA_TRUST_INCREASE,NULL,
|
||||||
N_("elevate the trust of signatures with valid PKA data")},
|
N_("elevate the trust of signatures with valid PKA data")},
|
||||||
@ -2625,8 +2627,8 @@ main (int argc, char **argv )
|
|||||||
opt.limit_card_insert_tries = pargs.r.ret_int;
|
opt.limit_card_insert_tries = pargs.r.ret_int;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case oRequireBacksigs: opt.require_backsigs=1; break;
|
case oRequireCrossCert: opt.flags.require_cross_cert=1; break;
|
||||||
case oNoRequireBacksigs: opt.require_backsigs=0; break;
|
case oNoRequireCrossCert: opt.flags.require_cross_cert=0; break;
|
||||||
|
|
||||||
case oAutoKeyLocate:
|
case oAutoKeyLocate:
|
||||||
if(!parse_auto_key_locate(pargs.r.ret_str))
|
if(!parse_auto_key_locate(pargs.r.ret_str))
|
||||||
|
@ -1363,6 +1363,7 @@ static struct
|
|||||||
{ "key" , cmdSELKEY , 0, N_("select subkey N") },
|
{ "key" , cmdSELKEY , 0, N_("select subkey N") },
|
||||||
{ "check" , cmdCHECK , 0, N_("check signatures") },
|
{ "check" , cmdCHECK , 0, N_("check signatures") },
|
||||||
{ "c" , cmdCHECK , 0, NULL },
|
{ "c" , cmdCHECK , 0, NULL },
|
||||||
|
{ "cross-certify", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
|
||||||
{ "backsign", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
|
{ "backsign", cmdBACKSIGN , KEYEDIT_NOT_SK|KEYEDIT_NEED_SK, NULL },
|
||||||
{ "sign" , cmdSIGN , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
|
{ "sign" , cmdSIGN , KEYEDIT_NOT_SK|KEYEDIT_TAIL_MATCH,
|
||||||
N_("sign selected user IDs [* see below for related commands]") },
|
N_("sign selected user IDs [* see below for related commands]") },
|
||||||
|
@ -1866,7 +1866,7 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||||||
|
|
||||||
if (!rc)
|
if (!rc)
|
||||||
{
|
{
|
||||||
if(opt.verify_options&VERIFY_PKA_LOOKUP)
|
if(opt.verify_options&VERIFY_PKA_LOOKUPS)
|
||||||
pka_uri_from_sig (sig); /* Make sure PKA info is available. */
|
pka_uri_from_sig (sig); /* Make sure PKA info is available. */
|
||||||
rc = check_signatures_trust( sig );
|
rc = check_signatures_trust( sig );
|
||||||
}
|
}
|
||||||
|
@ -215,10 +215,13 @@ struct
|
|||||||
int disable_ccid; /* Disable the use of the internal CCID driver. */
|
int disable_ccid; /* Disable the use of the internal CCID driver. */
|
||||||
#endif /*ENABLE_CARD_SUPPORT*/
|
#endif /*ENABLE_CARD_SUPPORT*/
|
||||||
|
|
||||||
/* If set, require an 0x19 backsig to be present on signatures made
|
struct
|
||||||
by signing subkeys. If not set, a missing backsig is not an
|
{
|
||||||
error (but an invalid backsig still is). */
|
/* If set, require an 0x19 backsig to be present on signatures
|
||||||
int require_backsigs;
|
made by signing subkeys. If not set, a missing backsig is not
|
||||||
|
an error (but an invalid backsig still is). */
|
||||||
|
unsigned int require_cross_cert:1;
|
||||||
|
} flags;
|
||||||
|
|
||||||
/* Linked list of ways to find a key if the key isn't on the local
|
/* Linked list of ways to find a key if the key isn't on the local
|
||||||
keyring. */
|
keyring. */
|
||||||
@ -314,7 +317,7 @@ struct {
|
|||||||
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
|
#define VERIFY_SHOW_KEYSERVER_URLS (1<<4)
|
||||||
#define VERIFY_SHOW_UID_VALIDITY (1<<5)
|
#define VERIFY_SHOW_UID_VALIDITY (1<<5)
|
||||||
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
|
#define VERIFY_SHOW_UNUSABLE_UIDS (1<<6)
|
||||||
#define VERIFY_PKA_LOOKUP (1<<7)
|
#define VERIFY_PKA_LOOKUPS (1<<7)
|
||||||
#define VERIFY_PKA_TRUST_INCREASE (1<<8)
|
#define VERIFY_PKA_TRUST_INCREASE (1<<8)
|
||||||
|
|
||||||
#define KEYSERVER_USE_TEMP_FILES (1<<0)
|
#define KEYSERVER_USE_TEMP_FILES (1<<0)
|
||||||
|
@ -100,7 +100,7 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
|
|||||||
have backsigs, change this to always give the warning,
|
have backsigs, change this to always give the warning,
|
||||||
and have --require-backsigs enable or disable the
|
and have --require-backsigs enable or disable the
|
||||||
G10ERR_GENERAL. */
|
G10ERR_GENERAL. */
|
||||||
if(pk->backsig==0 && opt.require_backsigs)
|
if(pk->backsig==0 && opt.flags.require_cross_cert)
|
||||||
{
|
{
|
||||||
log_info(_("WARNING: signing subkey %s is not"
|
log_info(_("WARNING: signing subkey %s is not"
|
||||||
" cross-certified\n"),keystr_from_pk(pk));
|
" cross-certified\n"),keystr_from_pk(pk));
|
||||||
|
Loading…
x
Reference in New Issue
Block a user