* sig-check.c (check_key_signature2): Comments.

* keyring.c (keyring_rebuild_cache): Clear sig cache for any signatures
that we can no longer process (say, if the user removed support for a
necessary pubkey or digest algorithm).

g10/keyring.c

@@ -1,5 +1,5 @@
 /* keyring.c - keyring file handling
- * Copyright (C) 2001 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2004 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1375,16 +1375,24 @@ keyring_rebuild_cache (void *token)
       /* check all signature to set the signature's cache flags */
       for (node=keyblock; node; node=node->next)
         {
+	  /* Note that this doesn't cache the result of a revocation
+	     issued by a designated revoker.  This is because the pk
+	     in question does not carry the revkeys as we haven't
+	     merged the key and selfsigs.  It is questionable whether
+	     this matters very much since there are very very few
+	     designated revoker revocation packets out there. */
+
           if (node->pkt->pkttype == PKT_SIGNATURE)
             {
-	      /* Note that this doesn't cache the result of a
-		 revocation issued by a designated revoker.  This is
-		 because the pk in question does not carry the revkeys
-		 as we haven't merged the key and selfsigs.  It is
-		 questionable whether this matters very much since
-		 there are very very few designated revoker revocation
-		 packets out there. */
-              check_key_signature (keyblock, node, NULL);
+	      PKT_signature *sig=node->pkt->pkt.signature;
+
+	      if(!opt.no_sig_cache && sig->flags.checked && sig->flags.valid
+		 && (check_digest_algo(sig->digest_algo)
+		     || check_pubkey_algo(sig->pubkey_algo)))
+		sig->flags.checked=sig->flags.valid=0;
+	      else
+		check_key_signature (keyblock, node, NULL);
+
               sigcount++;
             }
         }