* packet.h, sig-check.c (signature_check2, do_check, do_check_messages):

Provide a signing-key-is-revoked flag. Change all callers. * status.h, status.c (get_status_string): New REVKEYSIG status tag for a good signature from a revoked key. * mainproc.c (do_check_sig, check_sig_and_print): Use it here. * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual signatures on import rather than using keyid or class matching. This does not change actual behavior with a key, but does mean that all sigs are imported whether they will be used or not. * parse-packet.c (parse_signature): Don't give "signature packet without xxxx" warnings for experimental pk algorithms. An experimental algorithm may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).
2025-07-02 22:46:30 +02:00 · 2003-08-13 03:31:36 +00:00 · 2003-08-13 03:31:36 +00:00 · a2cf3caa98
commit a2cf3caa98
parent 7500f070ba
8 changed files with 88 additions and 60 deletions
--- a/g10/status.c
+++ b/g10/status.c
@ -148,6 +148,7 @@ get_status_string ( int no )
      case STATUS_SIGEXPIRED     : s = "SIGEXPIRED deprecated-use-keyexpired-instead"; break;
      case STATUS_EXPSIG         : s = "EXPSIG"; break;
      case STATUS_EXPKEYSIG      : s = "EXPKEYSIG"; break;
+      case STATUS_REVKEYSIG      : s = "REVKEYSIG"; break;
      case STATUS_ATTRIBUTE      : s = "ATTRIBUTE"; break;
      default: s = "?"; break;
    }