security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00
Code Activity

* hkp.c (hkp_search): Return proper error code on failure.

Browse Source 
* keyedit.c (sign_uids): Do not allow signing a user ID without a
self-signature.  --expert overrides.

* options.skel: Use subkeys.pgp.net as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
This commit is contained in:
David Shaw 2003-06-18 03:25:45 +00:00
parent d67479006e
commit a5381060d2
5 changed files with 49 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
g10/ChangeLog
View File

@ -1,3 +1,15 @@
2003-06-17 David Shaw <dshaw@jabberwocky.com>
* hkp.c (hkp_search): Return proper error code on failure.
* keyedit.c (sign_uids): Do not allow signing a user ID without a
self-signature. --expert overrides.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or
expired uids do not count in the web of trust.
2003-06-14 David Shaw <dshaw@jabberwocky.com> 2003-06-14 David Shaw <dshaw@jabberwocky.com>
* keylist.c (list_keyblock_colon): Don't include validity values * keylist.c (list_keyblock_colon): Don't include validity values

7
g10/hkp.c
View File

@ -366,7 +366,7 @@ parse_hkp_index(IOBUF buffer,char *line)
{ {
m_free(key); m_free(key);
m_free(uid); m_free(uid);
log_error(_("this keyserver is not fully HKP compatible\n")); log_error(_("this keyserver does not support --search-keys\n"));
return -1; return -1;
} }
@ -598,7 +598,10 @@ int hkp_search(STRLIST tokens)
ret=parse_hkp_index(buffer,line); ret=parse_hkp_index(buffer,line);
if(ret==-1) if(ret==-1)
break; {
rc=G10ERR_KEYSERVER;
break;
}
if(rc!=0) if(rc!=0)
count+=ret; count+=ret;

22
g10/keyedit.c
View File

@ -397,10 +397,26 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
tty_printf(_(" Unable to sign.\n")); tty_printf(_(" Unable to sign.\n"));
} }
} }
else if(!uidnode->pkt->pkt.user_id->created) else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
{ {
tty_printf(_("WARNING: user ID \"%s\" is not " tty_printf(_("User ID \"%s\" is not self-signed."),
"self-signed.\n"),user); user);
if(opt.expert)
{
tty_printf("\n");
/* No, so remove the mark and continue */
if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
_("Are you sure you "
"still want to sign "
"it? (y/N) ")))
uidnode->flag &= ~NODFLG_MARK_A;
}
else
{
uidnode->flag &= ~NODFLG_MARK_A;
tty_printf(_(" Unable to sign.\n"));
}
} }
m_free(user); m_free(user);

6
g10/options.skel
View File

@ -90,7 +90,7 @@
# support). # support).
# #
# Example HKP keyserver: # Example HKP keyserver:
# x-hkp://subkeys.pgp.net # hkp://subkeys.pgp.net
# #
# Example email keyserver: # Example email keyserver:
# mailto:pgp-public-keys@keys.pgp.net # mailto:pgp-public-keys@keys.pgp.net
@ -101,7 +101,7 @@
# #
# Regular URL syntax applies, and you can set an alternate port # Regular URL syntax applies, and you can set an alternate port
# through the usual method: # through the usual method:
# x-hkp://keyserver.example.net:22742 # hkp://keyserver.example.net:22742
# #
# If you have problems connecting to a HKP server through a buggy http # If you have problems connecting to a HKP server through a buggy http
# proxy, you can use keyserver option broken-http-proxy (see below), # proxy, you can use keyserver option broken-http-proxy (see below),
@ -112,7 +112,7 @@
# Most servers do synchronize with each other and DNS round-robin may # Most servers do synchronize with each other and DNS round-robin may
# give you a quasi-random server each time. # give you a quasi-random server each time.
#keyserver x-hkp://subkeys.pgp.net keyserver hkp://subkeys.pgp.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://pgp.surfnet.nl:11370 #keyserver ldap://pgp.surfnet.nl:11370
#keyserver ldap://keyserver.pgp.com #keyserver ldap://keyserver.pgp.com

17
g10/trustdb.c
View File

@ -1329,10 +1329,14 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
signed (but not self-signed) uid does carry trust, of a sort, signed (but not self-signed) uid does carry trust, of a sort,
even if it is a statement being made by people other than the even if it is a statement being made by people other than the
key owner "through" the uids on the key owner's key. I'm key owner "through" the uids on the key owner's key. I'm
going with the latter. -dshaw */ going with the latter. However, if the user ID was
explicitly revoked, or passively allowed to expire, that
should stop validity through the user ID until it is
resigned. -dshaw */
/* && node->pkt->pkt.user_id->created) */ if (node->pkt->pkttype == PKT_USER_ID
if (node->pkt->pkttype == PKT_USER_ID) && !node->pkt->pkt.user_id->is_revoked
&& !node->pkt->pkt.user_id->is_expired)
{ {
if (uidnode && issigned) if (uidnode && issigned)
{ {
@ -1346,12 +1350,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
} }
uidnode = node; uidnode = node;
uid=uidnode->pkt->pkt.user_id; uid=uidnode->pkt->pkt.user_id;
#if 0
/* If the selfsig is going to expire... This is disabled as /* If the selfsig is going to expire... */
we do count un-self-signed uids in the web of trust. */
if(uid->expiredate && uid->expiredate<*next_expire) if(uid->expiredate && uid->expiredate<*next_expire)
*next_expire = uid->expiredate; *next_expire = uid->expiredate;
#endif
issigned = 0; issigned = 0;
get_validity_counts(pk,uid); get_validity_counts(pk,uid);
mark_usable_uid_certs (kb, uidnode, main_kid, klist, mark_usable_uid_certs (kb, uidnode, main_kid, klist,