1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

* hkp.c (hkp_search): Return proper error code on failure.

* keyedit.c (sign_uids): Do not allow signing a user ID without a
self-signature.  --expert overrides.

* options.skel: Use subkeys.pgp.net as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
This commit is contained in:
David Shaw 2003-06-18 03:25:45 +00:00
parent d67479006e
commit a5381060d2
5 changed files with 49 additions and 15 deletions

View File

@ -1,3 +1,15 @@
2003-06-17 David Shaw <dshaw@jabberwocky.com>
* hkp.c (hkp_search): Return proper error code on failure.
* keyedit.c (sign_uids): Do not allow signing a user ID without a
self-signature. --expert overrides.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or
expired uids do not count in the web of trust.
2003-06-14 David Shaw <dshaw@jabberwocky.com>
* keylist.c (list_keyblock_colon): Don't include validity values

View File

@ -366,7 +366,7 @@ parse_hkp_index(IOBUF buffer,char *line)
{
m_free(key);
m_free(uid);
log_error(_("this keyserver is not fully HKP compatible\n"));
log_error(_("this keyserver does not support --search-keys\n"));
return -1;
}
@ -598,7 +598,10 @@ int hkp_search(STRLIST tokens)
ret=parse_hkp_index(buffer,line);
if(ret==-1)
{
rc=G10ERR_KEYSERVER;
break;
}
if(rc!=0)
count+=ret;

View File

@ -397,10 +397,26 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
tty_printf(_(" Unable to sign.\n"));
}
}
else if(!uidnode->pkt->pkt.user_id->created)
else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
{
tty_printf(_("WARNING: user ID \"%s\" is not "
"self-signed.\n"),user);
tty_printf(_("User ID \"%s\" is not self-signed."),
user);
if(opt.expert)
{
tty_printf("\n");
/* No, so remove the mark and continue */
if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
_("Are you sure you "
"still want to sign "
"it? (y/N) ")))
uidnode->flag &= ~NODFLG_MARK_A;
}
else
{
uidnode->flag &= ~NODFLG_MARK_A;
tty_printf(_(" Unable to sign.\n"));
}
}
m_free(user);

View File

@ -90,7 +90,7 @@
# support).
#
# Example HKP keyserver:
# x-hkp://subkeys.pgp.net
# hkp://subkeys.pgp.net
#
# Example email keyserver:
# mailto:pgp-public-keys@keys.pgp.net
@ -101,7 +101,7 @@
#
# Regular URL syntax applies, and you can set an alternate port
# through the usual method:
# x-hkp://keyserver.example.net:22742
# hkp://keyserver.example.net:22742
#
# If you have problems connecting to a HKP server through a buggy http
# proxy, you can use keyserver option broken-http-proxy (see below),
@ -112,7 +112,7 @@
# Most servers do synchronize with each other and DNS round-robin may
# give you a quasi-random server each time.
#keyserver x-hkp://subkeys.pgp.net
keyserver hkp://subkeys.pgp.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://pgp.surfnet.nl:11370
#keyserver ldap://keyserver.pgp.com

View File

@ -1329,10 +1329,14 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
signed (but not self-signed) uid does carry trust, of a sort,
even if it is a statement being made by people other than the
key owner "through" the uids on the key owner's key. I'm
going with the latter. -dshaw */
going with the latter. However, if the user ID was
explicitly revoked, or passively allowed to expire, that
should stop validity through the user ID until it is
resigned. -dshaw */
/* && node->pkt->pkt.user_id->created) */
if (node->pkt->pkttype == PKT_USER_ID)
if (node->pkt->pkttype == PKT_USER_ID
&& !node->pkt->pkt.user_id->is_revoked
&& !node->pkt->pkt.user_id->is_expired)
{
if (uidnode && issigned)
{
@ -1346,12 +1350,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
}
uidnode = node;
uid=uidnode->pkt->pkt.user_id;
#if 0
/* If the selfsig is going to expire... This is disabled as
we do count un-self-signed uids in the web of trust. */
/* If the selfsig is going to expire... */
if(uid->expiredate && uid->expiredate<*next_expire)
*next_expire = uid->expiredate;
#endif
issigned = 0;
get_validity_counts(pk,uid);
mark_usable_uid_certs (kb, uidnode, main_kid, klist,