mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
* hkp.c (hkp_search): Return proper error code on failure.
* keyedit.c (sign_uids): Do not allow signing a user ID without a self-signature. --expert overrides. * options.skel: Use subkeys.pgp.net as the default keyserver. * trustdb.c (validate_one_keyblock): Certifications on revoked or expired uids do not count in the web of trust.
This commit is contained in:
parent
d67479006e
commit
a5381060d2
@ -1,3 +1,15 @@
|
||||
2003-06-17 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* hkp.c (hkp_search): Return proper error code on failure.
|
||||
|
||||
* keyedit.c (sign_uids): Do not allow signing a user ID without a
|
||||
self-signature. --expert overrides.
|
||||
|
||||
* options.skel: Use subkeys.pgp.net as the default keyserver.
|
||||
|
||||
* trustdb.c (validate_one_keyblock): Certifications on revoked or
|
||||
expired uids do not count in the web of trust.
|
||||
|
||||
2003-06-14 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* keylist.c (list_keyblock_colon): Don't include validity values
|
||||
|
@ -366,7 +366,7 @@ parse_hkp_index(IOBUF buffer,char *line)
|
||||
{
|
||||
m_free(key);
|
||||
m_free(uid);
|
||||
log_error(_("this keyserver is not fully HKP compatible\n"));
|
||||
log_error(_("this keyserver does not support --search-keys\n"));
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -598,7 +598,10 @@ int hkp_search(STRLIST tokens)
|
||||
|
||||
ret=parse_hkp_index(buffer,line);
|
||||
if(ret==-1)
|
||||
break;
|
||||
{
|
||||
rc=G10ERR_KEYSERVER;
|
||||
break;
|
||||
}
|
||||
|
||||
if(rc!=0)
|
||||
count+=ret;
|
||||
|
@ -397,10 +397,26 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
|
||||
tty_printf(_(" Unable to sign.\n"));
|
||||
}
|
||||
}
|
||||
else if(!uidnode->pkt->pkt.user_id->created)
|
||||
else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
|
||||
{
|
||||
tty_printf(_("WARNING: user ID \"%s\" is not "
|
||||
"self-signed.\n"),user);
|
||||
tty_printf(_("User ID \"%s\" is not self-signed."),
|
||||
user);
|
||||
|
||||
if(opt.expert)
|
||||
{
|
||||
tty_printf("\n");
|
||||
/* No, so remove the mark and continue */
|
||||
if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
|
||||
_("Are you sure you "
|
||||
"still want to sign "
|
||||
"it? (y/N) ")))
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
}
|
||||
else
|
||||
{
|
||||
uidnode->flag &= ~NODFLG_MARK_A;
|
||||
tty_printf(_(" Unable to sign.\n"));
|
||||
}
|
||||
}
|
||||
|
||||
m_free(user);
|
||||
|
@ -90,7 +90,7 @@
|
||||
# support).
|
||||
#
|
||||
# Example HKP keyserver:
|
||||
# x-hkp://subkeys.pgp.net
|
||||
# hkp://subkeys.pgp.net
|
||||
#
|
||||
# Example email keyserver:
|
||||
# mailto:pgp-public-keys@keys.pgp.net
|
||||
@ -101,7 +101,7 @@
|
||||
#
|
||||
# Regular URL syntax applies, and you can set an alternate port
|
||||
# through the usual method:
|
||||
# x-hkp://keyserver.example.net:22742
|
||||
# hkp://keyserver.example.net:22742
|
||||
#
|
||||
# If you have problems connecting to a HKP server through a buggy http
|
||||
# proxy, you can use keyserver option broken-http-proxy (see below),
|
||||
@ -112,7 +112,7 @@
|
||||
# Most servers do synchronize with each other and DNS round-robin may
|
||||
# give you a quasi-random server each time.
|
||||
|
||||
#keyserver x-hkp://subkeys.pgp.net
|
||||
keyserver hkp://subkeys.pgp.net
|
||||
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
|
||||
#keyserver ldap://pgp.surfnet.nl:11370
|
||||
#keyserver ldap://keyserver.pgp.com
|
||||
|
@ -1329,10 +1329,14 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||
signed (but not self-signed) uid does carry trust, of a sort,
|
||||
even if it is a statement being made by people other than the
|
||||
key owner "through" the uids on the key owner's key. I'm
|
||||
going with the latter. -dshaw */
|
||||
going with the latter. However, if the user ID was
|
||||
explicitly revoked, or passively allowed to expire, that
|
||||
should stop validity through the user ID until it is
|
||||
resigned. -dshaw */
|
||||
|
||||
/* && node->pkt->pkt.user_id->created) */
|
||||
if (node->pkt->pkttype == PKT_USER_ID)
|
||||
if (node->pkt->pkttype == PKT_USER_ID
|
||||
&& !node->pkt->pkt.user_id->is_revoked
|
||||
&& !node->pkt->pkt.user_id->is_expired)
|
||||
{
|
||||
if (uidnode && issigned)
|
||||
{
|
||||
@ -1346,12 +1350,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
|
||||
}
|
||||
uidnode = node;
|
||||
uid=uidnode->pkt->pkt.user_id;
|
||||
#if 0
|
||||
/* If the selfsig is going to expire... This is disabled as
|
||||
we do count un-self-signed uids in the web of trust. */
|
||||
|
||||
/* If the selfsig is going to expire... */
|
||||
if(uid->expiredate && uid->expiredate<*next_expire)
|
||||
*next_expire = uid->expiredate;
|
||||
#endif
|
||||
|
||||
issigned = 0;
|
||||
get_validity_counts(pk,uid);
|
||||
mark_usable_uid_certs (kb, uidnode, main_kid, klist,
|
||||
|
Loading…
x
Reference in New Issue
Block a user