Fix bug#1059 (missing status line signature verification done with a

subkey while on the main key has expired).
2009-12-17 17:55:43 +00:00 · 2009-12-17 17:55:43 +00:00 · ad27e8f41b
parent af935bd410
commit ad27e8f41b
2 changed files with 8 additions and 1 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,5 +1,8 @@
 2009-12-17  Werner Koch  <wk@g10code.com>

+	* sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag.
+	Fixes bug#1059.
+
 	* gpg.c: Add new option --faked-system-time.

 2009-12-15  Werner Koch  <wk@g10code.com>
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -229,7 +229,11 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig,
 	  return G10ERR_TIME_CONFLICT;
      }

-    if( pk->expiredate && pk->expiredate < cur_time ) {
+    /* Check whether the key has expired.  We check the has_expired
+       flag which is set after a full evaluation of the key (getkey.c)
+       as well as a simple compare to the current time in case the
+       merge has for whatever reasons not been done.  */
+    if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) {
        char buf[11];
        if (opt.verbose)
 	  log_info(_("NOTE: signature key %s expired %s\n"),