* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable

signatures that can expire.  In short, the only thing that can override an
unexpired nonrevocable signature is another unexpired nonrevocable
signature.

* getkey.c (finish_lookup): Always use primary signing key for signatures
when --pgp6 is on since pgp6 and 7 do not understand signatures made by
signing subkeys.

g10/ChangeLog

@@ -1,3 +1,14 @@
+2002-04-18  David Shaw  <dshaw@jabberwocky.com>
+
+	* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable
+	signatures that can expire.  In short, the only thing that can
+	override an unexpired nonrevocable signature is another unexpired
+	nonrevocable signature.
+
+	* getkey.c (finish_lookup): Always use primary signing key for
+	signatures when --pgp6 is on since pgp6 and 7 do not understand
+	signatures made by signing subkeys.
+
 2002-04-18  Werner Koch  <wk@gnupg.org>
 
 	* trustdb.c (validate_keys): Never schedule a nextcheck into the

g10/getkey.c

@@ -1826,7 +1826,10 @@ finish_lookup (GETKEY_CTX ctx)
     PKT_user_id *foundu = NULL;
   #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
     unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
-    int req_cert = (ctx->req_usage & PUBKEY_USAGE_CERT);
+    /* Request the primary if we're certifying another key, and also
+       if --pgp6 is on (since pgp 6 (and 7) do not understand
+       signatures made by a signing subkey. */
+    int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) | opt.pgp6;
     u32 latest_date;
     KBNODE latest_key;
     u32 curtime = make_timestamp ();
@@ -1877,7 +1880,7 @@ finish_lookup (GETKEY_CTX ctx)
     latest_date = 0;
     latest_key  = NULL;
     /* do not look at subkeys if a certification key is requested */
-    if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_cert) {
+    if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim) {
         KBNODE nextk;
         /* either start a loop or check just this one subkey */
         for (k=foundk?foundk:keyblock; k; k = nextk ) {
@@ -1930,9 +1933,9 @@ finish_lookup (GETKEY_CTX ctx)
 
     /* Okay now try the primary key unless we want an exact 
      * key ID match on a subkey */
-    if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_cert) {
+    if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) {
         PKT_public_key *pk;
-        if (DBG_CACHE && !foundk && !req_cert )
+        if (DBG_CACHE && !foundk && !req_prim )
             log_debug( "\tno suitable subkeys found - trying primary\n");
         pk = keyblock->pkt->pkt.public_key;
         if ( !pk->is_valid ) {

g10/trustdb.c

@@ -1057,26 +1057,50 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
             continue;
           n->flag |= (1<<10); /* mark this node as processed */
 
-	  /* If the current signode is a nonrevocable signature, and
-             we're checking a revocation, then skip.  Note that this
-             will let more recent signatures replace the nonrevocable
-             signature.  Is that the proper behavior? */
-
-	  if(IS_UID_REV(n->pkt->pkt.signature) &&
-	     IS_UID_SIG(signode->pkt->pkt.signature) &&
-	     !signode->pkt->pkt.signature->flags.revocable)
+	  /* If signode is nonrevocable and unexpired and n isn't,
+             then take signode (skip).  It doesn't matter which is
+             older: if signode was older then we don't want to take n
+             as signode is nonrevocable.  If n was older then we're
+             automatically fine. */
+	  
+	  if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
+	       !signode->pkt->pkt.signature->flags.revocable &&
+	       (signode->pkt->pkt.signature->expiredate==0 ||
+		signode->pkt->pkt.signature->expiredate>curtime))) &&
+	     (!(IS_UID_SIG(n->pkt->pkt.signature) &&
+		!n->pkt->pkt.signature->flags.revocable &&
+		(n->pkt->pkt.signature->expiredate==0 ||
+		 n->pkt->pkt.signature->expiredate>curtime))))
 	    continue;
 
-	  /* A nonrevocable signature n should always replace a
-             revocation in signode.  If n is newer, then there is no
-             question.  If n is older, then it should still replace
-             signode as the revocation in signode is invalid because n
-             is nonrevocable. */
+	  /* If n is nonrevocable and unexpired and signode isn't,
+             then take n.  Again, it doesn't matter which is older: if
+             n was older then we don't want to take signode as n is
+             nonrevocable.  If signode was older then we're
+             automatically fine. */
+	  
+	  if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
+		!signode->pkt->pkt.signature->flags.revocable &&
+		(signode->pkt->pkt.signature->expiredate==0 ||
+		 signode->pkt->pkt.signature->expiredate>curtime))) &&
+	     ((IS_UID_SIG(n->pkt->pkt.signature) &&
+	       !n->pkt->pkt.signature->flags.revocable &&
+	       (n->pkt->pkt.signature->expiredate==0 ||
+		n->pkt->pkt.signature->expiredate>curtime))))
+            {
+              signode = n;
+              sigdate = sig->timestamp;
+	      continue;
+            }
 
-          if ((sig->timestamp >= sigdate) ||
-	      (IS_UID_REV(signode->pkt->pkt.signature) &&
-	       IS_UID_SIG(n->pkt->pkt.signature) &&
-	       !n->pkt->pkt.signature->flags.revocable))
+	  /* At this point, if it's newer, it goes in as the only
+             remaining possibilities are signode and n are both either
+             revocable or expired or both nonrevocable and unexpired.
+             If the timestamps are equal take the later ordered
+             packet, presuming that the key packets are hopefully in
+             their original order. */
+
+          if (sig->timestamp >= sigdate)
             {
               signode = n;
               sigdate = sig->timestamp;