security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

* trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable

Browse source 
signatures that can expire.  In short, the only thing that can override an
unexpired nonrevocable signature is another unexpired nonrevocable
signature.

* getkey.c (finish_lookup): Always use primary signing key for signatures
when --pgp6 is on since pgp6 and 7 do not understand signatures made by
signing subkeys.
This commit is contained in:
David Shaw 2002-04-18 18:23:22 +00:00
parent 37c268ed6a
commit c07113d265
3 changed files with 59 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

11
g10/getkey.c
View file

@ -1826,7 +1826,10 @@ finish_lookup (GETKEY_CTX ctx)
PKT_user_id *foundu = NULL;
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
int req_cert = (ctx->req_usage & PUBKEY_USAGE_CERT);
/* Request the primary if we're certifying another key, and also
if --pgp6 is on (since pgp 6 (and 7) do not understand
signatures made by a signing subkey. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) | opt.pgp6;
u32 latest_date;
KBNODE latest_key;
u32 curtime = make_timestamp ();
@ -1877,7 +1880,7 @@ finish_lookup (GETKEY_CTX ctx)
latest_date = 0;
latest_key = NULL;
/* do not look at subkeys if a certification key is requested */
if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_cert) {
if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim) {
KBNODE nextk;
/* either start a loop or check just this one subkey */
for (k=foundk?foundk:keyblock; k; k = nextk ) {
@ -1930,9 +1933,9 @@ finish_lookup (GETKEY_CTX ctx)
/* Okay now try the primary key unless we want an exact
* key ID match on a subkey */
if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_cert) {
if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) {
PKT_public_key *pk;
if (DBG_CACHE && !foundk && !req_cert )
if (DBG_CACHE && !foundk && !req_prim )
log_debug( "\tno suitable subkeys found - trying primary\n");
pk = keyblock->pkt->pkt.public_key;
if ( !pk->is_valid ) {