From cbaca254ac818c49c18d4480d3c7bd246cc57ae8 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@g10code.com>
Date: Wed, 21 Oct 2015 13:31:00 +0200
Subject: [PATCH] gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.

* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
---
 g10/trustdb.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 296083c18..022131a33 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1579,7 +1579,8 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
              since we don't accept a regexp on the sig unless it's a
              trust sig. */
           if (kr && (!kr->trust_regexp
-                     || opt.trust_model != TM_PGP
+                     || !(opt.trust_model == TM_PGP
+                          || opt.trust_model == TM_TOFU_PGP)
                      || (uidnode
                          && check_regexp(kr->trust_regexp,
                                          uidnode->pkt->pkt.user_id->name))))
@@ -1589,7 +1590,8 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
                  lesser trust sig or value.  I could make a decent
                  argument for any of these cases, but this seems to be
                  what PGP does, and I'd like to be compatible. -dms */
-              if (opt.trust_model == TM_PGP
+              if ((opt.trust_model == TM_PGP
+                   || opt.trust_model == TM_TOFU_PGP)
                   && sig->trust_depth
                   && pk->trust_timestamp <= sig->timestamp)
 		{