1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00

Add KEYEXPIRED, EXPSIG, and EXPKEYSIG. Add

"deprecated-use-keyexpired-instead" to SIGEXPIRED.

Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is
signature verification by an expired key and not an expired signature.
Rename do_signature_check as signature_check2, make public, and change all
callers.

Use status EXPSIG for an expired, but good, signature.  Add the expiration
time (or 0) to the VALIDSIG status line.  Use status KEYEXPSIG for a good
signature from an expired key.

Remove checks for no arguments now that argparse does it.
This commit is contained in:
David Shaw 2002-04-10 04:21:26 +00:00
parent 2ad36cb4f2
commit d367d40e47
7 changed files with 80 additions and 43 deletions

View file

@ -619,11 +619,14 @@ proc_compressed( CTX c, PACKET *pkt )
* Returns: 0 = valid signature or an error code
*/
static int
do_check_sig( CTX c, KBNODE node, int *is_selfsig )
do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
{
PKT_signature *sig;
MD_HANDLE md = NULL, md2 = NULL;
int algo, rc;
int algo, rc, dummy, dum2;
if(!is_expkey)
is_expkey=&dum2;
assert( node->pkt->pkttype == PKT_SIGNATURE );
if( is_selfsig )
@ -677,9 +680,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
}
else
return G10ERR_SIG_CLASS;
rc = signature_check( sig, md );
rc = signature_check2( sig, md, &dummy, is_expkey );
if( rc == G10ERR_BAD_SIGN && md2 )
rc = signature_check( sig, md2 );
rc = signature_check2( sig, md2, &dummy, is_expkey );
md_close(md);
md_close(md2);
@ -939,7 +942,7 @@ list_node( CTX c, KBNODE node )
fputs("sig", stdout);
if( opt.check_sigs ) {
fflush(stdout);
switch( (rc2=do_check_sig( c, node, &is_selfsig )) ) {
switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL )) ) {
case 0: sigrc = '!'; break;
case G10ERR_BAD_SIGN: sigrc = '-'; break;
case G10ERR_NO_PUBKEY:
@ -1188,7 +1191,7 @@ check_sig_and_print( CTX c, KBNODE node )
{
PKT_signature *sig = node->pkt->pkt.signature;
const char *astr, *tstr;
int rc;
int rc, is_expkey=0;
if( opt.skip_verify ) {
log_info(_("signature verification suppressed\n"));
@ -1257,16 +1260,25 @@ check_sig_and_print( CTX c, KBNODE node )
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
rc = do_check_sig(c, node, NULL );
rc = do_check_sig(c, node, NULL, &is_expkey );
if( rc == G10ERR_NO_PUBKEY && opt.keyserver_scheme && opt.keyserver_options.auto_key_retrieve) {
if( keyserver_import_keyid ( sig->keyid )==0 )
rc = do_check_sig(c, node, NULL );
rc = do_check_sig(c, node, NULL, &is_expkey );
}
if( !rc || rc == G10ERR_BAD_SIGN ) {
KBNODE un, keyblock;
int count=0;
int count=0, statno;
char keyid_str[50];
if(rc)
statno=STATUS_BADSIG;
else if(sig->flags.expired)
statno=STATUS_EXPSIG;
else if(is_expkey)
statno=STATUS_EXPKEYSIG;
else
statno=STATUS_GOODSIG;
keyblock = get_pubkeyblock( sig->keyid );
sprintf (keyid_str, "%08lX%08lX [uncertain] ",
@ -1284,8 +1296,7 @@ check_sig_and_print( CTX c, KBNODE node )
continue;
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
write_status_text_and_buffer (rc? STATUS_BADSIG:STATUS_GOODSIG,
keyid_str,
write_status_text_and_buffer (statno, keyid_str,
un->pkt->pkt.user_id->name,
un->pkt->pkt.user_id->len,
-1 );
@ -1307,8 +1318,7 @@ check_sig_and_print( CTX c, KBNODE node )
if (opt.always_trust || !un)
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
write_status_text_and_buffer (rc? STATUS_BADSIG:STATUS_GOODSIG,
keyid_str,
write_status_text_and_buffer (statno, keyid_str,
un? un->pkt->pkt.user_id->name:"[?]",
un? un->pkt->pkt.user_id->len:3,
-1 );
@ -1354,16 +1364,17 @@ check_sig_and_print( CTX c, KBNODE node )
if( !get_pubkey( pk, sig->keyid ) ) {
byte array[MAX_FINGERPRINT_LEN], *p;
char buf[MAX_FINGERPRINT_LEN*2+61];
char buf[MAX_FINGERPRINT_LEN*2+72];
size_t i, n;
fingerprint_from_pk( pk, array, &n );
p = array;
for(i=0; i < n ; i++, p++ )
sprintf(buf+2*i, "%02X", *p );
sprintf(buf+strlen(buf), " %s %lu",
sprintf(buf+strlen(buf), " %s %lu %lu",
strtimestamp( sig->timestamp ),
(ulong)sig->timestamp );
(ulong)sig->timestamp,
(ulong)sig->expiredate );
write_status_text( STATUS_VALIDSIG, buf );
}
free_public_key( pk );