mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
Add KEYEXPIRED, EXPSIG, and EXPKEYSIG. Add
"deprecated-use-keyexpired-instead" to SIGEXPIRED. Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is signature verification by an expired key and not an expired signature. Rename do_signature_check as signature_check2, make public, and change all callers. Use status EXPSIG for an expired, but good, signature. Add the expiration time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for a good signature from an expired key. Remove checks for no arguments now that argparse does it.
This commit is contained in:
parent
2ad36cb4f2
commit
d367d40e47
7 changed files with 80 additions and 43 deletions
|
@ -619,11 +619,14 @@ proc_compressed( CTX c, PACKET *pkt )
|
|||
* Returns: 0 = valid signature or an error code
|
||||
*/
|
||||
static int
|
||||
do_check_sig( CTX c, KBNODE node, int *is_selfsig )
|
||||
do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey )
|
||||
{
|
||||
PKT_signature *sig;
|
||||
MD_HANDLE md = NULL, md2 = NULL;
|
||||
int algo, rc;
|
||||
int algo, rc, dummy, dum2;
|
||||
|
||||
if(!is_expkey)
|
||||
is_expkey=&dum2;
|
||||
|
||||
assert( node->pkt->pkttype == PKT_SIGNATURE );
|
||||
if( is_selfsig )
|
||||
|
@ -677,9 +680,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
|
|||
}
|
||||
else
|
||||
return G10ERR_SIG_CLASS;
|
||||
rc = signature_check( sig, md );
|
||||
rc = signature_check2( sig, md, &dummy, is_expkey );
|
||||
if( rc == G10ERR_BAD_SIGN && md2 )
|
||||
rc = signature_check( sig, md2 );
|
||||
rc = signature_check2( sig, md2, &dummy, is_expkey );
|
||||
md_close(md);
|
||||
md_close(md2);
|
||||
|
||||
|
@ -939,7 +942,7 @@ list_node( CTX c, KBNODE node )
|
|||
fputs("sig", stdout);
|
||||
if( opt.check_sigs ) {
|
||||
fflush(stdout);
|
||||
switch( (rc2=do_check_sig( c, node, &is_selfsig )) ) {
|
||||
switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL )) ) {
|
||||
case 0: sigrc = '!'; break;
|
||||
case G10ERR_BAD_SIGN: sigrc = '-'; break;
|
||||
case G10ERR_NO_PUBKEY:
|
||||
|
@ -1188,7 +1191,7 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||
{
|
||||
PKT_signature *sig = node->pkt->pkt.signature;
|
||||
const char *astr, *tstr;
|
||||
int rc;
|
||||
int rc, is_expkey=0;
|
||||
|
||||
if( opt.skip_verify ) {
|
||||
log_info(_("signature verification suppressed\n"));
|
||||
|
@ -1257,16 +1260,25 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
|
||||
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
|
||||
|
||||
rc = do_check_sig(c, node, NULL );
|
||||
rc = do_check_sig(c, node, NULL, &is_expkey );
|
||||
if( rc == G10ERR_NO_PUBKEY && opt.keyserver_scheme && opt.keyserver_options.auto_key_retrieve) {
|
||||
if( keyserver_import_keyid ( sig->keyid )==0 )
|
||||
rc = do_check_sig(c, node, NULL );
|
||||
rc = do_check_sig(c, node, NULL, &is_expkey );
|
||||
}
|
||||
if( !rc || rc == G10ERR_BAD_SIGN ) {
|
||||
KBNODE un, keyblock;
|
||||
int count=0;
|
||||
int count=0, statno;
|
||||
char keyid_str[50];
|
||||
|
||||
if(rc)
|
||||
statno=STATUS_BADSIG;
|
||||
else if(sig->flags.expired)
|
||||
statno=STATUS_EXPSIG;
|
||||
else if(is_expkey)
|
||||
statno=STATUS_EXPKEYSIG;
|
||||
else
|
||||
statno=STATUS_GOODSIG;
|
||||
|
||||
keyblock = get_pubkeyblock( sig->keyid );
|
||||
|
||||
sprintf (keyid_str, "%08lX%08lX [uncertain] ",
|
||||
|
@ -1284,8 +1296,7 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||
continue;
|
||||
|
||||
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
|
||||
write_status_text_and_buffer (rc? STATUS_BADSIG:STATUS_GOODSIG,
|
||||
keyid_str,
|
||||
write_status_text_and_buffer (statno, keyid_str,
|
||||
un->pkt->pkt.user_id->name,
|
||||
un->pkt->pkt.user_id->len,
|
||||
-1 );
|
||||
|
@ -1307,8 +1318,7 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||
if (opt.always_trust || !un)
|
||||
keyid_str[17] = 0; /* cut off the "[uncertain]" part */
|
||||
|
||||
write_status_text_and_buffer (rc? STATUS_BADSIG:STATUS_GOODSIG,
|
||||
keyid_str,
|
||||
write_status_text_and_buffer (statno, keyid_str,
|
||||
un? un->pkt->pkt.user_id->name:"[?]",
|
||||
un? un->pkt->pkt.user_id->len:3,
|
||||
-1 );
|
||||
|
@ -1354,16 +1364,17 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||
|
||||
if( !get_pubkey( pk, sig->keyid ) ) {
|
||||
byte array[MAX_FINGERPRINT_LEN], *p;
|
||||
char buf[MAX_FINGERPRINT_LEN*2+61];
|
||||
char buf[MAX_FINGERPRINT_LEN*2+72];
|
||||
size_t i, n;
|
||||
|
||||
fingerprint_from_pk( pk, array, &n );
|
||||
p = array;
|
||||
for(i=0; i < n ; i++, p++ )
|
||||
sprintf(buf+2*i, "%02X", *p );
|
||||
sprintf(buf+strlen(buf), " %s %lu",
|
||||
sprintf(buf+strlen(buf), " %s %lu %lu",
|
||||
strtimestamp( sig->timestamp ),
|
||||
(ulong)sig->timestamp );
|
||||
(ulong)sig->timestamp,
|
||||
(ulong)sig->expiredate );
|
||||
write_status_text( STATUS_VALIDSIG, buf );
|
||||
}
|
||||
free_public_key( pk );
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue