security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Add KEYEXPIRED, EXPSIG, and EXPKEYSIG. Add

Browse source 
"deprecated-use-keyexpired-instead" to SIGEXPIRED.

Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is
signature verification by an expired key and not an expired signature.
Rename do_signature_check as signature_check2, make public, and change all
callers.

Use status EXPSIG for an expired, but good, signature.  Add the expiration
time (or 0) to the VALIDSIG status line.  Use status KEYEXPSIG for a good
signature from an expired key.

Remove checks for no arguments now that argparse does it.
This commit is contained in:
David Shaw 2002-04-10 04:21:26 +00:00
parent 2ad36cb4f2
commit d367d40e47
7 changed files with 80 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

20
g10/sig-check.c
View file

@ -39,13 +39,9 @@ struct cmp_help_context_s {
MD_HANDLE md;
};
static int do_signature_check( PKT_signature *sig, MD_HANDLE digest,
u32 *r_expiredate, int *r_expired );
static int do_check( PKT_public_key *pk, PKT_signature *sig,
MD_HANDLE digest, int *r_expired );
/****************
* Check the signature which is contained in SIG.
* The MD_HANDLE should be currently open, so that this function
@ -56,12 +52,12 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
{
u32 dummy;
int dum2;
return do_signature_check( sig, digest, &dummy, &dum2 );
return signature_check2( sig, digest, &dummy, &dum2 );
}
static int
do_signature_check( PKT_signature *sig, MD_HANDLE digest,
u32 *r_expiredate, int *r_expired )
int
signature_check2( PKT_signature *sig, MD_HANDLE digest,
u32 *r_expiredate, int *r_expired )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
@ -82,7 +78,7 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest,
* this sig-id we could have also used the hash of the document
* and the timestamp, but the drawback of this is, that it is
* not possible to sign more than one identical document within
* one second. Some remote bacth processing applications might
* one second. Some remote batch processing applications might
* like this feature here */
MD_HANDLE md;
u32 a = sig->timestamp;
@ -233,6 +229,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
}
if( pk->expiredate && pk->expiredate < cur_time ) {
char buf[11];
if (opt.verbose) {
u32 tmp_kid[2];
@ -240,6 +237,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest,
log_info(_("NOTE: signature key %08lX expired %s\n"),
(ulong)tmp_kid[1], asctimestamp( pk->expiredate ) );
}
/* SIGEXPIRED is deprecated. Use KEYEXPIRED. */
sprintf(buf,"%lu",(ulong)pk->expiredate);
write_status_text(STATUS_KEYEXPIRED,buf);
write_status(STATUS_SIGEXPIRED);
*r_expired = 1;
}
@ -490,7 +490,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig,
rc = do_check( pk, sig, md, r_expired );
}
else {
rc = do_signature_check( sig, md, r_expiredate, r_expired );
rc = signature_check2( sig, md, r_expiredate, r_expired );
}
cache_sig_result ( sig, rc );
md_close(md);