mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
* misc.c (pull_in_libs): Dead code. Removed.
* sig-check.c (check_revocation_keys): Comments. * getkey.c (merge_selfsigs_main): Don't bother to check designated revoker sigs if the key is already revoked. * packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on PKs. It is set when there is a revocation signature from a valid revocation key, but the revocation key is not present to verify the signature. * pkclist.c (check_signatures_trust): Use it here to give a warning when showing key trust. * compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library and we can at least guarantee that it won't fail because of the lack of stdio.h. * tdbio.c: Fixed format string bugs related to the use of DB_NAME. Reported by Florian Weimer.
This commit is contained in:
parent
f13f772a29
commit
d537d547ce
8 changed files with 67 additions and 45 deletions
|
@ -320,20 +320,22 @@ cache_sig_result ( PKT_signature *sig, int result )
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/* Check the revocation keys to see if any of them have revoked our
|
||||
pk. sig is the revocation sig. pk is the key it is on. This code
|
||||
will need to be modified if gpg ever becomes multi-threaded. Note
|
||||
that this guarantees that a designated revocation sig will never be
|
||||
considered valid unless it is actually valid, as well as being
|
||||
issued by a revocation key in a valid direct signature. Note that
|
||||
this is written so that a revoked revoker can still issue
|
||||
issued by a revocation key in a valid direct signature. Note also
|
||||
that this is written so that a revoked revoker can still issue
|
||||
revocations: i.e. If A revokes B, but A is revoked, B is still
|
||||
revoked. I'm not completely convinced this is the proper behavior,
|
||||
but it matches how PGP does it. -dms */
|
||||
|
||||
/* Returns 0 if sig is valid (i.e. pk is revoked), non-0 if not
|
||||
revoked */
|
||||
revoked. It is important that G10ERR_NO_PUBKEY is only returned
|
||||
when a revocation signature is from a valid revocation key
|
||||
designated in a revkey subpacket, but the revocation key itself
|
||||
isn't present. */
|
||||
int
|
||||
check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
|
||||
{
|
||||
|
@ -345,9 +347,9 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig)
|
|||
|
||||
if(busy)
|
||||
{
|
||||
/* return -1 (i.e. not revoked), but mark the pk as uncacheable
|
||||
as we don't really know its revocation status until it is
|
||||
checked directly. */
|
||||
/* return an error (i.e. not revoked), but mark the pk as
|
||||
uncacheable as we don't really know its revocation status
|
||||
until it is checked directly. */
|
||||
|
||||
pk->dont_cache=1;
|
||||
return rc;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue