diff --git a/common/compliance.c b/common/compliance.c index 315927575..59d94038d 100644 --- a/common/compliance.c +++ b/common/compliance.c @@ -353,6 +353,10 @@ gnupg_pk_is_allowed (enum gnupg_compliance_mode compliance, case PUBKEY_ALGO_EDDSA: + if (use == PK_USE_VERIFICATION) + result = 1; + else /* We may not create such signatures in de-vs mode. */ + result = 0; break; default: diff --git a/doc/gpg.texi b/doc/gpg.texi index 792ca9aa5..47aa0a4d0 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3559,13 +3559,7 @@ signatures made using SHA-1, those key signatures are considered invalid. This options allows to override this restriction. @item --override-compliance-check -@opindex --override-compliance-check -The signature verification only allows the use of keys suitable in the -current compliance mode. If the compliance mode has been forced by a -global option, there might be no way to check certain signature. This -option allows to override this and prints an extra warning in such a -case. This option is ignored in --batch mode so that no accidental -unattended verification may happen. +This was a temporary introduced option and has no more effect. @item --no-default-keyring @opindex no-default-keyring diff --git a/g10/gpg.c b/g10/gpg.c index de40d3828..dd0bf0167 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -360,7 +360,6 @@ enum cmd_and_opt_values oShowSessionKey, oOverrideSessionKey, oOverrideSessionKeyFD, - oOverrideComplianceCheck, oNoRandomSeedFile, oAutoKeyRetrieve, oNoAutoKeyRetrieve, @@ -878,7 +877,6 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oCipherAlgo, "cipher-algo", "@"), ARGPARSE_s_s (oDigestAlgo, "digest-algo", "@"), ARGPARSE_s_s (oCertDigestAlgo, "cert-digest-algo", "@"), - ARGPARSE_s_n (oOverrideComplianceCheck, "override-compliance-check", "@"), ARGPARSE_header (NULL, N_("Options for unattended use")), @@ -972,6 +970,7 @@ static gpgrt_opt_t opts[] = { ARGPARSE_s_s (oNoop, "aead-algo", "@"), ARGPARSE_s_s (oNoop, "personal-aead-preferences","@"), ARGPARSE_s_n (oNoop, "rfc4880bis", "@"), + ARGPARSE_s_n (oNoop, "override-compliance-check", "@"), ARGPARSE_group (302, N_( @@ -3666,10 +3665,6 @@ main (int argc, char **argv) opt.flags.allow_old_cipher_algos = 1; break; - case oOverrideComplianceCheck: - opt.flags.override_compliance_check = 1; - break; - case oFakedSystemTime: { size_t len = strlen (pargs.r.ret_str); @@ -3879,15 +3874,6 @@ main (int argc, char **argv) g10_exit(2); } - /* We allow overriding the compliance check only in non-batch mode - * so that the user has a chance to see the message. */ - if (opt.flags.override_compliance_check && opt.batch) - { - opt.flags.override_compliance_check = 0; - log_info ("Note: '%s' ignored due to batch mode\n", - "--override-compliance-check"); - } - set_debug (debug_level); if (opt.verbose) /* Print the compatibility flags. */ parse_compatibility_flags (NULL, &opt.compat_flags, compatibility_flags); diff --git a/g10/options.h b/g10/options.h index fa649f8ca..74a6cdb16 100644 --- a/g10/options.h +++ b/g10/options.h @@ -245,7 +245,6 @@ struct unsigned int allow_old_cipher_algos:1; unsigned int allow_weak_digest_algos:1; unsigned int allow_weak_key_signatures:1; - unsigned int override_compliance_check:1; unsigned int large_rsa:1; unsigned int disable_signer_uid:1; unsigned int include_key_block:1; diff --git a/g10/sig-check.c b/g10/sig-check.c index 7c48c0601..7a2c934cd 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -78,17 +78,10 @@ check_key_verify_compliance (PKT_public_key *pk) NULL)) { /* Compliance failure. */ - log_info (_("key %s may not be used for signing in %s mode\n"), + log_error (_("key %s may not be used for signing in %s mode\n"), keystr_from_pk (pk), gnupg_compliance_option_string (opt.compliance)); - if (opt.flags.override_compliance_check) - log_info (_("continuing verification anyway due to option %s\n"), - "--override-compliance-failure"); - else - { - log_inc_errorcount (); /* We used log info above. */ - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - } + err = gpg_error (GPG_ERR_PUBKEY_ALGO); } return err;