mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Set a limit of 5 to the number of keys imported from the WKD.
* g10/import.c (import): Limit the number of considered keys to 5. (import_one): Return the first fingerprint in case of WKD. -- The Web Key Directory should carry only one key. However, some providers like to put old or expired keys also into the WKD. I don't thunk that this is a good idea but I heard claims that this is needed for them to migrate existing key data bases. This patch puts a limit on 5 on it (we had none right now) and also fixes the issue that gpg could not work immediately with the requested key because the code uses the fingerprint of the key to use the imported key. Now the first key is used. On a second try (w/o accessing the WKD) the regular key selection mechanism would be in effect. I think this is the most conservative approach. Let's see whether it helps. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
cb20659674
commit
e9fcb0361a
21
g10/import.c
21
g10/import.c
@ -665,6 +665,18 @@ import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
|
||||
|
||||
if (!(++stats->count % 100) && !opt.quiet)
|
||||
log_info (_("%lu keys processed so far\n"), stats->count );
|
||||
|
||||
if (origin == KEYORG_WKD && stats->count >= 5)
|
||||
{
|
||||
/* We limit the number of keys _received_ from the WKD to 5.
|
||||
* In fact there should be only one key but some sites want
|
||||
* to store a few expired keys there also. gpg's key
|
||||
* selection will later figure out which key to use. Note
|
||||
* that for WKD we always return the fingerprint of the
|
||||
* first imported key. */
|
||||
log_info ("import from WKD stopped after %d keys\n", 5);
|
||||
break;
|
||||
}
|
||||
}
|
||||
stats->v3keys += v3keys;
|
||||
if (rc == -1)
|
||||
@ -2174,16 +2186,21 @@ import_one (ctrl_t ctrl,
|
||||
fingerprint of the key in all cases. */
|
||||
if (fpr)
|
||||
{
|
||||
xfree (*fpr);
|
||||
/* Note that we need to compare against 0 here because
|
||||
COUNT gets only incremented after returning from this
|
||||
function. */
|
||||
if (!stats->count)
|
||||
{
|
||||
xfree (*fpr);
|
||||
*fpr = fingerprint_from_pk (pk, NULL, fpr_len);
|
||||
else
|
||||
}
|
||||
else if (origin != KEYORG_WKD)
|
||||
{
|
||||
xfree (*fpr);
|
||||
*fpr = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Now that the key is definitely incorporated into the keydb, we
|
||||
need to check if a designated revocation is present or if the
|
||||
|
Loading…
x
Reference in New Issue
Block a user