g10: Add support for TRUST_NEVER.

* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be returned by the TOFU trust model. (do_we_trust_pre): Print a different message if TRUSTLEVEL is TRUST_NEVER. (check_signatures_trust): Improve comment. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2025-02-01 16:33:02 +01:00 · 2016-09-01 13:29:56 +02:00 · 2016-09-01 13:29:56 +02:00 · f2e5cb6ffb
commit f2e5cb6ffb
parent 0cb0ea1633
1 changed files with 19 additions and 5 deletions
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -449,6 +449,13 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
      if( opt.verbose )
 	log_info(_("This key belongs to us\n"));
      return 1; /* yes */
+
+    case TRUST_NEVER:
+      /* This is retruned can be returned by TOFU, which can return
+         negative assertions.  */
+      log_info(_("%s: This key is bad!  It has been marked as untrusted!\n"),
+               keystr_from_pk(pk));
+      return 0; /* no */
    }

  return 1; /*NOTREACHED*/
@ -472,10 +479,16 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
      print_fingerprint (NULL, pk, 2);
      tty_printf("\n");

-      tty_printf(
-	       _("It is NOT certain that the key belongs to the person named\n"
-		 "in the user ID.  If you *really* know what you are doing,\n"
-		 "you may answer the next question with yes.\n"));
+      if ((trustlevel & TRUST_MASK) == TRUST_NEVER)
+        tty_printf(
+          _("This key has is bad!  It has been marked as untrusted!  If you\n"
+            "*really* know what you are doing, you may answer the next\n"
+            "question with yes.\n"));
+      else
+        tty_printf(
+          _("It is NOT certain that the key belongs to the person named\n"
+            "in the user ID.  If you *really* know what you are doing,\n"
+            "you may answer the next question with yes.\n"));

      tty_printf("\n");

@ -654,7 +667,8 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
      break;

    case TRUST_NEVER:
-      /* currently we won't get that status */
+      /* This level can be returned by TOFU, which supports negative
+       * assertions.  */
      write_trust_status (STATUS_TRUST_NEVER, trustlevel);
      log_info(_("WARNING: We do NOT trust this key!\n"));
      log_info(_("         The signature is probably a FORGERY.\n"));