security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-03-07 22:01:07 +01:00
Code Activity

g10: Add support for TRUST_NEVER.

Browse Source 
* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
returned by the TOFU trust model.
(do_we_trust_pre): Print a different message if TRUSTLEVEL is
TRUST_NEVER.
(check_signatures_trust): Improve comment.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2016-09-01 13:29:56 +02:00
parent 0cb0ea1633
commit f2e5cb6ffb
1 changed files with 19 additions and 5 deletions

24
g10/pkclist.c

@ -449,6 +449,13 @@ do_we_trust( PKT_public_key *pk, unsigned int trustlevel )
if( opt.verbose ) if( opt.verbose )
log_info(_("This key belongs to us\n")); log_info(_("This key belongs to us\n"));
return 1; /* yes */ return 1; /* yes */
case TRUST_NEVER:
/* This is retruned can be returned by TOFU, which can return
negative assertions. */
log_info(_("%s: This key is bad! It has been marked as untrusted!\n"),
keystr_from_pk(pk));
return 0; /* no */
} }
return 1; /*NOTREACHED*/ return 1; /*NOTREACHED*/
@ -472,10 +479,16 @@ do_we_trust_pre( PKT_public_key *pk, unsigned int trustlevel )
print_fingerprint (NULL, pk, 2); print_fingerprint (NULL, pk, 2);
tty_printf("\n"); tty_printf("\n");
tty_printf( if ((trustlevel & TRUST_MASK) == TRUST_NEVER)
_("It is NOT certain that the key belongs to the person named\n" tty_printf(
"in the user ID. If you *really* know what you are doing,\n" _("This key has is bad! It has been marked as untrusted! If you\n"
"you may answer the next question with yes.\n")); "*really* know what you are doing, you may answer the next\n"
"question with yes.\n"));
else
tty_printf(
_("It is NOT certain that the key belongs to the person named\n"
"in the user ID. If you *really* know what you are doing,\n"
"you may answer the next question with yes.\n"));
tty_printf("\n"); tty_printf("\n");
@ -654,7 +667,8 @@ check_signatures_trust (ctrl_t ctrl, PKT_signature *sig)
break; break;
case TRUST_NEVER: case TRUST_NEVER:
/* currently we won't get that status */ /* This level can be returned by TOFU, which supports negative
* assertions. */
write_trust_status (STATUS_TRUST_NEVER, trustlevel); write_trust_status (STATUS_TRUST_NEVER, trustlevel);
log_info(_("WARNING: We do NOT trust this key!\n")); log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n")); log_info(_(" The signature is probably a FORGERY.\n"));