mirror of
git://git.gnupg.org/gnupg.git
synced 2024-09-24 15:31:41 +02:00
037f9de092
* g10/tofu.c (initdb): Add column effective_policy to the bindings table. (record_binding): New parameters effective_policy and set_conflict. Save the effective policy. If SET_CONFLICT is set, then set conflict according to CONFLICT. Otherwise, preserve the current value of conflict. Update callers. (get_trust): Don't compute the effective policy here... (get_policy): ... do it here, if it was not cached. Take new parameters, PK, the public key, and NOW, the time that the operation started. Update callers. (show_statistics): New parameter PK. Pass it to get_policy. Update callers. (tofu_notice_key_changed): New function. * g10/gpgv.c (tofu_notice_key_changed): New stub. * g10/import.c (import_revoke_cert): Take additional argument CTRL. Pass it to keydb_update_keyblock. * g10/keydb.c (keydb_update_keyblock): Take additional argument CTRL. Update callers. [USE_TOFU]: Call tofu_notice_key_changed. * g10/test-stubs.c (tofu_notice_key_changed): New stub. * tests/openpgp/tofu.scm: Assume that manually setting a binding's policy to auto does not cause the tofu engine to forget about any conflict. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> We now store the computed policy in the tofu DB (in the effective_policy column of the bindings table) to avoid computing it every time, which is expensive. Further, policy is never overridden in case of a conflict. Instead, we detect a conflict if CONFLICT is not empty. This change is backwards compatible to existing DBs. The only minor incompatibility is that unresolved conflicts won't be automatically resolved in case we import a direct signature, or cross signatures. |
||
|---|---|---|
| .. | ||
| extrasamples | ||
| fake-pinentries | ||
| gpgscm | ||
| migrations | ||
| openpgp | ||
| pkits | ||
| samplekeys | ||
| samplemsgs | ||
| 567064FE6D14A17B2D811ABB407728BC558AA455 | ||
| asschk.c | ||
| cert_cci_sphinx_ca.pem | ||
| cert_cci_test_wzs.pem | ||
| cert_cci_test_zs.pem | ||
| cert_cci_user02.pem | ||
| cert_cci_user03.pem | ||
| cert_cci_user04.pem | ||
| cert_cci_user06.pem | ||
| cert_cci_user07.pem | ||
| cert_testpki_testpca.pem | ||
| ChangeLog-2011 | ||
| crl_testpki_testpca.pem | ||
| inittests | ||
| key_g10code_pete1.pem | ||
| key_g10code_theo1.pem | ||
| Makefile.am | ||
| runtest | ||
| skey_g10code_test1.pem | ||
| sm-sign+verify | ||
| sm-verify | ||
| text-1.dsig.pem | ||
| text-1.osig-bad.pem | ||
| text-1.osig-badusage.pem | ||
| text-1.osig.pem | ||
| text-1.txt | ||
| text-2.osig-bad.pem | ||
| text-2.osig.pem | ||
| text-2.txt | ||
| text-3.txt | ||