* options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl as a

sample LDAP server instead.

* getkey.c (merge_selfsigs_main): Properly handle multiple revocation keys
in a single packet.  Properly handle revocation keys that are in
out-of-order packets.  Remove duplicates in revocation key list.

3 files changed, 69 insertions, 29 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 0e432c146..8660d5853 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,13 @@
+2002-05-15  David Shaw  <[email protected]>
+
+	* options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl
+	as a sample LDAP server instead.
+
+	* getkey.c (merge_selfsigs_main): Properly handle multiple
+	revocation keys in a single packet.  Properly handle revocation
+	keys that are in out-of-order packets.  Remove duplicates in
+	revocation key list.
+
 2002-05-14  Timo Schulz   <[email protected]>
 
 	* exec.c (make_tempdir) [MINGW32]: Added missing '\'.
diff --git a/g10/getkey.c b/g10/getkey.c
index 1a401a111..a11d1b94b 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1219,7 +1219,28 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                      */ 
                     *r_revoked = 1;
                 }
-                else if ( IS_KEY_SIG (sig) && sig->timestamp >= sigdate ) {
+                else if ( IS_KEY_SIG (sig) ) {
+		  /* Add any revocation keys onto the pk.  This is
+		     particularly interesting since we normally only
+		     get data from the most recent 1F signature, but
+		     you need multiple 1F sigs to properly handle
+		     revocation keys (PGP does it this way, and a
+		     revocation key could be sensitive and hence in a
+		     different signature). */
+		  if(sig->revkey) {
+		    int i;
+
+		    pk->revkey=
+		      m_realloc(pk->revkey,sizeof(struct revocation_key)*
+				(pk->numrevkeys+sig->numrevkeys));
+
+		    for(i=0;i<sig->numrevkeys;i++)
+		      memcpy(&pk->revkey[pk->numrevkeys++],
+			     sig->revkey[i],
+			     sizeof(struct revocation_key));
+		  }
+
+		  if( sig->timestamp >= sigdate ) {
                     const byte *p;
                     
                     p = parse_sig_subpkt( sig->hashed,
@@ -1231,34 +1252,43 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
                         signode = k;
 			sigversion = sig->version;
 
-			/* Add any revocation keys onto the pk.  This
-                           is particularly interesting since we
-                           normally only get data from the most recent
-                           1F signature, but you need multiple 1F sigs
-                           to properly handle revocation keys (PGP
-                           does it this way, and a revocation key
-                           could be sensitive and hence in a different
-                           signature). */
-			if(sig->revkey) {
-			  int i;
-
-			  pk->revkey=
-			    m_realloc(pk->revkey,sizeof(struct revocation_key)*
-				      (pk->numrevkeys+sig->numrevkeys));
-
-			  for(i=0;i<sig->numrevkeys;i++)
-			    memcpy(&pk->revkey[pk->numrevkeys],
-				   sig->revkey[i],
-				   sizeof(struct revocation_key));
-
-			  pk->numrevkeys+=sig->numrevkeys;
-			}
-                    }
+		    }
+		  }
                 }
             }
         }
     }
 
+    /* Remove dupes from the revocation keys */
+
+    if(pk->revkey)
+      {
+	int i,j,x,changed=0;
+
+	for(i=0;i<pk->numrevkeys;i++)
+	  {
+	    for(j=i+1;j<pk->numrevkeys;j++)
+	      {
+		if(memcmp(&pk->revkey[i],&pk->revkey[j],
+			  sizeof(struct revocation_key))==0)
+		  {
+		    /* remove j */
+
+		    for(x=j;x<pk->numrevkeys-1;x++)
+		      pk->revkey[x]=pk->revkey[x+1];
+
+		    pk->numrevkeys--;
+		    j--;
+		    changed=1;
+		  }
+	      }
+	  }
+
+	if(changed)
+	  pk->revkey=m_realloc(pk->revkey,
+			       pk->numrevkeys*sizeof(struct revocation_key));
+      }
+
     if ( signode ) {
         /* some information from a direct key signature take precedence
          * over the same information given in UID sigs.
diff --git a/g10/options.skel b/g10/options.skel
index f6a354088..5beb3da9c 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -91,7 +91,7 @@ lock-once
 #      mailto:[email protected]
 #
 # Example LDAP keyserver:
-#      ldap://keyserver.pgp.com
+#      ldap://pgp.surfnet.nl:11370
 #
 # Regular URL syntax applies, and you can set an alternate port
 # through the usual method:
@@ -109,7 +109,7 @@ lock-once
 
 #keyserver x-hkp://keyserver.cryptnet.net
 #keyserver mailto:[email protected]
-#keyserver ldap://keyserver.pgp.com
+#keyserver ldap://pgp.surfnet.nl:11370
 
 # Options for keyserver functions
 #
@@ -155,9 +155,9 @@ lock-once
 # %% is %, of course.
 #
 # If %i or %I are not present, then the photo is supplied to the
-# viewer on standard input.  Standard input is the best way to do
-# this, as it avoids the time and effort in generating and then
-# cleaning up a secure temp file.
+# viewer on standard input.  If your platform supports it, standard
+# input is the best way to do this as it avoids the time and effort in
+# generating and then cleaning up a secure temp file.
 #
 # The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
 #