diff options
| author | Werner Koch <[email protected]> | 2017-07-27 14:22:36 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-07-27 14:22:36 +0000 |
| commit | 6502bb0d2af5784918ebb74242fff6f0a72844bf (patch) | |
| tree | 25458befbf68f758917cb08e6ff738765370b005 /g10/mainproc.c | |
| parent | gpg,sm: Allow encryption (with warning) to any key in de-vs mode. (diff) | |
| download | gnupg-6502bb0d2af5784918ebb74242fff6f0a72844bf.tar.gz gnupg-6502bb0d2af5784918ebb74242fff6f0a72844bf.zip | |
gpg: Tweak compliance checking for verification
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--
We should be able to verify all signatures. So we only print a
warning. That is the same beheavour as for untrusted keys etc.
GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/mainproc.c')
| -rw-r--r-- | g10/mainproc.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index d0584d39a..b712e6048 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -2168,6 +2168,16 @@ check_sig_and_print (CTX c, kbnode_t node) mainpkhex); } + /* Print compliance warning for Good signatures. */ + if (!rc && pk && !opt.quiet + && !gnupg_pk_is_compliant (opt.compliance, pk->pubkey_algo, + pk->pkey, nbits_from_pk (pk), NULL)) + { + log_info (_("WARNING: This key is not suitable for signing" + " in %s mode\n"), + gnupg_compliance_option_string (opt.compliance)); + } + /* For good signatures compute and print the trust information. Note that in the Tofu trust model this may ask the user on how to resolve a conflict. */ |