diff options
Diffstat (limited to 'g10/sig-check.c')
| -rw-r--r-- | g10/sig-check.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index c415703f7..7677cc2fd 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -229,13 +229,17 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig, return G10ERR_TIME_CONFLICT; } - if( pk->expiredate && pk->expiredate < cur_time ) { + /* Check whether the key has expired. We check the has_expired + flag which is set after a full evaluation of the key (getkey.c) + as well as a simple compare to the current time in case the + merge has for whatever reasons not been done. */ + if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) { char buf[11]; if (opt.verbose) log_info(_("NOTE: signature key %s expired %s\n"), keystr_from_pk(pk), asctimestamp( pk->expiredate ) ); /* SIGEXPIRED is deprecated. Use KEYEXPIRED. */ - sprintf(buf,"%lu",(ulong)pk->expiredate); + snprintf (buf, sizeof buf,"%lu",(ulong)pk->expiredate); write_status_text(STATUS_KEYEXPIRED,buf); write_status(STATUS_SIGEXPIRED); if(r_expired) |