1 files changed, 41 insertions, 17 deletions

diff --git a/g10/trustdb.c b/g10/trustdb.c
index 61d6d14ae..4e2e2d0a4 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -1057,26 +1057,50 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode,
             continue;
           n->flag |= (1<<10); /* mark this node as processed */
 
-	  /* If the current signode is a nonrevocable signature, and
-             we're checking a revocation, then skip.  Note that this
-             will let more recent signatures replace the nonrevocable
-             signature.  Is that the proper behavior? */
-
-	  if(IS_UID_REV(n->pkt->pkt.signature) &&
-	     IS_UID_SIG(signode->pkt->pkt.signature) &&
-	     !signode->pkt->pkt.signature->flags.revocable)
+	  /* If signode is nonrevocable and unexpired and n isn't,
+             then take signode (skip).  It doesn't matter which is
+             older: if signode was older then we don't want to take n
+             as signode is nonrevocable.  If n was older then we're
+             automatically fine. */
+	  
+	  if(((IS_UID_SIG(signode->pkt->pkt.signature) &&
+	       !signode->pkt->pkt.signature->flags.revocable &&
+	       (signode->pkt->pkt.signature->expiredate==0 ||
+		signode->pkt->pkt.signature->expiredate>curtime))) &&
+	     (!(IS_UID_SIG(n->pkt->pkt.signature) &&
+		!n->pkt->pkt.signature->flags.revocable &&
+		(n->pkt->pkt.signature->expiredate==0 ||
+		 n->pkt->pkt.signature->expiredate>curtime))))
 	    continue;
 
-	  /* A nonrevocable signature n should always replace a
-             revocation in signode.  If n is newer, then there is no
-             question.  If n is older, then it should still replace
-             signode as the revocation in signode is invalid because n
-             is nonrevocable. */
+	  /* If n is nonrevocable and unexpired and signode isn't,
+             then take n.  Again, it doesn't matter which is older: if
+             n was older then we don't want to take signode as n is
+             nonrevocable.  If signode was older then we're
+             automatically fine. */
+	  
+	  if((!(IS_UID_SIG(signode->pkt->pkt.signature) &&
+		!signode->pkt->pkt.signature->flags.revocable &&
+		(signode->pkt->pkt.signature->expiredate==0 ||
+		 signode->pkt->pkt.signature->expiredate>curtime))) &&
+	     ((IS_UID_SIG(n->pkt->pkt.signature) &&
+	       !n->pkt->pkt.signature->flags.revocable &&
+	       (n->pkt->pkt.signature->expiredate==0 ||
+		n->pkt->pkt.signature->expiredate>curtime))))
+            {
+              signode = n;
+              sigdate = sig->timestamp;
+	      continue;
+            }
+
+	  /* At this point, if it's newer, it goes in as the only
+             remaining possibilities are signode and n are both either
+             revocable or expired or both nonrevocable and unexpired.
+             If the timestamps are equal take the later ordered
+             packet, presuming that the key packets are hopefully in
+             their original order. */
 
-          if ((sig->timestamp >= sigdate) ||
-	      (IS_UID_REV(signode->pkt->pkt.signature) &&
-	       IS_UID_SIG(n->pkt->pkt.signature) &&
-	       !n->pkt->pkt.signature->flags.revocable))
+          if (sig->timestamp >= sigdate)
             {
               signode = n;
               sigdate = sig->timestamp;