5 files changed, 83 insertions, 17 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 13208048d..d42eabfc0 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,18 @@
+2002-05-17  David Shaw  <[email protected]>
+
+	* gpgv.c: Add stub for get_ownertrust().
+
+	* g10.c (main): --allow-freeform-uid should be implied by
+	OpenPGP.  Add --no-allow-freeform-uid.
+
+	* keyedit.c (sign_uids): Issue a warning when signing a
+	non-selfsigned uid.
+
+	* getkey.c (merge_selfsigs_main): If a key has no selfsigs, and
+	allow-non-selfsigned-uid is not set, still try and make the key
+	valid by checking all uids for a signature from an ultimately
+	trusted key.
+
 2002-05-16  David Shaw  <[email protected]>
 
 	* main.h, keygen.c (keygen_add_revkey): Add revocation key
diff --git a/g10/g10.c b/g10/g10.c
index de4e1855f..0270e83ae 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -249,6 +249,7 @@ enum cmd_and_opt_values { aNull = 0,
     oAllowNonSelfsignedUID,
     oNoAllowNonSelfsignedUID,
     oAllowFreeformUID,
+    oNoAllowFreeformUID,
     oAllowSecretKeyImport,                      
     oEnableSpecialFilenames,
     oNoLiteral,
@@ -526,6 +527,7 @@ static ARGPARSE_OPTS opts[] = {
     { oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", 0, "@" },
     { oNoAllowNonSelfsignedUID, "no-allow-non-selfsigned-uid", 0, "@" },
     { oAllowFreeformUID, "allow-freeform-uid", 0, "@" },
+    { oNoAllowFreeformUID, "no-allow-freeform-uid", 0, "@" },
     { oNoLiteral, "no-literal", 0, "@" },
     { oSetFilesize, "set-filesize", 20, "@" },
     { oHonorHttpProxy,"honor-http-proxy", 0, "@" },
@@ -1108,6 +1110,7 @@ main( int argc, char **argv )
 	    opt.rfc1991 = 0;
 	    opt.rfc2440 = 1;
 	    opt.allow_non_selfsigned_uid = 1;
+	    opt.allow_freeform_uid = 1;
 	    opt.pgp2_workarounds = 0;
 	    opt.escape_from = 0;
 	    opt.force_v3_sigs = 0;
@@ -1272,6 +1275,7 @@ main( int argc, char **argv )
 	  case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break;
 	  case oNoAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid=0; break;
 	  case oAllowFreeformUID: opt.allow_freeform_uid = 1; break;
+	  case oNoAllowFreeformUID: opt.allow_freeform_uid = 0; break;
 	  case oNoLiteral: opt.no_literal = 1; break;
 	  case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break;
 	  case oHonorHttpProxy:
diff --git a/g10/getkey.c b/g10/getkey.c
index 88f01f9ba..b95f29a0f 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1440,8 +1440,40 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked )
 	pk->is_valid = 1;
       }
 
-    if ( sigdate > uiddate )
-        uiddate = sigdate;
+    /* The key STILL isn't valid, so try and find an ultimately
+       trusted signature. */
+    if(!pk->is_valid)
+      {
+	uidnode=NULL;
+
+	for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k=k->next)
+	  {
+	    if ( k->pkt->pkttype == PKT_USER_ID )
+	      uidnode = k;
+	    else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
+	      {
+		PKT_signature *sig = k->pkt->pkt.signature;
+
+		if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
+		  {
+		    PKT_public_key *ultimate_pk;
+
+		    ultimate_pk=m_alloc_clear(sizeof(*ultimate_pk));
+
+		    if(get_pubkey(ultimate_pk,sig->keyid)==0 &&
+		       check_key_signature(keyblock,k,NULL)==0 &&
+		       get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
+		      {
+			free_public_key(ultimate_pk);
+			pk->is_valid=1;
+			break;
+		      }
+
+		    free_public_key(ultimate_pk);
+		  }
+	      }
+	  }
+      }
 
     /* Record the highest selfsigversion so we know if this is a v3
        key through and through, or a v3 key with a v4 selfsig, which
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 0d9be3402..85c1ab9d7 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -240,6 +240,12 @@ get_ownertrust_info (PKT_public_key *pk)
     return '?';
 }
 
+unsigned int
+get_ownertrust (PKT_public_key *pk)
+{
+    return TRUST_UNKNOWN;
+}
+
 
 /* Stub:
  * Because we only work with trusted keys, it does not make sense to
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 79c8ba6c7..b27b64706 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -339,30 +339,39 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 	    }
 	    else if( node->pkt->pkttype == PKT_USER_ID ) {
 		uidnode = (node->flag & NODFLG_MARK_A)? node : NULL;
-		if(uidnode && uidnode->pkt->pkt.user_id->is_revoked)
+		if(uidnode)
 		  {
 		    char *user=utf8_to_native(uidnode->pkt->pkt.user_id->name,
 					      uidnode->pkt->pkt.user_id->len,
 					      0);
 
-		    tty_printf(_("User ID \"%s\" is revoked."),user);
-
-		    m_free(user);
-
-		    if(opt.expert)
+		    if(uidnode->pkt->pkt.user_id->is_revoked)
 		      {
-			tty_printf("\n");
-			/* No, so remove the mark and continue */
-			if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
-						 _("Are you sure you still "
-						   "want to sign it? (y/N) ")))
-			  uidnode->flag &= ~NODFLG_MARK_A;
+			tty_printf(_("User ID \"%s\" is revoked."),user);
+
+			if(opt.expert)
+			  {
+			    tty_printf("\n");
+			    /* No, so remove the mark and continue */
+			    if(!cpr_get_answer_is_yes("sign_uid.revoke_okay",
+						      _("Are you sure you "
+							"still want to sign "
+							"it? (y/N) ")))
+			      uidnode->flag &= ~NODFLG_MARK_A;
+			  }
+			else
+			  {
+			    uidnode->flag &= ~NODFLG_MARK_A;
+			    tty_printf(_("  Unable to sign.\n"));
+			  }
 		      }
-		    else
+		    else if(!uidnode->pkt->pkt.user_id->created)
 		      {
-			uidnode->flag &= ~NODFLG_MARK_A;
-			tty_printf(_("  Unable to sign.\n"));
+			tty_printf(_("Warning: user ID \"%s\" is not "
+				     "self-signed.\n"),user);
 		      }
+
+		    m_free(user);
 		  }
 	    }
 	    else if( uidnode && node->pkt->pkttype == PKT_SIGNATURE