4 files changed, 25 insertions, 20 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index c5992a0a0..9410b27bb 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,11 @@
+2005-10-11  David Shaw  <[email protected]>
+
+	* getkey.c (merge_selfsigs_subkey), sig-check.c
+	(signature_check2), keygen.c (make_backsig): Did some backsig
+	interop testing with the PGP folks.  All is well, so I'm turning
+	generation of backsigs on for new keys.  Checking for backsigs on
+	verification is still off.
+
 2005-10-05  Werner Koch  <[email protected]>
 
 	* g10.c: Renamed to ..
diff --git a/g10/getkey.c b/g10/getkey.c
index 07bdfcbd7..864c8bfb7 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -2043,10 +2043,6 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
 
     subpk->is_valid = 1;
 
-#ifndef DO_BACKSIGS
-    /* Pretend the backsig is present and accounted for. */
-    subpk->backsig=2;
-#else
     /* Find the first 0x19 embedded signature on our self-sig. */
     if(subpk->backsig==0)
       {
@@ -2086,6 +2082,12 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
 	    free_seckey_enc(backsig);
 	  }
       }
+
+#ifdef FAKE_BACKSIGS
+    /* If there is no backsig, pretend there is a valid one.  If there
+       is a backsig (or an invalid backsig), use it. */
+    if(subpk->backsig==0)
+      subpk->backsig=2;
 #endif
 }
 
diff --git a/g10/keygen.c b/g10/keygen.c
index 3bf5af48b..72df993c0 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -712,25 +712,17 @@ keygen_add_revkey(PKT_signature *sig, void *opaque)
 }
 
 static int
-make_backsig(PKT_signature *sig, PKT_public_key *pk,
- 	     PKT_public_key *sub_pk, PKT_secret_key *sub_sk)
+make_backsig(PKT_signature *sig,PKT_public_key *pk,
+ 	     PKT_public_key *sub_pk,PKT_secret_key *sub_sk)
 {
   PKT_signature *backsig;
   int rc;
 
-#ifndef DO_BACKSIGS
-  /* This is not enabled yet, as I want to get a bit closer to RFC day
-     before enabling this.  I've been burned before :) */
+  cache_public_key(sub_pk);
 
-  return 0;
-#endif
-
-  cache_public_key (sub_pk);
-
-  rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk, 0x19, 0, 0, 0, 0,
- 			NULL,NULL);
-  if( rc )
-    log_error("make_keysig_packet failed for backsig: %s\n", g10_errstr(rc) );
+  rc=make_keysig_packet(&backsig,pk,NULL,sub_pk,sub_sk,0x19,0,0,0,0,NULL,NULL);
+  if(rc)
+    log_error("make_keysig_packet failed for backsig: %s\n",g10_errstr(rc));
   else
     {
       /* get it into a binary packed form. */
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 606c38d0b..80bfeb94c 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -100,8 +100,11 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
 	      log_info(_("WARNING: signing subkey %s is not"
 			 " cross-certified\n"),keystr_from_pk(pk));
 	    else
-	      log_info(_("WARNING: signing subkey %s has an invalid"
-			 " cross-certification\n"),keystr_from_pk(pk));
+	      {
+		log_info(_("WARNING: signing subkey %s has an invalid"
+			   " cross-certification\n"),keystr_from_pk(pk));
+		rc=G10ERR_GENERAL;
+	      }
 	  }
       }