diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 6 | ||||
| -rw-r--r-- | g10/gpg.c | 7 | ||||
| -rw-r--r-- | g10/mainproc.c | 15 | ||||
| -rw-r--r-- | g10/options.h | 3 |
4 files changed, 28 insertions, 3 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 7bb6f4edd..2ecd3ed7c 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2006-03-07 Werner Koch <[email protected]> + + * mainproc.c (proc_signature_packets): Return any_sig_seen to caller. + (check_sig_and_print): Option to partly allow the old behaviour. + * gpg.c: New option --allow-multisig-verification. + 2006-03-06 David Shaw <[email protected]> * sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as @@ -362,6 +362,7 @@ enum cmd_and_opt_values oNoRequireBacksigs, oAutoKeyLocate, oNoAutoKeyLocate, + oAllowMultisigVerification, oNoop }; @@ -699,6 +700,8 @@ static ARGPARSE_OPTS opts[] = { #if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) { oDebugCCIDDriver, "debug-ccid-driver", 0, "@"}, #endif + { oAllowMultisigVerification, "allow-multisig-verification", 0, "@"}, + /* These two are aliases to help users of the PGP command line product use gpg with minimal pain. Many commands are common already as they seem to have borrowed commands from us. Now @@ -2669,6 +2672,10 @@ main (int argc, char **argv ) release_akl(); break; + case oAllowMultisigVerification: + opt.allow_multisig_verification = 1; + break; + case oNoop: break; default : pargs.err = configfp? 1:2; break; diff --git a/g10/mainproc.c b/g10/mainproc.c index dd9909bcf..cc865a833 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1163,6 +1163,13 @@ proc_signature_packets( void *anchor, IOBUF a, log_error (_("no signature found\n")); rc = G10ERR_NO_DATA; } + + /* Propagate the signature seen flag upward. Do this only on + success so that we won't issue the nodata status several + times. */ + if (!rc && c->anchor && c->any_sig_seen) + c->anchor->any_sig_seen = 1; + xfree( c ); return rc; } @@ -1445,8 +1452,8 @@ check_sig_and_print( CTX c, KBNODE node ) KBNODE n; int n_onepass, n_sig; - log_debug ("checking signature packet composition\n"); - dump_kbnode (c->list); +/* log_debug ("checking signature packet composition\n"); */ +/* dump_kbnode (c->list); */ n = c->list; assert (n); @@ -1482,7 +1489,9 @@ check_sig_and_print( CTX c, KBNODE node ) for (n_sig=0, n = n->next; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next) n_sig++; - if (n || !n_sig) + if (!n_sig) + goto ambiguous; + if (n && !opt.allow_multisig_verification) goto ambiguous; if (n_onepass != n_sig) { diff --git a/g10/options.h b/g10/options.h index 28b813250..422d36b85 100644 --- a/g10/options.h +++ b/g10/options.h @@ -231,6 +231,9 @@ struct struct akl *next; } *auto_key_locate; + /* True if multiple concatenated signatures may be verified. */ + int allow_multisig_verification; + } opt; /* CTRL is used to keep some global variables we currently can't |