From 390f597868a5b5934f21f81ebf6ff110b6792283 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 5 Feb 2021 13:49:10 +0900
Subject: gpg: Fix selection of key.

* g10/getkey.c (pubkey_cmp): Handle the case of TRUST_EXPIRED.

--

GnuPG-bug-id: 4713
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/getkey.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/g10/getkey.c b/g10/getkey.c
index d4c991f85..bc9e82638 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1359,7 +1359,9 @@ pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
       if (! uid_is_ok (&old->key, old->uid) && uid_is_ok (&new->key, uid))
         return -1;	/* Validity of the NEW key is better.  */
 
-      if (old->validity < new->validity)
+      if (new->validity != TRUST_EXPIRED && old->validity < new->validity)
+        return -1;	/* Validity of the NEW key is better.  */
+      if (old->validity == TRUST_EXPIRED && new->validity != TRUST_EXPIRED)
         return -1;	/* Validity of the NEW key is better.  */
 
       if (old->validity == new->validity && uid_is_ok (&new->key, uid)
-- 
cgit v1.2.3