From e09166c77273f459c8f87cab9224f85808af2cba Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Thu, 13 Oct 2016 12:38:19 +0200 Subject: g10: Still check if the key is an UTK or cross signed in batch mode. * g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't bail immediately. Instead, check if the key in question is an ultimately trusted key or cross signed. -- Signed-off-by: Neal H. Walfield --- g10/tofu.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/g10/tofu.c b/g10/tofu.c index b9416d55b..8184c6f98 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2131,12 +2131,6 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, case TOFU_POLICY_ASK: /* We need to ask the user what to do. Case #1 or #2 below. */ - if (! may_ask) - { - trust_level = TRUST_UNDEFINED; - goto out; - } - break; case TOFU_POLICY_NONE: @@ -2296,18 +2290,19 @@ get_trust (ctrl_t ctrl, PKT_public_key *pk, if (! may_ask) { - /* We can only get here in the third case (no saved policy) and - * if there is a conflict. (If the policy was ask (cases #1 and - * #2) and we weren't allowed to ask, we'd have already exited). */ - log_assert (policy == TOFU_POLICY_NONE); - - if (record_binding (dbs, fingerprint, email, user_id, - TOFU_POLICY_ASK, - conflict_set && conflict_set->next - ? conflict_set->next->d : NULL, - 0, now) != 0) - log_error (_("error setting TOFU binding's trust level to %s\n"), - "ask"); + log_assert (policy == TOFU_POLICY_NONE || policy == TOFU_POLICY_ASK); + if (policy == TOFU_POLICY_NONE) + { + /* We get here in the third case (no saved policy) and if + * there is a conflict. */ + if (record_binding (dbs, fingerprint, email, user_id, + TOFU_POLICY_ASK, + conflict_set && conflict_set->next + ? conflict_set->next->d : NULL, + 0, now) != 0) + log_error (_("error setting TOFU binding's trust level to %s\n"), + "ask"); + } trust_level = TRUST_UNDEFINED; goto out; -- cgit v1.2.3