From 6502bb0d2af5784918ebb74242fff6f0a72844bf Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Thu, 27 Jul 2017 16:22:36 +0200
Subject: gpg: Tweak compliance checking for verification

* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/sig-check.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'g10/sig-check.c')

diff --git a/g10/sig-check.c b/g10/sig-check.c
index 912317998..2a3acc40b 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -162,10 +162,10 @@ check_signature2 (ctrl_t ctrl,
 				    NULL))
       {
 	/* Compliance failure.  */
-	log_info (_("key %s not suitable for signature verification"
-                    " while in %s mode\n"),
-		  keystr_from_pk (pk),
-                  gnupg_compliance_option_string (opt.compliance));
+	log_error (_("key %s is not suitable for signature verification"
+                     " in %s mode\n"),
+                   keystr_from_pk (pk),
+                   gnupg_compliance_option_string (opt.compliance));
 	rc = gpg_error (GPG_ERR_PUBKEY_ALGO);
       }
     else if(!pk->flags.valid)
@@ -207,6 +207,7 @@ check_signature2 (ctrl_t ctrl,
 		rc = gpg_error (GPG_ERR_GENERAL);
 	      }
 	  }
+
       }
 
     if( !rc && sig->sig_class < 2 && is_status_enabled() ) {
-- 
cgit v1.2.3