From bc82a66514c6f0399f7074f8ad1afc7e8556e028 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 7 Aug 2007 15:21:50 +0000 Subject: [PATCH] Add new signature_t member chain_model. --- NEWS | 4 ++++ doc/ChangeLog | 4 ++++ doc/gpgme.texi | 10 ++++++++++ gpgme/ChangeLog | 7 ++++++- gpgme/gpgme.h | 7 +++++-- gpgme/verify.c | 17 ++++++++++++++--- 6 files changed, 43 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index f1f0845c..26b10d1c 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,10 @@ Noteworthy changes in version 1.1.6 (unreleased) ------------------------------------------------ + * Interface changes relative to the 1.1.1 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gpgme_signature_t EXTENDED: New field chain_model. + Noteworthy changes in version 1.1.5 (2007-07-09) ------------------------------------------------ diff --git a/doc/ChangeLog b/doc/ChangeLog index 1109437b..f711a126 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2007-08-07 Werner Koch + + * gpgme.texi (Verify): Describe chain_model. + 2007-07-12 Werner Koch * gpgme.texi (Library Version Check): Add remark that the socket diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 61db9cf8..f480715e 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -4076,6 +4076,16 @@ Values are: Depending on the configuration of the engine, this metric may also be reflected by the validity of the signature. +@item unsigned int chain_model : 1 +This is true if the validity of the signature has been checked using the +chain model. In the chain model the time the signature has been created +must be within the validity period of the certificate and the time the +certificate itself has been created must be within the validity period +of the issuing certificate. In contrast the default validation model +checks the validity of signature as well at the entire certificate chain +at the current time. + + @item gpgme_validity_t validity The validity of the signature. diff --git a/gpgme/ChangeLog b/gpgme/ChangeLog index 88006ac9..f0622bfe 100644 --- a/gpgme/ChangeLog +++ b/gpgme/ChangeLog @@ -1,3 +1,8 @@ +2007-08-07 Werner Koch + + * gpgme.h (struct _gpgme_signature): Add member CHAIN_MODEL. + * verify.c (parse_trust): Set Chain_MODEL. + 2007-08-02 Werner Koch * w32-glib-io.c (_gpgme_io_spawn): Use DETACHED_PROCESS flag. @@ -12,7 +17,7 @@ 2007-07-17 Marcus Brinkmann - * debug.c:;5B Include and "debug.h". + * debug.c: Include and "debug.h". (_gpgme_debug): Save and restore ERRNO. (TOHEX): New macro. (_gpgme_debug_buffer): New function. diff --git a/gpgme/gpgme.h b/gpgme/gpgme.h index 9ee8b079..bd9cb885 100644 --- a/gpgme/gpgme.h +++ b/gpgme/gpgme.h @@ -1,6 +1,6 @@ /* gpgme.h - Public interface to GnuPG Made Easy. Copyright (C) 2000 Werner Koch (dd9jn) - Copyright (C) 2001, 2002, 2003, 2004, 2005 g10 Code GmbH + Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 g10 Code GmbH This file is part of GPGME. @@ -1323,8 +1323,11 @@ struct _gpgme_signature /* PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU. */ unsigned int pka_trust : 2; + /* Validity has been verified using the chain model. */ + unsigned int chain_model : 1; + /* Internal to GPGME, do not use. */ - int _unused : 29; + int _unused : 28; gpgme_validity_t validity; gpgme_error_t validity_reason; diff --git a/gpgme/verify.c b/gpgme/verify.c index a9730e59..71221bb7 100644 --- a/gpgme/verify.c +++ b/gpgme/verify.c @@ -541,10 +541,21 @@ parse_trust (gpgme_signature_t sig, gpgme_status_code_t code, char *args) break; } + sig->validity_reason = 0; + sig->chain_model = 0; if (*args) - sig->validity_reason = _gpgme_map_gnupg_error (args); - else - sig->validity_reason = 0; + { + sig->validity_reason = _gpgme_map_gnupg_error (args); + while (*args && *args != ' ') + args++; + if (*args) + { + while (*args == ' ') + args++; + if (!strncmp (args, "cm", 2) && (args[2] == ' ' || !args[2])) + sig->chain_model = 1; + } + } return 0; }