Update signature summary for the case of missing X.509 keys.
* src/verify.c (gpgme_op_verify_result): Update summary field. -- This is actually a hack to solve the problem that GPGME currently does not emit ERRSIG for a missing public key.
This commit is contained in:
Werner Koch
parent
1a21574b48
commit
d6402b888f
4
NEWS
4
NEWS
@ -4,6 +4,10 @@ Noteworthy changes in version 1.3.2 (unreleased)
|
|||||||
* Remove support for libgpgme-pth. As far as we know, this was never used,
|
* Remove support for libgpgme-pth. As far as we know, this was never used,
|
||||||
and GnuPG is going to use our own npth in the future.
|
and GnuPG is going to use our own npth in the future.
|
||||||
|
|
||||||
|
* Fix signature summary information for a missing X.509 key.
|
||||||
|
|
||||||
|
* Fix parsing of dates >= year 2038.
|
||||||
|
|
||||||
|
|
||||||
Noteworthy changes in version 1.3.1 (2011-06-16)
|
Noteworthy changes in version 1.3.1 (2011-06-16)
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|||||||
34
src/verify.c
34
src/verify.c
@ -83,6 +83,7 @@ gpgme_op_verify_result (gpgme_ctx_t ctx)
|
|||||||
void *hook;
|
void *hook;
|
||||||
op_data_t opd;
|
op_data_t opd;
|
||||||
gpgme_error_t err;
|
gpgme_error_t err;
|
||||||
|
gpgme_signature_t sig;
|
||||||
|
|
||||||
TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_result", ctx);
|
TRACE_BEG (DEBUG_CTX, "gpgme_op_verify_result", ctx);
|
||||||
err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL);
|
err = _gpgme_op_data_lookup (ctx, OPDATA_VERIFY, &hook, -1, NULL);
|
||||||
@ -93,12 +94,37 @@ gpgme_op_verify_result (gpgme_ctx_t ctx)
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* It is possible that we saw a new signature only followed by an
|
||||||
|
ERROR line for that. In particular a missing X.509 key triggers
|
||||||
|
this. In this case it is surprising that the summary field has
|
||||||
|
not been updated. We fix it here by explicitly looking for this
|
||||||
|
case. The real fix would be to have GPGME emit ERRSIG. */
|
||||||
|
for (sig = opd->result.signatures; sig; sig = sig->next)
|
||||||
|
{
|
||||||
|
if (!sig->summary)
|
||||||
|
{
|
||||||
|
switch (gpg_err_code (sig->status))
|
||||||
|
{
|
||||||
|
case GPG_ERR_KEY_EXPIRED:
|
||||||
|
sig->summary |= GPGME_SIGSUM_KEY_EXPIRED;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case GPG_ERR_NO_PUBKEY:
|
||||||
|
sig->summary |= GPGME_SIGSUM_KEY_MISSING;
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Now for some tracing stuff. */
|
||||||
if (_gpgme_debug_trace ())
|
if (_gpgme_debug_trace ())
|
||||||
{
|
{
|
||||||
gpgme_signature_t sig = opd->result.signatures;
|
int i;
|
||||||
int i = 0;
|
|
||||||
|
|
||||||
while (sig)
|
for (sig = opd->result.signatures, i = 0; sig; sig = sig->next, i++)
|
||||||
{
|
{
|
||||||
TRACE_LOG4 ("sig[%i] = fpr %s, summary 0x%x, status %s",
|
TRACE_LOG4 ("sig[%i] = fpr %s, summary 0x%x, status %s",
|
||||||
i, sig->fpr, sig->summary, gpg_strerror (sig->status));
|
i, sig->fpr, sig->summary, gpg_strerror (sig->status));
|
||||||
@ -120,8 +146,6 @@ gpgme_op_verify_result (gpgme_ctx_t ctx)
|
|||||||
{
|
{
|
||||||
TRACE_LOG1 ("sig[%i] = has notations (not shown)", i);
|
TRACE_LOG1 ("sig[%i] = has notations (not shown)", i);
|
||||||
}
|
}
|
||||||
sig = sig->next;
|
|
||||||
i++;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user