diff options
| author | David Shaw <[email protected]> | 2002-11-13 13:23:03 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-11-13 13:23:03 +0000 |
| commit | 365011c8f1cf6d73d44503a65b63ffb5bede8065 (patch) | |
| tree | 6884702eb04d35dbe3a1b9f2a2bf7caa2d143dbf /g10/getkey.c | |
| parent | * config.sub, config.guess: Updated from ftp.gnu.org/gnu/config (diff) | |
| download | gnupg-365011c8f1cf6d73d44503a65b63ffb5bede8065.tar.gz gnupg-365011c8f1cf6d73d44503a65b63ffb5bede8065.zip | |
* keyedit.c (show_key_with_all_names_colon): Make --with-colons --edit
display match the validity and trust of --with-colons --list-keys.
* passphrase.c (agent_send_all_options): Fix compile warning.
* keylist.c (list_keyblock_colon): Validity for subkeys should match that
of the primary key, and not that of the last user ID.
* getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys carry
these facts onto all their subkeys, but only after the subkey has a chance
to be marked valid. This is to fix an incorrect "invalid public key"
error verifying a signature made by a revoked signing subkey, with a valid
unrevoked primary key.
Diffstat (limited to '')
| -rw-r--r-- | g10/getkey.c | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 6214d8b54..ab296f641 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1787,21 +1787,6 @@ merge_selfsigs( KBNODE keyblock ) } merge_selfsigs_main ( keyblock, &revoked ); - main_pk = keyblock->pkt->pkt.public_key; - if ( revoked ) { - /* if the primary key has been revoked we better set the revoke - * flag on that key and all subkeys */ - for(k=keyblock; k; k = k->next ) { - if ( k->pkt->pkttype == PKT_PUBLIC_KEY - || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { - PKT_public_key *pk = k->pkt->pkt.public_key; - pk->is_revoked = 1; - pk->main_keyid[0] = main_pk->main_keyid[0]; - pk->main_keyid[1] = main_pk->main_keyid[1]; - } - } - return; - } /* now merge in the data from each of the subkeys */ for(k=keyblock; k; k = k->next ) { @@ -1810,12 +1795,25 @@ merge_selfsigs( KBNODE keyblock ) } } - /* If the main key is not valid, then the subkeys aren't either, - even if they have binding sigs. */ - if(!main_pk->is_valid) - for(k=keyblock; k; k=k->next) - if(k->pkt->pkttype==PKT_PUBLIC_SUBKEY) - k->pkt->pkt.public_key->is_valid=0; + main_pk = keyblock->pkt->pkt.public_key; + if ( revoked || main_pk->has_expired || !main_pk->is_valid ) { + /* if the primary key is revoked, expired, or invalid we + * better set the appropriate flags on that key and all + * subkeys */ + for(k=keyblock; k; k = k->next ) { + if ( k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { + PKT_public_key *pk = k->pkt->pkt.public_key; + if(!main_pk->is_valid) + pk->is_valid = 0; + if(revoked) + pk->is_revoked = 1; + if(main_pk->has_expired) + pk->has_expired = main_pk->has_expired; + } + } + return; + } /* set the preference list of all keys to those of the primary real * user ID. Note: we use these preferences when we don't know by |