diff options
| author | David Shaw <[email protected]> | 2003-12-30 00:46:42 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2003-12-30 00:46:42 +0000 |
| commit | d537d547cef144014f46aa050b5e3b911c48cf93 (patch) | |
| tree | 85f447f01b82038836c25b79e0a2546876b53556 /g10/getkey.c | |
| parent | * gpgkeys_hkp.c (send_key, get_key, main): Work with new HTTP code that (diff) | |
| download | gnupg-d537d547cef144014f46aa050b5e3b911c48cf93.tar.gz gnupg-d537d547cef144014f46aa050b5e3b911c48cf93.zip | |
* misc.c (pull_in_libs): Dead code. Removed.
* sig-check.c (check_revocation_keys): Comments.
* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.
* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs. It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.
* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.
* compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.
* tdbio.c: Fixed format string bugs related to the use of DB_NAME.
Reported by Florian Weimer.
Diffstat (limited to '')
| -rw-r--r-- | g10/getkey.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 7d437a07a..4aba21eae 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1517,9 +1517,9 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) /* pass 1.5: look for key revocation signatures that were not made by the key (i.e. did a revocation key issue a revocation for us?). Only bother to do this if there is a revocation key in - the first place. */ + the first place and we're not revoked already. */ - if(pk->revkey) + if(!*r_revoked && pk->revkey) for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) @@ -1529,15 +1529,25 @@ merge_selfsigs_main( KBNODE keyblock, int *r_revoked ) if(IS_KEY_REV(sig) && (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1])) { - /* Failure here means the sig did not verify, is was - not issued by a revocation key, or a revocation - key loop was broken. */ + int rc=check_revocation_keys(pk,sig); + if(rc==0) + { + *r_revoked=1; + /* don't continue checking since we can't be any + more revoked than this */ + break; + } + else if(rc==G10ERR_NO_PUBKEY) + pk->maybe_revoked=1; - if(check_revocation_keys(pk,sig)==0) - *r_revoked=1; + /* A failure here means the sig did not verify, was + not issued by a revocation key, or a revocation + key loop was broken. If a revocation key isn't + findable, however, the key might be revoked and + we don't know it. */ - /* In the future handle subkey and cert revocations? - PGP doesn't, but it's in 2440. */ + /* TODO: In the future handle subkey and cert + revocations? PGP doesn't, but it's in 2440. */ } } } |