diff options
| author | David Shaw <[email protected]> | 2003-08-13 03:31:36 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2003-08-13 03:31:36 +0000 |
| commit | a2cf3caa988f5cc6cf46d681dfc7f4f0e3da97eb (patch) | |
| tree | 754374c4ea806c18af64ae93709048d7f229264b /g10/mainproc.c | |
| parent | About to release the first 1.9 version. (diff) | |
| download | gnupg-a2cf3caa988f5cc6cf46d681dfc7f4f0e3da97eb.tar.gz gnupg-a2cf3caa988f5cc6cf46d681dfc7f4f0e3da97eb.zip | |
* packet.h, sig-check.c (signature_check2, do_check, do_check_messages):
Provide a signing-key-is-revoked flag. Change all callers.
* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.
* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching. This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.
* parse-packet.c (parse_signature): Don't give "signature packet without
xxxx" warnings for experimental pk algorithms. An experimental algorithm
may not have a notion of (for example) a keyid (i.e. PGP's x.509 stuff).
Diffstat (limited to 'g10/mainproc.c')
| -rw-r--r-- | g10/mainproc.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/g10/mainproc.c b/g10/mainproc.c index e9a658ead..8cb7b9825 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -660,14 +660,12 @@ proc_compressed( CTX c, PACKET *pkt ) * Returns: 0 = valid signature or an error code */ static int -do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey ) +do_check_sig( CTX c, KBNODE node, int *is_selfsig, + int *is_expkey, int *is_revkey ) { PKT_signature *sig; MD_HANDLE md = NULL, md2 = NULL; - int algo, rc, dum2; - - if(!is_expkey) - is_expkey=&dum2; + int algo, rc; assert( node->pkt->pkttype == PKT_SIGNATURE ); if( is_selfsig ) @@ -721,9 +719,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, int *is_expkey ) } else return G10ERR_SIG_CLASS; - rc = signature_check2( sig, md, NULL, is_expkey, NULL ); + rc = signature_check2( sig, md, NULL, is_expkey, is_revkey, NULL ); if( rc == G10ERR_BAD_SIGN && md2 ) - rc = signature_check2( sig, md2, NULL, is_expkey, NULL ); + rc = signature_check2( sig, md2, NULL, is_expkey, is_revkey, NULL ); md_close(md); md_close(md2); @@ -946,7 +944,7 @@ list_node( CTX c, KBNODE node ) fputs("sig", stdout); if( opt.check_sigs ) { fflush(stdout); - switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL )) ) { + switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL )) ) { case 0: sigrc = '!'; break; case G10ERR_BAD_SIGN: sigrc = '-'; break; case G10ERR_NO_PUBKEY: @@ -1205,7 +1203,7 @@ check_sig_and_print( CTX c, KBNODE node ) { PKT_signature *sig = node->pkt->pkt.signature; const char *astr, *tstr; - int rc, is_expkey=0; + int rc, is_expkey=0, is_revkey=0; if( opt.skip_verify ) { log_info(_("signature verification suppressed\n")); @@ -1280,10 +1278,10 @@ check_sig_and_print( CTX c, KBNODE node ) (int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] ); - rc = do_check_sig(c, node, NULL, &is_expkey ); + rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey ); if( rc == G10ERR_NO_PUBKEY && opt.keyserver_scheme && opt.keyserver_options.auto_key_retrieve) { if( keyserver_import_keyid ( sig->keyid )==0 ) - rc = do_check_sig(c, node, NULL, &is_expkey ); + rc = do_check_sig(c, node, NULL, &is_expkey, &is_revkey ); } /* If the key still isn't found, try to inform the user where it @@ -1319,6 +1317,8 @@ check_sig_and_print( CTX c, KBNODE node ) statno=STATUS_EXPSIG; else if(is_expkey) statno=STATUS_EXPKEYSIG; + else if(is_revkey) + statno=STATUS_REVKEYSIG; else statno=STATUS_GOODSIG; |