aboutsummaryrefslogtreecommitdiffstats
path: root/g10/sig-check.c
diff options
context:
space:
mode:
authorDavid Shaw <[email protected]>2005-10-12 20:44:24 +0000
committerDavid Shaw <[email protected]>2005-10-12 20:44:24 +0000
commit094a7ab401c03d6fc7cb1d3023ea8ee1e8dc9e34 (patch)
treed597749a8c3e6610f2b4fb7db835ed2e1aa7a78f /g10/sig-check.c
parent* getkey.c (merge_selfsigs_subkey), sig-check.c (signature_check2), (diff)
downloadgnupg-094a7ab401c03d6fc7cb1d3023ea8ee1e8dc9e34.tar.gz
gnupg-094a7ab401c03d6fc7cb1d3023ea8ee1e8dc9e34.zip
* options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main), sig-check.c
(signature_check2): Add --require-backsigs and --no-require-backsigs. Currently defaults to --no-require-backsigs.
Diffstat (limited to '')
-rw-r--r--g10/sig-check.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 80bfeb94c..b0c34abde 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -96,10 +96,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate,
signaures issued by it. */
if(rc==0 && !pk->is_primary && pk->backsig<2)
{
- if(pk->backsig==0)
- log_info(_("WARNING: signing subkey %s is not"
- " cross-certified\n"),keystr_from_pk(pk));
- else
+ /* TODO: In a future version, once enough signing subkeys
+ have backsigs, change this to always give the warning,
+ and have --require-backsigs enable or disable the
+ G10ERR_GENERAL. */
+ if(pk->backsig==0 && opt.require_backsigs)
+ {
+ log_info(_("WARNING: signing subkey %s is not"
+ " cross-certified\n"),keystr_from_pk(pk));
+ rc=G10ERR_GENERAL;
+ }
+ else if(pk->backsig==1)
{
log_info(_("WARNING: signing subkey %s has an invalid"
" cross-certification\n"),keystr_from_pk(pk));
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-08 21:31:42 +0000