Fix bug#1059 (missing status line signature verification done with a

subkey while on the main key has expired).
author: Werner Koch <[email protected]> 2009-12-17 17:55:43 +0000
committer: Werner Koch <[email protected]> 2009-12-17 17:55:43 +0000
commit: ad27e8f41bc4c5e5b79e5fc8327aba38e126b8d0 (patch)
tree: 0dae435e1e42353255959b7fc3113d044c8b32aa /g10/sig-check.c
parent: Implement --faked-systrem-time for gpg. (diff)
download: gnupg-ad27e8f41bc4c5e5b79e5fc8327aba38e126b8d0.tar.gz
gnupg-ad27e8f41bc4c5e5b79e5fc8327aba38e126b8d0.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c
index c415703f7..1feac3862 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -229,7 +229,11 @@ do_check_messages( PKT_public_key *pk, PKT_signature *sig,
 	  return G10ERR_TIME_CONFLICT;
       }
 
-    if( pk->expiredate && pk->expiredate < cur_time ) {
+    /* Check whether the key has expired.  We check the has_expired
+       flag which is set after a full evaluation of the key (getkey.c)
+       as well as a simple compare to the current time in case the
+       merge has for whatever reasons not been done.  */
+    if( pk->has_expired || (pk->expiredate && pk->expiredate < cur_time)) {
         char buf[11];
         if (opt.verbose)
 	  log_info(_("NOTE: signature key %s expired %s\n"),
author	Werner Koch <[email protected]>	2009-12-17 17:55:43 +0000
committer	Werner Koch <[email protected]>	2009-12-17 17:55:43 +0000
commit	ad27e8f41bc4c5e5b79e5fc8327aba38e126b8d0 (patch)
tree	0dae435e1e42353255959b7fc3113d044c8b32aa /g10/sig-check.c
parent	Implement --faked-systrem-time for gpg. (diff)
download	gnupg-ad27e8f41bc4c5e5b79e5fc8327aba38e126b8d0.tar.gz gnupg-ad27e8f41bc4c5e5b79e5fc8327aba38e126b8d0.zip