diff options
| author | Werner Koch <[email protected]> | 2017-07-27 14:22:36 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2017-07-27 14:22:36 +0000 |
| commit | 6502bb0d2af5784918ebb74242fff6f0a72844bf (patch) | |
| tree | 25458befbf68f758917cb08e6ff738765370b005 /g10/sig-check.c | |
| parent | gpg,sm: Allow encryption (with warning) to any key in de-vs mode. (diff) | |
| download | gnupg-6502bb0d2af5784918ebb74242fff6f0a72844bf.tar.gz gnupg-6502bb0d2af5784918ebb74242fff6f0a72844bf.zip | |
gpg: Tweak compliance checking for verification
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--
We should be able to verify all signatures. So we only print a
warning. That is the same beheavour as for untrusted keys etc.
GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/sig-check.c')
| -rw-r--r-- | g10/sig-check.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index 912317998..2a3acc40b 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -162,10 +162,10 @@ check_signature2 (ctrl_t ctrl, NULL)) { /* Compliance failure. */ - log_info (_("key %s not suitable for signature verification" - " while in %s mode\n"), - keystr_from_pk (pk), - gnupg_compliance_option_string (opt.compliance)); + log_error (_("key %s is not suitable for signature verification" + " in %s mode\n"), + keystr_from_pk (pk), + gnupg_compliance_option_string (opt.compliance)); rc = gpg_error (GPG_ERR_PUBKEY_ALGO); } else if(!pk->flags.valid) @@ -207,6 +207,7 @@ check_signature2 (ctrl_t ctrl, rc = gpg_error (GPG_ERR_GENERAL); } } + } if( !rc && sig->sig_class < 2 && is_status_enabled() ) { |