diff options
| author | David Shaw <[email protected]> | 2002-11-03 20:18:56 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-11-03 20:18:56 +0000 |
| commit | 91a8e4a6fb15994eea58ff2bab9403c5456af6a1 (patch) | |
| tree | e761564473a03432673c05f4fa8824384ebcadc8 /g10/trustdb.c | |
| parent | * gpg.sgml: Document "tsign", clarify "setpref", clarify --recipient, (diff) | |
| download | gnupg-91a8e4a6fb15994eea58ff2bab9403c5456af6a1.tar.gz gnupg-91a8e4a6fb15994eea58ff2bab9403c5456af6a1.zip | |
* options.h, g10.c (main): Add --trust-model option. Current models are
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works). Default is "openpgp".
* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.
* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
Diffstat (limited to 'g10/trustdb.c')
| -rw-r--r-- | g10/trustdb.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/g10/trustdb.c b/g10/trustdb.c index f2014012c..01e2d8cd5 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1405,11 +1405,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, did not exist. This is safe for non-trust sigs as well since we don't accept a regexp on the sig unless it's a trust sig. */ - if (kr && (kr->trust_regexp==NULL || + if (kr && (kr->trust_regexp==NULL || opt.trust_model==TM_CLASSIC || (uidnode && check_regexp(kr->trust_regexp, uidnode->pkt->pkt.user_id->name)))) { - if(DBG_TRUST && sig->trust_depth) + if(DBG_TRUST && opt.trust_model!=TM_CLASSIC && sig->trust_depth) log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n", uidnode->pkt->pkt.user_id->name,sig->trust_depth, kr->trust_depth); @@ -1419,10 +1419,10 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, lesser trust sig or value. I could make a decent argument for any of these cases, but this seems to be what PGP does, and I'd like to be compatible. -dms */ - if(sig->trust_depth && - pk->trust_timestamp<=sig->timestamp && - (sig->trust_depth<=kr->trust_depth || - kr->ownertrust==TRUST_ULTIMATE)) + if(opt.trust_model!=TM_CLASSIC && sig->trust_depth + && pk->trust_timestamp<=sig->timestamp + && (sig->trust_depth<=kr->trust_depth + || kr->ownertrust==TRUST_ULTIMATE)) { /* If we got here, we know that: @@ -1773,7 +1773,8 @@ validate_keys (int interactive) /* This can happen during transition from an old trustdb before trust sigs. It can also happen if a user uses two - different versions of GnuPG. */ + different versions of GnuPG or changes the --trust-model + setting. */ if(k->ownertrust<min) { if(DBG_TRUST) |