diff options
| author | Werner Koch <[email protected]> | 2023-01-12 19:52:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2023-01-12 19:52:27 +0000 |
| commit | 338a5ecaa1f11abf24514c8df994170bdb1018f4 (patch) | |
| tree | 5c4d36719b79b0eefee2a7fb641eab4f2c414620 /sm/certchain.c | |
| parent | dirmngr: Cleanup of the no-Tor check with --gpgconf-* commands (diff) | |
| download | gnupg-338a5ecaa1f11abf24514c8df994170bdb1018f4.tar.gz gnupg-338a5ecaa1f11abf24514c8df994170bdb1018f4.zip | |
sm: Fix compliance checking for ECC signature verification.
* common/compliance.c (gnupg_pk_is_compliant): Also consider the
gcrypt vids for ECDSA et al.
(gnupg_pk_is_allowed): Ditto.
* sm/verify.c (gpgsm_verify): Consider the curve. Print a compliance
notice for a non-compliant key.
* sm/certchain.c (gpgsm_validate_chain): Silence the "switching to
chain model".
Diffstat (limited to 'sm/certchain.c')
| -rw-r--r-- | sm/certchain.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sm/certchain.c b/sm/certchain.c index 9813eca8c..cbb6e1127 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -2195,7 +2195,8 @@ gpgsm_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime, /* The root CA indicated that the chain model is to be used but * we have not yet used it. Thus do the validation again using * the chain model. */ - do_list (0, listmode, listfp, _("switching to chain model")); + if (opt.verbose) + do_list (0, listmode, listfp, _("switching to chain model")); rc = do_validate_chain (ctrl, cert, checktime, r_exptime, listmode, listfp, (flags |= VALIDATE_FLAG_CHAIN_MODEL), |